Our digital lives are under constant surveillance. As we spend more time online managing finances, shopping, conversing and even finding love interests – we leave enormous trails of personal data. These bits of information on sites we visit, links we click, locations we check into and products we browse don‘t disappear. They get tracked, aggregated and analyzed by online platforms, advertisers and cybercriminals.
Without adequate precautions, most consumers make their data vulnerable to an army of threats lurking online:
- Data breaches now expose over 4 billion records a year – many containing personal identification information according to RiskBased Security research. Retail and healthcare industries account for over half these incidents.
- 47% of phishing sites host malware which may encrypt your computer data until you pay hefty ransom to regain access according to F-Secure analysis. Average payment > $9000!
- Hacking and identity theft leads to 19 victims every minute who lose nearly $15 billion per year in the US alone as per Javelin Strategy estimates.
No one wants to deal with frozen bank accounts, leaked passwords, fraudulent loans under your name or explicit pictures made public from devices getting hacked. The downside of always being connected online is that consumers make for easy prey without adequate privacy safeguards in place.
Industry experts and privacy watchdogs like the ACLU have persistently warned about erosion of civil liberties from mass surveillance programs running in the background as we live more of our lives online. But the tools for users to reclaim control of their data do already exist.
This guide will walk you through privacy best practices and tools available right now to secure your online presence across the websites, devices and accounts you use daily. Let‘s get started!
How Online Tracking Works
Before learning how to protect data, it helps to understand how users are monitored in the first place as they browse the web and share over social platforms. Personal information gets collected both openly and surreptitiously by:
- Apps and services you sign-up for which require access permissions and account details used to customize your experience.
- Platforms and browsers which capture browsing history, clicks, locations and hardware fingerprints to profile users often for ad targeting.
- ISPs, public WiFi and VPN services which can snoop on sites you visit based on network traffic metadata.
- Websites using cookies, analytics tools and third-party trackers that record how you interact with website content without consent.
Sophisticated tracking across devices you own plus combining data from multiple sources gives surprisingly complete picture of user interests and habits which may then be sold to advertisers, government agencies or worse yet, stolen by hackers.
Adoption rates of privacy tools remains low, despite a majority of US adults finding it important to be in control over how personal data is collected and used as per Pew Research surveys. This guides aims to simplify the first steps towards reclaiming your online privacy.
Online Privacy Violations By The Numbers
| Data Breaches | Impact |
|---|---|
| 7306 breaches recorded in US over 2018 | 446 million consumer records lost on average per breach |
| Healthcare sector #1 target – 30% incidents | Average cost $429 per lost or stolen healthcare record |
Source: IBM Security, Cost of Data Breach Report 2019
| Hacking Threats | Scope |
|---|---|
| 140 million phishing emails sent globally per day on average | 47% phishing sites host malware, ransomware or spyware |
| $15 billion consumer losses to identity fraud per year | 19 identity fraud victims every minute in the US |
[Sources: Symantec, Javelin Strategy]
Monitor Phishing Attempts
Email continues to be the most common vector for phishing attempts and malware distribution by scammers intent on stealing your personal information.
Seemingly legitimate messages pretend to be from banks, online retailers, charities or even acquaintances asking you click on links or attachments. Before responding, always verify:
- Email address domain matches organization name. Official handles end with @company.com
- Content is free from grammar errors, threats demanding urgent action
- Embedded links don‘t have mismatched hyperlinks and go to valid URLs
On mobile devices, copy-pasting link text in browsers is safer than clicking directly. Downloaded files should be scanned using antivirus software before opening.
Enable spam filtering on your email, which uses algorithms checking sender authenticity and content characteristics to divert phishing emails away from the main inbox.
An example phishing email pretending to be PayPal security alert
When in doubt, call up the company directly to confirm legitimacy before sharing personally identifiable information (PII) over email.
Being able to recognize and handle phishing attempts goes a long way in keeping account credentials and bank information safe.
Lock Down Account Security
The same password reused across multiple internet accounts means that a single breach leaves all those accounts compromised. Yet usage of duplicate passwords persists for convenience, with consumers managing over 100 online accounts on average.
According to Google research, 52% users reuse the same password everywhere.
Strong password hygiene is non-negotiable for online security:
- Use a unique, randomly generated password exceeding 12 characters for every online account.
- Enable two-factor authentication (2FA) to add a second credential check beyond password when logging in.
- Use a password manager app like 1Password or LastPass for securely storing credentials encrypted behind a master password.
| Most Breached Sites By Passwords Exposed | # Usernames/Passwords Leaked |
|---|---|
| Yahoo – multiple breaches | 3 billion |
| Myspace | 360 million |
| 164 million |
[Source: IdentityForce]
Adopting password managers reduces the cognitive load in remembering secure passwords separately for every site. Features like password generators, audit reporting and digital inheritance make them worth investing in.
Along with strong passwords, enable additional login verification barriers like two-factor authentication offered by Google, Apple, Facebook and other major platforms. Using SMS or authenticator apps as the second step verification check drastically lowers risks of fraudulent login attempts in case of credential leaks.
Enabling an extra verification step beyond passwords improves account security.
Limit Data Sharing
While social media delivers valued connectivity with friends, family and professional contacts – oversharing personal information leads to privacy risks.
Facebook‘s data policy states it tracks users via website analytics tools like cookies even when logged out. Liking pages and publishing sensitive information makes you vulnerable to advertising targeting or worse.
- Review all social media account privacy settings and friend lists.
- Turn off location tagging in posts. Restrict audiences who can see posts if needed.
- Delete old posts which may be embarrassing or provide too many personal specifics like addresses, schools attended etc.
Social awareness company SpiderOak analyzed privacy policy changes from 10 top tech firms since 2018:
| Company | Policy Changes |
|---|---|
| 20 major revisions, Avg 4200 words currently | |
| Apple | 3 revisions, Avg 5400 words |
| Microsoft | 1 revision, Avg 2800 words |
The length and frequency of privacy policy updates makes it impossible for average users to stay continually informed on how their data gets used.
Read summaries on blogs like TOSDR in addition to sporadic policy reviews. Share minimum necessary personal information to retain convenience of access across platforms.
Browse Anonymously
Search engines and websites track visitors to optimize performance or serve targeted advertisements. Using private browsing modes in Firefox, Chrome, Safari and other browsers prevents persistent cookies, browsing history etc from leaking user intent.
Google logs search keywords used, sites visited afterwards in accounts with web/app activity tracking enabled by default. DuckDuckGo offers itself as an ethical alternative focused on user privacy.
To take it a step further, use Virtual Private Networks (VPN) while accessing public WiFi or restricted websites:
- Encrypts traffic so that not even your internet service provider (ISP) can see browsing activity
- Masks device IP address and location to prevent tracking
- Bypasses government filters and geographic restrictions on content
Top-rated premium VPNs like NordVPN, TunnelBear have strict no logs policies and servers based offshore in privacy-friendly countries to reduce jurisdiction risks.
Using VPN browser extensions or configuring at router-level covers all devices connected to the network. This shields browsing activity across gadgets from prying eyes lurking on public Wi-Fi access points.
Practice General Precautions
Beyond things directly under your control like account settings or software installed, general vigilance goes a long way in preventing privacy violations:
- Don‘t download apps from unofficial sources. Stick to reputed app stores like Google Play Store enforcing security checks.
- On public computers, remember to logout and close all browser windows after use.
- Back up devices regularly and encrypt stored data. Enable remote wipe in case of device loss or theft.
- Monitor children‘s online activities and educate on risks of oversharing to protect their privacy.
There are no silver bullets guaranteeing online anonymity. But sticking to best practices, using secure tools and staying continually educated on emerging cyberattack methods helps individuals protect privacy.
Expert Tips To Protect Online Privacy
- "Encrypting data both in transit and at rest is essential to protecting privacy in the digital age." – Chris Vickery, Director of Cyber Risk Research at Upguard
- "Two-factor authentication puts users back in control by requiring physical possession of a registered mobile device." – Roger Grimes, Data-Driven Defense Evangelist at KnowBe4
- “Turning on automatic updates ensures you have all the latest security fixes which have become crucial to stopping remote takeovers." – Brian Krebs, Investigative reporter at krebsonsecurity.com
- “Using incognito or private browsing is an easy first step to limit tracking cookies and browsing history data that follow you across the web.” – Eric Ravenscraft, Senior Writer at Review Geek
Key Takeaways on Privacy Protection
- Learn to identify phishing attempts to avoid identity theft traps
- Lock down online accounts with strong unique passwords and two-factor authentication
- Limit sharing of personal information only with verified contacts
- Browse privately using incognito modes, private search engines and VPN tools
- Practice general precautions in device usage and children‘s online activities
Following basic online privacy hygiene limits risks from regular threats users face on the internet. Stay vigilant as new platforms and technologies introduce emerging attack vectors threatening sensitive user data.
