Eight Ways to Protect Your Privacy Online
Content
Eight ways to protect your privacy online
There are some ways you can take to protect your privacy in this climate of mass surveillance – and here we offer eight. Nothing, however, beats collective action and a bill of digital rights Jon Lawrence and Sean Rintel theguardian.com, Tuesday 3 December 2013 01.23 GMT Jump to comments (60) Step one: Use a password manager. Photograph: Lasse Kristensen/Alamy The current climate of mass surveillance has led many people to ask if there are ways to protect their privacy online. There are, and Electronic Frontiers Australia recommends the following steps to minimise your individual online security risks. Bear in mind two points. First, much of the information available from our near-ubiquitous Internet access is easily accessible not just to intelligence agencies, but also to online service providers, their advertisers, people who might want to steal your identity, and, increasingly, anyone with reasonable technical skill. Second, a significant amount of online security risk is social, not technical. Easily guessed passwords used across a number of services and so-called "social engineering", in which a victim is tricked into providing login and/or identity information. For both issues, make security a conscious choice. 1. Use a password manager A password manager makes it easy to have a unique password for every site and ensures that if one service is hacked, other services will not be vulnerable. Some are free, many are low cost, and they are available for all platforms, including mobile. 2. Disable GPS and Wi-Fi on your mobile device until you need them GPS: Your mobile provider is able to identify your approximate location using cell towers. If you have a smart device with GPS enabled, much more precise location information is available to a whole range of entities, including your platform provider and app developers. Wi-Fi: Wi-Fi broadcasts detailed information about your device, the apps on it, your location, and Internet usage. Disabling Wi-Fi except when you are using it will prevent promiscuous broadcast of personal information. Power management apps will help you avoid having to remember by turning Wi-Fi off whenever the screen is dark, which will also maximise your battery life. 3. Read the access privileges for apps carefully, and make good choices In the digital world if a service is free then you are the product. Many free services and apps collect detailed information about you that allows them to sell highly-target advertising. Next time you download a "free" app, check the
information it is asking to access, and decide if this app really deserves those privileges. 4. Guard your date of birth and telephone number Never display your full date of birth. It is a key piece of information that many providers use for verification. The same goes for telephone numbers, especially if you lose your telephone and are trying to re-create your contact list. 5. Make yourself more difficult to find on social media Consider using a pseudonym on social media sites. You can also use unique email addresses for each website you join. Most online email providers allow you to do this by appending extra letters (eg "fb+") to your existing email address. This will make it difficult for strangers to search for you on social media sites and if you start receiving spam at that address, you’ll know exactly where the spammers found your address. 6. Keep your work and personal presences separate If you have a work email account, keep it for work only. Your employer has the right to access your work email account, so you really should keep your private emails separate. This will also save you the significant trouble involved in telling all your contacts and updating all your logins if/when you change employers. You might also consider creating multiple social media identities: work, very private, and "publicly" personal, with different names and different contact lists as much as possible. 7. Encrypt your connections Encryption is the process of encoding information so that it is only intelligible to those given access to read it. Many online services, such as Facebook, Twitter and Gmail, now offer encrypted connections. Ensure that your browser uses an encrypted connection wherever it’s supported by installing the "HTTPS Everywhere" plug-in. Email is an inherently insecure communications medium, but there are options available for encryption, such as Pretty Good Privacy. Unfortunately, your email messages will only be encrypted if the people you are communicating with also use a compatible encryption service, so this limits its usefulness. 8. Collective action While these measures can provide you with some individual protections, the fact remains that the most powerful action is collaborative. Globally, we should demand that all countries focus efforts on implementing the International Principles on the Application of Human Rights to Communications Surveillance. These are 13 principles that set out for the first time an evaluative framework for assessing surveillance practices in the context of international human rights obligations.
1. Be careful with password managers. After all, you are still trusting 3rd party software with your passwords. be especially wary of online connected password managers as you have no idea how they are behaving. 2. That is good advice for privacy and battery life. 3. That should be common sense. You would be amazed how many apps require access that should not be needed for the function of the app. 4. Again, common sense, considering these details are often used for password change verification and/or two factor authentication. 5. Nothing really to say there. 6. Can't argue with that. Work and personal should always be separate, even with email accounts. Never use your work email to sign up to online services. 7. Good advice but be careful what encryption service/protocol you use. Some of the commercial ones have been compromised by governments and criminal organisations. 8. Collaboration is crucial. If you come across a service that has been badly compromised, don't keep it to yourself. Share the info with your family and friends. I would also like to add a 9th point. When signing up to any online service always read the ToS and privacy policy and if you don't like a clause, don't sign up. Actually, I have another point. If you want to sign up for a secure mail account, VPN, cloud service etc pay attention to where it is hosted. If a service is hosted in the US, it really doesn't matter how secure it is as it must comply with US laws (FISA, Patriot Act etc). Always look into the privacy laws of the country a service is hosted in.
There are some ways you can take to protect your privacy in this climate of mass surveillance – and here we offer eight. Nothing, however, beats collective action and a bill of digital rights Jon Lawrence and Sean Rintel theguardian.com, Tuesday 3 December 2013 01.23 GMT Jump to comments (60) Step one: Use a password manager. Photograph: Lasse Kristensen/Alamy The current climate of mass surveillance has led many people to ask if there are ways to protect their privacy online. There are, and Electronic Frontiers Australia recommends the following steps to minimise your individual online security risks. Bear in mind two points. First, much of the information available from our near-ubiquitous Internet access is easily accessible not just to intelligence agencies, but also to online service providers, their advertisers, people who might want to steal your identity, and, increasingly, anyone with reasonable technical skill. Second, a significant amount of online security risk is social, not technical. Easily guessed passwords used across a number of services and so-called "social engineering", in which a victim is tricked into providing login and/or identity information. For both issues, make security a conscious choice. 1. Use a password manager A password manager makes it easy to have a unique password for every site and ensures that if one service is hacked, other services will not be vulnerable. Some are free, many are low cost, and they are available for all platforms, including mobile. 2. Disable GPS and Wi-Fi on your mobile device until you need them GPS: Your mobile provider is able to identify your approximate location using cell towers. If you have a smart device with GPS enabled, much more precise location information is available to a whole range of entities, including your platform provider and app developers. Wi-Fi: Wi-Fi broadcasts detailed information about your device, the apps on it, your location, and Internet usage. Disabling Wi-Fi except when you are using it will prevent promiscuous broadcast of personal information. Power management apps will help you avoid having to remember by turning Wi-Fi off whenever the screen is dark, which will also maximise your battery life. 3. Read the access privileges for apps carefully, and make good choices In the digital world if a service is free then you are the product. Many free services and apps collect detailed information about you that allows them to sell highly-target advertising. Next time you download a "free" app, check the
information it is asking to access, and decide if this app really deserves those privileges. 4. Guard your date of birth and telephone number Never display your full date of birth. It is a key piece of information that many providers use for verification. The same goes for telephone numbers, especially if you lose your telephone and are trying to re-create your contact list. 5. Make yourself more difficult to find on social media Consider using a pseudonym on social media sites. You can also use unique email addresses for each website you join. Most online email providers allow you to do this by appending extra letters (eg "fb+") to your existing email address. This will make it difficult for strangers to search for you on social media sites and if you start receiving spam at that address, you’ll know exactly where the spammers found your address. 6. Keep your work and personal presences separate If you have a work email account, keep it for work only. Your employer has the right to access your work email account, so you really should keep your private emails separate. This will also save you the significant trouble involved in telling all your contacts and updating all your logins if/when you change employers. You might also consider creating multiple social media identities: work, very private, and "publicly" personal, with different names and different contact lists as much as possible. 7. Encrypt your connections Encryption is the process of encoding information so that it is only intelligible to those given access to read it. Many online services, such as Facebook, Twitter and Gmail, now offer encrypted connections. Ensure that your browser uses an encrypted connection wherever it’s supported by installing the "HTTPS Everywhere" plug-in. Email is an inherently insecure communications medium, but there are options available for encryption, such as Pretty Good Privacy. Unfortunately, your email messages will only be encrypted if the people you are communicating with also use a compatible encryption service, so this limits its usefulness. 8. Collective action While these measures can provide you with some individual protections, the fact remains that the most powerful action is collaborative. Globally, we should demand that all countries focus efforts on implementing the International Principles on the Application of Human Rights to Communications Surveillance. These are 13 principles that set out for the first time an evaluative framework for assessing surveillance practices in the context of international human rights obligations.
1. Be careful with password managers. After all, you are still trusting 3rd party software with your passwords. be especially wary of online connected password managers as you have no idea how they are behaving. 2. That is good advice for privacy and battery life. 3. That should be common sense. You would be amazed how many apps require access that should not be needed for the function of the app. 4. Again, common sense, considering these details are often used for password change verification and/or two factor authentication. 5. Nothing really to say there. 6. Can't argue with that. Work and personal should always be separate, even with email accounts. Never use your work email to sign up to online services. 7. Good advice but be careful what encryption service/protocol you use. Some of the commercial ones have been compromised by governments and criminal organisations. 8. Collaboration is crucial. If you come across a service that has been badly compromised, don't keep it to yourself. Share the info with your family and friends. I would also like to add a 9th point. When signing up to any online service always read the ToS and privacy policy and if you don't like a clause, don't sign up. Actually, I have another point. If you want to sign up for a secure mail account, VPN, cloud service etc pay attention to where it is hosted. If a service is hosted in the US, it really doesn't matter how secure it is as it must comply with US laws (FISA, Patriot Act etc). Always look into the privacy laws of the country a service is hosted in.
