Three easy steps for online privacy


With so much going on – chemical warfare waged on innocents, the rollback of environmental measures intended to mitigate global warming, saber-rattling over North Korea – it’s interesting to see the attention paid to the congressional rollback of a Federal Communications Commission regulation. Apparently it has caused bipartisan outrage, with even Trump-supporting Redditors and Breitbart fans complaining about it. The FCC regulation, set to go into effect soon, would have prohibited the companies we pay to connect us to the internet from selling information about what we do there. With that regulation gone, ISPs can now do what Facebook and Google do: make money from scooping up data about what we’re doing with our phones and computers, selling our information to advertisers who hope to match their ads to our interests and habits.

Telecomm lobbyists and the FCC chair argued that Facebook and Google shouldn’t get all the goodies, but opponents say there’s a difference between free services that you don’t have to use and a service you pay for and must have if you’re to use a cell phone or the internet. Internet access is not a free service that requires ads for support, and in much of the country there’s little competition. We’re stuck with whatever our providers choose to do with our data. Apart from those lobbyists and the companies they represent, nobody is happy about this.

Every now and then an internet-related cause unleashes a tsunami of popular attention. A few years ago, the anger was directed at bills introduced into the house and senate that were ostensibly directed at piracy but were seen by many as an attack on online freedom. After massive protests that included major websites temporarily shutting down, the bills were withdrawn. This time, the bills moved faster, protests were smaller, and the opposition didn’t get support from Google and other tech companies that worry regulating privacy in any way might someday undermine their business model. So the privacy roll-back was quickly signed into law, and people are spooked.

Without regulation it’s up to individuals to take actions to protect their privacy, and while most Americans care about their privacy, they don’t take steps to strengthen their passwords, encrypt their communications, or avoid situations in which their online privacy is at risk. It’s partly not knowing what they can do and partly the inconvenience of changing daily habits. On top of that, whenever you turn to the internet for advice, what you get is scary and contradictory.

Here are three simple things I do.

Since I don’t want companies tracking my voyages around the internet, I use two browser extensions: Privacy Badger from the Electronic Frontier Foundation (which focuses on third-party trackers like the ubiquitous social media buttons that tell Facebook and Twitter where you are even when not logged into those services) and uBlock Origin (an open-source ad blocker for Firefox and Chrome). These extensions aren’t without issues. Sometimes, a page will not load properly, but it’s easy to turn off the blocker (or specific bits of code being blocked) if necessary. Some sites that rely on ad revenue recognize that you’re using a blocker and demand that you turn it off or become a subscriber. This usually makes me evaluate how badly I want to read that particular article. The trouble with ads is not the annoying visual clutter, it’s the tracking and the occasional malware that rides in on ads. Websites that depend entirely on privacy-gutting ad revenue should be thinking about alternative ways to sustain their business as more and more visitors adopt ad blockers.

Most of the time I use a search engine that doesn’t record my search history. DuckDuckGo is the best-known of these privacy-respecting search engines, but it lacks a feature I use a lot: the ability to limit search results by date. I use StartPage, a Dutch project that uses Google’s search engine but doesn’t store information about your location and search history. Sometimes it pays to search Google directly – I’ve missed some local information occasionally in Startpage search – but on the whole making StartPage my default search engine gives me the value of Google without providing the company a lifelong record of what I’ve been seeking online.

A third thing I’ve done is install a messaging system on my phone that is encrypted end-to-end. I’ve opted to use Signal, though WhatsApp also offers strong privacy. In a way, my use of this phone app is privacy theatre to fight security theatre. I don’t have reason to believe my texts are likely to interest anyone else, but I want to support people who have a higher threat level than I do. The more people take steps to preserve their privacy, the more being private will be the norm, not just some strange thing suspicious people do. It’s a bit of hassle in that the people you text also have to install the app, but it’s getting more popular by the day.

There are other things I do for privacy. I subscribe to a VPN, use virus and malware protection, make sure my programs and operating systems are updated with security patches, avoid attachments in emails unless I’m absolutely sure I know what it is, try to avoid websites that aren’t encrypted, use a password manager to generate hard-to-crack passwords, use a long passphrase on my phone, and have a two-key encrypted email account in case I ever need it (though so far I haven’t). None of these steps are particularly difficult to take, but given the widespread angst over privacy in recent days, I thought it was a good moment to pare down the list and share three easy ways to be a little more private online.

Wondering how your knowledge of cybersecurity stacks up? There’s a quiz for that.

Do you have privacy tips of your own? Feel free to share them in the comments.