December 23, 2019
Web Privacy Tips
Recently I’ve had some conversations with family and friends and realized that I probably take for granted some privacy tips that I should share. In this day and age where our every increasingly tracked behavior is a product sold by marketing agencies, and in a world were we can’t assume our governing bodies will have consumers best interests at heart, it seems all too critical to be vigilant in protecting your digital privacy. So here goes: my tips at basic privacy protection.
The TL;DR version
- Use Firefox as your browser with the following privacy-focused extensions:
- Make Duck Duck Go your default search engine.
- Control your DNS by setting your router’s DNS settings to OpenDNS.
- Use a VPN - here is a guide to choose one.
Choose a good browser
First, rather than the default web browser that came on your machine (Microsoft Edge, or Safari if you on a Mac) I highly suggest using Firefox as your web browser. Firefox is the best browser when privacy is your concern**. Be sure to configure it to clear your browser cache when you close the exit. Here is how to do that. Use the Do Not Track feature that Firefox pioneered – this is now a default setting. Firefox is also available on the iOS app store, and they have an ad blocking tool, Firefox Focus, that allows you to protect against ads on the default browser Safari. Other browsers seem to eventually catch up with Firefox when it comes to privacy, but Mozilla Org being a privacy-focused non-profit has a vested interest in your privacy unlike competitors Microsoft and Google which have a vested interested in knowing as much as they can about you for marketing purposes, as a result Firefox is often giving you the best access to control your privacy. Also, side note, as a web designer I find the dev tools in Firefox to be outstanding! I actually suggest having a few different browsers for surfing the web, and configure all of them with browser focused extensions (see below). Besides Chrome and Firefox, there are lots of other good ones: Opera, Vivaldi. **Another excellent browser you should consider is Brave, from the co-creator of Firefox – It comes with Ad Blockers built in, as well as HTTPS Everywhere (see below).
Second: Whatever browser you use – always make sure it’s updated. Most browsers will update automatically by default.
Third: Do not enable Flash on any browser. Most browsers are configured to block flash be default now. But if a site wants you to enable Flash, always say “no”.
Use privacy-focused browser extensions
I am usually hesitant to install a browser extension unless I am certain it’s from a reliable source. Here are some that are known to be very reliable and helpful:
Use DuckDuckGo as your default search engine instead of Google, Bing or Yahoo. DDG is a search engine that doesn’t track you. I find the results are just as good (or darn close) to using Google. Here’s how to set it as default on Firefox.
Use an Ad blocker to prevent that item you were thinking about buying from following you around from website to website. Ad blockers prevent unseen advertising companies from tracking your every step on the net. There are lots of Ad Blockers and they are not all created equal. uBlock Origin is the best. Get it for Chrome. Get it for Firefox. Ad Blockers also have the benefit of making your internet faster because all those ads aren’t loading, as well as making your browsing safer when visiting a site that may unintentionally be serving up a malicious ad via an unreliable ad network. To see the difference: Install uBlock Origin and then go to any YouTube video and you’ll see dozens of ads blocked in the extension’s indicator.
Use HTTPS Everywhere – from the Electronic Frontier Foundation, an organization founded on users’ digital rights and civil liberties - this extension helps ensure you’re visiting the secure version of a web site for every visited web page. The Wirecutter does AN AMAZING JOB of explaining the differences of viewing a non-secure (HTTP) verses a secure (HTTPS) web page - highlighting the granular data an ISP can collect about you in a non-secure page. Obviously HTTPS provides a great deal more privacy than HTTP - my ISP may know I went to Amazon, but at least on a secure version of the URL they can’t determine based on the query string which items I am interested in buying. Extrapolate that to other searches like health concerns, etc and you can get a scary idea of the kinds of profiles your ISP can generate about you.
Use Facebook Container - Mozilla, makers of Firefox, have provided an extension that traps Facebook’s tracking abilities from cross-site tracking. A lot of people don’t realize this but Facebook injects tracking codes on lots of sites you might visit in a given day, and if they know you’re the same user they are storing data about (even if you don’t actually even have a Facebook account) they can map your behavior. This extension traps each tab in a separate session and prevents cross-site tracking from Facebook.
Control your DNS
Configure your domain name server (DNS) to NOT USE your internet service provider’s default DNS. Unfortunately thanks to a recent decision from our government to overturn a provision to protect consumers from their internet service providers (ISP) from tracking their customers’ online behavior and building profiles of their users, it is now more important than ever to use secure (HTTPS) sites and. Your ISP can now even send you to one of their own bogus domains if they do not recognize the domain URL you are trying to visit. I noticed this not long ago when I tried to visit a website for a web design conference that had been shut down, but since the URL was no longer valid my ISP redirected my browser to their own bogus link farm which looked like a hacked website, rather than a standard “page cannot be found” message. Fortunately there are some things you can do to prevent this from happening. Typically when you have an ISP they route your URL requests through their own domain name server (DNS) but if you happen to own your own router and modem (which is always good idea), you can configure the DNS manually to go though a responsible DNS server just by logging into your router and (while you’re in there be sure to change the router log-in into something other than the default). Google provides reputable DNS IP addresses, as does OpenDNS. Here is an explanation on configuring your router to use Open DNS as it’s domain name server.
Use a VPN
When you are on a public wireless network your data is not safe from prying eyes, so it is highly recommended to use a VPN. If you must use a public internet connection, using a VPN will keep your data encrypted. The best VPN is debatable but Wirecutter provides some decent suggestions. Most importantly, make sure the VPN is reputable and a paid service (the free ones sell your data).
Avoid social media (Facebook especially)
Avoid (if you can) Facebook. I know it’s hard to get by without Facebook, but just know that whenever you use that service you are handing over your personal data to be sold to anyone. YOU are the product that they sell for massive amounts of marketing dollars, and you have no idea who’s buying that data. You might be amazed at what they know and can determine about you with algorithms. Here is how you can view all the data Facebook stores about you. BTW, if you use Instagramor WhatsApp you’re just another part of Zuckerberg’s empire.
By all means, do not use Facebook as a means to log into other services. I see this a lot lately. This is just a way for Facebook to know more about you, and prevent you from leaving Facebook for fear of loosing access to those services. Whenever possible do create a unique account for every unique service.
Put a piece of paper of your computer’s web camera. it’s old school, but even Mark Zuckerberg does this. Firefox will allow you to set when it’s ok for a site to access your web cam or microphone. Pasteabout:preferences#privacy into the URL bar to access your privacy controls. Nefarious website have been known to hijack cams and secretly record users.
Don’t jailbreak your iPhone or Android and always update whenever Apple/Googleprovides system updates. They often patch security vulnerabilities.
Use 2-factor authentication for all of your important services (email/financial/medical/etc). 2-factor authentication requires that when you log in with a password you get a text message to your phone with a random authorization code. This prevents a hacker who may have already acquired your password from accessing your personal info. For an even more secure log in, many services offer a way to use an encrypted app to provide 2-factor authentication.