Skip the navigation

The paranoid's survival guide, part 1: How to protect your personal data

March 3, 2014 06:30 AM ET

Bottom line: Once you log into a service, all of your activity across all related services from that provider -- from webmail to searches -- can be tracked back to your account. So log in only when you need to, and be sure to log out when you're done.

Use anti-tracking software

Unfortunately, blocking third-party cookies doesn't block the activities of all tracking scripts, and many advertisers ignore the DNT signal, so Hansen recommends installing anti-tracking browser add-ons.

"Something like Disconnect blocks ads plus third-party tracking pixels" and has the added benefit of speeding up Web page load times by removing all of that extraneous tracking activity, Hansen says. Disconnect, Abine's DoNotTrackMe, Ghostery and other consumer-friendly anti-tracking tools don't block everything -- doing so can break things you want to use -- but try to strike a balance for the best user experience. For example, Disconnect doesn't block Google's third-party advertising network DoubleClick when you're using Google services. "Google is already tracking you when you log into google.com, so blocking the doubleclick.net request wouldn't stop any tracking, and is likely to break the page," says Casey Oppenheim, Disconnect's co-CEO.

If that's not good enough for you, Hansen says, "The extreme level is to use NoScript or RequestPolicy. "Flash, Java, whatever it is, [these tools] block it if it's cross-domain. It's uber-draconian, and it breaks just about everything, but it's very effective," he says.

These tools also offer greater security because they block malware that attempts to compromise your computer by way of JavaScript include or iframe injection attacks. However, it's up to users to whitelist content that they want to get through. "You have to know what you're doing, and it requires a big expenditure of time," he says.

Secure your searches

Use a search engine such as DuckDuckGo or Startpage -- in other words, one that doesn't retain your search history. (The WhiteHat Aviator browser uses DuckDuckGo as its default search engine.)

Or use a proxy search service such as Disconnect Search, which sits between your browser and the popular search engines so that your search history can't be tracked. (Ixquick, located in the Netherlands, works in the same way and also has the advantage of being out of reach of the U.S. Patriot Act and the FISA court.)

If you prefer to use a commercial search engine, you may be able to turn off search and browsing history. For example, in Google you can turn off search history from the Google Dashboard, while the Chrome browser offers Incognito mode.

Use HTTPS whenever possible

All data that passes between your browser and the Internet is unencrypted and open to snooping, unless you've entered an encrypted session with the service you're communicating with on the other end. Some sites, such as your bank, will encrypt your communications using the HTTPS protocol by default, while others, such as your webmail, may not. For example, Gmail enabled HTTPS by default three years ago, but Yahoo Mail only began supporting HTTPS one year ago, and it's not turned on by default. If you're not sure, check first before you use the service.

You can use the Electronic Frontier Foundation's HTTPS Everywhere browser extension to make sure you're using HTTPS when it's available, but some sites don't offer HTTPS, says Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology. In that case, he says, you may want to consider using a virtual private network (VPN) service.

Sign up for a VPN service

Your IP address gives Web publishers and e-commerce sites an identifier that provides clues to your location. It allows Web publishers to deliver geo-targeted content, such as your local weather, but they can also target you in less pleasant ways. For example, some online retailers have moved to geotargeted pricing, which determines the price you see for an item based on your location and how many brick-and-mortar competitors are nearby. Depending on your location, this could be a good thing or a bad thing.

And if you're browsing the Web using a public Wi-Fi hotspot, it's not just your IP address you need to worry about. If your browsing session is unencrypted, all of that data -- including user account names and passwords -- could be snatched literally from the airwaves.

The solution in both cases is to use a virtual private network (VPN) service such as Astrill, Anonymizer, IPVanish or AnchorFree. These tools not only protect your IP address, but encrypt your communications, which are routed through the VPN service's servers before going on to the intended destination. "People can't eavesdrop on what you're doing, or steal your login credentials and impersonate you," Hall says.

Next, in part 2: Tips about privacy and mobile computing, email and social media.

This article, The paranoid's online survival guide, Part 1: How to protect your personal data, was originally published at Computerworld.com.

is a national correspondent for Computerworld. Follow him on Twitter at Twitter twitter.com/rmitch, or email him at rmitchell@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!