Take Back Control of Your Online Privacy

Take back control of your privacy.

When you use the internet, massive amounts of data are collected by the search engines you use and the websites you visit. Alone, this information may seem like an invasion of privacy, but the world of data brokerage is working tirelessly to aggregate all of this information into a single point so that even your unconscious habits can be analysed and used to advertise to you in the most effective way possible.

Data Brokers, such as Acxiom, is estimated to have over 1,500 pieces of information on over 700 million consumers in the U.S. alone. If a database full of your intimate personal information concerns you there is something you can do.

This guidance is designed to minimise the amount of data that is collected about you while you use the internet. Each section focuses on a specific set of controls that you can implement to protect your data at specific points in its life-cycle.

      For advice and guidance on how to protect yourself from common cyber attacks, please see my separate guide on Protecting Yourself from Cybercrime

      Connecting to The Internet

      Since 2001 the US and other major governments have been conducting a mass surveillance program on domestic communications. Organisations like Cambridge Analytica abused the data of 87 million people with the sole purpose of interfering in democratic elections in the US and the UK. 

      One of the best methods of mass surveillance is to tap your connection to view everything that you do over the Internet. Governments have long been collecting data directly from your Internet Service Provider. The data collected is meta data, like every website and IP address you visit, how many times you visited, when you visited and things you’ve downloaded.

      You’re not alone if you feel like this is a significant breach of your privacy. The abuse of a power like mass surveillance has long been theorised, most famously in George Orwells 1984. Luckily, there are steps you can take to regain your privacy.

      Due to the fact that your data is being collected at the network level, there are no browser settings or add-ons that can help you. The only way to stop network level tracking is to tunnel all of your Internet traffic, through your Internet Service Provider and out onto the Internet, where it can go freely to its intended location. This is called a Virtual Private Network, or a VPN. The diagram below shows how this prevents tracking by tunneling your traffic right through your ISP.

      vpn

      The premise of a VPN providing better privacy than your ISP relies on the VPN provider respecting your privacy and not collecting data on you. TorrentFreak conduct an annual in-depth audit of privacy-oriented VPN providers. Free VPN services may seem tempting, but every company needs to make money somehow, and they make money by selling your data. The thing you’re trying to avoid in the first place.

      Web Browsing

      Protecting yourself from data collection is not as simple as turning on Private Browsing. Incognito mode and other similar privacy tools build into browsers provide little to no protection from the websites you are connecting to, rather, they just don’t log your browsing data locally. This only helps if the person you are hiding the information from uses your computer.

      Do Not Track in Chrome or Firefox

      It’s not all bad news, in fact, most web browsers have some basic tools build in to help you combat the persistent efforts of data collectors. For those that will let you opt-out of data collection the Do Not Track (DNT) function in your web browser inserts a tag into your HTML header requesting that advertisers, social media and data miners do not track your activities across the web. Unfortunately, this is a very unreliable method as the tags can be ignored.

      Enabling DNT is a start on the path to better Internet privacy but merely requesting that websites do not track us is not enough. There must be a way to force them to stop tracking you. To find this we must first look at how they track you over the web. The two primary methods of tracking are cookies and browser fingerprinting.

      Block Third-Party Cookies in Chrome or Firefox

      When you visit a website, information specific to your visit can be deposited on your computer. This can include an identification number, preferences you have for viewing the website etc. When you leave the website, this cookie stays on your computer, waiting for you to connect back to the website so they can identify you from your earlier visit, even if you don’t log in. This can provide a lot of benefits, such as remembering what was in your shopping basket between visits to Amazon even when you’re not logged in. This seems like a fair and reasonable step for a website to take. The examples above fall into the category of First-Party Cookies, cookies served directly from the website. The serious breach of privacy typically comes from Third-Party Cookies or Tracking Cookies. As the name suggests these cookies are sent by sites different from the one you chose to visit. For example, https://www.bbc.co.uk serves third-party cookies from Google, Facebook, Twitter and data mining companies. The full bbc.co.uk domain serves over 10,000 cookies, with only 300 being from the BBC themselves.

      Even when blocking third-party cookies, the website you are visiting can silently direct your browser to a third-party web server to fetch content; this content can be legitimate or purely for tracking purposes.

      Get uBlock for Chrome or Firefox

      Cookies aren’t the only way for corporations to track you. Social media giants, advertisers, and organisations with more nefarious purposes utilise an array of tracking methods against you.Websites can track queries, site visits, clicks, the time you’re on a page, mouse movement, comments and social media interactions with site. Its difficult to block all of this data collection, but there are tools that allow you to block all of the third-parties that collect your data.

      Using a browser add-on that blocks connections to third-parties and known trackers can significantly limit the amount of data websites collect about you and your habits.

      Get Disconnect for Chrome or Firefox

      Although they may no longer have a cookie or third-party data collector to tell them your identity, but if you have visited the site before they will have taken a fingerprint of your browser and tied it to the data they already hold about you.

      Fingerprinting is a method of creating a unique identifier based on the configuration of your hardware and software. It may not seem obvious but with the vast variations in configuration of each browser and computer, websites can make accurate fingerprints of each visitor.

      The best way to protect against fingerprinting is by reducing the variations of you browser. The best way you can do this is to disable Javascript (I talked about how to do this with No-Scipt in this article). If that’s too much inconvenience for you, another excellent method of reducing variations in your browser is to use private browsing mode. This enables a standard configuration with no plugins. Ideally, both of these methods are used together.

      To see how your browser holds up against the latest fingerprinting methods, take the Browser fingerprinting test by the Electronic Frontier Foundation.

      Social Media

      Social media and privacy may seem like contradictory terms. Over 97% of Americans were found to have not trusted social media platforms in protecting their personal information. There are some simple steps you can follow to take back control of your privacy.

      Obviously the best way to protect your privacy from social media giants is not to register for them in the first place. But that is not very practical advice.

      Using a false or altered identity when signing up to social media is a fantastic way to still reap the benefits of social media without giving away your privacy. Use a slightly altered name, a false date of birth and never enter your address. Don’t use your real email address. If you don’t want the hassle of another email account, you can append a + to your current email address for signups to different websites (in Gmail). For example, your email address could be [email protected], for signing up to Twitter you could use [email protected] and all emails will be forwarded to your normal inbox. This also allows you to see if Twitter is selling your email address to other companies.

      Finally, social media companies have implemented a range of opt-out features. You can toggle Personalised Advertising, Tracking and other data collection off for all social media websites.

      By following this guidance you will drastically reduce the amount of data you give out when using the Internet. Be conscious if a website really needs to know your real personal details. If they don’t, the best thing you can do is use a false identity. Using the range of tools and techniques we looked at in this article will handle the rest.

      For advice and guidance on how to protect yourself from common cyber attacks, please see my separate guide on Protecting Yourself from Cybercrime