What little privacy people don’t give away, companies tend to take.
Given this unfortunate reality, to get complete privacy you’d need to install a labyrinthine series of software tools that make the internet slow and unusable — think specialty Web browsers, encrypted email and chat; virtual private networks; and security-focused incognito operating systems. Or you’d need to stay off the internet altogether.
But don’t lose hope. Although total privacy is all but unattainable, you can protect yourself in two ways: Lock down your devices and accounts so they don’t give away your data, and practice cautious behavior online.
Getting started is easy. By making a few simple changes to your devices and accounts, you can maintain security against outside parties’ unwanted attempts to gain access to your data as well as protect your privacy from those you don’t consent to sharing your information with. You really can take back some control over who has access to your data.
Here’s how, according to the experts at Wirecutter, a product recommendation site owned by The New York Times Company.
1. Secure your accounts
Why: In the past decade, data breaches and password leaks have struck companies such as Equifax, Facebook, Home Depot, Marriott, Target, Yahoo and countless others. If you have online accounts, hackers are likely to have leaked data from at least one of them. Want to know which of your accounts have been compromised? Search for your email address on Have I Been Pwned? to cross-reference your email address with hundreds of data breaches.
How: Everyone should use a password manager to generate and remember different, complex passwords for every account. This is the most important thing people can do to protect their privacy and security today. Wirecutter’s favorite password managers are LastPassand 1Password. Both can generate passwords, monitor accounts for security breaches, suggest changing weak passwords, and sync your passwords between your computer and phone. Password managers seem intimidating to set up, but once you’ve installed one you just need to browse the internet as usual. As you log in to accounts, the password manager saves your passwords and suggests changing weak or duplicate passwords. Over the course of a couple of weeks, you end up with new passwords for most of your accounts. Take this time to also change the default passwords for any devices in your house — if your home router, smart light bulbs or security cameras are still using “password” or “1234” as the password, change them.
Everyone should also use two-step authentication whenever possible for their online accounts. Most banks and major social networks provide this option. As the name suggests, two-step authentication requires two steps: entering your password and entering a number only you have access to. For example, step one is logging in to Facebook with your user name and password. In step two, Facebook sends a temporary code to you in a text message or, even better, through an app like Google Authenticator, and you enter that code to log in.
2. Update your software and devices
Why: Phone and computer operating systems, Web browsers, popular apps and even smart-home devices receive frequent updates with new features and security improvements. These security updates are typically far better than antivirus software at thwarting hackers.
How: All three major operating systems can update automatically, but you should take a moment to double-check that you have automatic updates enabled for your OS of choice: Windows, macOS, or Chrome OS. Although it’s frustrating to turn your computer on and have to wait out an update that might break the software you use, the security benefits are worth the trouble. These updates include new versions of Microsoft’s Edge browser and Apple’s Safari. Most third-party Web browsers, including Google Chrome and Mozilla Firefox, also update automatically. If you tend to leave your browser open all the time, remember to reboot it now and again to get those updates. Your phone also has automatic-update options. On Apple’s iPhone, enable automatic updates under Settings > General > Software Update. On Google’s Android operating system, security updates should happen automatically, but you can double-check by opening up Settings > System > Advanced > System Update.
For third-party software and apps, you may need to find and enable a check for updates option in the software’s settings. Smart-home devices such as cameras, thermostats and light bulbs can receive updates to the app as well as to the hardware itself. Check the settings using the device’s app to make sure these updates happen automatically; if you don’t find an automatic-update option, you may have to manually reboot the device on occasion (a monthly calendar reminder might help).
3. Protect your web browsing
Why: Companies and websites track everything you do online. Every ad, social network button and website collects information about your location, browsing habits and more. The data collected reveals more about you than you might expect. You might think yourself clever for never tweeting your medical problems or sharing all your religious beliefs on Facebook, for instance, but chances are good that the websites you visit regularly provide all the data advertisers need to pinpoint the type of person you are. This is part of how targeted ads remain one of the internet’s most unsettling innovations.
How: A browser extension like uBlock Origin blocks ads and the data they collect. The uBlock Origin extension also prevents malware from running in your browser and gives you an easy way to turn the ad blocking off when you want to support sites you know are secure. Combine uBlock with Privacy Badger, which blocks trackers, and ads won’t follow you around as much. To slow down stalker ads even more, disable interest-based ads from Apple, Facebook, Google and Twitter. A lot of websites offer means to opt out of data collection, but you need to do so manually. Simple Opt Out has direct links to opt-out instructions for major sites like Netflix, Reddit and more. Doing this won’t eliminate the problem completely, but it will significantly cut down on the amount of data collected.
You should also install the HTTPS Everywhere extension. HTTPS Everywhere automatically directs you to the secure version of a site when the site supports that, making it difficult for an attacker — especially if you’re on public Wi-Fi at a coffee shop, airport or hotel — to digitally eavesdrop on what you’re doing.
Some people may want to use a virtual private network (VPN), but it’s not necessary for everyone. If you frequently connect to public Wi-Fi, a VPN is useful because it adds a layer of security to your browsing when HTTPS isn’t available. It can also provide some privacy from your internet service provider and help minimize tracking based on your IP address. But all your internet activity still flows through the VPN provider’s servers, so in using a VPN you’re choosing to trust that company over your ISP not to store or sell your data. Make sure you understand the pros and cons first, but if you want a VPN, Wirecutter recommends IVPN.