Most privacy suggestions begin by instilling fear in people. They use examples of hospitals that have been hacked, passwords that have been leaked, or banks that have been breached. Certainly, these are all things to be feared. But fear is not a long-term solution. What has really been working is comparing privacy to good hygiene: a series of small, almost effortless steps that happen automatically in the background while you lead your life.
Your Password Habits Are the Weakest Link
Using the autofill feature in your browser may seem like a time-saver. But the fact is that all those details are easily grabbed by a specific type of malware that’s often overlooked: local malware. If an unauthorized program gets access to your system, it has access to all of the information saved in your browser, including your passwords.
A password manager is a safer option. All of your login information is stored in an encrypted database that utilizes a zero-knowledge approach. This makes it virtually impossible for anyone, including the provider, to access your information. Most password managers will also help you create complex randomly generated passwords, which should remove the temptation of using a single password across all of your accounts.
While you’re at it, make sure to enable two-factor authentication on all of your accounts that allow it. That way, if your password is ever exposed, your account remains safe. Try to use an authenticator app instead of SMS messages wherever possible. SMS codes are easily intercepted in what is known as a SIM swapping attack.
How to Evaluate Privacy Software Before Committing to it
Before you trust any privacy tool with your traffic, run through these four checks. First, jurisdiction, where the company is legally based determines which surveillance agreements it falls under. Providers based in countries outside the “5 Eyes” intelligence-sharing alliance are generally subject to fewer legal demands to hand over user data. Second, audit transparency. Reputable providers publish results from independent third-party security audits. If a company hasn’t been audited, or won’t share results, stick a pin in that.
Third, kill switch. This cuts your internet connection entirely if the encrypted tunnel drops, rather than defaulting back to an unprotected connection. Without it, your real IP address can be exposed briefly during reconnects. Fourth, DNS leak protection. A VPN that routes your traffic through an encrypted tunnel but still sends your DNS queries through your ISP’s servers is only doing half the job. For those of you hoping to protect multiple devices without breaking the bank, finding good VPN deals is easier than you’d expect. Most providers offer family or multi-device plans.
Free Tools Often Cost You More Than Paid Ones
A common misconception is that free privacy tools work just as well as the paid ones. In many cases, that’s not true. It all comes down to the economics of maintaining servers, infrastructure, and developing the software. If a tool is free, often the product is the data that goes through it.
For example with VPNs, many free services log your browsing data and then make money by selling it to third-party brokers, the exact situation you wanted to avoid in the first place. They don’t bother with the costly auditing process that legitimate no-log paid services go through.
Of course, that doesn’t mean that all paid tools are automatically trustworthy, but it does outline some key evaluation criteria.
What ISPs See and How to Limit it
Your ISP stands between your computer and the whole online world. If you’re transmitting unencrypted data, your ISP can see which websites you’re connecting to, when, and how long you’re staying there. That information can be commercially exploited. In many countries, for example, ISPs can legally provide advertisers and data brokers with anonymized browsing histories.
Your ISP can’t see your activity if you’re connecting through an encrypted tunnel: they can tell you’ve connected to a server, but they can’t see what you’re doing on it. Transparent evidence that encrypted connections are a thorn in ISP’s sides can be found when they fight tooth and nail against net neutrality laws: without the ability to see into your data stream, they can’t throttle it (reduce your speed based on your usage, e.g. of video streaming services).
Finally, there’s a financial benefit to you that’s rarely mentioned. Sites for airlines, hotels, and online stores will show you different prices based on your location, browsing history, and even your device. Using a VPN to get a different IP address and clearing your cookies can sometimes help you see a lower “non-personalized” price.
Audit Your Phone Like It’s a Contract You Never Read
Many mobile apps ask for your location, microphone, contacts, or camera data unnecessarily. For instance, a flashlight app requesting access to your microphone could be a red flag for you.
Fortunately, most mobile platforms come with detailed permission settings. Taking a little time to review the permissions for each app you’ve installed and turning off any permissions that don’t align with the app’s function works wonders.
Additionally, you should configure location permissions based on your actual needs for each app. Are you using location-based features all the time, or is it enough to grant them only when the app is running?
While protecting against browser fingerprinting may be more complex, you can limit it by using a browser built with privacy in mind and enabling tracking protection.
Remember privacy isn’t a one-time destination. It’s a series of choices you keep making, and most of these choices aren’t as technically daunting as you’re made to believe.
