I don’t intend to go into the details – there are 851 million search articles that cover that all too well but I would like to help iTWire readers “walk softly and leave a smaller digital footprint".
The first thing to remember is that there is no inherent, inalienable concept of online privacy – the ability to separate and control sensitive information about yourself (privately identifiable information or PII). There are certain protections about what you do in the privacy of your home, but almost all countries have laws that limit online privacy. It seems that the overlap between privacy and secrecy (concealing information that others might use to their advantage) has led to a one-size-fits-all approach. So it's all up to you!
The problem stems from the fact that we have become socially conditioned to exchange information in return for so-called free goods or services – convenience. That data is the new “gold” in a technologically driven world and its abuse in advertising is only the tip of the iceberg – it has gone too far.
They pointed me to an article “What 2016 brought for online privacy” that says 2016 may go down as the worst year for privacy in history. On a global level, China, Germany, Poland, Turkey, Ethiopia, Russia, UK, US and Belarus set the tone with new intrusive surveillance laws that sacrifice the privacy rights of their citizens in exchange for increased security and control. Australia has mandatory metadata retention laws too.
Nord’s strong advice is to use a VPN, think about Bitcoin (the electronic equivalent of cash) for secure transactions, encrypt email and messaging, use PGP (pretty good privacy encryption) for computers and communications, and to be more aware of the issues – to stop giving so much information away that can be used against you.
Bitcoin is an online currency designed for transactions where you don’t want to disclose PII. But more than that it means you don’t have to use a credit card and risk losing your details to cyber criminals. Bitcoin has gained significant legitimacy over the past year or so and is safe to use. The other option is to use pre-paid gift cards (where accepted), or to get a different credit card with a low limit for online purchases (that limits costs if stolen), and ignore bargains that are too good to be true.
Encrypted email. Emails often contain private and sensitive information, which could be easily intercepted by hackers or any unwanted snoopers. The solution is to use an encrypted email service. There are a few good examples, including Tutanota, or the Gmail-like ProtonMail that has automatic end-to-end encryption, and no personal information is required to create a secure email account.
There is a growing movement stating that Gmail users (any Web-based mail) have mail read by bots and ads served – the suggestion is to get off these types of accounts. Use a free anonymous email account for most things. Mailinator or YopMail are fine and you can set up forwarding to your normal account. But that advice may also apply to Siri, OK Google, and Cortana where the more they know about you, the more they can be of assistance.
The European Union may stop Google reading Gmail (mail, calendar, contacts) and targeting advertisements. Google has apparently responded that its Gmail can only be free with advertising support so we may see a paid version with privacy. “Privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location),” the EU writes. “Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent unless the data is required for instance for billing purposes.”
Encrypted messaging. WhatsApp has received some harsh criticism for tracing user chats even after their deletion. Signal is an encrypted messaging and voice calling app that provides end-to-end encryption by default to secure all communications. The app can also verify the identity of people one is messaging and the integrity of the channel they are using. When texting with non-Signal users, one has an option to invite them to an encrypted conversation via Signal.
OpenPGP (Pretty Good Privacy) is one of the most popular encryption software used worldwide. OpenPGP is used to encrypt data and create digital signatures and could be used to encrypt your personal files or to exchange encrypted communication. It protects all communication with a digital signature and is available for all operating platforms.
VPN (Virtual Private Network). Anyone who is taking their online security and privacy seriously will use a VPN – 31% of Internet users had a Virtual Private Network in 2016. A VPN encrypts all the user’s Internet data into a secure tunnel and creates a secure connection between the device and a VPN server. All the information remains invisible to any third party. NordVPN has 18 Australian servers – 746 worldwide, does not store logs, includes six devices, and can optionally double encrypt data for extra safety. As a golden rule, use a VPN if using a Wi-Fi hotspot!
Other good security ideas
Look for SSL. When checking your email, or conducting any important transaction, look for HTTPS pages to ensure your login details are encrypted rendering it useless to hackers. Check for SSL (Secure Sockets Layer) certificates on all websites on which you conduct sensitive transactions.
Think about segmenting your home network and installing a security-enabled router like Norton’s new Core router or adding a subscription security device like Trend Micro’s Home Network Security Station. Network segmentation is easy – run devices like computers that require Internet connections on a separate 192.168.0.X network and devices that don’t (like IoT, smart appliances etc.) on a 192.168.1.X. Many routers will let you set up two networks and you can swap between them by selecting the appropriate SSID – or use two routers in tandem.
Think about running a virtual machine not connected to the Internet for certain activities.
Wise Disk Cleaner is free. If set to its most aggressive mode, it will remove all traces of Internet activity as well as a host of useless temporary files. Only download from the link above and decline to install any other software it may offer. I have used this for more than a decade and it is very safe. Run it before you do any virus or malware scans.
Malwarebytes V3.x is a free “aspirin” that I use if I suspect malware may be on a system. I run it quarterly.
A commercial paid anti-virus/malware product. Norton Security Premium has become my staple, not because AVG, ESET, McAfee, Trend Micro, Kaspersky et al., are any better or worse but because the scope of coverage and its five user licences (covering a mix of Windows, macOS, iOS and Android devices) are realistically priced and do what I need. In the last month for me, it stopped 433 firewall incursions, stopped access to 25 poisoned websites, identified apps accessing system resources (handy for the Android mobile security version that is included), stopped 47 items of malware in email attachments, and more. It also has a VPN and password management vault feature. I don’t use its parental family features or secure cloud storage.
Get off social media or at least severely limit what information you give and post. Facebook uses 98 “personal data points” to target ads to you. It also tracks on-site activity and collects keywords, device used, Web tracking (where you came from and where you go), Likes and Shares etc. It is not just Facebook – any social media that you share PII on is the same. iTWire has a chilling article on the 98 data points and Facebook's acquisition of Whatsapp here.
Avoid loyalty programmes. They may seem good but the amount of information they collect and the amount of cross-selling of information to/from other loyalty programmes is copious. For example, a major coffee chain’s VIP coffee card sends information on your location to nearby shops to allow targeted advertising. One sports retailer sells information on purchase categories e.g. football jerseys to allow complementary organisations to advertise to you. And let’s not get too hung-up on FlyBuys that knows every grocery you buy, when and where you shop and uses analytics to change your purchasing habits including using FlyBuys “friends”.
Think about using DuckDuckGo as your search engine or at least use your browser's “privacy mode” when browsing. I don’t mind DuckDuckGo but it does not return as many (biased) results as Google – then maybe that is a good thing. You can use it in any browser.
Think about using Tor Browser – it is not perfect but it is better than any other standard browser for anonymity and security. There is some good advice on its site.
Tighten privacy settings on browsers. At a minimum use tracking protection, turn off location, turn off Advertising ID, turn off history, block pop-ups, don’t allow apps to run in the browser (or set to always ask), ask for certificate install approval etc.
Photos are another major issue with the advent of facial recognition and environment recognition. They have metadata that includes location, date, time and more. As hard as it is not to post your last meal, favourite pet antic, or selfies, remember these all allow tracking. Or use MetaData Stripper V1.0 for Windows or macOS, free under the GNU/GPL licence, to easily remove the metadata before posting.
Tighten privacy settings Windows and other OS. In Windows 10 go to Settings, Privacy, and, while this is a “broad” statement, you can safely turn off every option. It will not affect Windows functionality. Similarly, you should look at Android, iOS, and macOS privacy as well as visit your Microsoft Account, Google Account and Apple account to clear as much as you can.
Avoid mobile apps. Vendors want you to use their app instead of a Web browser as it can gather so much more information as well as track your device usage. As a rule, remove apps, or limit their access to phone, contact, email, calendar, camera, microphone, GPS or location, device ID or IMEI, etc.
Buy a notebooks/laptop camera shutter. These are cheap slider devices that can cover the camera when it is not required.
Finally, change passwords and use two-factor authentication. While these are not so much about privacy but security, when someone gains access to your passwords they have the keys to the front door. Change passwords every 90 days, use a password manager and set up two-factor authentications on transactional accounts.
I encourage readers to place their privacy tips in the comments section below.