How Secure is Your Private Information Online?
From massive data breaches to online tracking, it’s harder than ever to live a “private” online life. But it’s not impossible.
With a few simple steps, you can protect your privacy, keep your identity secure, and reduce the amount of data companies collect about you online.
Learning how to protect your privacy online is a priceless skill. Here’s our in-depth guide on what online privacy is, what it means for you, and how you can protect it.
What is Online Privacy?
You’re probably hearing about online privacy now more than ever–and not just in the news. Privacy is a top concern for governments and tech giants, with the two often going head-to-head on what it means.
But what does it really mean? Essentially, online privacy is about protecting your rights to keep private information to yourself.
Surprisingly, few regions have laws protecting those rights. And even when online privacy laws exist, not all companies follow them — such as when Cambridge Analytica leveraged Facebook to collect millions of data points on U.S. voters.
Internet privacy and internet security are different but closely related. Privacy usually deals with legal data collection (like what you post on Instagram, Snapchat, and other social media), while cybersecurity focuses on illegal data collection (like protecting your accounts from hackers).
But there’s a lot of overlap. Good security enhances privacy, and enhanced privacy helps maintain good security. By taking some simple steps, you can improve both.
How To Protect Your Online Privacy
1. Commit to sharing less online
The best step you can take to protect your information from people trying to scam you online is to share less of it.
We immediately think of social networks when it comes to sharing information, and that’s a great starting place. Be especially careful of pictures of you or your loved ones, geotagged posts, or any information you wouldn’t want strangers to know about.
In addition to social media platforms, nearly all apps collect details of your activities — and they rarely protect your data as carefully as you would like. Every few months, another company’s privacy violations make headlines. For instance:
Zoom connected its user accounts to LinkedIn profiles, revealing names and professions — even for “anonymous” users.
Strava published an interactive map of all recorded user routes, revealing the locations of secretive U.S. military bases in Syria and Afghanistan.
Facebook kept hundreds of millions of account passwords in a searchable, employee-accessible database — and didn’t notice for seven years.
All of these shares and data points make up your online footprint (which scammers can use to get access to your sensitive information).
Here are a few ways to stop oversharing online:
- Share less on forms. Skip any “optional” information, like a middle name or phone number
- Create a throwaway email address. Email lists are often sold or rented on the Dark Web and can fall into unsafe hands. Consider making a throwaway email just for subscriptions.
- Limit collaborative folders, albums, or playlists. The more people who have access to your data, the more likely it could be leaked or hacked.
- Protect your Wi-Fi password. Your router handles plenty of sensitive information, from passwords to financial information. Anyone with your Wi-Fi password and nefarious intent could try to steal your information.
Related: Digital Security: Your Personal Protection & Online Privacy Guide for 2022 →
2. Use strong, unique passwords and two-factor authentication
Strong passwords are the most important — and sometimes the only — protection we have against identity theft and hackers.
If you don’t already have passwords or passcodes for all your devices (including guest accounts), add them now.
But hackers can evade even a strong password if your device doesn’t automatically lock. In other words, once you switch off your iPhone or turn on your screen saver, make sure the device requires the password again in as short a time as possible.
For devices that use fast biometric authentication like fingerprint scanning or facial recognition instead of a code, the best setting is "30 seconds" or “immediately.”
Next, use a strong and unique password on your online accounts. Since you probably have dozens of accounts, a password manager is an easier way to keep the information secure.
And finally, set up two-factor authentication for every account that allows you to. It’s a second secure measure that can even protect you if you’ve shared your password with hackers in a phishing attack. If you’ve ever needed to type in a code sent to your mobile phone, you’ve used two-factor authentication before.
However, it's best practice to avoid SMS and use authenticator apps instead, as they are more secure than text message verification codes.
Related: How To Recover a Hacked Instagram Account →
3. Tighten privacy settings for your online accounts
The next step you can take—and perhaps the easiest—is to simply review the privacy settings on the online accounts you use regularly.
Companies make millions or even billions off collecting your personal information. And in general, their default settings skew towards collecting, not protecting your data.
The best settings for you depend on what you want to share and what you want to protect. But there are a few areas where you should pay careful attention.
- Location tracking. Consider turning off automatic geolocation data on your social media posts, photos, and comments.
- Public information. Think carefully about what information should be public, hidden, or somewhere in-between. There are typically three levels of data: profile data, your content, and your interactions with other content.
- Likes, shares, and comments. We usually think about limiting what we share, but your “likes” and comments on other posts are usually public as well. Profile pictures, names, and comments on other posts often show up in search results, even for “private” accounts.
4. Purge unused mobile apps and browser extensions
For security and privacy, it pays to be suspicious of every app. You’ll be at less risk with fewer accounts.
First, create fewer new accounts. Only download from reputable sources, like official app stores.
Then, ask yourself “how does this app make money?” This small trick can help guide you towards more privacy-focused apps.
For example, Unroll.me is a free app that summarizes newsletters and subscription emails. But after an FTC investigation, their revenue model became clear: they scanned emails and sold the contents.
If you don’t understand how an app makes money, user data might be the answer.
Once you stop using an app, delete it. Purge any program you don’t use regularly, from mobile apps to browser extensions.
Even apps you’ve forgotten about can stay active with hidden features. Eight popular Chrome and Firefox extensions turned out to include code that tracked all browser activity. The data included tax returns, medical data (which could lead to medical identity theft), and secret developments at companies like Tesla and Apple.
If you use Chrome, you can see all extensions by typing chrome://extensions/ in your search bar. It’s good to delete — not just disable — any extensions that you’re not using.
Even if you still visit a site every once in a while, it’s safer to access it through your browser than download the app on your device.
5. Block search engines from tracking you
Your search engine collects a huge amount of personal data about you. And for 92% of us, that search engine is Google.
The owners of the two largest search engines — Google and Bing — also operate the popular browsers Chrome and Edge, respectively. (So, they track a lot of data.)
The first step to improving search engine privacy is deleting your data.
- For Google: Go to the My Activity dashboard and delete everything.
- For Microsoft: You’ll need to clear data separately from Microsoft Edge and Bing.
- For Yahoo: You can delete data from search history management.
Unfortunately, there’s no way to eliminate all tracking on Google. An alternative is to switch to an online privacy-focused search engine like DuckDuckGo.
Related: How To Remove Your Personal Information From the Internet →
6. Browse online with a secure VPN
Your web browser — like Google Chrome, Firefox, or Safari — may also collect data on your online activities.
To start, consider signing out of your browser. Then, use a few browser extensions to improve privacy and security.
HTTPS Everywhere forces encrypted connections on supported sites, helping hide data like credit card numbers on your Wi-Fi network. Ad blockers or tracking blockers prevent sites from tracking you.
Leveraging a secure VPN can encode your browsing information and make it unreadable to hackers. A VPN is essential if you’re forced to use public Wi-Fi, like at a coffee shop or airport. (Remember: there are numerous dangers of using public or unsecured Wi-Fi networks.)
You can also use private or incognito mode, but it’s less secure than you might think.
Your internet service provider (ISP) still records all your browsing history, and websites can collect detailed information about your computer, including your IP address.
Finally, a further step toward ensuring online privacy is using a different browser, such as Brave. The most secure browsing option is Tor, which hides your location and history across various layers. Tor makes for a slower browsing experience but with unmatched privacy.
Also, be careful when browsing in public. Hackers use a scam called shoulder surfing to watch you enter your private information when you're using your devices.
Related: Was Your IP Address Hacked? Here's How To Tell (and What To Do!) →
7. Don't ignore software updates
Most privacy hacks don’t come about from newly-discovered bugs. Instead, they take advantage of known vulnerabilities that have already been fixed — on computers that haven’t installed the fix.
A 2021 report by Bitdefender showed that unpatched vulnerabilities were among the top reasons why Windows systems were prone to attacks [*].
The first and most crucial step is to set your operating system to install updates automatically. Follow instructions to set up auto-update for Microsoft Windows, Apple macOS, and Google ChromeOS.
You can also download antivirus software to protect against malware like spyware, which collects data like credit card information in the background.
8. Disable ad and data tracking
Most of your personal data collected online isn’t for scams or data breaches — it’s for marketing. With a few simple steps, you can disable many of these trackers.
First, when pop-ups ask if you want to share data, say no.
Whenever possible, decline cookies on websites. If you use an iPhone or other Apple mobile device, iOS versions 14.5+ let you disable cross-app tracking.
Finally, you can disable ad customization across the apps you use, including Google search, other Google services, Apple, Facebook ad settings, third parties that use Facebook data, Twitter, Microsoft, and Amazon.
Thousands of other websites use tracking as well, but disabling these larger companies will eliminate the biggest offenders.
9. Use encryption to keep data from prying eyes
You might think computer data, texts, and emails are safe. But you could be wrong.
First, protect what’s on your computer. While a password protects your computer login, cyber criminals can rip out your drive, connect it to a separate machine, and access everything. The solution is to set up encryption on Windows and Mac so the data will be meaningless to anyone without your password.
(All modern Apple and Android mobile devices use this type of encryption by default.)
And of course, remember the obvious: before selling or giving away a device, wipe its data and reset it to factory settings.
It’s also a good idea to store less in the cloud. The iCloud celebrity hacks wouldn’t have happened if the photos were held only on personal devices.
Apps with end-to-end encryption, like WhatsApp, Telegram, or Signal, are the safest messaging options (though WhatsApp still has other privacy concerns). Other methods without encryption, including texts and Facebook’s Messenger app, have “back doors” which allow third parties to read what you send.
You can add extra privacy protection against email hackers by disabling “smart features and personalization” in Gmail and other Google Apps.
And again, take a simple but often-overlooked step: disable message previews on your lock screen. If previews show up on your phone’s lock screen, a thief can learn who’s contacting you and even use two-factor authentication without needing your passcode.
Related: How To Tell If An Email Is From a Scammer [With Examples] →
10. Revoke unnecessary third-party app connections
Finally, you can improve the security of all your apps by fencing them in —t hat is, limiting the number of connections they have to other apps.
For example, your Spotify account is only as safe as your Facebook account if that’s what you use to sign in. The first step, then, is to replace any single sign-ons (SSO) with unique logins.
But it’s not just logins. We commonly connect apps to sync calendars, share social media posts across platforms, and more. These features can be helpful, but it pays to review what’s connected and revoke access for anything you don’t need.
You can see a list of third-party apps connected to Google, Facebook, Apple (select “Sign in with Apple”), Microsoft, and Slack.
Related: What Is Cyber Hygiene? 10 Easy Habits That Will Protect You Online →
Ready for Ironclad Online Privacy? Try Aura
While there are a lot of steps you can take to protect your online privacy, the good news is that most of them are within your control. Limiting what you share, and telling companies how to treat your data, is most important.
Aura is committed to creating a safer internet for everyone. And that includes giving you control over your digital privacy once and for all.
