10 tips to avoid leaving tracks on the internet
Most public Wi-Fi networks — in hotels, airports, coffee shops, and so on — are eavesdroppable, even if they require a password to connect.
10 Tips to Avoid Leaving Tracks Around the Internet (CREDIT: Graham Roumieu/The New York Times)
Google and Facebook collect information about us and then sell that data to advertisers. Websites deposit invisible “cookies” onto our computers and then record where we go online. Even our own government has been known to track us.
When it comes to digital privacy, it’s easy to feel hopeless. We’re mere mortals! We’re minuscule molecules in their machines! What power do we possibly have to fight back?
That was the question I posed to you, dear readers, in the previous “Crowdwise.”
Many of you responded with valuable but frequently repeated suggestions: Use a program that memorizes your passwords, and make every password different. Install an ad blocker in your web browser, like uBlock Origin. Read up on the latest internet scams. If you must use Facebook, visit its Privacy Settings page and limit its freedom to target ads to you.
What I sought, though, was non-obvious ideas.
It turns out that “digital privacy” means different things to different people.
“Everyone has different concerns,” wrote Jamie Winterton, a cybersecurity researcher at Arizona State University. “Are you worried about private messaging? Government surveillance? Third-party trackers on the web?” Addressing each of these concerns, she noted, requires different tools and techniques.
Duck Google
“The number one thing that people can do is to stop using Google,” wrote privacy consultant Bob Gellman. “If you use Gmail and use Google to search the web, Google know more about you than any other institution. And that goes double if you use other Google services like Google Maps, Waze, Google Docs, etc.”
Like many other readers, he recommended DuckDuckGo, a rival web search engine. Its search results often aren’t as useful as Google’s, but it’s advertised not to track you or your searches.
And if you don’t use Gmail for email, what should you use? “I am a huge advocate for paying for your email account,” wrote Russian journalist Yuri Litvinenko. “It’s not about turning off ads, but giving your email providers as little incentive to peek into your inbox as possible.” ProtonMail, for example, costs $4 a month and offers a host of privacy features, including anonymous sign-up and end-to-end encryption.
Jam Google
The ads you see online are based on the sites, searches, or and Facebook posts that get your interest. Some rebels therefore throw a wrench into the machinery — by demonstrating phony interests.
“Every once in a while, I Google something completely nutty just to mess with their algorithm,” wrote Shaun Breidbart. “You’d be surprised what sort of coupons CVS prints for me on the bottom of my receipt. They are clearly confused about both my age and my gender.”
It’s “akin to radio jamming,” noted Frank Paiano. “It does make for some interesting browsing, as ads for items we searched for follow us around like puppy dogs (including on The New York Times, by the way.)”
Barry Joseph uses a similar tactic when registering for an account on a new website. “I often switch my gender (I am a cisgender male), which delivers ads less relevant to me — although I must admit, the bra advertising can be distracting.”
He notes that there are side effects. “My friends occasionally get gendered notifications about me, such as ‘Wish her a happy birthday.’” But even that is a plus, leading to “interesting conversations about gender norms and expectations (so killing two birds with one digital stone here).”
Avoid unnecessary web tracking
It’s perfectly legitimate, by the way, to enjoy seeing ads that align with your interests. You could argue that they’re actually more useful than irrelevant ones.
But millions of others are creeped out by the tracking that produces those targeted ads.
If you’re in that category, Ms. Winterton recommended Ghostery, a free plug-in for most web browsers that “blocks the trackers and lists them by category,” she wrote. “Some sites have an amazing number of trackers whose only purpose is to record your behavior (sometimes across multiple sites) and pitch better advertisements.”
Careful on public Wi-Fi
Most public Wi-Fi networks — in hotels, airports, coffee shops, and so on — are eavesdroppable, even if they require a password to connect. Nearby patrons, using their phones or laptops, can easily see everything you’re sending or receiving — email and website contents, for example — using free “sniffer” programs.
You don’t have to worry about Social, WhatsApp and Apple’s iMessages, all of which encrypt your messages before they even leave your phone or laptop. Using websites whose addresses begin with https are also safe; they, too, encrypt their data before it’s sent to your browser (and vice versa).
(Caution: Even if the site’s address begins with https, the bad guys can still see which sites you visit — say, https://www.NoseHairBraiding.com. They just can’t see what you do there once you’re connected.)
The solution, as recommended by Lauren Taubman and others: a Virtual Private Network program. These phone and computer apps encrypt everything you send or receive — and, as a bonus, mask your location. Wirecutter’s favorite VPN, TunnelBear, is available for Windows, Mac, Android and iOS. It’s free for up to 500 megabytes a month, or $60 a year for up to five devices.
Use Apple
“I don’t like Apple’s phones, their operating systems, or their looks,” wrote Aaron Soice, “but the one thing Apple gets right is valuing your data security. Purely in terms of data, Apple serves you; Google serves you to the sharks.”
Apple’s privacy website reveals many examples: You don’t sign into Apple Maps or Safari (Apple’s web browser), so your searches and trips aren’t linked to you. Safari’s “don’t track me” features are turned on as the factory setting. When you buy something with Apple Pay, Apple receives no information about the item, the store, or the price.
Apple can afford to tout these features, explained software developer Joel Potischman, because it’s a hardware company. “Its business model depends on us giving them our money. Google and Facebook make their money by selling our info to other people.”
Don’t “Sign in with Facebook”
Mr. Potischman never registers with a new website using the “Sign in with Facebook” or “Sign in with Google” shortcut buttons. “They allow those companies to track you on other sites,” he wrote. Instead, he registers the long way, with an email address and password.
(And here’s Apple again: The “Sign in with Apple” button, new and not yet incorporated by many websites, is designed to offer the same one-click convenience — but with a promise not to track or profile you.)
Identity theft, from a pro
My call for submissions drew some tips from a surprising respondent: Frank Abagnale, the former teenage con artist who was the subject of the 2002 movie “Catch Me if You Can.”
After his prison time, he began working for the F.B.I., giving talks on scam protection, and writing books. He’s donating all earnings from his latest book, “Scam Me If You Can,” to the AARP, in support of its efforts to educate older Americans about internet rip-offs.
His advice: “You never want to tell Facebook where you were born and your date of birth. That’s 98 percent of someone stealing your identity! And don’t use a straight-on photo of yourself — like a passport photo, driver’s license, graduation photo — that someone can use on a fake ID.”
Mr. Abagnale also notes that you should avoid sharing your personal data offline, too. “We give a lot of information away, not just on social media, but places we go where people automatically ask us all of these questions. ‘What magazines do you read?’ ‘What’s your job?’ ‘Do you earn between this and that amount of money?’”
Why answer if you don’t have to?
The lightning round
A few more suggestions:
— “Create a different email address for every service you use,” wrote Matt McHenry. “Then you can tell which one has shared your info, and create filters to silence them if necessary.”
— “Apps like Privacy and Token Virtual generate a disposable credit-card number with each purchase — so in case of a breach, your actual card isn’t compromised,” suggested Juan Garrido. (Bill Barnes agreed, pointing out the similar Shopsafe service offered by from Bank of America’s Visa cards. “The number is dollar and time limited.”)
— “Your advertisers won’t like to see this, so perhaps you won’t print it,” predicted Betsy Peto, “but I avoid using apps on my cellphone as much as possible. Instead, I go to the associated website in my phone’s browser: for example, www.dailybeast.com. My data is still tracked there, but not as much as it would be by the app.”
There is some good news: Tech companies are beginning to feel some pressure.
In 2017, the European Union passed the General Data Protection Regulation (G.D.P.R.), which requires companies to explain what data they’re collecting — and to offer the option to edit or delete it. China, India, Japan, Brazil, South Korea and Thailand have passed, or are considering, similar laws, and California’s Consumer Privacy Act takes effect on January 1.
In the meantime, enjoy these suggestions, as well as this bonus tip from privacy researcher Jamie Winterton:
“Oh yeah — and don’t use Facebook.”
For more news your way, download The Citizen’s app for iOS and Android.
For more news your way
Download our app and read this and other great stories on the move. Available for Android and iOS.