Thoughts on Online Privacy & Security
Last update: 2023-09-19
I've been a software maker for almost twenty years. Sometimes people ask me how to stay safe online, not get tracked by cookies, and so on. Below, I share a jumble of privacy and security skills I have picked up over that time. Some of them are easy to implement, but unfortunately rare, like picking long passwords. Others are practiced by those "in the know" but often not shared with the general public.
Well...maybe now you are in the know also.
There are three main sub-articles:
- Privacy and Security are not the same
- Methods for maintaining privacy online
- Methods for maintaining security online
Privacy and Security are not the same
The most important point to make up front is that privacy and security are not the same thing. The reason they are mentioned together so often is that they are related, but that's it. It's important not to think that if something is secure, it is also private, or that if something is private, it is also secure. You can have one, the other, or both. This can be hard to grasp because most of the obvious things you want to keep private are also things you want to keep secure. Your wallet, your medical history, or illicit photos of your significant other are some examples. But there are plenty of cases where things are only private or only secure.
Some examples
For example, someone may not care much about the privacy of where they bank or how much money is there. Actually, a lot of people are quite open about things like that. That can be public information as long as the bank itself can actually be trusted to hold the money in a vault with guards in front of it. This is security without privacy. A related example is a checking account number. It is written on the bottom of every check and freely passed around "in the clear." However, withdrawing funds from the same account requires you to have secure access.
The reverse can also be true. Deliveries to your house are often private but not secure. Anyone can take mail or packages from your mailbox or front porch (and they often do) but at least the contents of these packages are generally inside an envelope or a box. You probably don't send all letters as postcards. You expect some level of privacy, but no level of security.
The same is true online. For example, even if every tweet you write is public, you still expect that access to your account is secured such that only you can tweet from it.
So security and privacy are different. If you want something to be both secure and private, you have to both secure that something and also privatize that something. But there are cases where you only want one or the other.
The web is fundamentally open
The next important observation is that the world wide web is fundamentally open. It is neither secure nor private. Before you get angry about that, just remember it was purposefully designed that way. The original tag line of the world wide web was the "information superhighway." The point of the whole exercise was to share as much information as possible, as openly as possible. Early pioneers of the web envisioned it as completely shared and editable by all, which is why the first web browser (WorldWideWeb) was both an editor and viewer. In addition, insecure http was how most web sites were served until very recently when browsers enacted policies to force web site owners to buy TLS certificates and serve their sites over https. This decision is one of those "bad actors f'ed it up for the rest of us" decisions, because many sites online—like this one, actually—have absolutely no need for TLS.
The open-by-default nature of the web is often surprising and upsetting to people, even people who surf the web or use a smartphone every day. Never fear, though. It is possible to be both private and secure online. There are steps you can take to maintain your privacy and security. Below are a few simple methods for enabling privacy and security protections while you engage in what are considered "normal" online activities.
But before we cover those, let's make one more important observation. If you are someone particularly concerned with privacy and security, then the world wide web may not be the place where you want to conduct certain activities at all. It can be more secure and private to conduct activities offline. By doing so, you will obviate any online privacy and security concerns. Just remember that the world is so connected to the web today that even some activities in the real world end up online. Just ask all the people who find themselves in Google Maps' "street view" or learn that by purchasing lunch with a credit card they are now regaled with junk email.
Methods for maintaining privacy online
Use privacy-centered products to access the web
Your operating system, web browser, or search engine might all be privacy concerns. Why not try using a live CD / USB operating system like Knoppix or Tails?
If you don't feel the need to take such precautions, simply switch your browser to Brave or Firefox instead? And while you're at it, why not try a search with DuckDuckGo instead of that other search engine that rhymes with Ooogle?
Use a standalone email address
Almost all web sites rely on the idea of an "account" which is tied to an email address. Online privacy in 2022 is such a huge concern that even large mail providers are introducing email masking or temporary email address features. One longstanding standalone service for temporary email addresses is Guerrilla Mail. By using a temporary email address, it possibly cannot be traced back to you, and thus helps a given account remain more anonymous.
A similar idea is Apple's more-recently-introduced Hide my Email product for iCloud subscribers.
It may seem that the point of a standalone or temporary email address is to remain anonymous, but this is usually not the case. You would have to be extremely cautious in other ways in order to remain anonymous. The true protection that such an email address affords you is that if you, for example, used your personal email (say, "john.doe@gmail.com") for Target.com, and you use it with a particular password (say, "password" for the sake of example), then it is likely you re-use this combination everywhere. (Perhaps even for logging into gmail?) So by simply cracking Target's database, a bad actor can now log in as you to many places online. One nice thing about one-off / per-account email addresses is that it subverts this possibility. But, you should practice the password recommendations given later in this article which are even more helpful toward this end.
Use plus-addressing (also known as subaddressing)
A related idea is plus addressing / subaddressing which allows you to use a unique email address for each account while still using your primary email. Confused? Let me explain. Generally, this takes the form of your email address, the plus symbol, and some specific tag to uniquely identify the email address. For example, let's say your email address is mail@example.org. You might create a YouTube account using the email mail+youtube@example.org. Mail sent to this address will still land in your inbox, but when you are careful to use such an address for only a single online account, you have many more options for protecting yourself in the case of a breach.
The advantage is that if YouTube is not responsible with your data—let's say they sell it to spammers—then you're able to easily identify that this has happened and take an action in response. As soon as you start to notice a lot of Nigerian "princes" who need to quickly get their money out of the country, and all their emails are addressed to mail+youtube@example.org, you know what has occurred. In response, you can make a new email address, perhaps mail+yt@example.org, and change your YouTube account over to it, meanwhile blocking any email directed toward mail+youtube@example.org.
One other nice thing about plus-addressing is that many mail providers have started to build useful features around it. For example, FastMail users will find that each email they receive which is addressed to a plus address will automatically sort itself into a folder, provided that the folder has the same name as the "tag" part of the address (the part after the "+" and before the "@").
Use end-to-end encryption
If you have to message with others online, use something like Signal, which is encrypted end-to-end.
Protonmail is an email option. As long as you only email with other Protonmail addresses, the communication is encrypted end-to-end.
With some effort, you can even learn encryption technologies like PGP to provide over-the-top encryption using unsecured channels.
Don't enter your real name, phone number, email, or address unless you understand the risks
It doesn't matter if you take all of the abovementioned steps and still enter your real name, address, phone number, or email into the sites you visit. Companies use that data to connect all your online activity into a profile about you. If you don't believe me, try logging into any of your Google accounts and then visit this dashboard.
So when it comes time to place an order, conduct a financial transaction, or anything else online, know the terms of service you are agreeing to and consider how the other party will sell or use your data. Act accordingly.
The privacy-minded individual can still engage in online ordering, while protecting their address, for example, if they use a PO box or a package-forwarding service.
Be careful what search engine you choose
Google is the largest advertising machine in recorded history. You could consider using a privacy-minded alternative. A popular one is DuckDuckGo.
Methods for Addressing online security concerns
The following steps should allow you to secure your online accounts.
Use a unique password for each account
Plan for each account to be compromised. Statistically, it will happen to one or more of your accounts, you just don't know when or which account. Therefore, use a unique password for each account so that once someone cracks it, they can't use the same password to then log into and take over other accounts. If an account gets compromised, you want the damage to be limited in place.
The only way to make a unique password for each account practical is to use a password manager like KeePass or its variants. Many people are happy with a cloud service like BitWarden instead. LastPass is a popular option but it is mistrusted by those in the know. Still, if you have to use LastPass, it is better than what most people do, which is to use the same easily-guessable password for everything from their bank account to their email to their Netflix account. Don't be like them. Be smart, and use a unique, strong, non-guessable password for each account. Read on to find out how.
Use strong passwords
When you generate a unique password, make sure it is also strong. What is a strong password? Research shows that the longer a password is, the better. A password doesn't actually derive much extra strength from using additional components like mixed capitalization, numbers, and symbols. One of the best ways you can generate strong passwords is through the diceware technique.
But don't forget to take the step of a unique password for each account also.
Split up online accounts among email accounts
Let's say you are using a unique email account for each online account, through the use of "plus-addressing" as mentioned above. You still may want to consider obtaining some additional email addresses and splitting up your online accounts among them. This would be a security step geared towards the possibility of the email address itself getting compromised. If someone gains access to your email, they can reset all passwords of all accounts connected to it and gain control over things like your bank accounts and credit cards. Why put all your eggs in one basket?
So as an added step to the above, you can consider taking the step of separating accounts among multiple email addresses. This is not true security, but it could help to limit the damage of someone compromising a single one of those email accounts, as they can then only use that email address to gain control of the now-limited number of accounts connected to it.
I consider large public sites like Reddit and YouTube their own specific threat. One thing to consider about data breaches is that they usually include both the email account and the password being used. That email account / password combination then gets resold on the dark web, and can then become a target of crackers who crack that email account and can gain access to data they can use for identity theft or for cracking further accounts. It may therefore be wise to use an email account on potentially-breachable sites like YouTube or Reddit that is unconnected to any further data. It may be wise, for example, to never use the email address you use for all financial-related online accounts (like your bank, credit card, loans, budgeting software, etc.) for one of these other sites.
Should you use a VPN?
Recently it has become popular to use a VPN service like the heavily-marketed NordVPN. (I am purposefully not linking to them nor endorsing them.) The major problem with using a VPN is that although it is true that a VPN tunnels your online traffic across the web, making it impossible for others to observe it while in transit, most people still freely share a lot of personal information this way, and this at least partly neutralizes any benefit of a VPN. A VPN can be "an extra measure of privacy" for the privacy-minded individual, but not for the averag person who continues to volunteer their data all over the web, albeit across VPN.
I personally do not use a VPN for this reason. I instead practice at least all of the other things listed above here. But your mileage may vary.
Should you use Tor?
The same comments I made above for VPN apply to Tor. There's no point in using it if you are still going to behave like most web surfers.
Should you enable the location (GPS) feature on your smartphone?
Location sharing via GPS tracking of your smartphone has become popular and is used for all kinds of valid use cases, such as letting family members know where you are or for recording the route you run or cycle. But it also has some danger. For example, it was recently discovered that the popular cycling app "Strava," which is used by cyclists to record the fastest times on known public routes, in a sort of ongoing public competition, was also being used by bike thieves. They would simply look up the start and end point of the most common rides by the fastest riders, and (correctly) assume that they must live somewhere nearby. They would then show up to such locations, quietly follow that person home and mark where they live. Later, they would break in and take their expensive $10,000+ bikes.
Location sharing has its downsides and this is one of them. In the early days of Twitter, people found that if they would tweet pictures of themselves while on vacation, thieves would note that they were away and go break into their house. The same principle applies. So be very careful how you use location on your phone. The way I use it is to keep it off, use it for finding directions to places I don't know how to drive to, and then turn it off again right afterward.
Closing Remarks
Above are some ideas for beginning to think about protecting your online privacy and securing your financial and other assets. If you are interested in this topic, check out some books like "The Age of Surveillance Capitalism" by Shoshana Zuboff. The Electronic Frontier Foundation is a non-profit that publishes some interesting and helpful resources also. Even the UCLA has some helpful things to say about online rights like privacy rights upon occasion. Use these resources and good luck!