How to protect your privacy online

Way back in the analog days, privacy used to be a given. But as our world went digital, it became easier and easier to convert our everyday conversations, purchases, and interests into storehouses of data. You might think of yourself as a private individual, but to many companies, you’re a marketable “profile.”

All is not lost, though. There are a number of easy steps you can take to protect your privacy online. Here are a few to get you started.

Tunnel through with a VPN

Virtual Private Networks (VPNs) are one of the easiest ways to cover your tracks when using the internet. When connected to one, all of your connections will pass through your VPN service, making it look like you’re somewhere else, kind of like a tunnel.

There are hundreds of options for VPN service, but one word to the wise: Avoid free VPN. Many of these harvest your browsing history to create their own profile of you. A good place for exhaustive research on VPNs is That One Privacy Site.

Don’t join the club—avoid auto-connecting to WIFI

Here’s a scenario: You connect your phone to an “xfinitywifi” network to save your mobile data. It doesn’t require you to enter a password to connect to the wi-fi, but a page pops up asking you to log in to your Comcast account. Okay, all good here.

A few days later, you’re walking down the street and remember something you need to buy on Amazon. Without you realizing it, your phone has connected to a network named “xfinitywifi” since it remembers you connecting to one before. But this time, it’s someone who’s set up a wi-fi network with the same name as a honeypot—think of it as a digital trap designed to get you to hand over sensitive information. You submit your credit card number to Amazon, and the honeypot catches it in between on the unencrypted network you didn’t even realize you connected to.

The fix is to turn off automatic connections to every wi-fi network that doesn’t require a password. When your computer, phone, or tablet connects to one with that name, it will connect to them all. For common names like “xfinitiwifi”, that’s a huge risk.

Drop names—using an encrypted DNS

Domain Name Servers (DNS) are the computers that convert numerical IP addresses into the URLs you type into your browser. They’re the reason why you likely didn’t type 198.185.159.145 to get to this website. Usually, your internet provider is handling DNS queries, and that’s often a problem. Their DNS are often unencrypted, which means that even if you’re using a VPN, your ISP could see—and log—the sites you visit. The solution? Search for a reputable encrypted DNS you can use. It’s a quick and easy step you can take to thoroughly protect your privacy online.

Burn your fingerprints—blocking fingerprinting

“I opened a private window, so I’m safe.” Try again. Private or incognito windows only keep your browsing history off your computer and do nothing to maintain your anonymity from sites you connect to. One culprit is fingerprinting run by websites. These processes analyze, for instance, how your browser displays text and images to create a unique identifier. One way to stop this behavior is by installing a “canvas fingerprinting” blocker by searching the extensions or add-ons directory for your browser.

Follow the money and choose the right browser

Web browsers might seem like neutral parties that simply connect to websites, but the privacy protection they provide varies wildly. We’ll save the side-by-side comparisons for others, but ask yourself this: Who makes the browser, and how do they generate revenue? If they have an incentive to gather your data, your privacy is probably on the line.

Go nuclear by anonymizing your browsing

If you really, really want to go under cover of darkness, there’s Tor, a network designed to anonymize you as you browse. Tor works by combining encryption with a number of random stops for every connection you make with a website. It’s a little like double-blind clinical trials: Each stop only gets the minimum amount of information to pass your request along to the next stop.

Accessing Tor has gotten much more user-friendly over the years and now is just a matter of installing a special web browser. Two warnings, though: 1) All those stops will likely slow down browsing and 2) Tor’s not 100% safe. There’s still a (very small) small chance that if someone really wanted to, they could anonymize you.

Cut them off at the password—get a password manager

We won’t lecture you about how “password” is not okay to use as a password. But we will lecture you about not reusing passwords. When your username/password combo for one site is leaked through a security breach, it becomes a target of “credential stuffing.” This is where hackers use that same username and password on as many common sites as they can to try to get in somewhere. So if you’re using the same username/password on social media and your bank, a Twitter breach could lead to your checking account getting emptied.

The best protection is a password manager. They’ll store all your logins so you won’t have to remember hundreds of passwords. And since they’ll generate passwords, you can have super-secure, unique credentials for every single site and app you use.

Disconnect your home by avoiding the internet of things

The tech industry has pushed the idea of the “connected home.” But the reality of internet-enabled devices is one of insecure software, always-on microphones, and behavior monitoring.

There have been reports of strangers hacking into baby monitors, accessing videos feeds, and taking control of the speaker. Smart speakers are notorious for activating without their wakeup words and keeping voice recordings. And that giant, super-cheap TV in your den has made your viewing habits into a recurring revenue stream.

The most straightforward solution is to ditch these kinds of devices for their traditional counterparts. But if you must, here are a few tips for getting control of home:

• Go with brand names you’ve heard of
• Change the default password on your accounts to something secure
• Use two-factor authentication if available to make hacking in even harder
• Turn off custom ads and tracking whenever possible
• Set a reminder to delete voice recordings every month
• Unplug devices if you’ll be away for a few days

Tell your GPS where to go

The most egregiously privacy-threatening technology may just be GPS. The idea that the phone sitting in your hand can pinpoint your location to within a few feet is chilling. While there are some genuinely good uses for it, you should be careful about what besides your maps app has access.

Go through your phone’s settings and turn off access for all but essential apps. If possible, limit access to just when you’re actively using the app to avoid background snooping. And for the love of all that’s sacred, disable GPS for your camera apps. Having the exact location of your home embedded in that selfie you just shared with all your social media followers is just a bad idea.

Practice safe downloading

Always, always, always download apps and other software from the developer directly or the Google and Apple app stores. If you don’t, there are no guarantees you aren’t getting a modified version with some kind of keylogger or other spyware tacked on. And to make sure you’re on the site you meant to visit, make sure you’re on the encrypted version—the https:// one. The HTTPS Everywhere extension can make sure you’re on the secure version of most major websites.

Play the numbers game with a second phone number app

Ever since landlines went the way of the dinosaur, cell phone numbers have become a de facto individual identity. Advertisers can use the phone number you entered on one site to connect your identity, purchases, and online activities everywhere else you used it. And that’s not to mention all the robocalls and spam texts that can result.

The solution is a second phone number. You probably don’t want to shell out for another cell phone account just to hand out the number to websites. That’s where we come in, with Burner. We’ll give you a second phone number via an app, that you can use anywhere you don’t want your real one. And when things get too heavy—that is, the robocalls and spam—just burn the number and grab a new one.

Stay vigilant

These are all good practices for protecting your privacy online today, but that’s just today. So long as there’s money to be made in taking away your privacy, new methods will arise. The best advice is to keep yourself educated and on the lookout for new techniques to avoid and new steps to take.