Online privacy is a concept that is interpreted in a variety of ways — each of which carry their own level of importance. For some, the point of online privacy is:
- Online safety: You don’t want a stalker to know where you are or to get your personal information.
- Cyber security: Your personal data could be used to steal your identity.
- Personal space and being exploited by marketers: Knowing that marketers are figuring out how to manipulate you into buying things you don’t need is uncomfortable. Looking for something very personal via search engine and seeing it turn up on another website is not the kind of experience people are looking for. Also, it’s not just products that are marketed via advertising — propaganda is too.
Why Do You Need Privacy?
Some people believe that privacy is for criminals and that it is a dying concept. This isn’t true. Virtually anything that you can use to protect yourself can be used by a criminal to protect themselves too. Also, the fact is: If you aren’t private online, then you’re not safe.
A lack of privacy results in stolen data, and that data may contain bits and pieces of information that identity thieves could use. That data may also contain login credentials you shared, addresses, phone numbers, financial details, medical information, intellectual property (IP), location data to stalk you, and much more.
Let’s look at encryption
You can use encryption to not only protect your privacy, but to protect your backup 2FA codes, login credentials, credit or debit card numbers, copies of your ID, and the list goes on. You also rely on it to prevent criminals from intercepting credentials, location data (stalking risk), bank passwords, debit card numbers, among other things via your Wi-Fi or 4G/5G connections while you’re logging in somewhere or submitting forms.
Criminals on the other hand can use encryption to hide the discussion of illicit activities from governments. Some seize on this and say that it is why people don’t deserve privacy. This is wrong because you can’t compromise everyone’s safety and security, especially considering the millions of cases of identity theft and credit card fraud occurring every year.
A reduction in privacy would help to facilitate criminal activity. It is data that many criminals want (especially identity thieves and stalkers). Whether or not you think you do, you do have something to hide because it is basic details that criminals and identity thieves collect, which may be found in your email or on your computer/phone.
You can and should encrypt your hard drive (I wrote an article explaining how to encrypt drives) as you will have to store backup 2FA codes, seeds for your Google Authenticator and similar 2FA products, strong passwords you generate, cryptographic keys, and more.
Hard drive encryption is also essential if you are working with or storing intellectual property or other sensitive information from the company you work for. Apps and websites also cache data you remotely work with on your computer too.
If you erase the contents of your hard drive by formatting or deletion, everything is still there. Formatting just deletes the partition structure and file descriptors, as shown in my data recovery guide that explains how to scrape almost anything off a formatted drive. This is why hard drive encryption is essential now. There are 2FA codes and keys that have to be stored.
Some Information Targeted By Identity Thieves (not a complete list)
- The company you work for.
- Address (also a major privacy risk, not just a security one).
- The name of your bank.
- E-mail address (can be used to access almost everything you use online).
- Phone number.
- Home town.
- Your mothers maiden name.
- PINs.
- ID numbers for your passport, driver’s license, etc.
- Date of birth.
- Social security number.
- Physical mail from utility companies or other providers that contains any of the details above.
Many people send at least some of these details to relatives online or add them to their social media accounts (the most likely ones are in bold). Much of the data above is also requested by the services you sign up for such as games, financial services, social media websites, ancestry/lineage research websites, among many others.
Further Reading
Consumer reports identity theft statistics.
FTC’s annual summary of consumer fraud complaints.
Privacy Basics: Stay Safe Online
The heading above covered what kind of data could be stolen from you and what it could be used to do to you. It also delved a little into how some of that data gets out onto the Internet. However, you can reduce these privacy risks by making several (mostly) minor changes to protect your privacy and avoid identity theft/fraud.
Create Strong Passwords
A strong password is one that is harder to crack and harder to guess. Cracking isn’t necessarily done by guessing. Sometimes passwords are ‘cracked’ using brute force attacks. That’s why a random number won’t cut it. To protect your privacy, you need a password containing a combination of letters (of varying cases), numbers and symbols and it shouldn’t be too short. Many websites require that passwords be equal to or longer than 8 characters. A strong password example is: ‘JPhl9zFitPb5tyyDwxCwWg‘.
Weak passwords such as 1234 or abcd are not applicable (to anything whatsoever). If you have such a password, please change it! Bots (automated computer programs) are going around and trying these passwords (among others) on various websites and apps, so avoid passwords that are the name of your favourite celebrity, game or anything along those lines.
Be Wary Of Password Cracking Attempts
If you weren’t trying to login but receive an e-mail about a login attempt or receive a 2FA code via SMS, then someone may have guessed your password (for the latter, your password was definitely guessed/cracked). Always review login attempts to see if they came from your location and if you tried to login at that time.
Reusing Passwords Across Multiple Websites And Apps
Bots and thieves sometimes steal login credentials from one website (due to leaks) and then try them on other popular websites to see if they can break into users’ accounts. You should avoid using the same password on multiple websites to stay safe online. I understand that it is challenging to maintain multiple passwords, but if I can do it — so can you!
Set some time aside to plan out your password creation and update process, and to memorize your new passwords. Recite them many times! There are also tools such as password managers that can help you to generate and store passwords securely. An alternative is to use a good password manager such as Bitwarden or Proton Pass to generate unique passwords for each service you access and then store those passwords for you.
Sharing Accounts Degrades Privacy And Security
Imagine if you created a strong password and encrypted anything, then you handed access to your YouTube over to a friend. Let’s also say that your friend leaves it logged in on their PC or TV setup. Things could get out of hand very quickly. Once you’re logged into YouTube (via the website), someone with access to that browser can:
- Access your Gmail.
- Your activity history (a log of your online activity).
- View all the YouTube videos you watched or liked.
- Access your other Google services. The ‘One account. All of Google’ slogan means exactly what you think it does, and it is an increasingly common (and convenient) concept being used across many of the popular services out there.
The above privacy risks are also dangerous because of stalking and fraudsters whom may want to use your account to buy things or post things online under your name.
Using A Secure Browser Helps Protect Your Privacy
Nearly everything you do online passes through your browser (provided it is websites or browser extensions), and this not only makes your browser a target for hackers and malware — the browser itself may track you.
In a web browser, you will want privacy-enhancing features such as script blocking, tracker blocking, ad blocking, and fingerprinting protection to name a few. Browsers offering that combination of features include:
- Brave Browser (also has a built-in Tor window).
- Firefox (newer versions).
- Opera.
Wi-Fi Privacy: Staying Safe on Wi-Fi
Your phone or tablet’s Wi-Fi transmitter broadcasts your data until it reaches your router. The router broadcasts what you’re downloading too. The transmissions pass through your walls and are therefore accessible outside.
This is one of the reasons you need to enable encryption on your Wi-Fi router and set a password (someone might use your Wi-Fi for illicit activity). It’s also worth noting that your Wi-Fi signal may reveal your location inside your home.
Mobile Phone Privacy: Phones Are Where The Worst Privacy Violations Occur
The privacy level of your phone is dependent on the device’s operating system, manufacturer, the apps installed, and last but not least — your settings. We’re living in a time where many apps force you to accept their data collection policies. This is why laws requiring the ability to opt out of data collection are being passed in some countries. This was considered an unacceptable privacy risk in the early days of the Internet!
Considering all that, you still have options to substantially improve your privacy (and security, which goes hand-in-hand with privacy) on your mobile phone. Ensure that encryption is enabled on your phone, as your phone stores far too much sensitive information (regardless of what you do on it). For example, most peoples’ phones contain the following information or provide access to:
- Location history (where you’ve been going).
- Financial services/payment details in chats, financial apps, browsers that are set to remember your passwords. For example, the respective ‘x Pay’ service on your phone.
- Conversations (chat history).
- Your e-mails and access to your e-mail account (massive security risk).
- Social media accounts/activity.
- Your photos.
- Notes.
I also wrote an article about crucial security features you should enable on your Android phone.
Protecting Your Location Data: Hide Your Location From Prying Eyes
Hiding your location from invasive apps requires a few steps if you want to ensure it is properly hidden. Your first step would be to identify the ways in which apps and providers obtain your location(s), some of which include:
- GPS (this is a chip in your phone that tracks your location and provides it to apps that are granted the location permission).
- Your cellular provider.
- ISP or the ISP of whichever Wi-Fi network you’re connected to (your IP address and ISP location are the problems here).
- Bluetooth (because of Bluetooth beacons).
Turn Off Location Services
If you aren’t using apps or features that depend on location services, then just turn off location services on your phone altogether. Otherwise go into Settings > Apps > App Name > Permissions in Android to find the permissions of each app and revoke the location permission for apps that don’t need it. If you turn off location services, that only bars access to your GPS location. It won’t hide your country or IP address, which requires additional steps (which i’ll discuss below)
Use A Good VPN: VPNs Can Enhance Privacy
Finding a VPN is unfortunately not the most trivial task. However, I would avoid the free VPNs as they have to fund their operations somehow (and may do so by tracking you/selling your data). A VPN can help hide your location by obscuring your IP address with one from another location, which is why an IP address lookup won’t reveal your country or city (just the VPN’s server address). Just remember that a malicious VPN provider is a major privacy risk and can do more harm than good.
I won’t personally recommend any VPNs, but there are several popular VPN services out there to research, such as:
- NordVPN (parent company: Tefincom S.A.). Allows direct download of the APK if you don’t have Google Play.
- Proton VPN. Allows direct download of the APK if you don’t have Google Play.
- IVPN. Allows direct download of the APK if you don’t have Google Play.
- Private Internet Access (PIA) (parent company: London Trust Media). Allows download of the APK directly if you don’t have Google Play.
- Mullvad. Allows direct download of the APK if you don’t have Google Play.
- ExpressVPN.
- TunnelBear (parent company: Mcafee, which is owned by TPG Capital and Intel).
App Stores Restricting VPN Features
If you’re using a VPN which has ad, tracker, and malware blocking on your PC, but it fails to block those things on your mobile phone — it could be due to app store restrictions forcing the VPN provider to remove the ad blocker.
One example of this is Mace (a feature in the PIA VPN). If there is no PIA Mace option on Android, you can download the APK directly from PIA’s website and then the Mace option will show up. In general, I recommend downloading the APK directly from the provider (ensure its their website first!) to avoid this kind of issue.
Invasive Apps: Remove Invasive Apps And Uproot Your Privacy Problem
When you find that an app demands several permissions that it doesn’t need and won’t let you use it without them (for example your photos, microphone, location, and it doesn’t even have any features that utilize that), the appropriate remedy for that is to remove the app from your phone. Search for alternatives that respect your privacy.
I also recommend looking over the privacy policy of apps, as they often reveal blatant invasions of privacy. This is the case for many of the most popular apps out there. If you aren’t happy with the privacy policy of an app, uninstall it.
Install Apps That Offer More Privacy
The greatest invaders of privacy are usually (this is not a complete list):
- Social networks and social media apps.
- Web browsers.
- Dating apps.
- Chat/messaging apps (particularly those without end-to-end encryption).
- Financial services.
There are exceptions to all of the above, but they are the categories of apps that tend to collect more data than average. In the case of web browsers, it isn’t that they collect your data more aggressively — it’s just that more of your data passes through them. Web browsing is one of the most common online activities. That’s how many people access social media, e-mail, streaming sites, online financial services, among many other things.
The Effects Of Malware On Your Privacy
While invasive companies are a leading threat to your privacy, malware is a more insidious threat because it is often used to steal credentials and help facilitate identity theft. Some of the most important types of malware to watch out for (scan for them and avoid any website engaging in illegal or suspicious activity):
- Keyloggers: These are credential thieves. They steal passwords, card numbers by logging your key strokes.
- Spyware: This is a broader term than keyloggers because spyware may also take screenshots of what you’re doing and outright steal data from your device, track you, and gather any other form of information they might want from you.
- Fake apps that pretend to be popular social media or other websites: These apps may pretend to be Facebook or another popular website and get you to enter your Facebook password on a fake login form that looks identical to Facebook’s. They may then steal your account or the information in it.
Keep Your Chats Private: Private Messengers And Encrypted Chat Apps
There are several chat apps in existence, and we are now at a point where the most widely-used chat apps offer end-to-end encryption. Therefore you won’t have any trouble dropping those that don’t offer it! The most popular apps that claim to offer end-to-end encryption (I can’t verify if they have any hidden back doors, but please research them):
- Threema.
- Signal (requires phone number).
- Telegram (requires phone number).
- Session (does not require phone number nor any other personal info).
Even end-to-end encrypted messaging services tend to collect metadata, which may include account information such as contact info, your name, and sometimes other details. Of the services above, Session is the only one that doesn’t collect that information.
What’s the difference between end-to-end encryption and regular encryption?
Encryption is the process of making data unreadable. How it is implemented is what determines whether or not it is end-to-end encryption. End-to-end encryption ensures your messages are encrypted before they leave your phone, all the way to their ultimate destination (the recipient’s phone). This applies even as the messages pass through the servers relaying them. Messages are decrypted when they arrive on your phone so that you can read them.
Regular ‘encryption’, which is still widely used doesn’t protect your messages from being read by the server when it receives them. This also poses a security risk, as whoever has access to the server can decrypt users’ messages and steal sensitive information from them.
There are services that claimed to offer end-to-end encryption, but were found accessing users’ chats from their servers. True end-to-end encryption prevents the messenger provider and your ISP from reading your chats. If there is a back door, then it is not quite end-to-end encryption and provides a point of entry that hackers can exploit.
Aside from ensuring everything is encrypted, the other most important reason for end-to-end encryption is to avoid storing keys on the server. Servers are often highly centralized and attract criminals because everyone’s data is stored in one location they can break into. End-to-end encryption prevents this by ensuring that the means to decrypt your data are not present on the server at all.
Privacy Apps That Can Compromise Your Privacy
I mentioned above that a bad VPN can compromise you because it intercepts your transmissions, but there are various other apps designed to protect your privacy and security whom may compromise it. A rule of thumb is that app which scans your data or intercepts it in any way could theoretically steal it (if the app is designed to do so, of course). Here are a few of the many types of apps that could intercept or access your data:
- Antivirus apps.
- VPN apps (specifically the ones with back doors) .
- Network traffic analyzers.
- Anti-spyware apps.
- Browser extensions in general (including the ones advertised as privacy tools). Browser extensions can see everything you’re doing online.
I’m not discouraging the use of the apps above (especially not antivirus or VPN apps). However, you do need to do a great deal of research before you decide which ones to use. I highlighted browser extensions in red because of their incredibly high risk level for data theft.