This was not a good year for our data. In fact, like the previous year, it saw some of the most egregious breaches of our data in history. By far the most infamous one was the Facebook-Cambridge Analytica scandal. In March 2018 it was revealed that in 2015 the Trump campaign firm paid for the scraped Facebook data of at least 87 million users so that it could better influence voters in elections.
But while Cambridge Analytica was the most-reported data scandal of the year, it was hardly the biggest. And apart from the unauthorized breaches—that is, the breaches we know about—virtually every tech company in the world continued to suck up as much of your data as possible in 2018, from Google to Facebook to your ISPs, which can now sell your browsing data to advertisers. And that’s not to mention governments around the world who throughout 2018 continually pressured tech giants to weaken privacy features like encryption.
In short, you may feel like you are insignificant and uninteresting and have nothing to hide, but virtually every tech company, hacker, and government agency begs to differ. That’s a good reason to rely on multiple privacy tactics if you aren’t already. To keep your data out of the wrong hands, start with these tools.
A VPN is a “virtual private network,” which routes all of your internet traffic through a secure server that hides where you’ve browsed–and even where you are located. If you use a VPN, not even your ISP should be able to see the websites you go to. But all VPNs are not created equal–and though there are a number of free VPN apps out there, you’ll probably want to go with one that charges a monthly fee. Remember, anyone with a server can set up a VPN service–and there are plenty of shady free small-time VPNs operated by one or two people “companies.” These companies may promise a high-quality, anonymous VPN service, but you’ll need to take that on faith as there will be no way you can tell if they are really collecting your online movements or not.
Paid VPN companies are usually much more reliable and publish their privacy policies so you can see exactly what, if any, data they store about you. You’ll want to go with a “no logs” VPN provider, that is, a service that doesn’t keep records of your internet activity. Among privacy experts, ExpressVPN and Private Internet Access VPN are considered two of the most secure available.
Keep in mind that just because you use a VPN doesn’t mean that all your online activities are private. Any website you are logged into will be able to track what you do on their site, and in the case of sites like Facebook and Google, what you do off of it.
A privacy-focused web browser
By far the best browser built around privacy is Brave, which is based on the open-source Chromium project. Brave does not store or collect your browsing data, automatically blocks trackers, and even automatically upgrades to HTTPS for secure, encrypted communications. It’s available for mobile too. There are also other options as well, including Apple’s privacy-focused Safari web browser, Opera, and Firefox (its special versions in particular.) Basically, any of these browsers are a step up from Chrome when it comes to privacy as Google’s browser—the world’s most popular—tracks a considerable amount of data about you and your activities.
Most browsers also offer support for ad blockers, which are another good option if your browser doesn’t offer that capability. Privacy Badger and Ghostery block trackers completely and are free to install. On mobile, Apple’s Safari on iOS offers support for extensions like 1blocker; on Android, you’ll need a separate ad-blocking browser, like Firefox Focus.
And because your searches on Google.com can reveal so much about you, you should ditch it for DuckDuckGo, the privacy-centric search engine. All modern desktop and mobile web browsers will have an option to set DuckDuckGo as the default search, even Chrome.
It’s also a good idea to manage your browser’s privacy settings, starting with turning off third-party cookies. The National Cyber Security Alliance offers a webpage with information about privacy settings for most browsers and digital services, and the University of Texas has a handy guide to privacy settings on social networks.
An encrypted DNS
A DNS, or domain name system, is what translates domain names like www.fastcompany.com into an IP address that routers can use to send you to the right destination. By default, most people use a DNS from their ISP because they never bother to change their DNS settings. But you should, because as we’ve mentioned, ISPs have long tracked where you visit online and now they can sell that information to advertisers (and, presumably, anyone else who wants it).
With that in mind, it’s best to switch to a privacy-focused DNS like 126.96.36.199. The DNS, which is owned by Cloudflare, uses encryption so no one else can intercept the internet traffic you send through its servers. Switching is quick and easy, Cloudflare explains on its landing page. There’s also an app to help set it up on your mobile devices; you’ll need to manually set it up on your PCs.
A secure messaging app
Messaging apps that support end-to-end encryption prevent third-parties, even the companies that run the messaging service, from reading your messages. The gold standard in secure messaging apps is Signal, which is what Edward Snowden swears by. The app is as user friendly as any other messaging app–even if it doesn’t have all the bells and whistles of Facebook Messenger.
Speaking of which, stop using Facebook Messenger. Your Messages are not only not encrypted, but Facebook’s systems read them so they can target you with ads. If you and your friends don’t want to use Signal, opt for other encrypted messaging apps like Apple’s iMessage or WhatsApp. Keep in mind, however, that WhatsApp is owned by Facebook and its original founders have now left the company over rumored disagreements between Facebook’s plans for the app in the future.
A password manager
Most people use the same weak password on every site they belong to, or at best have three to four passwords they alternate between. They’re probably likely to share some of those passwords with family members too. Don’t do that. Having just a few passwords means that whoever gets one credential can use it to login as you everywhere else. You need to start using strong, unique passwords for every site you visit.
To do that, you’ll need help from the machines. Password managers create and save unique, highly complex passwords automatically and fill them in at sites you want to log in at—based on one very strong master password or key. Some of the best password managers are Dashlane and 1Password. And in the latest macOS Mojave and iOS 12, Apple has provided a password manager for free of charge.
And in case you aren’t already, it’s a good idea to set up 2-factor authentication for every important website and service you use. You can find instructions on how to set that up for most websites at TwoFactorAuth.org.
An encrypted hard drive
We’ve talked already about encrypting your internet traffic and your messages but your computer’s hard drive itself should be encrypted too. By encrypting your computer’s entire hard drive, you’ll be ensuring that even if someone gains access to your computer and physically removes the drive, they wouldn’t be able to access the data on it without your password.
If you use a Mac, you’ll simply want to enable FileVault protection on it, which encrypts the hard drive. Windows PC users should consider downloading the free and open source DiskCryptor app to encrypt their computers. DiskCryptor can also protect external hard drives too; on a Mac, you can use the included Disk Utility software to encrypt your external drives.
A data destroyer
When you delete a file on your Mac or PC by moving it to the trash or recycle bin and then empty those bins, you haven’t actually deleted the file from your computer. The file still exists and can possibly be recovered–it’s just hidden from your view and marked as something that can be overwritten when your hard drive needs space to create a new file.
To make sure a particularly sensitive document is unrecoverable, you’ll want to securely erase it, which entails writing 1s and 0s over the original file. On a Mac, there is an app called CleanMyMac that has a great secure erase function. On a PC, try CCleaner. Both are free.
Besides securely erasing individual files, it’s also a good security practice to securely erase the free space on your hard drive from time to time, lest data from old “deleted” files be recovered by someone else. Consider doing this when loaning your laptop to a nosey friend, returning a laptop to your employer, or bringing in a laptop to a repair shop. It’s especially important when selling or disposing of your computer, since identity and data thieves know they can recover valuable data from most hard drives they find in the trash. To securely erase the free space on your Mac, you can use the built-in Terminal app. And here’s how to securely erase the free space on a Windows PC.