If one issue dominated the headlines last year it was internet privacy – specifically lack thereof. It was not just the tech giants collecting masses of information via telemetry, search, email, calendar, and document snooping but the massive data breaches of Yahoo! and others that shook our faith in using the internet, trusting email, and trusting household technology names.
I don’t intend to go into the details – there are 851 million search articles that cover that all too well but I would like to help iTWire readers “walk softly and leave a smaller digital footprint.”
The first thing to remember is that there is no inherent, inalienable, concept of online privacy – the ability to separate and control sensitive information about yourself (privately identifiable information or PII). There are certain protections about what you do in the privacy of your home but almost all countries have laws that limit online privacy. It seems that the overlap between privacy and secrecy (conceal information that others might use to their advantage) has led to a one-size-fits-all approach. So its all up to you!
The problem stems from the fact that we have become socially conditioned to exchange information in return for so-called free goods or services - convenience. That data is the new “gold” in a technologically driven world and its abuse in advertising is only the tip of the iceberg – it has gone too far.
{loadposition ray}
First, I started with some advice from reputable VPN provider NordVPN but to be fair there are many VPN providers in Australia.
They pointed me to an article “What 2016 brought for online privacy” that says 2016 may go down as the worst year for privacy in history. On a global level, China, Germany, Poland, Turkey, Ethiopia, Russia, UK, USA, and Belarus set the tone with new intrusive surveillance laws that sacrifice the privacy rights of their citizens in exchange for increased security and control. Australia has mandatory meta-data laws too.
Nord’s strong advice is to use a VPN, think about Bitcoin (the electronic equivalent of cash) for secure transactions, encrypt email and messaging, use PGP (pretty good privacy encryption) for computers and communications, and to be more aware of the issues – stop giving so much information away for free, that can be used against you.
Bitcoin is an on-line currency designed for transactions where you don’t want to disclose PII. But more than that it means you don’t have to use a credit card and risk losing your details including number, CVV, expiry date etc., to cyber criminals. Bitcoin has gained significant legitimacy over the past year or so and is safe to use. The other option is to use “pre-paid” gift cards (where accepted), or get a different credit card with a low limit for online purchases (that limits costs if stolen), and ignore bargains that are too good to be true.
Encrypted Email. Emails often contain private and sensitive information, which could be easily intercepted by hackers or any unwanted snoopers. The solution is to use one of the encrypted email services. There are a few good examples, including Tutanota, or the Gmail-like ProtonMail that has automatic end-to-end encryption, and no personal information is required to create a secure email account.
There is a growing movement stating that Gmail users (any web based mail) have mail read by bots and ads served – the suggestion is to get off these types of accounts. Use a free anonymous email account for most things. Mailinator or YopMail are fine and you can set up forwarding to your normal account. But that advice may also apply to Siri, OK Google, and Cortana where the more they know about you the more they can be of assistance.
The European Union may stop Google reading Gmail (mail, calendar, contacts) and targeting advertisements. Google has apparently responded that its Gmail can only be free with advertising support so we may see a paid version with privacy. “Privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location),” the EU writes. “Both have a high privacy component and, under the proposed rules, will need to be anonymized or deleted if users have not given their consent unless the data is required for instance for billing purposes.”
Encrypted Messaging. WhatsApp has received some harsh criticism for tracing user chats even after their deletion. Signal, is an encrypted messaging and voice calling app that provides end-to-end encryption by default to secure all communications. The app can also verify the identity of people one is messaging with and the integrity of the channel they are using. When texting with non-Signal users, one has an option to invite them to an encrypted conversation via Signal.
OpenPGP (Pretty Good Privacy) is one of the most popular encryption software used worldwide. OpenPGP is used to encrypt data and create digital signatures and could be used to encrypt your personal files or to exchange encrypted communication. It protects all communication with a digital signature and is available for all operating platforms.
VPN (Virtual Private Network). Anyone who is taking their online security and privacy seriously will use a VPN – 31% of internet users had a Virtual Private Network in 2016. A VPN encrypts all user’s Internet data into a secure tunnel and creates a secure connection between the device and a VPN server. All the information remains invisible to any third party. NordVPN has 18 Australian servers – 746 worldwide, does not store logs, includes six devices, and can optionally double encrypt data for extra safety. As a golden rule use a VPN if using a Wi-Fi hotspot!
Other good security ideas
Look for SSL. When checking your email, or conducting any important transaction, look for HTTPS pages to ensure your login details are encrypted rendering it useless to hackers. Check for SSL (Secure Sockets Layer) certificates on all websites on which you conduct sensitive transaction.
Think about segmenting your home network and installing a security enabled router like Norton’s new Core router or adding a subscription security device like Trend Micro’s Home Network Security Station. Network segmentation is easy – run devices like computers that require internet connection on a separate 192.168.0.X network and devices that don’t (like IoT, smart appliances etc.) on a 192.168.1.X. Many routers will let you set up two networks and you can swap between them by selecting the appropriate SSID – or use two routers in tandem.
Think about running a virtual machine not connected to the internet for certain activities.
Ghostery V7.x is a free browser extension for Firefox, Chrome, Safari, Opera, iOS, Android, Internet Explorer and Edge. It shows all the digital trackers embedded in websites and allows you to turn them off – the largest number of trackers so far on any single site was 45 – typically 5-15 are on most consumer facing sites. I have been using it for a few years now and it also blocks advertisements and JavaScript tags and canvas fingerprinting. Don't surf without it.
Wise Disk Cleaner is free and set to its most aggressive mode will remove all traces of internet activity as well as a host of useless temporary files. Only download from the link above and decline to install any other software it may offer. I have used this for over a decade and it is very safe. Run it before you do any virus or malware scans.
Malwarebytes V3.x is a free “aspirin” that I use if I suspect malware may be on a system. I run it quarterly.
A commercial paid antivirus/malware product. Norton Security Premium has become my staple, not because AVG, ESET, McAfee, Trend Micro, Kaspersky et al., are any better or worse but because the scope of coverage and its five user licences (covering a mix of Windows, macOS, iOS and Android devices) are realistically priced and do what I need. In the last month for me, it stopped 433 firewall incursions, stopped access to 25 poisoned web sites, identified apps accessing system resources (handy for the Android mobile security version that is included), stopped 47 items of malware in email attachments, and more. It also has a VPN and password management vault feature. I don’t use its parental family features or secure cloud storage but they are there.
Get off social media or at least severely limit what information you give and post. Facebook uses 98 “personal data points” to target ads to you. It also tracks on-site activity and collects keywords, device used, web tracking (where you came from and where you go), Likes and Shares etc. Washington Post has a good article on the 98 data points here.
Avoid Loyalty programs - they may seem good but the amount of information they collect and the amount of cross-selling of information to/from other programs is incestuous. For example, a major coffee chain’s VIP coffee card sends information on your location to nearby shops to allow targeted advertising. One sports retailer sells information on purchase categories e.g. football jerseys to allow complementary organisations to advertise to you. And let’s not get too hung-up on FlyBuys that knows every grocery you buy, when and where you shop and uses analytics to change your purchasing habits including using FlyBuys “friends”.
Think about using DuckDuckGo as your search engine or at least use “privacy mode” when browsing. I don’t mind DuckDuckGo but it does not return as many [biased] results as Google – then maybe that is a good thing. You can use it in any browser.
Think about using Tor Browser - it is not perfect but it is better than any other standard browser for anonymity and security. There is some good advice on its site.
Tighten privacy settings on browsers. At a minimum use tracking protection, turn off location, turn off Advertising ID, turn off history, block pop-ups, don’t allow apps to run in the browser (or set to always ask), ask for certificate install approval etc.
Photos are another major issue with the advent of facial recognition and environment recognition. They have metadata that includes location, date, time and more. As hard as it is not to post your last meal, favourite pet antic, or selfies remember these all allow tracking. Or use MetaData Stripper V1.0 for Windows or macOS free under GNU/GPL to easily remove the metadata before posting.
Tighten privacy settings Windows and other OS. In Windows 10 go to Settings, Privacy, and, while this is a “broad” statement you can safely turn off every option - it will not affect Windows functionality. Similarly, you should look at Android, iOS, and macOS privacy as well as visit your Microsoft Account, Google Account and Apple account to clear as much as you can.
Avoid Mobile apps. Vendors want you to use their app instead of a web browser as it can gather so much more information as well as track your device usage. As a rule, remove apps, or limit their access to phone, contact, email, calendar, camera, microphone, GPS or location, device ID or IMEI, etc.
Buy a notebooks/laptop camera shutter. These are cheap slider devices that can cover the camera when it is not required.
Finally, change passwords and use two-factor authentications. While these are not so much about privacy but security when someone gains access to your passwords they have the keys to the front door. Change passwords every 90 days, use a password manager and set up two-factor authentications on transactional accounts.
I encourage readers to place their privacy tips in the comments section below.