Due to recent legislative changes, there’s been a lot of buzz about how to prevent your Internet Service Provider (ISP) from collecting and potentially selling your data to the highest bidder. It’s still unclear how all this is going to shake out, but in the meantime, there are a few fairly simple steps you can take in order to reclaim your online privacy.
For the average internet user (myself included), protecting your information from being gathered and sold by your ISP will mean changing some of your browsing habits. While they may be inconvenient at first, these steps are worth putting in a little extra effort for a lot more privacy.
To help you keep your information private, I’ll run through VPNs and other top ways to disrupt data collection and ensure secure browsing—and I’ll dispel a private browsing myth along the way.
1. Protect your data with a VPN
What is a VPN and what does it do?
A VPN (virtual private network) creates a secure “tunnel” through the vast wilds of the internet to send information back and forth without being intercepted by unauthorized parties. All data exchanged through these tunnels is encrypted, so even if someone manages to snag some of your data, they wouldn’t be able to read it without the encryption key. It’s kind of like a firewall for your network rather than your individual computer.
Because so many of us use public Wi-Fi nearly every day on our laptops or mobile devices, VPNs have become more popular among private individuals in recent years. This surge of popularity can be credited to the wide variety of useful things a VPN can do:
- Hide your online activity from your ISP and keep your ISP from gathering data about you and selling it to advertisers
- Protect your data and activity from snoopers while you use public Wi-Fi
- Allow you to get around workplace, school, or government filters
- Conceal your location by displaying the VPN provider’s location instead of your own
How do I use a VPN?
Using a VPN is fairly easy, but you’ll want to take the time to ensure your provider is legitimate. While your ISP can’t see your activity, your VPN can, so it’s important to only go with a VPN you trust.
When shopping for a VPN, one of the most important things to pay attention to is the provider’s logging policies. Look for a provider that explicitly promises not to log your activity, or at the very least promises not to keep permanent logs. Because privacy is the whole point of using a VPN service, this is one of those times when it’s really worth it to read the privacy agreement in full.
You should also be wary of free or super-cheap VPN subscriptions. Free services are more likely to log your activity and embed their own targeted ads. Expect to pay at least $5 to $20 per month for a decent service.
Once you’ve found a VPN you trust, pay close attention to the company’s specific instructions on how to use it. With most of them, you’ll launch a VPN client on your computer or click a link on a website and log in, and your computer will communicate with the VPN’s remote server. Each will verify the authenticity of the other, and all your activity and communication will be encrypted and secured as it’s sent back and forth. Your internet may slow down a little when you use a VPN because you’re adding a few extra steps to the process of connecting to the internet, but it’s a small price to pay for privacy.
While browsing with a VPN is not a 100% guarantee of data safety or privacy for all users, it’s still a good precaution to take.
2. Pay attention to HTTP vs. HTTPS
If you’ve spent much time on the internet, you’ve likely seen both “http://” and “https://” displayed in front of web addresses in your browser bar.
HTTP, or Hypertext Transfer Protocol, is the technology that allows for easy linking and browsing on the internet. HTTPS is the same, but with an added layer of security called Secure Sockets Layer, or SSL. SSL encrypts data transferred on that site, which is particularly important when you shop online or use any website that requires you to enter sensitive information. Next time you’re asked to enter a password or credit card information, glance up at the browser bar to make sure it’s protected by SSL.
In the meantime, HTTPS Everywhere is a popular browser extension for Firefox, Chrome, and Opera that rewrites HTTP requests into HTTPS requests, making all your browsing safer from prying eyes.
3. Log out of your accounts when you’re done
Google in particular makes it all too easy to keep all your accounts constantly connected by keeping you logged in at all times. My email is connected to my maps, browsing history, shopping history, social media, documents, calendar, etc. When I book flights via email, those flights automatically show up on my calendar. This connectivity makes things easy for me, but it also means Google knows more about my daily life than my closest confidant.
To disrupt the negatives of this connectivity, log out of your accounts when you’re done with them. Sign out of your email, social media, and online shopping. With just about any online service, you can adjust your account settings to reduce its connectivity to other services. If this isn’t an option, consider using a different but similar service that allows you to control what’s connected to what.
4. Disable cookies
Cookies are tiny bits of data stored locally on a device when you visit certain websites. They allow the page to load quicker the next time you visit or to tailor the page specifically to you. For example, say you’ve looked up the weather in Kalamazoo, Michigan. The next time you visit the same weather website, a cookie allows it to default to Kalamazoo weather again. Similarly, if you create a profile on a shopping website, the next time you visit, the sign-in screen will likely autopopulate the username box because a cookie has identified your device and associated it with your username.
While this trail of cookies is designed to make your browsing experience speedy and hassle-free, it also paints a clear picture of who you are and where you’ve been.
To offset some privacy concerns, the European Union recently adopted a privacy directive that requires websites to let their visitors know how they’re using cookies and give visitors an explicit chance to opt out of having their data collected. The United States doesn’t yet have any such privacy requirements or legislation, but it could be on the horizon. For now, it’s up to you to regulate who can collect your data. One way you can do this is by disabling cookies
Where you go to disable cookies on your mobile or desktop browsers depends on the browser, but it’s typically found under a menu item labeled “Settings” or “Options.” From one of these, look for something labeled “Privacy,” “Internet options,” or something similar. It should be easy to determine how to disable cookies from there.
5. Opt out of supercookies
Supercookies, or Unique Identifier Headers (UIDH), made the news a couple of years ago when it was revealed that Verizon was using them to build a profile of unencrypted HTTP sites visited on its devices. These UIDH profiles can be sold to third parties and used to send targeted advertisements to you. Following an FCC investigation, Verizon added a way for users to opt out of supercookie tracking. Now, if customers do allow tracking, Verizon must obtain the customer’s permission to sell their data.
There are still no US laws that require a company to disclose whether they use supercookies, so it’s on you to manually opt out.
6. Don’t rely on incognito mode
Private browsing, or “incognito mode” as it’s called on Google Chrome, is a special internet session in which your browser doesn’t store your browser history—the search terms you enter or the websites you visit—website cookies, or autocomplete data entered into online forms, such as your email address, birth date, or SSN.
Basically, private mode just stops your web browser from storing data about your browsing session, but another application on your computer can still track what you’re doing. For example, key logger, spyware, or parental control applications installed on your computer may still have access to your online activity, even when you’re in private mode. If your connection has been compromised—say you’re on an unsecure network and someone hacks in—the hacker can observe your activity while you’re browsing, but they won’t be able to retrieve it later.
You should be aware, too, that the websites you visit may be (and probably are) keeping track of your visits to their website on their own servers. If you’re going incognito on a work or school network, the system administrator can still see your browsing history, even when you’re in private mode.
As long as you’re browsing without a VPN, even if you’re browsing in a private session, your ISP can still log your activity. If your ISP is inclined to sell customer information, it may well be selling your more personal searches along with information about those new sneakers you were researching.
Private browsing should be used mainly to hide your activity from the casual observer, not to seriously cover your tracks or to keep your data out of your ISP’s hands. For example, if you’re planning a surprise trip for your significant other, you might want to use private browsing so they don’t stumble across your travel-booking activity.
Take the first steps to protect your privacy
Unfortunately, there is no way to guarantee complete privacy anywhere on the internet, so the best strategy is to keep sensitive information off the web in the first place whenever possible.
We care about your physical security and about the security of your personal information. Take these steps to lock down your data and keep it out of the hands of strangers and companies without your best interests at heart.
What do you do to keep yourself safe online?