Protect Your Privacy Online

Pinterest hidden image

I’ve never put much thought into protecting my privacy online or the implications of my not caring. I’ve spent years granting all sorts of permissions and not thinking about what that meant. I wasn’t doing anything wrong, so what did I have to hide?

Protect your privacy online featured
MK at the RSA security conference, using an Enigma Machine from WWII

Part of my thought process came from skimming through Edward Snowden’s leaks on what the US Government was doing. I obviously had no control over that, so why bother trying? The other part came from knowing when the product is free, I’m the product. Facebook, Google, etc, are offering incredible free services at the cost of my personal information. I freely gave it up.

So what changed? For one – creating a comprehensive privacy policy for this website, required by law. I sat down one weekend and put together an updated privacy policy, which included a list of everything being tracked. I was horrified by the results. This website is fairly small, as far as the world wide web goes, and the amount of data on my beloved visitors being tracked was incredible. I can only imagine what other sites were tracking and collecting.

This website is made possible through advertising. It funds my research and life. I am grateful for all the opportunities that have been provided. However, I feel that people should have the right to not be tracked, targeted, and metadata collected from unknowingly.

There are countless leaks – every month I receive at least one email notifying me that there has been a data breach. One more database which includes various info of mine, available for anyone to have. Why should I make such information so freely available? Why should a national store be allowed to collect my information, habits, and shopping preferences, only to leak all of the information and have no accountability?

I started to research and try different options to block my own tracking.

At the end of this diatribe and guide, if you found it helpful, I’m probably not going to make any money from you. But you know what? That’s okay. Leave me an anonymous comment at the bottom letting me know it worked.

Attainable Goals to Protect Your Privacy Online

As I delved into my research about protecting online privacy, I realized I needed to find an appropriate balance. What is easy, doesn’t have a significant impact on daily life, and still allows me to use a lot of the fun free services on the internet and on my phone, such as social media.

This guide to privacy takes balance into consideration. If you get through this entire writeup and decide you need more, I will include a list of links at the bottom that I found which are all great jumping-off points to go further.

If you are the kind of person who is mildly concerned about privacy, but doesn’t want to sacrifice too much convenience, this guide should be immensely valuable.

You Are Identifiable

It is a little frightening by how easy it is to identify someone just by them visiting a seemingly innocent website.

This website, AmIUnique, shows you just how easy it is to narrow down who you are. The website displays every single type of tracking that can be pinpointed to you. As different data points are narrowed down and combined, your online fingerprint becomes more and more identifiable.

Every data point shows a percentage to how many other users have the same identifiable data. 11.65% people use the same operating system as me. 0.94% use the same browser and version. The list of fonts installed on my computer is completely unique. 7.01% share my device memory amount. 3.09% share my time zone.

This is just a small amount of data available to be collected simply by loading a website. Each piece put together paints a very detailed picture as to who I am and what I’m doing. Go check out AmIUnique, and see what can be said about you.

This doesn’t even include advertiser tracking.

Encrypted DNS Security

Without any DNS Security, even when browsing https websites, anyone can what website you are interacting with and collects metadata on when, how long, etc. Unfortunately, simply using HTTPS isn’t enough.

A good metaphor for DNS security and HTTPS is a covered wagon from the 1800s. While no one can see what you have inside your wagon, but when you are seen going from a place of business to the bank, it is pretty easy to figure out you are moving money.

For a very technical explanation, this blog post goes into great detail.

There are four parts to DNS security.

  1. Secure DNS – Whether or not third-parties can view the DNS query
  2. DNSSEC – Reducing attackers abilities in tricking you to visit fake websites
  3. TLS 1.3 – Encrypting the https certificate so third parties cannot see it.
  4. Encrypted SNI – Whether or not third parties can view the TLS connection

All four of these DNS aspects can allow third parties to collect and store metadata on you.

A simple broken down explanation: Let’s say you have malware on your computer or phone. The malware is targeting your bank. The malware can see every time you open your bank’s app or go to their website. This activates the malware to use their own fake DNS, log your info and send it to their servers as well as log you in correctly – you have no idea you are using insecure DNS. With encrypted DNS security measures in place, the malware has no idea you are connecting to your bank and never activates.

Most routers will let you change your DNS resolvers. Mine defaulted to my ISP’s, which I changed to Cloudflare. There are several other choices out there, but Cloudflare is secure, free, and fast, and simple to set up.

The addresses of 1.1.1.1 are:

  • 1.1.1.1
  • 1.0.0.1
  • 2606:4700:4700::1111
  • 2606:4700:4700::1001

You can take it a step further with Cloudflare’s service and use their DNS service which also blocks malware or adult content.

For malware blocking only, change your DNS settings to:

  • 1.1.1.2
  • 1.0.0.2

To block both malware and adult content, change your DNS settings to:

  • 1.1.1.3
  • 1.0.0.3

To change your DNS resolver, search for whatever router you are using, or computer, or any other device and follow those specific instructions.

Make sure to flush your DNS and reboot your router after making this change.

Check your settings on these DNS tests here and here and here.

I made sure to change the settings on my laptop, phone, and router for security whether I am home or away. In order to receive secure marks on all four aspects of DNS, I ended up having to switch to using the Firefox web browser.

Web Browsers

In term of privacy protection, the safest web browser out there seems to be Firefox. It is not perfect, and has plenty of publicized flaws about its privacy, yet remains leagues beyond its competitors.

Whether you are browsing from your mobile phone, computer, laptop, or tablet, Firefox has an app available.

So why not Chrome or Safari? Neither are terrible choices. Safari’s weakness is the lack of support for extending and customizing it to increase your privacy. Chrome tracks an incredible amount of data about you, from location to history.

Firefox on its own includes some basic privacy options, but there are a few things you’re going to need to do which beef up security.

However, you’re going to need to install some extra extensions to start locking down your privacy.

HTTPS Everywhere

Whenever you load a webpage, open an app, or interact with something using the internet, that data is freely available and open for anyone to view. Technically speaking, it is called a plain-text data transfer.

HTTPS fixes this – all data sent between you and the destination, or vice versa, is encrypted. You may have noticed a large movement over the past couple years of websites switching to using https and secure connections – you know, that green URL bar or the lock icon. However, some websites may still be leaking some data or not be configured correctly.

Https everywhere mk library

The Electronic Frontier Foundation (EFF) created a browser extension, HTTPS Everywhere, which helps to ensure every website you visit on your browser is encrypted.

So what about those mobile apps? Unfortunately, apps are incredibly hard for the average user to identify and ensure are secure. The best thing you can do is to use the web version when possible. And unfortunately, this isn’t always possible. For example, the Starbucks app was found to store your password in plaintext for anyone to read for a while. Despite this, good luck paying for your drink without the app. This makes for a great case to use secure password platforms – more on this later.

uBlock Origin

These are just some of the tracking scripts being used on this blog.

This extension will automatically block tracking and advertising codes on websites globally. It uses frequently updated lists to stop scripts and codes from loading on every single page you visit.

If there is a website where you want or need to load tracking scripts for, there is an easy button to click and it will whitelist and reload whatever you are trying to view.

My secondary favorite benefit which arises from uBlock is battery life. My laptop and phone have benefitted from way more time on battery due to less ads loading.

The browser extension is available for Firefox, Chrome, and Safari.

Decentraleyes

On just about every website you visit, assets are being loaded from Content Delivery Networks (CDNs). These assets can be anything from font files, scripts that make the internet do cool things, and helps whatever you are doing load faster. This sounds great, right? Yeah, it is! However, some of the networks being used are doing their own tracking as you load assets.

What this extension does is take the commonly used assets and scripts hundreds of thousands of websites use, including this one, and stores them locally so they never need to be loaded from an outside network. While it won’t stop all CDN files from loading, it will replace all of the common resources.

Decentraleyes is available for Firefox, Chrome, and Opera web browsers.

Cookie AutoDelete

This extension automatically removed cookies and open sessions as soon as you close your browser window or tab. You can whitelist cookies you want to keep, for anything you would want to remain logged into.

Install the extension and turn on Auto-clean. Based on my own experience in using this – you’ll want to turn off notifications every time it deletes cookies. It becomes pretty annoying about ten minutes into browsing the web.

By proactively wiping cookies, you are stopping the long term tracking and data collection of your website browsing activity on more than just the website you visited.

Cookie AutoDelete is for Firefox on the desktop only.

Messaging Apps

Messages such as text SMS, MMS, etc are all sent unencrypted and easily readable. Alongside the contents of the messages themselves, all of the metadata is visible.

The best solution to communicating securely is to use Signal. It is open-source, uses encryption, and you can still text your friends who aren’t on it – although your messages won’t be secured. Anyone who is using it with you, however, will benefit from secure, encrypted messages on both ends.

Much like WhatsApp, Signal can be used with WiFi, whether or not you have a cellular connection or data plan. All you need is a valid phone number to initially register.

The original founders of WhatsApp made this app, and made it even better and more secure. This app is free for everyone, has no advertisements or tracking, and is funded only by donations and grants.

Signal is available for Android, iOS, and can be used with a desktop app as well – although currently only Signal users can send messages through the desktop. The development blog shows quite a bit of activity in adding new features and continually improving the platform.

When you go to text someone, Signal will tell you right away if the message is unsecured or if the person is on Signal. I have to admit, I was a little disappointed that none of my frequently contacted friends were using this. I’ll look forward to increased adoption in the future.

As of writing this post, with Black Lives Matter protests out in full effect, if you are out protesting, using Signal to communicate is strongly recommended.

Search Engines

Both Google and Bing track all of the search queries. Not only that, but websites you visit off these search engines can also see what you searched for. This is called “search leakage.” With privacy-focused searches, websites can see where you came from, but not what you searched for.

Without any privacy, Google and Bing can save all your searches and associate them with your IP and other unique identifiers – even if you aren’t logged in. You might be surprised by how much info can be ascertained over a person by their searches and times alone.

One alternative to Google is Startpage.com, which provides Google results without any of the tracking or logs of what you are looking for. Startpage remains in operation and profitable by showing three ads based solely on the search term you entered, and nothing else.

If you want to search entirely off the Google ecosystem, DuckDuckGo is a great alternative. With a similar revenue stream based on ads created by your search term only, DDG also brings some new methods to search called bangs.

Qwant is another alternative search engine. Based out of France, their mission is to protect the freedom of its users through privacy and neutrality. What does neutrality mean?

Qwant makes the entire web visible without discrimination and without bias.

Our information classification algorithms are applied with the same requirement everywhere and for all users, without seeking to highlight certain sites or to exclude others for commercial, political or moral reasons.

Data Management and Opt Out

Google Account History – View and delete history on the web and in apps, location history, and ad personalization.

Facebook Activity Log – View all activity saved on Facebook, from your Archive, Trash, Timeline, Photos, and Tags. Privacy Checkup allows you to change your Facebook privacy settings.

Consumer Opt Out – Allows you to set a request to opt-out of interest-based advertising from a large number of companies who are participating in this organization. You can view and manage your preferences for each advertiser that has set a cookie on your device.

OptOutPrescreen – Request from Equifax, Experian, Innovis, and TransUnion to stop sharing your info on lists used by creditors or insurers.

SimpleOptOut – An organized list of links to opt-out of data sharing for many large companies.

Password Security and Two-Factor Authentication

Duo – This authenticator will sync across all of your devices with a secure password. Your 2FA codes are kept encrypted. Whether you are otn Android, iPhone, PC, or Mac, you can quickly setup two-factor authentication and move to new devices.

An issue with some other apps is the inability to view your 2FA codes if you switch to a new device without properly exporting or migrating. If you lose your phone once with 2FA, you’ll know what an absolute horror this is to deal with.

BitWarden – Securely manage and organize your passwords all in once place. So why use a third party service instead of what’s built into your phone or computer, whether that is iCloud, Google, or Microsoft? Additional features, such as password sharing with family members, advanced organization, and some other enterprise features.

Additional Resources

This post is what I’ve determined to be a reasonable amount of privacy without going all out. As I researched and tested out practicality of taking back my privacy, I found out just how deep this rabbit hole is. If you want to take it a step further, these are some places to do some additional reading about online privacy.

PrivacyTools.io – Suggestions on services and tools which protect your privacy against global mass surveillance.

Prism Break – Privacy and security-oriented software recommendations. Free/Open Source Software only.

Freedom of the Press Foundation – Digital training and guides on various app uses and privacy.

Pin this!

Protecting your privacy online

Leave a Comment

 
Share to...