In the light of recent news about N$A practices, you may wonder how to take a little more control of your Web presence and experience. Here are some steps to consider if you value privacy…
- Make sure the connection to your email provider/server is a secure connection. Webmail providers (those where you check your email in your browser) usually are. Others (server-based) should be double-checked to be using SSL/TLS connection.
- If you’re in Europe, consider using an European mail provider, such as eclipso.eu. If you have a website hosted in European servers, you can set up your own domain for email.
- For an additional security layer, consider encrypting your messages. Thunderbird users can use the Enigmail add-on. For Webmail, there are some browser extensions for encryption. Click here for more guidance on this.
- Use encrypted.google.com as your default search engine, thus preventing eavesdropping from random people when browsing in unsecure connections. You can also try DuckDuckGo — a search engine that doesn’t focus on personalized results. DDG’s results aren’t always perfect, so personally I stick with Google for searches (logged off).
- Note: this won’t prevent your Internet Service Provider (a.k.a. ISP / your Internet access company) from knowing the sites you visit and the terms of your searches. Google might also keep track unless you turn off their web history.
- Prevent your ISP from knowing the websites you visit by doing your web browsing via proxy server / VPN.
- You’ll need to try some example services to figure what works best for you, e.g. torproject.org or AirVPN
- Update: here’s an even better list.
- Update: Google just released a guide for checking your WiFi network security.
Enable HTTPS browsing:
- HTTPS Everywhere
- Enable HTTPS / secure browsing in Facebook’s privacy settings. Double-check your other settings there, in case Facebook sneaked in another “feature” with dubious purposes. Better yet, avoid facebook altogether.
Hold your cookies:
- Control the “cookies” stored by webpages (and their ads) on your computer. For example, you can configure your browser to keep cookies only until you close the browser. I suggest doing a complete cleanup of all cookies once before you configure this. Be ready to remember the passwords you have used in the past, because…
- You will need to login again to any site requiring login on your next browsing session. You can counter this by letting your browser save passwords. Personally I prefer that to having all that cookie data on my computer, as I trust browser developers more than advertisers.
- The privacy options of web browsers usually provide a Do Not Track setting, which in theory it can help prevent advertisement tracking. Google Chrome also provides prediction and spell checking services which you might not really need.
- Update: If you have Flash installed, check the settings to prevent any data from being stored by Flash in your computer. Unfortunately, web companies have now adopted Flash as a cookie-like data-storing mechanism.
Blocking ad trackers, social plugins (and any scripts):
- As a complement to the point above, or especially if you have issues controlling your cookies so tightly, you can also use browser extensions like Privacy Badger. They can identify and block trackers and social plugins that appear in many sites. If you block social plugins you actually stop seeing those annoying “X people like this page on Facebook” boxes.
Personal mentions and profiles:
- If you’re being mentioned on the web and would like to disappear, SafeShepherd can help with that.
- Avoid storing all your personal files in the cloud, at least with companies from countries with snoopy governments.
- Now this one is a pickle. Microsoft is arguably making Skype less resistant to government snooping; Google has just removed the ability to disable all chat history by default; and Facebook, well, is just not trustworthy regarding how much of your data they keep and access freely.
- If you want to be fairly confident about the eternal privacy of your chats, you might need to use something like ChatSecure or Pidgin‘s encryption plugin. This is, in practice, very hard because you need every other person to use the same.
- In the end, you’re probably better off not caring much about it and keeping sensitive talks offline.
Did I forget anything?