With all the data breaches revealed this year and the previous years, it is time that you become more serious in protecting your data and keeping it private. The less personal data you have on the internet, the better and more secure you are in the real world. Just a quick exercise, do a DuckDuckGo or Ecosia search on your name and see what personal information is out in the open. If you are on Facebook, do the same. Remember that an innocent photo posted can reveal a lot about your location, which can be cross-referenced with other information to find out more about you. This coming 2022, make it your year to reduce your digital footprint and protect yourself and your family. To help you, here is a list of what you can do to start:
Decentralize and Distribute Your Information
When signing up to online services, it is often easy to just use Facebook or your Google account, but what it would also provide information to Facebook or Google that you are using that particular online service, including but not limited to date and time of your access. Stop using these two services since they collect data and use it for their profit, not yours, by signing up using your e-mail. If you already have used Facebook or Google sign-in, then check if you are replace it with an e-mail login and make it difficult to relate your accounts with other services.
The next step is to use e-mail aliases instead of your main e-mail address. This adds complexity in relating different services with a single e-mail. Note that using “+” on your e-mail address, e.g. [email protected], does not help protect you, it only helps organize your mailbox. There are several services that provide e-mail aliases, such as iCloud+ Hide My Email, FastMail, AnonAddy, and SimpleLogin.io. I use iCloud+ Hide My Email, FastMail and SimpleLogin.io. With e-mail aliases, e-mail addresses [email protected] and [email protected] may both forward to your real e-mail address, but finding out that it belongs to the same person will not be that easy.
Choose Your E-Mail Provider
Using an e-mail alias service with an e-mail service that collects information for profit, i.e. gmail.com, does not make sense in protecting your data. Note that Google stopped offering unlimited storage, so you may want to check out other, more privacy-respecting e-mail services, such as FastMail.com, ProtonMail.com, and TutaNota.com, among others. If you can afford it, best to actually subscribe to an e-mail service provider. Use this as your main e-mail address and get all your e-mail aliases to forward to that. So, if one of the online services that you are using gets breached (it is a matter of when), the e-mail alias will be affected, and not your main one.
Use a Password Manager
With different e-mail aliases associated uniquely with different accounts, generating unique passwords for each will add more protection. Memorizing account credentials were easy when there were very few services, but now, we have hundreds — so use a password manager. I recommend 1Password and BitWarden.
Regularly Check HaveIBeenPwned.com
Knowing which of your accounts were leaked publicly or on the dark web is half the battle against malicious actors, and using HaveIBeenPwned.com is highly recommended. It is common practice that once your e-mail has been leaked, you immediately change your password on your e-mail account, and on all services that used that address. If you have one or two e-mail addresses that you registered on multiple services, then you would need to replace your passwords on all of them. Now, if you have unique e-mail aliases, then not much effort in finding out which account to re-secure.
Some password managers have interface with haveibeenpwned.com and can automatically check if your e-mail aliases are part of any recorded breach. Handy, isn’t it?
Use Virtual Private Networks
You should have heard about virtual private networks (VPNs) by now. VPNs will encrypt your internet connection so your ISP cannot snoop on your online behavior (like some ISPs forcing you to use their DNS servers and blocking others) and it can route your device meta-data to hide your actual geographical location. Free VPN services are tempting, but ask yourself, what is in it for them? I use multiple VPN services — a paid Windscribe account, and my own Wireguard VPN servers. There are other reputable VPN providers available, so make sure that you don’t fall for those that log or record your VPN traffic.
Use a Better Browser
Google’s Chrome is the most popular browser today, and it is also the one that collects the most of your online web behaviour. Make 2022 the year you use Firefox, DuckDuckGo or Safari.
Stop using SMS-based OTP
If you have a choice use an authenticator-based OTP or a hardware-based one like Yubikey. Protect your mobile phone numbers. Unlike e-mail addresses, it is not easy to replace your mobile phone number. If you have used one before, and the service allows non-SMS-based OTP, replace it and delete your mobile phone number.
Block Those Trackers
If you don’t have the time to DIY your own DNS server that blocks those trackers that follow you everywhere you go on the internet, like what Pi-Hole provides, then go for simpler solution by using services like ControlD.com and NextDNS.io. Both provide free and paid DNS services with tracker filters that you can customize. For US$20/year (roughly PhP3/day), you can get unlimited DNS queries for unlimited number of devices, and with customizable allowlist and denylist of trackers.
Use Alternative Services
Similar to decentralizing your data, stop using services that collect data and associating it with one account. Stop using Google to search, you can use DuckDuckGo, Ecosia or Searx. Note that on DuckDuckGo, you can search Google without providing Google with your information — just prepend “!g” on your search terms, e.g., “!g poodles”.
Use Signal or Element/Matrix or Keybase.io instead of using Viber or WhatsApp. Viber, whilst providing end-to-end encrypted communications, the meta-data, i.e., who you are communicating with, when and from where, are being collected and used to fund the service. WhatsApp, on the other hand, is owned by Meta, formerly known as Facebook, which is known to be a privacy-invasive company.
Joy Of Missing Out (JOMO)
Filipinos use social networks like there is no tomorrow! Yes, they’re a perfect example of how successful companies like Meta/Facebook and TikTok are in making their services addicting. Unfortunately the more they use social media, the more they expose their personal information, which affects not only themselves, but their family (oftentimes without their consent!). The Fear of missing out (FOMO) is what drives them to continuously, endlessly scroll through their timelines or wall, or whatever it is called right now.
This coming 2022, try using these social networks less and experience the joy of missing out (JOMO). Remember, if your social network friends really want to talk to you, they will find a way.
Stop Oversharing
We all tend to share whatever it is we think will elicit a reaction, and I do not see anything wrong wit it. It is the excessive share, or oversharing that is concerning.
Tell yourself that a simple photo might be just that, a photo, but photos contain metadata that includes your geographic location. Now tag others who are on the photo, and that allows machine learning algorithms to deduce that you are related, as friends or family, and not only that, your faces can be used to train facial recognition machine learning models (which can be sold to the highest bidder for purposes, like maybe, red-tagging or being mistaken as a criminal).
Parents sharing too much information and too many photos and videos of their children, or sharenting, don’t realise the future consequences or effects on their kids. Have you asked your kids if they want their information, specially photos and videos posted online? Inform them of the dangers — photos and videos being used to train machine learning models, which can be used maliciously like photo manipulation and deepfakes. Protect them AND their data, that is the job of parents.
Wrapping Up
These recommendations require some getting used to, but it is for the better. So for this coming year, 2022, can you commit to protecting your data?