These are basic tips for the average person to increase their level of online privacy. There are more in-depth ways to “go dark” on the internet that will not be posted here. I don’t want to train people on how to be a better criminal and that level of security would require a more advanced level of experience than that of the average person I am targeting with this post. I welcome your tips in the comments.
Disclaimer: Don’t be committing crime and these suggestions should be enough to keep you safe online. If you are conspiring to do something that would attract a nation’s intelligence service, they may find a way to get your data no matter what apps you use. Always assume anything you do online can be viewed by someone with enough computing power. If you need to convey a message so sensitive that you would want no one other than the recipient to read or hear it, no electronic device is secure enough.
If you don’t want your email being scanned for advertisements by Google, Yahoo, Microsoft, and literally anyone else offering email services, check out Proton Mail. There are other ways to have encrypted email, but that requires a bit of skill. Here are some of the features.
- Proton Mail is encrypted by default and requires no skill.
- A free account has limitations, such as 500 megabytes of storage. This is fine if you are using it for mere text emails and not storing them long. The paid plans are not cheap, but may be worth it to you based on your needs.
- According to the company website, “ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws.” Though Switzerland may have decent privacy laws, it may not matter based on the following point.
- Even if someone did get a Swiss search warrant, it shouldn’t do any good as long as both parties were using ProtonMail. The website states, “We use end-to-end encryption and zero access encryption to secure emails. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.”
- You can use ProtonMail via a web browser, Android, or iOS.
Just remember there are limitations to encrypted email.
- The recipient needs to be using encrypted email that or their email server can be targeted for the conversation.
- The recipient can share your email with anyone.
- Both you and the recipient’s devices need to be secure to avoid any third party from snooping.
- Use a strong and unique password.
- Delete email after reading or when it is no longer needed.
Go to https://protonmail.com/ to create a free account and read more about it. While you are there, check out their VPN trial since it will be discussed below.
VPN (Virtual Private Network)
Let’s say you like to follow “QAnon” and other similar groups, but fear the new administration will get overly aggressive and conduct mass surveillance of anyone visiting these types of sites. Using a decent VPN service should be enough to keep you off a list of possible targets for investigation if this is all you are up to. If you start reaching out to people and saying this that would lead someone to believe you are planning something bad, there are always ways to get your information. It may take manual methods and a lot of effort, but it is possible.
Your internet service provider (ISP) can also see every website you visit and every unique URL. This information can be sold or provided to third parties (check your terms of service). Let’s say you or someone at your home thinks you are allowed to download a movie because it is right there on the internet. You may get a note from your ISP warning you that subsequent violations of someone’s copyrighted material could result in cancelling your internet service. Even worse, you could be sued by the company that owns the rights to the content that was downloaded. Some people also do not know any better and are using modified streaming boxes (the Amazon Fire Stick) to watch new movies for free. These movies are from sites that are illegally providing them and everyone that downloads them can be targets of lawsuits. Sorry to tell you, but streaming a movie and watching it is technically downloading and counts the same as if you downloaded it to store it on your device. I am not advocating using file sharing services but addressing it because people have received warnings and had no idea why (my kid, my roommate, etc.).
Though VPN has other uses, it can be used to protect your privacy and keep you anonymous on the internet. VPN technology encrypts the data from your computer, device, or even home router until it reaches the VPN server located somewhere else in the world. Your data then exits the VPN server to the internet. Your data is then technically visible to others on the internet, but your ISP will not know what websites your are visiting. Another benefit will be that the websites you visit will not know your true IP address, your ISP, or where you are located. This is because VPN servers are located in various areas around the world and most services allow you to choose the location of the VPN. You can choose a server close to you for better speeds or one far away, often with slower speeds because of the distance. I often use VPN servers in Los Angeles since they offer the best speeds for where I am located, but are still far enough away to hide my location.
Though I don’t always use VPN at home, I consider it essential for using internet outside my home. Do not trust the free internet provided by places like airports, coffee shops, etc. It does not matter if it is a wired connection or WiFi, but the latter is considered especially dangerous since it is easy to compromise WiFi. There are devices that can connect to open WiFi, fake the name, have everyone connect through the fake WiFi, and then pass it to the real internet connection. The person compromising the WiFi can snoop for data of interest and get between the users and the websites they visit. Criminals can then break secure connections to financial website and collect usernames and credentials. Wired connections can be dangerous as well and hotels have been popular with criminals. A lot of valuable data can be collected from guests, especially in places like Washington DC.
The basic rules for VPN is to use it when you don’t want your ISP to see what you are doing, when you do not want to reveal your location or IP address to websites you visit, or anytime you are using internet outside your home. I don’t worry too much about my cellular data (internet) being unsafe, but I would never use WiFi on my phone when outside my home.
There are many VPN services and the level of security is up to you. An important factor to consider is what country the VPN company is located and the privacy laws of that country. If China allowed VPN services, I would never choose one there because you know their government would be watching everything. I recommend focusing on countries with strict privacy laws, such a Switzerland or Germany, or countries that do not care about the laws of other countries. Another important feature to look for is a no logging policy. You do not want to use a VPN that logs your activity if you don’t want it eventually used against you. Please note that if you are using a VPN that does not log activity but the company is located in the same country as you, it may be possible for law enforcement to get a warrant to monitor your activity. This is another reason to use a VPN service outside of your home country. Please note that VPN providers that don’t care about much the laws of other countries may voluntarily cooperate with law enforcement if someone is up to something very terrible. I’m glad to see people’s privacy exposed if they are up to something that bad…
Here’s another reminder: I am not recommending methods to go completely dark on the internet as if your life depended on it. It is extremely difficult to achieve this level of anonymity and requires technical skills. It also requires strict vigilance most people would not be able to maintain. This is how skilled criminals get caught. It takes longer, but they may eventually slip up.
Here is an article listing VPN services and includes where the businesses are located. Be sure to scroll down to the no logging section. https://www.techradar.com/vpn/private-vpn-no-log-anonymous
Since I mentioned ProtonMail, I recommend you also check out ProtonVPN. It’s a little costly, but you may get what you pay for. https://www.techradar.com/reviews/protonvpn
You know what can really come back to bite you? Text or chat messages. I would say I don’t need 99% of my text messages, so why keep them? I delete my messages from time to time, but the default Google Messenger does not make it easy to do delete data. It’s almost like Google and other apps want you to keep data on the phone that they may mine for profit.
You know what would be better than having to remember to manually delete messages one person at a time? Having the messages disappear on their own from my phone and the recipient’s phone. The Signal messenger app will do just that as long as both parties are using the app. Disappearing messages do not happen by default and this feature must be turned on per recipient, along with the amount of time before messages are deleted. Once set, you can just sit back and the messages will automatically disappear. Just be aware that messages will not be deleted from a recipient’s phone until it first has been viewed. The time until deletion starts at that point.
Signal also encrypts messages and supports encrypted voice calls between Signal users. Anyone snooping will not be able to see or hear what you are discussing. Voice calls go over data and do not always sound as clear as a regular phone call, but it works well enough to understand each other. I am going to repeat a warning. As with other forms of communication, encryption does little to no good if both parties are not using compatible encryption or the other party cannot be trusted (that includes their device being compromised or them intentionally sharing information).
Signal is not the only app to support secure messaging. Telegram is also very popular, but I prefer Signal. Read more about Signal at https://www.signal.org and give it a try. I don’t use it as my default messaging app because not enough people use it at this point, but I do use it with people I know are also using it (it scans your contacts and notifies you of others using Signal).
Web browsers store a lot of information and can tell a lot about a person by their internet history. They are also capable of sending a lot of information back to their creators. Why do you think Google, Apple, and Microsoft make their own web browsers? Web browsers also report possible identifying information to websites you visit. This information is “anonymous” but reports what operating system you are using and other types of software installed on your system. Combine this with your IP address (if you are not using VPN), and someone would know what type of device to look for at your location.
The first thing I recommend is to not use web browsers from Google, Apple, or Microsoft. There are web browsers based on Google Chrome, but scrubbed of Google’s evil, and then tweaked for privacy. I don’t know a lot about the companies behind these browsers or how long they will be around so I use Mozilla’s Firefox. This web browser is popular with the security expert Steve Gibson of GRC.com and the TWIT podcast Security Now, so it is good enough for me. You can read more about Firefox at https://www.mozilla.org/en-US/firefox/browsers/compare and decide if you want to give it a try.
Firefox can delete your browsing history every time it is closed, but this is not always convenient or necessary. I instead recommend deleting it yourself as needed. You can do this via the browser or by using a free program like https://www.bleachbit.org/. Yes, this is the very same program made famous by the IT guy that deleted Hilary Clinton’s incriminating emails. If it’s good enough to keep her out of federal prison, it may be good enough to wipe your browser history.
You know what else tracks you through your web browser via the websites you visit? Facebook. Facebook has a way to be notified when you visit websites that has a bit of their software installed. Facebook then knows more about you for targeted advertisements and whatever evil they desire. I don’t want Facebook to know what sites I visit so I installed an extension called Facebook Container (https://support.mozilla.org/en-US/kb/facebook-container-prevent-facebook-tracking).
If you are not familiar with extensions, essentially they are small programs that run within a web browser. These little programs can be useful, but be careful what you allow to run in your browser.
Search Engines (AKA Google.com)
Search engines are how you find things on the internet and they can store all of your searches. If you are signed in to a Google account and use Google Search, they will store your searches in your history. I would assume Microsoft’s Bing can or will do the same. That is why I don’t use either of these. I instead use the oddly named Duck Duck Go (https://duckduckgo.com/). This search engine was created with privacy in mind. Yes, I am trusting it based on their claims, but companies like this live and die by their reputation. Most of your devices will allow you to set your default search engine, though I don’t know about Apple’s iOS. I highly recommend you use Duck Duck Go as your default engine. Don’t Google how to do it, use duckduckgo.com.
Delete What Companies Know About You
Companies collect a lot of information about you and may have options to delete this information, though they may not make this easily known. I go through Google from time to time and delete everything (and hope they really delete it). I usually allow my location history to remain for a while because I like to refer back to it for information, however, everything must go! If you want to get away from Google, check out my other post on how to go on a Google Diet.
This post is still in progress and will be updated from time to time. Please leave a comment if you have a suggestion.