In the first half of 2017 alone, more private data records were exposed than in the entire year prior. [1] Despite this, up to 80 percent of us use the same password for all of our accounts online. [2]

Clearly, the fact that so much of our personal information is vulnerable online is lost on the average Internet user. According to Digital Security consultant Rob Pope [3], even high-profile public figures often fail to realize the importance of keeping their data secure. “In spite of everything you stand to lose from a data breach, few people take digital privacy seriously — let alone spend time or money keeping their devices secure,” said Pope.

In practical terms, “privacy” refers to the degree of control you have over your anonymity and security online. It’s also a benchmark that can be used to gauge the amount of risk you are facing at any given time. In this post, we’re going to lay out everything you need to know about protecting your privacy online in 2018 and beyond.

Who’s watching you?

There are a variety of nefarious types online who are looking to gain something at your expense. Who are they? Let’s take a look:

Hackers

Although this term is grossly overused today to the point of blurring its definition entirely, these are individuals out there looking to “hack” into your personal information, either for personal or political gain, or just for the sheer anarchistic entertainment value of the act.

The methodology used by petty cybercriminals can vary, but it often involves gaining access to sensitive information such as bank account numbers, passwords, or government documents like social security cards. This can lead to digital theft, as well as to unchecked identity fraud if immediate steps aren’t taken to halt the attacker’s actions.

Advertisers

Advertising has had a presence on the Internet since nearly day one, and today, the practices used by companies all over the world to gain insights into how you browse (and how you spend your money) are more complex and controversial than ever before.

Industry titan Google accounts for an awe-inspiring 33 percent of the world’s $223.7 billion in digital ad revenue for 2017 alone. [4] Its robust content delivery network and adtracking services operate in all corners of the web, making it an ever-present force lurking behind most of the pages you’ll end up visiting.

NSA & Other Governmental Groups

There are many reasons why certain groups of governing bodies would want to track your habits online, with the main one presumably being to combat terrorism and crime. Regardless of the “why,” we know that this is a common practice of many different agencies charged with civilian oversight.

Situations like the groundbreaking NSA leak perpetrated by former CIA analyst Edward Snowden have shifted the public dynamic considerably in recent years, open the doorway to the realization that the powers at be may not always have our best interests at heart.

Internet Service Providers

This is a big one. WIth a recent bill passed through Congress allowing ISP’s to begin selling off their user’s data habits [5], this issue is only going to become more pervasive as time goes on.

ISPs have some of the most robust, complete data-acquisition methods around, and as such, their newfound ability to sell off this information can only mean that your online habits will be more exposed than ever before.

How are they watching?

Emails from friends, family, and coworkers asking for login info or credit card numbers are often not what they seem.

The groups above have a constantly evolving arsenal of tools that they can use to keep tabs on your actions online, some of which are more involved than others.

Metadata gathering

Metadata is essentially data that refers to or informs other pieces of data. As such, it often contains seemingly innocuous information, so why the commotion over other collecting and studying it? While many websites only record the latest time you’ve accessed their content, some can actually keep a historical track record of your movements on their servers. This can even mean tracking your IP address, potentially identifying where you are logging in from in the process. In the wrong hands, this information could be used in a variety of potentially worrisome ways.

Phishing


This brand of cybercrime usually involves some form of deception, commonly in the form of a misleading email, text message, or other form of communication. For instance, you may receive a message from someone claiming to be a co-worker asking for a sensitive piece of information, or an email from a source claiming to represent a legitimate business (Facebook, Amazon, etc) asking for your password. It almost always includes an attractive incentive that sounds too good to be true, and yet, more than 80,000 users fall for it and take the bait each and every day. [6]

Password leaks

We all have an ever-increasingly library of passwords that we use to access the various online platforms we use day in and day out, and occasionally, a company slips up and this data is exposed. This can happen because of an honest mistake, or as the result of a targeted, multi-stage attack, and in either case, the victim count can (and often does) number in the millions.

3rd party cookies

Cookies were first conceptualized as a way to make browsing the web more convenient and fluid by keeping certain pieces of information on-hand in your local browser. On the bright side, they’ve handily achieved this goal when it comes to forms, login persistence, and other quality of life features.

There’s a dark side to cookies, however, and it centers around special “tracking cookies” which can be programmed to track and report back to a group your activities online.

Website trackers

Website trackers are a suite of tools used by the owners of the site to gain insight into how you are interacting with the content and design. Admins use these tools to determine how long you visited the pages you go to, where your attention was centered, and why (and when) you ultimately left.

Tracking links

Tracking links were created to help marketers understand how effective their promotions are in real-time. When clicked, these links can report a variety of information, such as how long you viewed the content on the other end of the link, whether or not you made a purchase, and more.

Email trackers

Email trackers are similar to tracking links in that they help report on your activities based around a particular email. Marketers use this to see how often you are opening and reading their emails, as well as whether or not you are interacting and clicking on content within the body of the message.

Browser fingerprinting

This brand of online intrusion is particularly devious, as it allows someone to identify who is using a device without even needing to use cookies at all.

There’s a positive spin to be had here, thankfully. Device fingerprints have been used in recent years to help with the detection and prevention of identity theft and credit card fraud cases, and security teams are only just exploring their true potential for proactive prevention.

Basic browsing privacy

Privacy online starts with an audit of your window on the web: your browser. (Chrome, Safari, etc.)

When browsing the web on your devices, there are a few simple steps you can take to regain a bit of control over the digital wake you leave behind. Let’s take a look at a few of them:

Managing your cookies

We already covered the basics of cookies above, so how can you ensure that yours don’t betray you? Frequently clearing out your cookie list is a good start, but browser extensions such as EditThisCookie for Chrome give you expanded control over your online presence, allowing you to add, delete, change, or block any cookies you choose.

Two-factor verification is your friend

One of the easiest ways to stop a would-be robber from breaking in and stealing your valuables is to add another lock and key to the equation, and that’s exactly what you’re doing when you use two-factor verification. More websites and services are offering this feature than ever before, and for good reason; according to online security firm Symantec, up to 80 percent of the world’s security breaches could be prevented using this method. [7]

Disable flash

Adobe Flash is dead. The once-ubiquitous rich content medium was dropped unceremoniously by Google at the end of 2016, and Adobe has announced its intent to kill the plug-in entirely by 2020. Seriously, people want it gone so badly that there are websites dedicated to killing it. By disabling it, you’ll eliminate one more potential vulnerability.

To disable Flash on Chrome, follow these steps:

  1. Type the following in your URL bar: chrome://plugins
  2. Locate “Flash Player” in your list of plugins. There may be more than one in your list.
  3. Select Disable on all of them.

Tracker blockers 101

Tracker blockers refer to any program that prevents website trackers from collecting and relaying back information on your online habits and actions. Browser extensions like Ghostery are dedicated to helping you identify and block trackers.

Using a VPN

By now, many of us are familiar what with a VPN can do when installed on our personal devices directly. For the uninitiated, Virtual Private Networks allow you hide your browsing habits from your local ISP (and your government) by routing your data through a separate, encrypted channel.

Many different paid and free options are available, but as long as it can allow for concurrent connections (if you have more than one device) and doesn’t throttle your bandwidth, you should be alright with whatever you choose.


This website provides a simple way to see which accounts you have that may have been compromised by data breaches.

Check your pwn status online

Using the website haveibeenpwned.com, you can check your various email accounts to determine whether or not they have been leaked as a result of a data breach. The records go pretty far back, and also seem to be updated regularly, so it’s a good idea to check back periodically to make sure that your information is still secure.

Advanced browsing privacy

If you’re searching for more advanced browsing safeguards, you’ve come to the right place. Let’s unpack several robust tools used by savvy browsers to conceal their activities online.

Understanding TOR

Short for The Onion Router, TOR began life as a worldwide network of U.S. Navy-developed servers that allowed for anonymous browsing. Today, it’s a fully-fledged non-profit organization dedicated to the research and development of advanced privacy tools.

The Tor network masks your identity by routing your traffic across an array of random server nodes, encrypting and scrambling traffic so that it cannot be traced back to your specific location (or device). The free TOR browser represents one of the easiest ways to mask your movements online, but it is far less foolproof than many have assumed in the past.

Router-level VPNs

We covered the perks of using a basic VPN above, and it’s definitely something you should be doing on your main browsing device if you aren’t already. But what about your mobile phones, tablets, smart TV’s and other connected devices? Enter the router-level VPN.

These networks provide a catch-all service for all connection points connected to your local WiFi environment. This means that it doesn’t matter whether you have a VPN running on a given device; all of them connected to the network will have their data routed through the VPN, allowing you to mask everything that happens on the network in one swift motion.

Network Monitoring

Network monitoring programs can help you regulate what your applications can and cannot send when connected to the Internet. While most applications send data that helps you, like automatically checking for updates for instance, some have more dubious goals in mind, such as trojans, spyware, and tracking software.

Software like Little Snitch for Mac users help to manage which programs have full access to the Internet, including the ability to decide on a case-by-case basis what permissions you want to assign.

Javascript blocking/whitelisting

Javascript is the programming language used by websites all over the Internet, and as such, it controls almost everything that you see displayed online. Whitelisting/blocking refers to the ability to control what is and isn’t allowed on your local browser.

Extensions like uMatrix for Chrome allow direct control over all of your browser’s requests, allowing you to allow or disallow them on a case-by-case basis.

Email privacy

The state of email in 2017 is, at best, unstable. While the medium is still widely used and almost universally recognized, staying secure while sending and receiving messages has arguably never been more of a confusing and frustrating task than it is right now.

Free vs paid email services

Gmail is ubiquitous (and good, for being free), but there are also a host of companies popping up online who are offering extended security oversight in the form of a paid private email account. These services typically include end-to-end encryption with additional features like self-destructing messages and personal-information-free accounts.

Services like CounterMail provide robust levels of protection for a price, but there are also some stellar free options such as ProtonMail that may suit your needs just fine.

Blocking email trackers

As we covered above, email trackers give individuals and companies insight into when you open their messages, and in some cases, it can even alert them to where you are when you do so. If you’d prefer not to share this information, here are a few methods you can try out to prevent the trackers from loading.

Gmail

  1. Click on the gear icon and go to Settings.
  2. Under the General tab, scroll down to Images.
  3. Select “Ask before displaying external images.”
  4. Click Save Settings.

iPhone

  1. Open the Settings app.
  2. Tap on Mail, Contacts, Calendars.
  3. Turn off “Load Remote Images.”

Android

  1. Open the Gmail app.
  2. Select your account.
  3. Tap on Images.
  4. Select “Ask before showing.”

Email Encryption

Encrypting your emails means that your messages are converted into ciphertext when you send them, preventing anyone except for the intended recipient from seeing its contents. You may not care about encrypting all of your mundane, day-to-day emails, but it’s probably a good idea to lock down messages with potentially sensitive information.

Gmail users have email encryption on by default, but it’s important to note that this only applies to sending mail to other Gmail users. If you use Gmail and Chrome, you can use an extension like Snapmail.co to ensure that your emails are secured, regardless of who the recipient is.

Designing for privacy

Privacy isn’t just a user concern. Robust user privacy protection is increasingly expected of the companies that provide services online.

The concept of “privacy by design” was first proposed by Ontario’s Privacy Commissioner Anne Cavoukian in the late 1990’s. It centers around the idea that privacy should be a major consideration from the inception of a website’s design, instead of something tacked on at the last minute. Since its introduction, privacy by design has become the defacto international standard for online privacy practices.

HTTPS

HTTPS is the secured version of standard Hyper Text Transfer Protocol, or HTTP. To obtain HTTPS-level security, a site admin must first have a certificate that is issued as part of a web hosting package, or sold separately though a standalone vendor. When you connect to one of these websites, your local machine is sent a “code” that must match up with the one on file with that particular URL. HTTPS is one of the most widely used security measures on the Internet today.

Opt-in vs Opt-out

One of the most heated debates in the world of online security in recent years has centered around the use of “opt-in” and “opt-out” options during the signup process for various accounts and memberships. The conversation tends to be focused on concepts of user consent, or the optional choice to reveal certain pieces of potentially identifying information.

For instance, when a website uses an “opt-in” system, you will need to manually check a box to allow a specific action, such as granting a company the right to contact you about brand-related happenings. Using the same example, an “opt-out” system would require you to remember to uncheck a pre-filled box in order to decline this action. The difference may not seem that important on the surface, but this conversation has inspired new legislation in the EU, the US, and elsewhere around the globe.


Surfacing privacy settings in UX

There’s been a lot of talk about the “user experience”, or UX, in recent years on the web. As the technologies underpinning the Internet have evolved and matured, users have come to expect more control over their experiences, and this extends to their personal privacy as well.

Several best practices have emerged as a result of this demand, such as avoiding dense “lawyer-speak” in user agreements, providing transparent cookie and tracking information, and abstaining from collecting more personal data than necessary. When used together effectively, these help to provide a sorely needed sense of individual control over personal data.

Is privacy a right?

It’s good to see the trends above gaining footholds online, but the core debate remains; is privacy a right of every user, or is it something that we need to accept might not be possible in the long run?

This is a difficult one, and depending on who you talk to, you might hear a few different responses. As global terrorist organizations continue to gain a foothold in the darkest corners of the web, governments seem to be stripping back more and more individual consumer protections every single year.

Ultimately, this will likely end up being one of the great debates of the Information Age we’re living in now. How we share our personal data, and how that data is protected are fundamental questions in a world dominated by connectivity and the Internet. Lacking a definitive solution, all we know is that this question will continue to be a talking point for years to come.

Conclusion: the importance of staying vigilant

Privacy and security online are in a constant state of flux, and the price for a free and open Internet is eternal vigilance. Be wary of all threats big and small, and don’t just assume that the services and extensions you use now will always be the best options. Things change, technologies grow and evolve. Be sure to use more than just one source when deciding how to approach the online world from a security standpoint (and yes, that means reading guides other than just this one.)

At the end of the day, you’re the only one who can keep yourself safe online. Hopefully, this guide will simply give you the tools you need to do so.

Share with your friends

Experts

Tyler Cooper

Tyler Cooper

Tyler Cooper is a former networking consultant and current technical writer in the IT industry. He enjoys sharing his expertise through articles about topics like PC gaming, cord cutting, and technology trends.

James Webb

James Webb

James Webb is a tech and gadgets expert with a focus on educational content development. He draws on his background in the startup world to make complicated technologies and topics easy to understand for normal folks.

Ask a Question

  • This field is for validation purposes and should be left unchanged.