Protecting Your Online Privacy: Three Levels of Security

Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. Ever seen an ad that is a little too specific? Most major tech companies rely on some form of data harvesting for revenue.

As consumers, should we do anything? Can we do anything? The answer to both of these questions is resoundingly ‘yes.’ By using services geared towards privacy, we can jointly prevent both sources of danger to our private information – that is, data leaks and data harvesting.

In this article, I will give a brief synopsis of data exploitation, and I will subsequently describe three different levels of increasing security we can do based on technical expertise.

Data Leaks

Data leaks involving the data of millions of users happen so frequently that we almost forget about them. Each of the 15 top data breaches leaked the credit card numbers, emails, and IP addresses of hundreds of millions of people. Many of the names on the list are household names like LinkedIn, Yahoo, and Equifax. These are only the known leaks. The number of currently undiscovered leaks can only be guessed. You can check whether your email or phone number has popped up somewhere through Have I Been Pwned?.

These leaks result in consequences for the consumer if left unaddressed. Users who share the same password between multiple accounts can be targeted immediately, and these users can easily become victims of bank fraud and identity theft. Additionally, the more platforms that you use, the more likely that one of those platforms will eventually leak your data. For this reason, it is important to use different passwords for different accounts, which is why using a password manager is highly recommended.

Data Harvesting

Data harvesting is comparatively more nuanced. Depending on the platform, different personal information can be gathered. If the platform is Facebook, your friends list, messages, likes, and views are all up for grabs. Amazon monitors your searches, clicks, and purchases to predict what you will want to buy next. Google learns the psychology behind what you are looking for when you search, and they are increasingly trying to make it so that you never have to actually leave Google’s websites.

The amount of money made by selling this data is immense. Corporations are hungry for the trillions of dollars Americans spend every year. As machine learning models get more sophisticated, they also become more data-hungry. These models are becoming dangerously predictive; they are starting to predict what we want before we even know we want it.

What Can You Do?

There are varying degrees to which you can commit yourself to data safety and privacy. In order of increasing effort and technical acumen, we will discuss how you can safeguard your personal information. Level 1 is recommended for everyone, as the steps are easily attainable. Level 2 is suggested for users with moderate experience using technology, and Level 3 is for software developers and tech hobbyists.

Level 1

The first simple change to make is to change your default search engine. In the settings for all of your web browsers, simply change Google to DuckDuckGo or Qwant. This quick, simple change leads to huge privacy gains.

At the very least, you need to go through settings on the services we use and turn all tracking off. For example, on iOS, you don’t need to let every single app access your location, microphone, camera, and contacts. Turn everything off and only enable the ones that are required. For Google, you can go to the MyActivity page and see every bit of information that Google currently knows about you. You can also disable most or all of this tracking. (Google may end up tracking you anyway. Hence why you should change search engines.) The same logic applies to Facebook – disable tracking in your settings, but be aware that you cannot truly opt out of all their tracking.

Additionally, do not sign up for services you don’t need. Use a disposable email address for most services, and reserve your personal email for important things like banks. This also reduces the amount of spam you will have to deal with on your main email account. Don’t give every service your full name, birthday, address, and Social Security Number. Again, the more services that have this information, the more likely this information will pop up in a data leak.

Level 2

This level is only slightly more effort, but it results in significantly more protection. This involves downloading a password manager and going through old accounts to either change passwords or delete the accounts entirely. Websites that leak data usually do not invest much in storage infrastructure, so deleting your account means that your data will likely also be deleted completely. For the accounts you keep, password managers make it easy to use extremely strong passwords without having to remember them.

Using a VPN on all devices is a major privacy improvement. As if internet service in the United States isn’t expensive enough, most internet service providers sell your browsing history to make an extra buck. Using incognito does not affect this, since your internet service provider is actually delivering the websites you visit to you.

Further improvements can be made by changing what apps you use. Use Signal for messaging, Brave for browsing, and ProtonMail for email.

Level 3

This level involves a lot more effort, but it will ensure you are essentially invisible online. However, it requires some degree of technical expertise, as you will have to use unconventional operating systems like Ubuntu or Tails along with mobile operating systems like GrapheneOS. This level involves building your entire browsing infrastructure from the ground up and hence is not recommended unless necessary.

To achieve maximum privacy, you need to back up all data from your computers and mobile devices as well as install the operating systems mentioned above. The easiest transition OS for computers is Ubuntu, and ArchLinux is recommended if you have some experience with a command line. Tails is also useful if you only use your computer for browsing.

GrapheneOS is a security-focused mobile OS that works with many common android apps. Like Ubuntu, it behaves like a normal operating system, though greatly improved security and privacy may lead to minor quirks.

By combining these operating systems with a VPN, password manager, and privacy-centric services, consumers can essentially ensure that they are not being taken advantage of. However, this level is a lot of effort for most people, so I would recommend using Apple devices like Mac and iOS since Apple has a good history of privacy protection.

Key Takeaways

Data is the oil of the 21st century. Companies exploit users’ data to the maximum extent possible within the law. The sheer number of data leak and data harvesting scandals has numbed most consumers, but data privacy is as important an issue as ever.

There are varying degrees to which users can safeguard their personal information. The least of which simply involves changing search engines to DuckDuckGo or Qwant and disabling tracking in settings on all apps. With minimal extra effort, users can install a VPN and alternative apps. The most extreme security-oriented users can migrate their desktop and mobile devices to different operating systems. By combining all of these techniques, users can achieve complete anonymity online.

About the Author: Alex Saad-Falcon is a published research engineer at an internationally acclaimed research institute, where he leads internal and sponsored projects. Alex has his MS in Electrical Engineering from Georgia Tech and is pursuing a PhD in machine learning. He is a content writer for Do Supply Inc.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.