With the impact of the NSA Prism spying scandal continuing to ripple throughout the world, more people are now aware of the lengths to which private information is being accessed and utilized online. Whether it’s the U.S. intelligence community or the third-party ad networks of Facebook (FB) and Google (GOOG), your private information is being accessed, analyzed and used by many organizations and in ways that are often hard to predict.
So what can you do to stop it? Is it really possible to hide your online tracks from spy agencies, data aggregators and advertisers?
The answer is - yes. By taking a few basic steps, the average person can protect their online privacy. Here’s what to do:
- A Better “Do Not Track.”One of the first steps many people will take to protect themselves online is to sign up for the Do Not Track feature, which is available on all of the major browsers like Safari, Chrome and Internet Explorer. The problem, however, is that it doesn’t really work. Do Not Track is a voluntary standard that many marketers simply don’t adhere to. A better move is to install the plugin DoNotTrackMe by Abine, which really does block most third-party ads and works with all the major browsers. You should also consider installing another plugin called Ghostery which displays right in the browser all of the cookies that are tracking you online.
- Change Your Search Engine.If you want to be clandestine on the web, you can’t use Google or Bing. These sites are gathering data from user searches and storing/sharing that information for third-parties. Go with a smaller, private browser instead - like StartPage or DuckDuckGo.
- DIY Email - There’s no such thing as privacy on a third-party email provider. Just accept that, and move on. Gmail, Yahoo Mail and Outlook (Hotmail) are data-mining the content of your emails and sharing at least metadata with third-party advertisers. Additionally, all of these email providers - as well as more privacy-minded ones like Hushmail - are also susceptible to government requests for access to their user data. A better way to limit access to your email is by hosting your very own mail server that is only accessible by you. This has limitations though, which are mentioned in the next point.
- Keep Calm and Encrypt - An absolute must for the privacy-minded is to encrypt your online communications - especially email. Remember, even if you host your own mail server, your mail is traveling across the Internet, through other people’s networks and eventually landing on another mail server (i.e., the recipient’s). Encrypting your email will give you some added protection. It isn’t hard to do and there are free services out there, like FreePGP and GPG.
- Secure Your Internet Traffic. You can’t just focus on your email or browser settings though--you have to think about all of your Internet traffic which is being sent through an Internet Service Provider (ISP) to another ISP, and through various corporate servers, etc. To protect this, you should do two things: first, use The Onion Router (TOR) to mask your IP address when you surf online or send messages and, secondly, use total encryption to hide the actual content of your data traffic - by using a virtual private network (VPN).
- Delete Your Stored Data. Go one step further by removing stored data about you from the Web. Data brokers collect a ton of information about individuals in the U.S. While you can try to remove yourself manually from these brokers, the most efficient way is to pay for a service that will do it for you, such as Abine or DeleteMe.
- Secure Your Phone. Don’t forget about your smartphone. For starters, you should always use a VPN on your phone. Also encrypt your text and picture messages - apps like Gliph can do this. Turn off your phone’s GPS and disable the geo-tagging setting on pictures taken from your phone (this setting forever embeds your location in the picture files you upload to websites). And, lastly, be careful downloading apps. There’s the risk of rogue apps which can steal your data, and even the legitimate apps usually ask for way more access to your personal data than they need.
- Social Network Settings. If you’re using a social network, you’ve already compromised some privacy. At the very least, make sure you have selected the highest level of privacy settings available, and consider what type of information you are sharing with your network. For somewhat better privacy, you can consider other smaller networks like SilentCircle, Path, Couple, etc.
When used separately, each of these tactics isn’t enough to protect your online privacy. However, when used together, as part of a comprehensive strategy, they can provide a high level of protection for an individual or business.
Michael Gregg, CISSP, CISA, CISM, is a nationally prominent ‘ethical hacker’ who provides cybersecurity services to Fortune 500s and US government agencies. He’s consulted for the Department of Defense, National Security Agency and FDIC, as well as local law enforcement agencies around the country. The author of over a dozen books on computer security, Gregg is also a well-known security trainer and speaker. Gregg is COO of Superior Solutions Inc., headquartered in Houston.