Every time you connect to the internet you are opening up your personal space, data, and activities to the entire world. It’s easy to forget how public the web is when you’re on your couch. The familiar surroundings and friendly pictures on your screen lull us into a false sense of security.
The truth is that there are many ways you leak personal information every time you go online and most people don’t even know that they are doing. If you don’t know that you are doing something then how can you do something about it? This is what you should look out for whenever you connect to the web.
Using IoT Devices
The internet of things is the hottest new technology application on the web. We are getting home appliances that are smarter and internet connected. They can talk to each other and to entities on the web. I’m talking about fridges, security cameras, TVs, ovens and just about anything you can think of.
All of these devices become part of your home network and any one of them could act as a potential door for privacy leaks. Internet-connected cameras are a prime suspect here. Many of the cheap ones have bugs in their firmware. Even if they don’t, many people don’t bother to change the default username and password. While routers now usually come with unique individual passwords out of the box, it’s rare to see on IP cameras. This means hackers can target these devices and get footage of you while you think you’re in a private place.
In fact, it’s a good idea to cover or disconnect any web cameras that are not in use!
Likewise, smart speakers like Amazon’s Alexa are constantly listening. They do this in order to be ready when you say “Hey Alexa” or some other predefined trigger word. While companies can’t legally record you, there is nothing on a technical level stopping them. There are already concerns that this technology will be used to incriminate or spy on users for marketing purposes.
Your other IoT devices might also spy on you by learning your habits and usage patterns. They may do this as a way to be more convenient, but that data is still personal and potentially harmful. This is why it’s important to read the terms and conditions, to make sure you know what data your are permitting and what it will be used for.
Social Media, Social Media and Social Media!
The negative impact of social media on our privacy cannot be overstated. From the early days of MySpace and Facebook til today, the popularity of these services has exploded. Users put sensitive private information online without a second thought. Using social media puts you at risk of profiling for crimes. For example, posting a photo of your new car with its number plate visible.
People have disclosed things on social media they thought was private and then got fired for it. Social media has destroyed relationships, caused mental anguish and the list goes on.
Honestly, the best option is to cut social media out of your life. However, for those that can’t you should aggressively audit the privacy settings on offer for your chosen platform.
If you have a device with a GPS module inside and a web connection, then you are broadcasting your location to someone. At the very least you're sending it to a company like Google.
If you want to be shocked by how much information is being collected about your whereabouts, just check out your Google location timeline.
Yes, legitimate companies that collect these data promise that only you will ever see it. They say that it will only be used anonymously in aggregate. None of this changes the fact that the data has been collected and is out of your hands.
The Google Timelines example is very effective because most people don’t even realize that they are being tracked and logged. If someone gained access to your account that information could be used in many seriously harmful ways.
There are a few ways you can combat this issue. On your smartphone, you should disable location services unless you are actively using them, such as when you use Google Maps.
You may also want to refrain from using your phone for navigation. Instead of using a traditional GPS unit that does not connect to the internet at all. Remember that GPS satellites can’t receive anything, so it is safe to use them. It’s the internet connection that reports your location that you should be wary of!
App Access Permissions
When you install a new app on your phone or tablet, one of the first things you will be asked to do is approve a request for certain permissions. This may include your location services, contacts, microphone and so on.
In principle, there is nothing wrong with this, but you should not just say yes to any request from an app. You should stop and think about why a specific app needs to use your microphone or go through your contact information.
If no function that app is meant to provide you justifies certain permissions, don’t allow them. If you say no to a permission the app really needs, it just won’t work correctly. So don’t be afraid of denying suspicious requests. You can also check the app description or home page to find out what that permission is for.
Some apps are obvious traps. If you download an app that applies filters to your photos, it makes sense for it to access your gallery. There is no reason for it to access your contacts!
The good news is that since Android 8.0 permissions have become more refined and specific. So now apps have much more narrow access than before. It’s not perfect, but it’s a good start.
Services That Demand Real Names
One of the most precious commodities on the internet is anonymity. With cyberbullying and doxxing on the rise having your real name out there is pretty risky. Using a screen name is one of the fundamental privacy protection strategies on the web, yet in recent years there has been a push to de-anonymize internet users. Facebook’s real name policy is the most mainstream example of this. It’s a policy that prevents users from using an assumed name. Despite the fact that there are many good reasons to do so.
The simple answer is to avoid services that insist on using your real name where other internet users can see it. The case for services that want your real name, but won’t publish it is fuzzier. It depends on how much you trust the company or organization in question.
Online "Friends" with Loose Lips
Making friends in real life is hard. It takes work to establish and maintain relationships. Making friends online is much easier. There’s less social pressure and it feels safe because you can get to know the other person at a distance.
Unfortunately, there’s a big difference between the people you casually meet online and those you make friends with in real life. Remember that, just as you can, other people on the web can present themselves as anyone or anything. This is why we have the whole catfishing problem on the web.
Be very careful of disclosing private information to your social media and internet “friends”. There are so many things that can go wrong there’s no space to list them all here. For one thing, if you tell them something in confidence, they might broadcast it everywhere. Even if you know this person in real life, by sending them messages online you create a record that you don’t have control of. Be vigilant about what you share online. There is no “private” when it comes to internet communication.
Using Just One Email Address
In the old days getting an email address was quite an affair. It was usually provided by your dial-up service provider and you paid for it. Thanks to the rise of web-based email like Gmail, those days are behind us. Now you can have as many email addresses as you want.
So why would you link all of your online accounts to a single email address? If someone knows your email address they can do reverse email searches that will show all the other accounts that are associated with that email.
If you have some public accounts and other anonymous accounts that all use the same email you may end up outing yourself. So it’s a good idea to compartmentalize your online activities with multiple email addresses.
You may want to have one email address dedicated to your online banking account. Public social media accounts could use one address, while anonymous accounts use another. There are also anonymous email services you can use for especially sensitive uses, such as whistleblowing.
If you want to see how much can be uncovered just by knowing your email address, head over to a site like Pipl and put in your email. You might be in for a shock.
Lack of Encryption and IP Logging
It’s not reasonable to expect the average internet user to know the technical details of the internet. However, there are two concepts that every internet user should understand and that’s encryption and IP logging.
Encryption is a powerful method of scrambling information packets as they enter and leave your computer. It means that even if someone intercepts them, they won’t be able to read them. These days most websites are encrypted automatically, but that does not mean you can ignore encryption as an issue.
The few websites that still don’t have proper encryption are now flagged by modern browsers. To the left of the site’s address, you should see a red open padlock or a message saying the site is not secure. As long as you don’t use or visit these sites, the information you submit to them is safe.
However, your internet service provider can still see which sites you visit. When you visit them and how much data you are sending and receiving. Your government could compel them to hand over any such information. It’s not either of these institution’s business where you go on the web or what you do there.
This is why you should consider using a trusted VPN (on that does not keep records) to encrypt your entire internet connection. So that not even your ISP knows what you are up to.
The servers you are connecting to can get private information from you without your consent. They can log your IP address, which will tell them (quite accurately) where in the world you are and what service provider you use. This information can, in principle, be used to identify the person who pays for your internet service. A VPN takes care of this problem as well, by masking your IP and location.
Whenever you visit a website, you are often asked if you accept their policy on cookies. This has nothing to do with the delicious snack and everything to do with how the website remembers who you are.
Don’t get me wrong, cookies are not bad by themselves. All they are is a text file which the website saves on your computer via the browser. It stores things like your site preferences and user identity. So when you next log in to that site it already knows who you are. At least in the user name sense.
Cookies can be used as a way to track not only what you do on that specific site, but what you do on the web as a whole. This means that you can be profiled and when using big data analytics. Targeted, exploited and manipulated.
European laws now require that you specifically consent to cookies when you visit a site. If you are visiting a site that does not need to remember anything about you, just say no.
Laziness and Haste
There’s nothing wrong with being a bit lazy or in a hurry, but it could lead to leaks of your private information! No one wants to read long legal documents, so we tend to ignore or skip over privacy statements on the sites we visit. So although laws in various countries require websites to foreground their privacy statement, they can still put some problematic terms in there because most people don’t read them either way.
If you are serious about privacy you should take the time to read privacy statements before you start to use the site. If you don’t have time to do it now, bookmark it for later.
The policy doesn’t have to be radically rewritten to be radically different. Sometimes just a small change in wording can be a sign that the company is trying to sneak in weaker privacy without users noticing. Luckily it’s now common practice for only the changes to be published separately. Which makes it much less of a chore to know what you are agreeing to.
Just Using Technology
This is one of the hardest pills to swallow, but there is almost no digital technology you can use these days that don’t chip away a little at your privacy. That’s OK in the sense that there can be no thing such as absolute privacy. We have to give up some privacy in order to enjoy the benefits of modern life.
When you swipe your credit card or use an RFID chip you are leaving behind digital breadcrumbs in the physical world. This is just one example of how the daily technologies we use can track and identify us.
There are some inconvenient workarounds. For example, you can draw cash and then spend it at places you don’t want to show up on your credit card bill. Now we also have the choice of using cryptocurrency like Bitcoin to help us stay anonymous.
Practice Privacy Self-Care
It may seem daunting to know about all of these different ways you are giving up parts of your privacy every day. To tell you the truth, it IS daunting. However, by practicing some basic privacy self-care you can tackle the problem bit by bit until you have a level of privacy that doesn’t keep you up at night. Think about these main privacy holes and to what extent they are a problem for you. Then change your behavior accordingly. Privacy is a lifestyle and there’s no better time than now to adopt it.