When considering online privacy, many uninformed internet users ask the naive question, "I have nothing to hide, so why should I be concerned about my privacy?" There are many good reasons that honest, law-abiding citizens should be very concerned about their privacy. For a list of some of them, read this. I realize that most people consider pre-emptively protecting themselves against potential bad situations to be something that only paranoid people do--until something happens to them. But, remember, there are companies and governments collectively spending hundreds of billions of dollars a year to collect information on us while we are on the internet. It's not paranoia if they really are out to get you. Nevertheless, how much effort you decide to exert to protect your privacy on the internet is entirely up to you. If you are willing to read it, this article gives you, the technologically-challenged internet user, pragmatic methods of protecting your privacy.
Before beginning any honest discussion of internet privacy, it is important to make the good and bad news clear. But before I do, let me just say that privacy and anonymity are not the same. Despite this, I sometimes use them interchangeably to avoid complexities that the technologically challenged will not be interested in. Now, the good news is that you can do things to improve your privacy on the internet. The bad news is there is nothing you can do to 100% guarantee your privacy. So, if you plan on doing something on the internet that is against the law in your country, you may get caught, regardless of the steps you take to hide your activities and identity.
In this article, it is my intent to give an introduction to all of the topics that you need to understand to retain as much of your internet privacy as you can without getting into more technically-sophisticated information. This does not mean that you shouldn't learn more. For this reason, I will provide links to more in-depth information that I think is valuable. It is up to you to research particular topics that apply to you, until you have the detailed knowledge you need to implement your own plan for maintaining your online privacy. For the technologically challenged, research involves mostly trying various applications and service providers until you find the ones that give you the services you want without compromising your privacy too much.
While enhanced privacy on the internet for the technologically challenged is mostly a matter of using privacy-protecting applications and internet services, some other fundamental issues should also be considered. First, the only way that you can be assured that a particular application or service provider will not compromise your anonymity is if you do not tell them who you are. By service providers, I mean providers of online services such as email, music, chat, voice communication, video, social networking, and basic internet connection. Once you give your name and other personal information to a service provider, no matter what they say in their privacy statements or terms of service, you have no guarantee that either will be honored. Privacy statements and terms of service change all the time, and companies are bought and new managements installed all the time. Second, even if you give a particular service provider no or completely false information, but you have not taken steps to hide your IP address, they can still find out who you are if your Internet Service Provider (ISP) knows who you are.
It is important to understand your right to retain your anonymity. I am not a lawyer, so take everything I say in this regard with a grain of salt. It is my understanding that no matter what a service provider tells you, you are under no legal obligation to provide correct information about yourself. The worst providers can do to you if they discover you have lied to them is to discontinue your service. The three exceptions to this rule that I can think of are banks, organizations that act as a banks (Paypal, Applepay, Google Wallet, etc.), and governments. Lying to them can bring legally-enforceable consequences, so don't do it. For every other organization, you are under no legal obligation to identify yourself.
It doesn't do you much good to jump through hoops to keep your internet communications private, if someone can simply turn on your computer and have access to every document you've ever written and every email you've ever sent. For this reason, strong passwords and strong encryption are critical.
You need strong passwords for both your online accounts and your encrypted files on your computer. Learn how to create strong passwords and use them! Also, your online accounts will not be secure if you save your passwords in your browser, so that, for example, all someone has to do read all your emails is to get access to your computer and bring up your browser.
In my opinion, everyone should encrypt files that they want to remain private. The best way to do this is by storing files on an encrypted USB flash drive. Don't forget backups! This way, if someone does managed to hack into your computer, there will be nothing for them to find, assuming you have taken steps to delete all temporary files. If for some reason you don't want to use an encrypted USB flash drive, the next best method of protecting your private files is to encrypt parts or all of your hard drive.
Several programs exist for encrypting hard drives and USB flash drives. Although many will disagree, the only one I recommend is Truecrypt version 7.1a. The reasons Truecrypt is my favorite are: 1) independent audits have been conducted, and they have found no significant vulnerabilities, and 2) there is good reason to believe that all other encryption programs have been compromised by the US government. Although Truecrypt has a learning curve, there is sufficient documentation to get new users up to speed on its use.
Without going into the details, let me just say that open-source applications are almost always more respectful of users' privacy than proprietary, closed-source applications. The reason is that it is much harder to hide password back doors and other privacy compromises in code that anyone can look at. So, whenever you have a choice, pick open-source applications over closed-source applications.
I would be willing to bet that in 2019 you were not aware that more than one internet existed. Although we could quibble about exactly what the word "internet" means, I will state here that there are actually several internets. They generally fall into two categories. The first category is the centralized internet. This is the internet we are all familiar with, the one that operates using servers run by service providers like Google, Amazon, Apple, Facebook, Pandora, Cloudflare, WordPress, and Ebay.
The other category is decentralized internets, which most people refer to as decentralized networks. I am including information about decentralized networks in an article directed at the technologically challenged, because decentralized networks are generally no harder to use than the centralized internet. The type of decentralized networks that I'm referring to here run on computers owned by individual users. With these networks, users retain much more of their privacy than they do on the centralized internet. For the most part, users on decentralized networks are anonymous. In fact, it was for this reason, as well as for providing freedom from censorship, that decentralized networks were created.
Two decentralized networks that I have used that can be accessed by anyone with a centralized internet connection are ZeroNet and the Interplanetary File System (IPFS). Of the two, I much prefer ZeroNet. With ZeroNet, you can also create your own website without paying fees to ICANN or to a domain name provider. And, your website cannot be taken down by any organization or government. ZeroNet is growing rapidly. When I first accessed ZeroNet three months ago, there were usually between 600 and 1200 other users' computers connected to it at any given time. Over the last week there have been consistently over 5000. Since decentralized networks can be created by anyone, we should have every expectation of seeing more of them cropping up in the next few years.
There are also locally-available, decentralized networks that can be accessed by those who do not have a connection to the centralized internet. These are more often know as "mesh networks". Mesh networks are owned and operated by local communities. Sometimes they are limited to a single apartment building, but some have expanded to serve larger neighborhoods. A couple have grown to have tens of thousands of customers. The chances are not good that you have access to a mesh network in your area, unless you are located somewhere no companies want to provide centralized internet access, because they don't feel that it is economically beneficial to them. Since mesh networks are run locally, they are much more supportive of customers' privacy.
Decentralized applications are stand-alone applications that perform specific tasks via decentralized networks that run transparently in the background. Just as with decentralized networks, decentralized applications cannot be controlled or shutdown. Some examples of decentralized applications are Openbazaar (online shopping), Bisq (matching cryptocurrency buyers with sellers), Diaspora and Friendica (social networking), and Bit-torrent (file sharing). More decentralized applications are being created every day. So, while dozens of them exist today, ten years from now we may see thousands.
As far as I can tell, most internet browsers were created to enable websites (and thus companies that run them) to get as much information about you and your computer as possible. You can find a list of the information that typical browsers collect about you here. If you would like to see the information that the browser you are now using is reporting about you, go here and here.
Some browsers claim they collect less information about you. Most of them lie. One browser that I know collects less information, because I have tested it against others, is the TOR browser. I won't go into what the TOR network is, because you don't need to know to use the TOR browser. This browser is the only one I know that also hides your IP address from websites that you visit. In my opinion, the TOR browser is essential to retaining any semblance of anonymity on the internet, although it is far from perfect.
Unfortunately, as I have been discovering lately, many centralized service providers of all kinds are so pathologically opposed to users retaining any shred of privacy that they will not accept connections made through the TOR network. What this means is that you cannot use these service providers without revealing your IP address, and thus your identity. My strong recommendation is to not use any service provider that treats you this way, and find another that doesn't, even if you have to use a service provider located in another country.
In my opinion, the worst browser for privacy is the Chrome browser. Unfortunately many other browsers have switched to the Chrome browser engine, which essentially means that when you think you are using them, you are actually using Chrome with a different graphical user interface.
Virtual Private Networks (VPN's) claim to encrypt the data transmitted in both directions between your computer and every website you visit. The idea behind this is to prevent your Internet Service provider (ISP) from seeing what you are viewing. However, VPN's in my opinion are a waste of money. One reason is that most do not currently even claim to hide the IP addresses of the websites you visit from your ISP. However, the biggest reason is that studies and court cases have proven that many VPN's lie. See here, here, and here. That's right, they don't do what they say they do in exchange for your monthly fee. There are tools you can use to check the veracity of your VPN provider. But remember, just because a particular VPN is honest today, does not mean it will be honest tomorrow. Contrary to my thoughts on this subject, some people recommend using both a VPN and the TOR browser for more privacy.
Another method of hiding the IP addresses of websites you visit from your ISP is DNS over HTTPS. The Firefox browser now supports this, but it is not enabled by default. Enabling DNS over HTTPS in Firefox and sticking to HTTPS websites, which are all TLS encrypted, should be enough to prevent your ISP from knowing which websites you are visiting and what you are looking at once there. However, this is not enough to hide your activities from government snoops who are determined to spy on you.
It is important for all internet users to understand that we are now engaged in a privacy war with our service providers. In that light, my advice to everyone who uses internet-based email providers is that if they require you to identify yourself by giving them your phone number, assume they are selling your data and that your government is reading your email. Until recently, my two favorite free email providers were protonmail.com and tutanota.com. However, that is no longer the case. I discovered recently that both now require phone numbers for new users to create accounts. In addition, Tutanota now requires phone numbers for previously-existing users to access their accounts. It is becoming difficult to find free email providers that do not require a phone number to open an account. But, one that still doesn't is mail.com. You can also connect to mail.com through the TOR network for even more privacy.
I advise all email users is to have multiple email accounts with different email providers. For your primary accounts that you use with your friends and business associates, use your true name, but do not provide any other true information, and do not send any emails that you wouldn't want to be read by your email provider and your government. In all other email accounts where you would like some basic privacy, do not give your true name or any true personal information to your email provider. Always connect with the TOR browser, and never use these accounts to email anyone who you have emailed with your primary accounts.
For those who require a very high level of privacy in their email communications, use encryption. Do not rely on the email provider's encryption. Use your own. This is the only way to ensure that you and the receiver of your email are the only ones who can decrypt it.
For those annoying websites that require you to provide an email address to open an account, use throwawaymail.com wherever possible. This email service provides you with an email account that lasts for about an hour or until you close their webpage, whichever comes first. Throwawaymail.com does not collect personal information from you, and it can be used over the TOR network, if you are concerned that it may be logging your IP address.
I do not know of any voice communication services that are suitable for the technologically challenged that do not require users to divulge personal information to open an account. For those who are more technologically sophisticated, search on the internet for "free SIP applications". If you are willing to spend the time and money to get one anonymously, which can still be done, search for a "burner phone". Remember, with burner phones, the only way to create an account anonymously is to create the account with false information in the store when you purchase the phone.
I have come to the point where I doubt there is such a thing any more as a privacy-protecting search engine. Nevertheless, the one I use is duckduckgo.com. I can't tell that its search performance is any worse than Google's, and it seems to weight the contents of small websites as highly as those of giant company websites. So, you are more likely to get information that represents more than just the corporate-sponsored point-of-view on duckduckgo.com.
Where social networks are concerned, there is much good news. There
are now several decentralized, privacy-respecting social networks.
Some of them host millions of users. For more information about
these, I will refer you to my previous article entitled,
"My Search for Alternative Social Networks". You
may also be interested in my article, "6
Reasons for Maintaining Anonymity in Your Online Social Networks".
Unfortunately, these days, there is no easy way to shop anonymously via the centralized internet. Anything that involves an exchange of money requires you to identify yourself. Even pre-paid debit cards now require you to identify yourself before you can use them. While you can still shop anonymously online, unless you are buying something illegal, it most likely isn't worth the effort. And, as I said earlier, if you are doing something on line that is illegal, you can't 100% guarantee that you won't get caught.
Despite what I just said, Openbazaar is a decentralized application that allows you to buy using cryptocurrencies. This is as close as it gets to buying anonymously. However, even cryptocurrencies do not guarantee your anonymity if you have identified yourself at any point in the buying of the cryptocurrency or in the downloading or use of your cryptocurrency wallet. Openbazaar is new, so it does not yet have a wide selection of products for sale--a few hundred at most on any given day. Also, if you have to accept physical delivery, you will have to get a mailbox through a private provider in order to preserve your anonymity. And, private mailboxes are expensive. As a cheapskate, when faced with expensive things, I hiss like a vampire confronted with a cross.
Hard drive cleaners wipe temporary files from your hard drive, including browser caches, browser cookies, browsing histories, passwords in browsers, flash caches, clipboard contents, and trash files. The benefit of regular use of a hard drive cleaner is that if your computer is ever snooped on or stolen, no one can get information about you from the contents of your hard drive that you did not even realize was there. The hard drive cleaner recommended by Edward Snowden is Bleachbit.
After reading and understanding the information presented in this article, you should have the knowledge to more effectively protect your online privacy. But, remember, there is much more to learn. You are still a novice. Remember also that knowledge does not benefit you unless you use it. Let's face it, using this knowledge every day is really the part that takes the effort.
Copyright © 2019 The Cheapskate's
Guide to Computers and the Internet. All rights reserved.