Worried about online privacy? Here are tips to avoid leaving tracks around the Internet
Digital privacy means different things to different people, whether it’s private messaging or third-party trackers. Here are a few ways to make you feel a bit more empowered or safer.
Google and Facebook collect information about us and then sell that data to advertisers. Websites deposit invisible “cookies” onto our computers and then record where we go online. Even our own government has been known to track us.
When it comes to digital privacy, it’s easy to feel hopeless. We’re mere mortals! We’re minuscule molecules in their machines! What power do we possibly have to fight back?
That was the question I once posed to my readers. Many responded with valuable but frequently repeated suggestions, such as using a programme that memorises your passwords, and making every password different; installing an ad blocker in your web browser; reading up on the latest Internet scams; and if you must use Facebook, visiting its Privacy Settings page and limiting its freedom to target ads to you.
What I sought, though, were non-obvious ideas.
It turns out that “digital privacy” means different things to different people.
“Everyone has different concerns,” wrote Jamie Winterton, a cybersecurity researcher at Arizona State University. “Are you worried about private messaging? Government surveillance? Third-party trackers on the web?” Addressing each of these concerns, she noted, requires different tools and techniques.
“The number one thing that people can do is to stop using Google,” wrote privacy consultant Bob Gellman. “If you use Gmail and use Google to search the web, Google know more about you than any other institution. And that goes double if you use other Google services like Google Maps, Waze, Google Docs, etc.”
Like many other readers, he recommended DuckDuckGo, a rival web search engine. Its search results often aren’t as useful as Google’s, but it’s advertised not to track you or your searches.
And if you don’t use Gmail for email, what should you use? “I am a huge advocate for paying for your email account,” wrote Russian journalist Yuri Litvinenko. “It’s not about turning off ads, but giving your email providers as little incentive to peek into your inbox as possible.” ProtonMail, for example, costs US$4 (S$5.50) a month and offers a host of privacy features, including anonymous sign-up and end-to-end encryption.
The ads you see online are based on the sites, searches, or and Facebook posts that get your interest. Some rebels therefore throw a wrench into the machinery – by demonstrating phony interests.
“Every once in a while, I Google something completely nutty just to mess with their algorithm,” wrote Shaun Breidbart. “You’d be surprised what sort of coupons CVS prints for me on the bottom of my receipt. They are clearly confused about both my age and my gender.”
It’s “akin to radio jamming,” noted Frank Paiano. “It does make for some interesting browsing, as ads for items we searched for follow us around like puppy dogs (including on The New York Times, by the way.)”
Barry Joseph uses a similar tactic when registering for an account on a new website. “I often switch my gender (I am a cisgender male), which delivers ads less relevant to me – although I must admit, the bra advertising can be distracting.”
He noted that there are side effects. “My friends occasionally get gendered notifications about me, such as ‘Wish her a happy birthday.’” But even that is a plus, leading to “interesting conversations about gender norms and expectations (so killing two birds with one digital stone here).”
AVOID UNNECESSARY WEB TRACKING
It’s perfectly legitimate, by the way, to enjoy seeing ads that align with your interests. You could argue that they’re actually more useful than irrelevant ones.
But millions of others are creeped out by the tracking that produces those targeted ads.
If you’re in that category, Winterton recommended Ghostery, a free plug-in for most web browsers that “blocks the trackers and lists them by category,” she wrote. “Some sites have an amazing number of trackers whose only purpose is to record your behavior (sometimes across multiple sites) and pitch better advertisements.”
BE CAREFUL ON PUBLIC WI-FI
Most public Wifi networks – in hotels, airports, coffee shops, and so on – are eavesdroppable, even if they require a password to connect. Nearby patrons, using their phones or laptops, can easily see everything you’re sending or receiving – email and website contents, for example – using free “sniffer” programmes.
You don’t have to worry about Social, WhatsApp and Apple’s iMessages, all of which encrypt your messages before they even leave your phone or laptop. Using websites whose addresses begin with “https” are also safe; they, too, encrypt their data before it’s sent to your browser (and vice versa).
(Caution: Even if the site’s address begins with “https”, the bad guys can still see which sites you visit. They just can’t see what you do there once you’re connected.)
The solution, as recommended by Lauren Taubman and others: A Virtual Private Network programme. These phone and computer apps encrypt everything you send or receive – and, as a bonus, mask your location.
“I don’t like Apple’s phones, their operating systems, or their looks,” wrote Aaron Soice, “but the one thing Apple gets right is valuing your data security. Purely in terms of data, Apple serves you; Google serves you to the sharks.”
Apple’s privacy website reveals many examples: You don’t sign into Apple Maps or Safari (Apple’s web browser), so your searches and trips aren’t linked to you. Safari’s “don’t track me” features are turned on as the factory setting. When you buy something with Apple Pay, Apple receives no information about the item, the store, or the price.
Apple can afford to tout these features, explained software developer Joel Potischman, because it’s a hardware company. “Its business model depends on us giving them our money. Google and Facebook make their money by selling our info to other people.”
DON’T ‘SIGN IN WITH FACEBOOK’
Potischman never registers with a new website using the “Sign in with Facebook” or “Sign in with Google” shortcut buttons. “They allow those companies to track you on other sites,” he wrote. Instead, he registers the long way, with an email address and password.
(And here’s Apple again: The “Sign in with Apple” button, new and not yet incorporated by many websites, is designed to offer the same one-click convenience – but with a promise not to track or profile you.)
IDENTITY THEFT, FROM A PRO
My call for submissions drew some tips from a surprising respondent: Frank Abagnale, the former teenage con artist who was the subject of the 2002 movie Catch Me If You Can.
After his prison time, he began working for the FBI, giving talks on scam protection, and writing books. He’s donating all earnings from his latest book, Scam Me If You Can, to the AARP, in support of its efforts to educate older Americans about internet rip-offs.
His advice: “You never want to tell Facebook where you were born and your date of birth. That’s 98 per cent of someone stealing your identity! And don’t use a straight-on photo of yourself – like a passport photo, driver’s license, graduation photo – that someone can use on a fake ID.”
Abagnale also noted that you should avoid sharing your personal data offline, too. “We give a lot of information away, not just on social media, but places we go where people automatically ask us all of these questions. ‘What magazines do you read?’ ‘What’s your job?’ ‘Do you earn between this and that amount of money?’”
Why answer if you don’t have to?
By David Pogue © 2019 The New York Times