Don't Expose Yourself: A Guide to Online Privacy

You wouldn't walk naked through Times Square. Stop being naked online.

Your laptop and that smartphone grafted to your hand are double agents. What you look at, where you go and even what you say can be used to paint a portrait of you leaving you as exposed as the day you were born. Much of Silicon Valley wants you to think the price of using the internet is letting them data-mine your life.

This is a beginner's guide to fighting back.

It starts with a golden rule: When the product is free, that means you are the product. Your privacy is the cost of a free social network, free tax prep or free photo storage.

Defending your privacy doesn't have to mean throwing away your phone, quitting Facebook or wearing a tin foil hat. It is about making informed choices on what you share with whom -- and blocking or lying when you feel they want too much.

Start by dedicating an hour to work through this checklist, following the links. Even if you only get through my Quick Fixes, and save my Deeper Dives for later, you will be less exposed.

1) Share Less

Why It Matters: Take a lesson from Kim Kardashian, who was robbed in Paris last year after posting her whereabouts on social media: The less you put out there, the fewer chances it might be used against you. Don't simply accept the defaults for sharing your information with people -- or advertisers.

Quick Fix: Besides posting less needlessly revealing information, you should locate Facebook and Google's "privacy checkup" tools. Facebook's lets you adjust post visibility, app activity (some of which you might want to delete) and basic personal details. Google's My Account checkup lets you manage what you share on YouTube and the Photos app, and whether Google saves your web activity, voice commands and locations.

Quick Fix: Most smartphones don't have simple privacy checkups. (Get on it, Apple and Android!) So do it yourself by deleting apps you no longer use, then looking through your phone's privacy settings. Some apps have unnecessary access to sensitive information such as contacts and location. Uber, for one, overreaches by asking to track your whereabouts at all times.

Deeper Dive: Opt out of as much "customized" advertising as possible. This won't necessarily stop tracking, but it will stop you from seeing some ads eerily targeted to websites and apps you have used. Google lets you turn off "ads personalization." Facebook by default tracks you away from its website, but you can turn that off. There also are advertising opt-outs for Apple Inc.'s devices and Amazon.com Inc. You can turn on a limited "don't track" capability in Firefox and Microsoft Edge sites.

2) Block Your Browser

Why It Matters: Web browsers not only download your favorite cat videos and tech columns, but also invisible trackers. (Trackers are common across many sites, including wsj.com.)

Quick Fix: Use a tracker-blocking browser plug in. They look inside the code on webpages for known tracking or snoopy behavior. These aren't necessarily about blocking ads, just stopping tracking you didn't consent to.

I use a free one for Chrome and Firefox called Privacy Badger, built by the nonprofit Electronic Frontier Foundation. If Privacy Badger breaks websites you use often (by blocking essential elements along with ad trackers), consider the free Disconnect.Me or Abine Blur, which mess up websites less frequently, but nudge you toward premium subscriptions.

3) Ask to Remove Data

Why It Matters: A privacy census like I described in last week's column might reveal there is already a lot of information about you on people-search, data-broker and social-media sites. The tricky part is, websites are often protected by the freedom of speech, so you have to ask to get your information taken down.

Quick Fix: Photos of you posted by Facebook friends are one of the social network's biggest privacy loopholes. But you have the power to remove your name from a photo posted by somebody else. Pull up the photo, tap the menu then "remove tag." Tap "I don't like this photo" to request it be taken down entirely.

Quick Fix: Opt out of people search and data brokers. Many, including FamilyTreeNow.com and Spokeo, will remove records if you ask. Just don't reveal more info than you have to when requesting data removal. ( Aboutthedata.com, from major data broker Acxiom, requires the last four digits of your Social Security number, but the company is legitimate.) And if any of these sites have incorrect data about you, don't correct it.

Deeper Dive: You can pay someone else to request removing your information from hundreds of sites. Subscription services include Abine's DeleteMe and the newer PrivacyMate. Your information can pop back up back as public documents are released, so you may not want to cancel your service after the initial scrub.

4) Use Pseudonyms

Why It Matters: Many sites and services don't actually need your real name, birth date or email address -- so don't give it to them.

Quick Fix: Security pros I know list their birthdays as Jan. 1. Make an email address or two you use just for junkie websites. Or make up a pseudonym, particularly if you want to comment on politics and don't want it traced back to your employer. (It worked for Alexander Hamilton.) Many parents also use code names for their children in social-media posts.

Deeper Dive: A paid service like Abine Blur obscures your identity further by making up stand-in email addresses, phone numbers and credit-card numbers for shopping and other websites. This makes it harder for data companies -- or hackers -- to track you across services.

5) Cloak Yourself

Why It Matters: Someone with access to your internet connection could spy on you.

Quick Fix: Your biggest risk is at a public Wi-Fi hot spot, like at the airport, where hackers might lurk. A virtual private network (VPN) encrypts and reroutes all your laptop or phone traffic, making it harder for snoops. Many employers provide VPNs, so start there. Be careful with VPNs marketed to consumers. You have to trust them to protect your data and fend off hackers. Security and privacy advocates I know like F-Secure Freedome, the pricey but easy-to-use VyprVPN by GoldenFrog and London Trust Media's Private Internet Access.

You may even want to use a VPN at home. The Federal Communications Commission raised ire recently by changing its rules to allow your internet service provider to track you and make money from the data, like Facebook. But I don't recommend using a VPN at home yet, because it can slow down your connection and may not play well with streaming services like Netflix.

Deeper Dive: Use an encrypted messaging program to keep companies, hackers and spies alike out of your communications. Facebook's WhatsApp, Apple Inc.'s Messages apps and Signal by Open Whisper Systems encrypt chats so not even their makers can read them. But they require users at both ends to be using the same software -- it doesn't work to just text anyone you want.

Write to Geoffrey A. Fowler at geoffrey.fowler@wsj.com

(END) Dow Jones Newswires

May 31, 2017 13:11 ET (17:11 GMT)