Over the last decade, there have been numerous hacks which resulted in millions of peoples’ personal data being compromised. In June 2015, United States Office of Personnel Management announced that it had been the target of a data breach targeting personnel records. During that hack, my name, birth date, social security number and more were acquired without my consent. I felt scared, helpless, and violated. And I decided at that time to really buckle down on my digital privacy.
While I don’t claim to be a digital privacy guru, my boyfriend travels around the country presenting lectures and consulting on the topic. He built his first computer at age 10, has spent 25 years dabbling in the digital space, and has been lecturing me on the importance of digital privacy for over 7 years now. Needless to say, his extensive knowledge has rubbed off on me and helped me secure all my devices and accounts, even though I don’t always understand the technical details. For the most part, you won’t need to either.
Privacy is a fundamental human right, or at least it should be. Privacy is important, not because we have something to hide, but because big tech companies that track out every move are terrible at keeping that data safe and worse at knowingly renting it out to any other big companies who want access to it. At the end of the day, We have the right to our data–data which, in the wrong hands, could one day be used against us.
By making a few simple changes to your devices and accounts, you can protect yourself from unwanted attempts to access your data and protect your privacy from non-consensual information sharing. Here are some tools I have found helpful. The first few options are, in my personal option, the simplest, easiest to use, and the most valuable changes you can make to protect your data today.
- Secure Messaging App
My boyfriend first downloaded Signal onto my phone in 2014 after seeing the recommendation from Edward Snowden. For years, the app was painfully simplistic and buggy. I couldn’t convince anyone else to join. However, in 2018 a co-founder of WhatsApp contributed $50M to Signal and the app has since improved exponentially, rivaling other non-encrypted messaging apps.
Signal is the gold standing in secure messaging apps, though other niche apps do exist. The free Signal messaging supports end-to-end encryption when both parties have downloaded the app. This prevents third-parties, including the companies that run the messaging service, from reading your messages. The user-friendly app is supported on iPhone, Android, open source operating systems and desktop, and is slowly developing all the fun bells and whistles that come with more mainstream messaging apps. I’ve also heard good things about Telegram.
Considering downloading a secure messaging app and encourage those you talk to the most to do the same!
- Secure Internet Browser
Each time you conduct an internet search using Google, the company archives the details of that search, alongside data on your web-browsing history, to help target you with advertisements. In college, I read Snoop: What Your Stuff Says About You, and was appalled by how much a researcher could learn by examining a person’s trash. I suspect the same is true with internet habits–taken together your searches may reveal truths about you that you’re not comfortable sharing with the world at large, or at least advertisers.
The first thing I look for in a browser is that it’s not from Google. Next, I don’t want my browser to help advertisers and other big companies follow me around the internet when I browse. Firefox focuses on privacy and gives me the ability to easily see how many data-collecting trackers I’ve blocked with their Enhanced Tracking Protection. Their browser automatically blocks over 2000 unethical trackers. For those of you who use multiple devices, Firefox allows you to seamlessly sync tabs across devices using Firefox Sync.
I can also install more advanced digital privacy tools on the Firefox browser like DuckDuckGo’s Privacy Essentials, CanvasBlocker, Cookie AutoDelete, CSS Exfil Protection, Decentraleyes, Privacy Badger, uBlock Origin, and uMatrix. You can either forgo the add-ons or play around with them to see which ones best meet your needs without being overly restrictive or technical (which some of them admittedly are).
I also use the Tor Browser, which aims to anonymize users by passing encrypted traffic through volunteer-run servers. It’s a platform that blocks trackers, defends against surveillance, and circumvent censorship. Once again, for me it’s not so much about trying to hide my activity, but rather asserting that privacy is a human right and supporting open-source software and its proponents.
Using a secure internet browser is simple way to limit the collection of your data as you browse the web.
- Privacy-Oriented Search Engine
Did you know that Google has over 85% of the search engine market share worldwide? Search engines may help you find what you’re looking for, but it often comes at a price: your privacy. Most of the big search engines today are essentially data collection tools for advertising companies. Using a search engine like Google can disclose highly personal information about you, such as medical issues, employment status, financial information, political beliefs, and other private details. This data, of course, can be collected, stored, and linked to your data profile (and real identity). The only way to effectively “opt out” is to keep your data safe and out of the hands of the data collectors.
Ideally, a search engine would return great results while also respecting your privacy. My favorite option is DuckDuckGo, which is a privacy-focused search engine that runs off of the same search index as Bing. While it’s not quite as intuitive as Google, but your information stays safe. DuckDuckGo does not track your searches or build a profile of you, but does block adds for you. It also has a very useful browser plug-in that will “grade” each website you visit in terms of how well that website will protect your personal digital information. When coupling DuckDuckGo with Firefox, you’re off to a good start in terms of protecting your privacy while using the Internet.
Another option is Qwant, which is a French search engine with a focus on privacy. While I have not used Qwant myself, I have heard only positive things and my cursory research shows that it could be a great option, supposedly with higher usability ratings than DuckDuckGo.
Using a privacy-oriented search engine, and optionally add-ons, is another easy way to safeguard your personal data and internet browsing habits.
- Two-Factor Authentication
Two-factor authentication (2FA) is a method of identity verification using two different factors, such as a password (something you know) and a security token or one-time verification code sent to your mobile device or a USB key (something you have). This method is more effective in protecting you against unauthorized account access than a password alone.
I have been using a YubiKey hardware authentication device for over seven years. They’re around $50, but my 2013 model is still working great. Not all services support it, but more are adopting the technology each year, including some email providers, some banks, and some investing services. I simply enter my username and password, and then insert the USB device into my computer to verify my identify. It give me confidence that my data will be safe, no matter what.
If you’re not ready to commit to a hardware authentication device, there are plenty of free two-factor authentication phone apps. I personally use Aegis for systems that don’t support my 2FA hardware token, but have used Google Authenticator in the past. You can link accounts to the 2FA app and then will presented with a numerical code to type into the account along with you username and password.
Finally, many accounts now offer two-factor authentication via text message. I always opt-into this option, when available. It’s a few extra seconds of my time, but will add an extra layer of security if my login credentials are ever compromised.
- Password Manager
We all have passwords and require them to get around online. Passwords allow us to associate ourselves with an account while also prevent others from gaining access. The problem with passwords is that they need to be long and complicated to be secure. Most people use the same weak password on every site they belong to or, at best, alternate between two or three. Having just a few passwords means that whoever gets one credential can use it to login as you everywhere else.
It’s important to start using strong, unique passwords for every account you visit, especially as computers become more powerful and brute force attacks. Password managers create and save unique and highly complex passwords automatically and fill them in at site you wish to log into, based on one very strong master password.
I currently use Bitwarden, have used Lastpass in the past, and have heard good things about 1Password. A have a Bitwarden add-on my my Firefox browser and once I enter my master password, the add-on will auto-populate my login credentials for any website I visit. Each of my dozens of accounts has a unique, 64-character, randomly-generated mashups that I would never be able to remember myself and that, hopefully, can’t easily be compromised.
The pricing for password managers ranges from $10-40 annually. While many browsers offer to remember your passwords, the manager allows to easily access login credentials across devices. Additionally, they say that if you’re not paying for a product, you are the product. For under $1 per month, I believe that it is money well-spent.
- Secure Email
Nearly everyone uses Gmail, and yet the email service is just as focused on data harvesting as the rest of Google. In their terms of service, Gmail explicitly states that they are authorized to read your emails so they can serve you targeted ads. In combination with Google search results and map data, the company can learn a lot about you.
This is why I have been using Protonmail for the last six years. The service offers end-to-end encryption, which makes restricts the content from anyone by you and the recipient. They charge for the service rather than selling your data, through the pricing is reasonable, starting at $48 annually, and there is also a free option. I have also use the free version of Tutanota and have heard positive things about Fastmail.
So much is communicated via email, often including personal and sensitive data, so it can be valuable to protect that information from data harvesting and advertisers.
- Virtual Private Network (VPN)
A VPN (Virtual Private Network) encrypts your internet connection, allowing you to hop though hubs across the globe and mask your IP address. Without a VPN, your internet service provider knows all of your browsing history. Worse, if you’re on a public WiFi network, there are ways for others to see things like your password and data. Additionally, ad services can link your IP address to track your behavior across the web and target their advertising to you.
VPN services have historically gotten a bad rap for their use by those engaged in illicit and illegal behavior, but with the rise of surveillance by big tech companies it’s a service that we can benefit from, even if we’re simply viewing cute puppy pictures online. I currently use paid version ProtonVPN, which is run by the same privacy-focused company that runs Protonmail. They also have a free version available, just with fewer features are potentially lower speeds. I have previously used and been happy with IVPN.
- Open-Source Operating System & Encrypted Hard Drive
I’ll preface this section by stating that I am not the most tech-savvy persons and likely could not have set up any of the below without assistance from someone who is very knowledgeable about computer hardware and software. If you’re not tech-savvy, I would recommend working with a techie friend or family if you wish to research and implement any of the following.
Microsoft and other systems track you every move. That is why I use Linux, a family of free, open-source Unix-like operating systems. Open-source means that anyone can access or update the code, ensuring users to verify that there is nothing malicious and allowing users to suggest updates. Some of the systems are extremely complex, while others are straightforward and run similarly to Windows or macOS. I personally use Linux Mint on my machine and I hardly notice the difference from Windows OS.
I also use Raspberry Pi, which is essentially an affordable, open-source mini-computer that can be used to run games, play music, operate a camera, run a network-wide ad blocker, or perform nearly any computer function (though with less memory and power than a full computer). For around $100, it’s a fun and useful too.
If you use a smartphone, you’re carrying another system that may be tracking your movement and browsing habits. I use the privacy- and security- focused GrapheneOS on my Android device. Similar to Linux, it has been developed as a non-profit open source project. It’s reassuring to know that my operating system isn’t sweeping up and selling data without my knowledge. It doesn’t support the Google Play Store, but has alternative open-source app stores. I personally use F-Droid and Aurora Store.
Finally, VeraCrypt is a free open-source disk encryption software adds enhanced security to the algorithms used for system and partitions encryption, making it immune to new developments in brute-force attacks. Basically, data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. Data can’t be read without using the correct password or encryption keys. All of my important data is contained on these un-hackable hard drives.
To reiterate, I benefit tremendously from the above open-source operating systems and softwares, but I don’t personally understand them at a highly-technical level.
- Private Cryptocurrency & Hardware Wallet
Unless you’re a market speculator or Gen X programmer, this may not apply to you. Cryptocurrencies are currently quite volatile but, as a token of stored value, it makes sense to safeguard your holdings. My limited cryptocurrency investment recently reached a level at which I felt it was necessary to safely store my cryptographic key, so that no one can hack into my account and steal the funds.
I opted for the Trezor Model T private cryptocurrency hardware wallet, which allows for storage and trading of cryptocurrency. The reason I chose the Model T was that it takes my holding off the web, has an intuitive interface, and allows for trading and storage of Monero–the leading privacy currency–along with the more mainstream cryptocurrencies. Bitcoin, Ethereum, and the majority of other cryptocurrencies allow identity traceability through the blockchain. With Monero, however, others cannot see your balances or track your activity.
If you’re ever seeking a private and anonymous currency, Monero is the way to go and a hardware wallet is the best way to ensure your private currency remains in your hands. Hardware wallets currently cost $50 to $200, depending on the model, but it may be a justified cost if you are holding more than that in cryptocurrencies.
- The Electronic Frontier Foundation
I was introduced to the Electronic Frontier Foundation (EFF) in 2013. According to their website, EFF is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. When the internet was still in its infantile stage, the EFF recognized that new technologies can radically advance our freedoms, but can also enable invasions of privacy.
EFF has be fighting in courts and Congress to maintain our privacy rights in the digital world, and works with partners around the globe to support the development of privacy-protecting technologies. Their website is a great resource for learning about current issues, news, and volunteer opportunities within the organization.
Remember, your cell phone helps you keep in touch with friends and family, but it also makes it easier for the government to track your location. Every helpful tool has the potential to be wielded as a weapon. The Electronic Frontier is an incredible resource to not only help you learn about digital privacy, but also learned to preemptively identify threats before they are realized.
None of these tools listed above are very expensive, and I gladly pay for them because I understand the business model: selling software as a business model is very different from selling data as a business model. I would rather pay $10 for a service that have my browsing habits sold to the highest bidder for $10. The privacy-oriented services give me a peace of mind that I would pay far more for.
All of this said, I recommend that you do your own research and come to your own conclusions as to what software and services will work best, based on your needs. Many people don’t care if they are tracker online, and that is totally okay. Some people appreciate the targeted ads and, again, I have nothing against that. Personally, having been affected by a major breach of my private data, I have firsthand experience of the fear, dread and anxiety that comes with being told that someone out there has everything necessary to gain access to my life. I vowed to do everything in my power to avoid feeling that helpless again.
I hope you found something of value or are walking away with some food for thought. I would be thrilled to hear if you implemented just one of the above tool into your digital life in 2021.
Do you take any measures to protect your digital privacy? If so, has is been a worthy endeavor for you? If not, do you ever worry about your digital privacy?
Let me know if you have any questions in the comments section. This is one of dozens of topics on which I love discussion and teaching.