Personal Privacy Tips
Below you will find general information and tips that can help you protect your online privacy.
Browser PrivacyBack to top
Web browsers have evolved into highly customizable software platforms capable of controlling and protecting much of the information that flows between you and the parties you interact with online. Modern browsers have an impressive array of privacy enhancing capabilities and options. They can, for example, warn you before you visit suspicious or fraudulent websites and can also allow you to surf the web without downloading tracking files like cookies* to your computer. Also, most browsers can inform you when a website uses SSL, a security measure that encrypts your data. When a website uses SSL a browser may indicate this to you by displaying a padlock icon (typically located on the bottom bar of your browser) or by highlighting the website's name in the address bar in green. Click on the padlock icon or the green-highlighted name in the address bar to view more information about the website's encryption and certification.
*Cookies are small files stored on your computer by websites that you visit and applications you use online that record your preferences or browsing activity. These files can be used to perform a number of actions, like allowing a website to automatically populate a log-in box with your information when you return or enabling online advertising networks to show you advertisements tailored to your perceived interests. It's important to understand that browser based privacy controls typically do not affect a specific type of tracking technology known as “Flash cookies” (based on Adobe's flash technology), whose privacy controls are accessible on Adobe's website here.
All of the major browser continue to add and modify the privacy features they provide. You should regularly check to see if you are using the latest version of your browser and if there are any new privacy controls you might want to take advantage of.
Internet Explorer / Microsoft
Firefox / Mozilla
Chrome / Google
Safari / Apple
In the 90's website were little more than digital brochures and “interactivity” meant signing up to receive a monthly e-newsletter. Modern websites have evolved into complex and powerful information platforms – collecting, processing and sharing data at blinding speeds on massive scales. When we share personal data with these online platforms it is often passed on to numerous third parties, such as advertisers, vendors, and partners. Protecting privacy in this spider web of data flows is no easy task: it's easy to see how personal information can be compromised, either accidentally or intentionally. Fortunately, many websites, from social networks to eCommerce websites, provide privacy enhancing options:
1. Privacy Controls
While websites today share more information, they also provide their users with great specificity and control over these sharing activities. On many websites you'll find that you can define your audience when you share personal information or content, whether it's an audience of one or the entire public.
YouTube, for example, allows users to upload “Private” videos visible only to people whom the author specifically authorizes via email or make videos available to their millions of monthly visitors. Facebook also offers the same selective sharing ability to its users. A Facebook user can, for example, choose to make a photo album visible only to their immediate family. These are just two examples of privacy controls available on modern websites. You can often find privacy controls on a site by navigating to a control panel or settings menu. Sometimes, websites will draw attention to privacy controls while in other cases they will group them under broader categories like “Account Settings”. Privacy controls may also be offered during the sign-up process for a new online service or account. To best protect your privacy you should explore and understand privacy controls available to you on a given website/platform before you share personal information on or with the site.
2. Privacy Policies
3. The public/private distinction
For a number of websites today making information public and open is the name of the game. It's important to understand when signing-up for a new online service or account what model the site defaults to and how its users share information on the site. Twitter is an example of an online service where the default is public: unless you specifically opt-in to private mode your messages exchanged using Twitter are available to the general public. Some websites straddle the line between public and private, while some websites that have been traditionally private are moving toward a more public model. When signing up for a new online service or account take the time to understand the information sharing defaults on the service and the site's general information model: are they trying to keep information private and siloed or are they pushing to make it public and interconnected with the greater Web? Blindly signing up for an online account or service without understanding and appreciating the site's public/private model can lead to privacy disasters.
Email has remained largely unchanged in the last decade. Methods of exploiting email, however, have evolved significantly and protecting personal information in email environments has become more challenging. In the past decade hacking has become more effective and phishing techniques, more elaborate. Here are some strategies for protecting your privacy when using email:
1. Use a secondary, “spam” email address
Signing up for new accounts and services or making purchases online usually requires you to share your email address. If you do not trust a website it's helpful to have a secondary email address you can use in these cases. This way, if the website shares your email address with marketers or other third parties without your permission you will not be inundated with spam or potentially malicious emails at your personal email account.
2. Use email service providers with strong security and spam filters
Does your email service provider offer message encryption? Do they have robust spam filters? These are questions to ask before signing up for a new email account. Three of the world's most popular email services, Microsoft Outlook, Yahoo Mail, and Gmail offer their users the ability to encrypt emails, which prevents third parties from intercepting messages. If you use an email service provider that does not offer built-in encryption capabilities you can use free email encryption protocols such as OpenPGP. Email service providers will usually provide spam and phishing filters as well and it's worth your while to optimize their configuration to prevent unwanted emails from reaching your inbox. After all, the vast majority of emails sent today are spam.
3. Exercise caution when opening emails
Be especially wary of emails sent from individuals or businesses you do not recognize. You should never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information. Another type of malicious email practice known as “phishing” uses elaborate ruses to attempt to trick a recipient into handing over personal information or money. Sometimes “phishers” will claim they have a large sum of money that they need your help transferring or depositing and will reimburse you in exchange. Others will claim they need you to “verify your account” or “confirm your billing information” by providing them with the requisite personal information. A good rule of thumb for email is that if it sounds too good be true or seems potentially fraudulent, it probably is and you should not download the attachment or respond.
Even emails sent from acquaintances or from allegedly legitimate businesses or entities can be malicious. Viruses, for example, can take over your friend's email account and automatically distribute malicious messages to your friend's email contacts. If you receive a suspicious email from an acquaintance or friend asking for money or including an unexpected or odd attachment, first verify with the sender by phone or in person that the email is legitimate. Similarly, scammers can impersonate legitimate entities like the IRS or FBI and send fraudulent emails that appear to have been sent by the legitimate entity. If you receive such a suspicious email you should verify with them by phone that the offer or inquiry is, in fact, legitimate. The Federal Trade Commission operates a webpage educating consumers on the most recent types of email fraud.
4. Recognize that email is evolving towards openness and interconnectivity
While the basic function of email – sending and receiving messages and content via a private channel - has remained largely unchanged in the last decade, recently we've seen a push to make email more open with embedded features that mirror the functionality of social networks. Both Yahoo and Google made changes in this direction to their respective email services with the introduction of Google Buzz and Yahoo! Pulse. Email service providers are increasingly moving toward models that publicize and interconnect the data in your account. For email this includes information like your contacts and communication habits, and, in some cases, even the contents of your emails. If you don't want to participate in this evolution toward openness you should set your privacy controls appropriately.
5. Use strong passwords and remember to sign-out
Setting a strong password is an important part of email privacy. As a rule of thumb, the more complex the password, the better. Your password should include letters and numbers, make use of upper and lower cases, and incorporate characters such as exclamation points and dollar signs. Microsoft provides a helpful guide on setting strong passwords available here and a secure password strength checker, available here. Also, remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer. This will prevent others from being able to access your account, which can still be open and signed in even after you have closed the browser.
1. On mobile devices your personal information is more likely to be compromised via device theft or loss - take appropriate precautions
Because they're smaller and more portable, you're more likely to suffer device theft or loss compared to your desktop computer or even laptop. These mobile devices can also store vast amount of data comparable to desktop computers and laptops. Considering using encryption, and enabling options that will allow you remotely wipe data on the device in the event of loss or theft. For users of Apple's popular iPhone, Apple “Mobile Me” product allows iPhone users to remotely wipe data on a lost or stolen phone.
2. Your mobile device may be aware of your location and may share that data with applications and advertisers
Mobile devices with GPS capabilities are fast becoming the norm. Location aware mobile applications can use GPS data to help you navigate, alert you to events, friends and deals in the area, and serve you location specific advertisements. For example, Fandango mobile applications for Blackberry, iPhone, Palm and Android devices allows users to identify nearby movie theaters and buy movie tickets. Most mobile platforms enable you to turn off this location feature, and some mobile platforms offering application specific location controls. If you feel that location-aware applications are invading your privacy, take appropriate action with your privacy controls.
Best Online Privacy Practices
1. Minimize personal information sharing
Often you will see a laundry list of data fields to enter various bits of personal information when signing up for a new online service or account. Typically, only certain pieces of personal information are required to register, sometimes noted with an asterisk (*). If you don't trust the website with your personal information there is no need to enter more information that that which is required to use the service or sign-up for an account.
2. Look for trustmarks on websites and verify their authenticity
TRUSTe offers the leading online privacy trustmark, but there are other types of trustmarks that provide consumers with online assurances about a business' integrity or practices. Security trustmarks, like those offered by Symantec and McAfee, demonstrate that a website uses technological measures like encryption to protect your data. Reputation trustmarks, like those provided by the Better Business Bureau, verify a business' legitimacy and legal status. To verify these seals' authenticity you should always click on them and see that the verification page is hosted by the respective company. For example, if you click on a TRUSTe seal and the site that pops up begins with anything other than “https://www.truste.com,” you know it's a fake.
3. Consider temporary credit card numbers when shopping online
Many credit card companies offer their customers the ability to activate temporary credit card numbers for online shopping use that are linked to their financial account, but are valid only for single or limited transactions. This technique protects a cardholder's actual credit card account from fraud and theft. Examples of this service include Bank of America's ShopSafe ® program, Citibank's Virtual Account Numbers and Discover's Secure Online Account Numbers.
4. Use strong passwords and remember to sign-out
Setting a strong password is an important part of email privacy. As a rule of thumb, the more complex the password, the better. Your password should include letters and numbers, make use of upper and lower cases, and incorporate characters such as exclamation points and dollar signs. Microsoft provides a helpful guide on setting strong passwords available and a secure password strength checker. Also, remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer. This will prevent others from being able to access your account, which can still be open and signed in even after you have closed the browser.
5. Use anti-virus and anti-spyware protection
When browsing online you may intentionally download any number of files, such as desktop applications and songs, and unintentionally download tracking files, some of which can be malicious. Ensuring your computer has up-to-date anti-virus and anti-spyware software is an important part of protecting your personal information online. Trojans and keystroke logging software can steal personal information from your computer when you use the Internet.