“I have nothing to hide” was once a typical response to surveillance programs utilizing cameras, border checks, and questioning by law enforcement.
Special Feature
But now, the sheer volume of devices and technology-based “innovations” used to track us has changed the conversation. Every piece of technology in our lives – from internet browsers and mobile devices to smart energy meters – collects data on us, which can then be sold to third parties or used to create profiles suitable for targeted advertising.
Privacy used to be considered a concept generally respected in many countries with a few changes to rules and regulations here and there often made only in the name of the common good.
Things have changed, and not for the better.
Government-led surveillance, censorship at the ISP level, bulk data collection, legislative battles declared against encryption, and let’s not forget the cyberattacks constantly assaulting us and the organizations that hold our data are all making it increasingly difficult to keep privacy as a right of the many, rather than a luxury of the few.
–>
Modern services and products can potentially erode our privacy and personal security, and you can’t depend on vendors, their security hygiene, or ever-changing surveillance rules to keep them intact.
Having “nothing to hide” doesn’t cut it anymore. We must all do whatever we can to safeguard our personal privacy not only from agencies and companies but also from each other.
Taking the steps outlined below cannot only give you some sanctuary from spreading surveillance tactics but also help keep you safe from cyberattackers, scam artists, online stalking, and more.
Personally identifiable information (PII) can include your name, physical home address, email address, telephone numbers, date of birth, marital status, Social Security numbers (US), and other government IDs. PII can also include medical records and information about your family members, children, and employment status.
All this data, whether lost in different data breaches or stolen piecemeal through phishing campaigns, can provide attackers with enough information to conduct identity theft. This means you could be impersonated in social engineering attacks, you could lose access to your online accounts, or, in the worst cases, could make you vulnerable to financial fraud.
Also: The best identity theft protection and credit monitoring services
With enough information, for example, a cybercriminal could make fraudulent transactions or take out loans in your name.
In the wrong hands, this information can also prove to be a gold mine for advertisers lacking a moral backbone.
<!–>
–> <!–>
Internet activity is monitored by an Internet Service Provider (ISP) and can be hijacked. While there is little consumers can do about attacks at the ISP level, the web pages you visit can also be tracked by cookies, which are small bits of text that are downloaded and stored by your browser. Browser plugins may also track your activity across multiple websites.
Also: How to stop Google from selling your browser history for ad targeting
Cookies are used to personalize internet experiences and this can include tailored advertising. However, such tracking can go too far, as shown when the unique identifiers added to a cookie are then used across different services and on various marketing platforms. Such practices are often considered intrusive.
Have you ever casually searched for a product – say, a sofa – and then, suddenly, you’re bombarded with sofa advertisements? That’s targeting at play.
–>
Our email accounts are often the pathway that can provide a link to all our other valuable accounts, as well as a record of our communication with friends, families, and colleagues. Hackers may try to obtain our email passwords through credential stuffing, social engineering, or phishing scams in order to jump to other services.
Also: What is phishing? Everything you need to know to protect yourself
If an email account acts as a singular hub for other services, a single compromise can snowball into the hijack of many accounts and services. For example, if you have tied an online account for your mobile phone provider or favorite store to your primary email account, an attacker could potentially change your password or grab the verification code necessary to log in.
<!–>
–> <!–>
In targeted attacks, fraudsters use social engineering techniques to impersonate their victims in calls to telephone service providers. They do this in order to transfer a number away from a handset – even if only for a short period of time – and they then “own” the number for the time it takes to grab two-factor authentication (2FA) codes sent to the number.
Once 2FA codes have been purloined, attackers can access a target account, whether this is banking, email, or a cryptocurrency wallet. Such attacks are known as SIM-swapping.
Also: eSIM vs. SIM: What’s the difference?
If your phone number ends up outside of your control, this means that 2FA codes can be stolen and any online account linked to this number is at risk of being hijacked.
–>
When you conduct a transaction online, this information may include credentials for financial services such as PayPal, or credit card information including card numbers, expiration dates, and security codes.
Sometimes, vulnerable e-commerce websites are targeted, with code injected into payment portals to skim and steal card data input by customers. Unfortunately, you are likely to be completely unaware that your information has been exfiltrated and sent to criminals.
Cybercriminals who steal financial services credentials through phishing and fraudulent websites, who eavesdrop on your transactions through Man-in-The-Middle attacks, or who utilize card-skimming malware, can steal these details when they are not secured.
Also: Were you caught up in the latest data breach? Here’s how to find out
Once this information has been obtained, unauthorized transactions can be made, clone cards may be created, or this data may also be sold to others on the dark web.
Once valid card numbers are out of your hands, this can lead to fraudulent purchases made in your name. If you see any suspicious transactions or a sudden influx of small test payments, it’s better to be safe than sorry — contact your bank, freeze your card, and check your credit report.
<!–>
–> <!–>
Hospitals are now transitioning to electronic records and home DNA services have proven popular. Genetic information belonging to consumers can be stored, or individually collected and submitted for health-related queries or for tracing family histories.
The loss of medical information, which is deeply personal, can be upsetting and result in disastrous consequences for everyone involved.
When it comes to DNA, however, the choice is ours whether to release this information – outside of law enforcement demands. Privacy concerns relating to DNA searches can be valid since you’re giving the imprint of your biological makeup to a private company.
–>
Businesses that handle data belonging to customers are being scrutinized more and more with the arrival of new regulatory pressures and changes. Mandates such as the EU’s General Data Protection Regulation are designed to enforce adequate security measures to protect consumer data.
Lagging behind the EU, the US maintains a hodgepodge of different data protection laws surrounding tech, healthcare, finance, and government-held information, such as HIPAA. There is a lack of cohesion between different states, although some have adopted laws similar to GDPR in recent years.
Companies will often encrypt your information in an effort to maintain data fidelity and security, which is a way to encode information to make it unreadable by unauthorized parties.
Also: Banks defending their right to security are missing the point about consumer trust
One way this is achieved is by using SSL and TLS certificates that support encryption on website domains. End-to-end encryption is also popular. This form of encryption prevents anyone except the parties communicating from accessing or reading the content of messages, including service vendors themselves.
End-to-end encryption has been widely adopted by many online communication services. Privacy advocates may cheer, but governments and law enforcement agencies are not rejoicing. A political battlefield has emerged between tech vendors and governments that have attempted to enforce the inclusion of deliberate backdoors into encrypted systems, and, in recent times, have demonstrated impossible thinking concerning breaking end-to-end encryption “for the good of all.”
As it stands, you should always use end-to-end encryption when possible.
<!–>
–> <!–>
As Internet browsers are the gateways we use to access online services, it is imperative we select browsers with reasonable security.
The most commonly used browsers are Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox. Here are ways to improve your security without implementing major changes to your surfing habits.
Also: Best secure browsers to protect your privacy online
Cookies: Clearing out your cookie caches and browser histories can prevent ad networks from collecting too much information about you. The easiest way to do so is to clear the cache (Firefox, Chrome, Opera, Safari, Edge, Brave).
You can also set your preferences to prevent websites from storing cookies at all. In order to do so, you can refer to these guides for each of the major browsers: Firefox, Chrome, Opera, Safari, Edge, and Brave.
–>
HTTP v. HTTPS: When you visit a website address, you will be met with either Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). The latter option uses a layer of encryption to enable secure communication between a browser and a server.
HTTPS is best used by default in general browsing. When it comes to online shopping, HTTPS is crucial for protecting your payment details from eavesdropping and theft.
To find out whether HTTPS is enabled, look in the address bar for “https://.” Many browsers also show a closed padlock. If a retailer or e-commerce site does not appear to have HTTPS enabled, consider shopping elsewhere.
Additionally, you should consider using Tor and other secure browsers if you want to truly keep your browsing as private as possible.
Tor: The non-profit Tor Project is an organization supported by thousands of volunteers worldwide who maintain the proxy servers that protect your identity. The Tor Browser uses layers of encryption to strengthen your anonymity.
Also: This might be my new favorite web browser
Brave: Brave is one of ZDNET’s top browsers for privacy and security. The Chromium-based Brave browser blocks ads, fingerprinting, and ad trackers by default, and is used by millions of individuals worldwide.
Search engines: Google’s search engine, alongside other major options such as Yahoo! and Bing, uses algorithms based on your data to provide “personalized” experiences. However, browsing histories and search queries can be used to create crossover user profiles detailing our histories, clicks, interests, and more, and may become invasive over time.
Have you ever bought a toaster only to see an uptick of toaster-related ads? There’s a reason for that.
To prevent such data from being logged, consider using an alternative that does not record your search history and blocks advertising trackers. These options include DuckDuckGo.