7 key ways to protect your privacy online

2020 is the year of privacy, Decrypt wrote in January. Since then, the issue has been thrown into even sharper relief by the global coronavirus outbreak. Governments around the world have embarked on a program of mass surveillance, tracking citizens to an extent that’s never been seen before.

Google and Apple are collaborating on a contact tracing app that’s demonstrated just how far their reach into our lives extends. While it’s been done with the best of intentions, there are valid concerns that, when the crisis passes, these measures won’t be rolled back.

At the same time, cybercrime has skyrocketed during the pandemic, from hacks to phishing scams. There’s never been a more important time to lock down your personal data and make sure that your privacy is preserved online. 

From dusting away the trail of cookie crumbs you leave across the web, to embracing the future of decentralized apps (dapps), we’ve rounded up seven ways to get serious about protecting yourself online.

1. Use a privacy-focused browser and search

Most modern web browsers support add-ons and extensions, so take extra care when installing them. Even if it appears to be from a legitimate source, it could be spoofing a bona fide developer; one luckless crypto user lost $16,000 worth of the privacy coin Zcash thanks to a malicious Chrome extension that purported to be from hardware wallet developers Ledger.

Remember that every website you interact with, including search engines, could be keeping a record of your online activity. Lessen your chances of running into trouble by deactivating Adobe Flash, only using trusted browser add-ons and extensions and always keeping your browser up to date. Check which browser version you’re using here. 

If you can live without the conveniences of Google search, it’s worth considering using a privacy-first search engine like DuckDuckGo. It lacks some of Google’s bells and whistles, but it doesn’t track your search history. Extensions like PrivacyBadger can be used to block tracking cookies, too. If you’re based in the UK, you can use data ownership app Mine to audit your online presence and force companies to delete your personal data under GDPR regulations.

Consider switching to a privacy-first browser; the most well-known is Brave, which automatically blocks ads, as well as cookies and trackers like the Facebook pixel. Since it’s based on Chromium, the browsing experience is similar to that of Google Chrome, and it can use extensions developed for Chrome, too. 

For an even greater layer of security, there’s Tor, a decentralized network made up of thousands of layers of routers, which bounce users’ IP addresses around them. While much of the press coverage of Tor associates it with black markets and criminals, it’s also used by those seeking to avoid censorship; the BBC has launched a copy of its website on the dark web that can be accessed using Tor.

2. Protect your passwords

Many data breaches are actually caused by weak, default or stolen passwords, according to antivirus software developer Norton. Make your passwords as strong as possible. Length is better than complexity, although the latter is still important. A password that’s more than 12 characters long and uses a number of special characters and symbols will stand in good stead. Check your password strength here.

It’s best to use different passwords for your different logins. As most of us have many different accounts, use a password manager such as LastPass or 1Password. However, you should avoid uploading any crypto passwords or seed phrases to a password manager and keep them entirely offline, as password managers have been hacked in the past.

3. Use Two-Factor Authentication (2FA)

Two-Factor Authentication, or 2FA, takes things a step further than just having a secure password. You get an additional code sent to a device, such as your phone, that only you can access. Many sites use it to further prevent attackers accessing their data, therefore reducing likelihood of fraud, identity theft or data loss.

Two-Factor Authentication is a borderline necessity for anyone holding crypto; without it, you’re leaving yourself wide open to SIM-swapping attacks. “The vast majority of lost crypto is a result of not using Google Authenticator for Two-Factor Authentication,” Branson Bollinger, co-founder and managing director of Zenith Ventures, told Decrypt. There are quite a few 2FA apps out there, such as Authy and Microsoft Authenticator.

If you’re really serious about your security, Google has created OpenSK, an open-source security key that has to be physically inserted into a computer to authenticate your identity. Eventually, the idea is to do away with passwords altogether.

4. Secure your emails

Email security is one of the most important online areas to protect; if a hacker gets into your emails, your other accounts could be compromised.

Secure email providers like Posteo and ProtonMail use end-to-end encryption to help keep you safe, but there are other ways to protect your privacy too. Avoid phishing scams by never giving out personal details over email, such as passwords or PIN numbers. Stay extra secure by not connecting any third-party applications to your email account.

5. Monitor your mobile devices

Most of us live our lives on our smartphones, from social media to banking, messaging, shopping, work, emails, calls and gaming. With all those apps running in the background and tracking you, it’s easy to build up a picture of your activities. In one experiment, researchers found that just by tracking the movements of cell phones, they could group people into “tribal networks” and predict their future behaviors.

Make sure that you’ve secured your phone with a strong PIN or password, and conduct regular audits of your apps; Android users can use Exodus Privacy to track what permissions apps are accessing. Consider deleting any apps you don’t regularly use, and turn off connectivity like Bluetooth and Wi-Fi when you’re not using them.

 In all honesty, SMS texts aren’t secure, so it’s best to avoid receiving private details like OTP codes in that way, too.

6. Buy a VPN subscription

A Virtual Private Network creates a secure connection to another network over the Internet, rerouting your traffic through a VPN server. As well as obfuscating your identity to make it harder for advertisers to track you, it also enables you to spoof your location to that of the server, which can be handy for getting around geoblocking. 

There are plenty of paid options out there such as ExpressVPN and NordVPN, but free VPN services are best avoided as they rely on advertising for revenue and frequently contain malware.

7. Try some Web3 dapps

If you want to get ahead of the curve on protecting your privacy, there is one other option: join the Web3 revolution. Decentralized applications (dapps) are blockchain-powered apps that enable users to take control of their personal data and prevent it from being exploited by advertisers or other third parties.

Fair warning: the Web3 ecosystem is still in its early stages, so many dapps lack the polish of their Web 2.0 counterparts, but there are still plenty of options for those prepared to experiment. Sign up for a Blockstack ID and you can find privacy-preserving decentralized alternatives to office suites (Graphite Docs), password managers (Encrypted Box), photo storage (Recall) and even email (Dmail).