How Secure is Your Private Information Online?
By all accounts, 2023 has been the worst year ever for online privacy. In just the first six months of the year, 1,393 data breaches leaked private and personal data from over 156 million Americans [*].
In one of the worst examples, the MOVEit data transfer breach gave hackers access to private healthcare data from millions of patients in Missouri, Oregon, and more [*].
While having your private healthcare information made public would be a nightmare for most people, less extreme data leaks and compromises happen on a daily basis.
Keeping your personal and private information safe is a critical part of online safety.
The more personal details scammers and fraudsters have about you, the easier it is for them to hack your accounts, steal your identity, and scam you.
While it’s getting harder to live a “private life” online, it’s not impossible. With a few steps and additional security measures, you can learn how to protect your privacy, fend off identity thieves and hackers, and take back control of your personal data.
How Strong Is Your Online Privacy?
Online privacy refers to both your ability and right to keep private information to yourself. While half of the equation has to do with what you post online and how the services you use share your information, the rest of it is made up by laws and policies that are meant to protect consumers.
Unfortunately, few regions have strict rules in place around how tech companies, advertisers, and online services protect your online privacy. And even when online privacy laws exist, not all companies follow them — such as when Cambridge Analytica leveraged Facebook to collect millions of data points on U.S. voters.
This is what makes online privacy so complicated:
Even if you do everything you can to protect your personal information online, companies can get hacked, collect more data than necessary, or use what they know about you for questionable or even fraudulent purposes.
This brings up a third aspect of online privacy: internet security.
Internet privacy and internet security are different but closely related. Privacy usually deals with legal data collection (like what you post on Instagram, Snapchat, and other social media), while cybersecurity focuses on illegal data collection (like protecting your accounts from hackers or cyberattacks).
In the end, there’s a lot of overlap between the two. Good security enhances privacy, and enhanced privacy helps maintain good security. By taking some simple steps, you can improve both.
How To Protect Your Privacy and Personal Information Online
- Share less information with apps and services
- Use strong and unique passwords with 2FA
- Tighten privacy settings on your social media accounts
- Delete unused accounts, apps, and browser extensions
- Stop search engines from tracking you
- Use a VPN to hide your browsing history
- Don’t ignore software or operating system updates
- Use a Privacy Assistant to block ad and data tracking
- Use encryption to hide your data from prying eyes
- Revoke unnecessary third-party app connections
- Request that data brokers remove your personal information
- Monitor your sensitive information with identity theft protection
Follow these 12 steps if you’re concerned about how much personal information is available about you online.
1. Share less information with apps and services
The best step you can take to protect your information from people trying to scam you online is to share less of it. The best place to start is with social networks — but you should also be aware of the data collection policies for any app or service you use.
All social media platforms and apps collect data about who you are, your interests, and what you do online. All of these shares and data points make up your online footprint (which scammers can use to get access to your sensitive information).
Unfortunately, they’re rarely as careful with your data as you’d like.
Some recent examples include when Zoom connected its user accounts to LinkedIn profiles, revealing names and professions (even for “anonymous” users); or when Facebook kept hundreds of millions of account passwords in a searchable, employee-accessible database — and didn’t notice for seven years.
How to remove your personal information from social media:
- Share less on your profiles. Share as little as possible and skip any “optional” information, like a middle name or phone number.
- Create a throwaway email address. Email lists are often sold or rented on the Dark Web and can fall into unsafe hands. Consider making a throwaway email just for subscriptions. With Aura, you can use email aliases to protect your primary email address from scammers.
- Limit collaborative folders, albums, or playlists. The more people who have access to your data, the more likely it could be leaked or hacked.
2. Use strong and unique passwords with 2FA
Strong passwords are the most important — and sometimes the only — protection we have against identity theft and hackers. Just think about how much personal information could be found in your email account — such as bank account details, home addresses, or even your Social Security number (SSN).
If you don’t already have passwords or passcodes for all your devices (including guest accounts), add them now.
Here’s how to secure your accounts with stronger passwords:
- Store passwords in a secure password manager. Make sure that you’re using strong and unique passwords on your online accounts. Since you probably have dozens of accounts, a password manager is an easier way to keep the information secure.
- Enable two-factor authentication(2FA). This is secondary secure measure that can even protect you if you’ve shared your password with hackers in a phishing scam. If you’ve ever needed to type in a code sent to you via text message, you’ve used two-factor authentication before.
- Set devices to automatically lock when not using them. Hackers can evade even a strong password if your device doesn’t automatically lock. For devices that use fast biometric authentication like fingerprint scanning or facial recognition instead of a code, the best setting is "30 seconds" or “immediately.”
3. Tighten privacy settings on your social media accounts
You don’t have to delete your social media accounts to improve online privacy. Instead, it can be enough to simply review the privacy settings on the online accounts you use regularly.
Companies make billions off collecting your personal information. In general, their default settings skew towards collecting more over protecting your data.
The best settings for you depend on what you want to share and what you want to protect. But there are a few areas where you should pay careful attention.
Pay special attention to these factors:
- Location tracking. Consider turning off automatic geolocation data on your social media posts, photos, and comments.
- Public information. Think carefully about what information should be public, hidden, or somewhere in-between. There are typically three levels of data: profile data, your content, and your interactions with other content.
- Likes, shares, and comments. We usually think about limiting what we share, but your “likes” and comments on other posts are usually public as well. Profile pictures, names, and comments on other posts often show up in search results, even for “private” accounts.
📌 Related: How To Recover a Hacked Instagram Account →
4. Remove unused mobile apps and browser extensions
Apps and browser extensions can change their security and privacy policies at any moment. If you’re not actively using a tool, it’s best to delete or remove it.
For example, Unroll.me is a free app that summarizes newsletters and subscription emails. But after an FTC investigation, their revenue model became clear: they scanned emails and sold the contents.
If you don’t understand how an app makes money, user data might be the answer.
Here’s what to do:
- Only download apps and extensions from reputable app stores. Scammers and hackers create free apps and tools that hide malware or tracking software. To stay safe, stick with official app stores that are more likely to only approve legitimate apps.
- Be suspicious of every app. Your device should warn you about the permissions an app or tool is asking for before you install it. Read through these carefully and make sure the tool isn’t asking for more than it needs.
- Remove extensions from your browser. Eight popular Chrome and Firefox extensions turned out to include code that tracked all browser activity. The data included tax returns, medical data (which could lead to medical identity theft), and secret developments at companies like Tesla and Apple.
Pro tip: If you use Chrome, you can see all extensions by typing chrome://extensions/ in your search bar. It’s good to delete — not just disable — any extensions that you’re not using.
5. Stop search engines from tracking you
The owners of the two largest search engines — Google and Bing — also operate the popular browsers Chrome and Edge, respectively. (So, they track a lot of data.)
The first step to improving search engine privacy is deleting your data.
- For Google: Go to the My Activity dashboard and delete everything.
- For Microsoft: You’ll need to clear data separately from Microsoft Edge and Bing.
- For Yahoo: You can delete data from search history management.
Unfortunately, there’s no way to eliminate all tracking on Google. An alternative is to switch to an online privacy-focused search engine like DuckDuckGo.
6. Use a VPN to hide your browsing history
Your internet service provider (ISP) and web browser — like Google Chrome, Firefox, or Safari — may also collect data on your online activities. This can be used by advertisers, sold to scammers, or even shared with the government (or your work), even if you’re using private or incognito mode.
A virtual private network (VPN) encrypts your internet traffic so that no one can track what you do or see where you’ve been. Using a VPN can also protect you from hackers when using public Wi-Fi networks.
Here’s how you can protect your privacy while browsing online:
- Use a VPN when off of your home network. Scammers can intercept your data over public Wi-Fi networks (such as at a coffee shop or airport). Be especially cautious when online shopping and submitting credit card or banking details to websites.
- Use Safe Browsing tools to warn you of fake websites. Some websites are made to steal your personal information. Aura’s Safe Browsing tools will warn you if you’re on a lookalike or fake website.
- Protect your Wi-Fi password. Your router handles plenty of sensitive information, from passwords to financial information. Anyone with your Wi-Fi password and nefarious intent could try to steal your information.
- Consider using privacy-focused browser. A further step toward ensuring online privacy is using a different browser, such as Brave. The most secure browsing option is Tor, which hides your location and history across various layers. Tor makes for a slower browsing experience but with unmatched privacy.
7. Don't ignore software or operating system updates
Most privacy hacks don’t come about from newly-discovered bugs. Instead, they take advantage of known vulnerabilities that have already been fixed — on computers that haven’t installed the fix.
A 2021 report by Bitdefender showed that unpatched vulnerabilities were among the top reasons why Windows systems were prone to attacks [*].
The first and most crucial step is to set your operating system to install updates automatically.
Here’s how to set-up autoupdates on:
Pro tip: You can also download antivirus software to protect against malware like spyware, which collects data like credit card information in the background.
8. Use a Privacy Assistant to block ad and data tracking
Most of your personal data collected online isn’t for scams or data breaches — it’s for marketing. With a few simple steps, you can disable many of these trackers.
First, when pop-ups ask if you want to share data, say no.
Whenever possible, decline cookies on websites. If you use an iPhone or other Apple mobile device, iOS versions 14.5+ let you disable cross-app tracking.
Finally, you can disable ad customization across the apps you use, including Google search, other Google services, Apple, Facebook ad settings, third parties that use Facebook data, Twitter, Microsoft, and Amazon.
Thousands of other websites use tracking as well, but disabling these larger companies will eliminate the biggest offenders.
Pro tip: Aura’s Privacy Assistant can block intrusive ad trackers and automatically remove your personal information from data brokers who sell it to telemarketers and scammers.
9. Use encryption to keep data from prying eyes
You might think computer data, texts, and emails are safe. But you could be wrong.
Encryption “scrambles” your data unless you enter a decryption key or password. Encryption can protect your data in case cybercriminals steal your hard drive, intercept your text messages, or trick you into entering information into a fake website.
Here’s what to do:
- Encrypt the data on your computer. All modern Apple and Android mobile devices use encryption by default. You can also set up encryption on Windows and Mac so the data will be meaningless to anyone without your password.
- Use messaging apps with end-to-end encryption. WhatsApp, Telegram, or Signal, are the safest messaging options (though WhatsApp still has other privacy concerns). Other methods without encryption, including texts and Facebook’s Messenger app, have “back doors” which allow third parties to read what you send. You can add extra privacy protection against email hackers by disabling “smart features and personalization” in Gmail and other Google Apps.
- Wipe devices before you sell or recycle them. Delete everything and restore your devices to their factory settings before giving them away.
Pro tip: Protect your privacy on devices when in public by disabling message previews on your lock screen. If previews show up on your phone’s lock screen, a thief can learn who’s contacting you and even use two-factor authentication without needing your passcode.
10. Revoke unnecessary third-party app connections
Many modern apps ask to connect to other services to share data or work together. For example, any time you “sign in with Google/Facebook” you allow that tool access to certain data that Google or Facebook has about you.
For both your online privacy and security, it’s a good idea to limit the number of third-party app connections you have in place.
Here’s how to see which third-party apps are connected to:
11. Request that data brokers remove your personal information
Data brokers are services that scrape the internet and public records for your personal information — and then sell it to advertisers, marketers, or even scammers.
While you can request that data brokers remove your information, the honest truth is that there are hundreds of data brokers in the U.S. alone, each with their own process for requesting a data removal. Even worse, sometimes requesting a removal can mean providing even more personal data to these companies.
To remove your personal data from data brokers you have two options:
- Contact each data broker individually. PrivacyRights.org has a list of data brokers with instructions on how to request that they remove your data. You can go through the list and contact each company separately.
- Use Aura to automatically remove your data. Aura will scan data broker databases and request that they remove your personal data on your behalf.
12. Monitor your sensitive information with identity theft protection
No matter how much information you remove from the internet, data leaks happen. When your personal data is available, it puts you at risk of scams, hacking, identity theft, or simply more spam.
Aura’s all-in-one identity theft protection solution combines powerful digital security software that protects your devices and data with 24/7 identity, account, and financial monitoring.
If your personal information is leaked or being used fraudulently by scammers, Aura will warn you in near-real time and give you the support and help you need to shut fraudsters down.
Here’s how Aura’s identity theft protection helps online privacy:
- Monitors your most sensitive personal information 24/7. Aura can track your most sensitive personal information and warn you if it’s been leaked.
- Automatically removes your information from data broker lists. Aura will scan data broker lists and automatically request that they remove your contact details.
- Protects your devices and data from hackers. Aura includes antivirus software, a military-grade VPN, AI-powered scam protection, and Safe Browsing tools to protect you from hackers.
- Securely stores your passwords and warns you if they’ve been leaked. Aura’s password manager securely stores your passwords and gives you easy access to them when you need them. Aura will also warn you if your passwords are too weak or were recently leaked in a data breach.
- Blocks ad trackers, fake websites, and more. Aura’s Privacy Assistant stops websites and apps from tracking you and can also block fake websites that could be trying to steal or collect your personal information.
The Bottom Line: Privacy and Safety Go Hand-in-Hand
While there are a lot of steps you can take to protect your online privacy, the good news is that most of them are within your control.
While limiting what you share, and telling companies how to treat your data, is an important step, a digital security and identity theft solution can do the work for you.
Aura protects your private and personal information with award-winning identity theft protection, three-bureau credit monitoring, automatic data broker removal, digital security tools, and more.