This story is part of The Privacy Divide, a series that explores the fault lines and disparities–economic, cultural, philosophical–that have developed around digital privacy and its impact on society.
Increasingly, the most important issue for everyday internet users is privacy—and rightly so. In today’s connected world, we’re being tracked and surveilled more than ever by everyone from search giants and social media companies to ISPs and advertising firms. These organizations don’t just record what we click on or share, but analyze our online activity to compile complex demographic and psychographic profiles about us—so they can manipulate us into doing their bidding, whether that’s clicking on ads they serve us based on the data they hold about us or getting us to interact with their sites more and share even more information about ourselves.
To a large extent, your average user can claw back some of their online privacy by using ad blockers or more privacy-focused browsers like Brave and Firefox. And for most of us, that will be enough to balance our desire for online privacy versus being able to take advantage of all the web has to offer.
But what if you’re not the average person? What if you’re more than a little paranoid or just sick and tired of almost every company invading your privacy? That’s where this online guide to privacy comes in. But be warned: If you really want to remain truly invisible online, the only surefire way to do that is to never go online. (As my editor once joked, ultra-paranoid journalists should never communicate electronically—via email, phone, text, WhatsApp, Signal—with sources and only exchange paper documents via drop spots in a forest, which you promptly burn after reading.) Assuming you’re not quite prepared for that level of discretion but still want a higher-than-normal degree of online privacy, read on. But you should know that following some of the steps listed below will definitely hinder your online experience to some degree. Then again, that’s the trade-off you make for enhanced privacy.
With that in mind, here’s the paranoid person’s guide to online privacy:
1) Ditch Facebook and anything to do with Facebook
You can’t be a Facebook user and retain your privacy. The two concepts are fundamentally incompatible with each other. It’s just like something can’t be wet and dry at the same time. Facebook works by you willingly posting information about yourself online. So if you want to reclaim your online privacy, it’s time to delete your Facebook account, delete your Instagram account, and delete your WhatsApp account. There is no way around this.
2) If you want to use other social media, like Twitter, make your accounts anonymous and private
But what about other social media sites like Twitter and Reddit? To a degree, you can continue to use these sites and retain a fair amount of privacy. The trick for Twitter is to set up a new handle, make your account private, and don’t allow anyone to follow you. A completely anonymous handle will mean you can still follow whoever you want on Twitter and still retain a great degree of privacy about yourself. Same with Reddit. If you want to continue using it, just create a new, non-identifiable account. And remember on both platforms, never provide personal information about yourself.
3) Use a burner phone for two-factor authentication
Many websites are now prompting users to turn on two-factor authentication in order to help users better protect their information. You should take websites up on this, but when they ask you for a phone number to text you 2FA codes, don’t give out a phone number that is connected to your real identity. In other words, don’t give out your main mobile phone number. Why shouldn’t you give websites your real mobile number for 2FA? Just ask Facebook.
Instead, spend $20 on a cheap disposable phone you can buy with cash at most Walmarts or airports. Use this phone’s number for any 2FA setups that require you to enter a code the website texts to you. (And if you’re even more paranoid, toss that phone down the sewer drain every few weeks and get a new one.) Alternately, you can use an app called Burner to get a virtual phone number for receiving texts.
4) Say goodbye to Google
Just like Facebook and privacy are incompatible, the same goes for Google and privacy. If you want to reclaim maximum online privacy, you’ll need to jettison your Google account. Delete it and then never use Google to perform your web searches again. Instead, use DuckDuckGo as your search engine, and for maps and directions use OpenStreetMap. Now ditch Gmail for encrypted email provider like Tutanota.
5) Use a secure browser, preferably Tor
Speaking of Google, you’re going to have to say goodbye to Chrome too. If you’re looking for the ultimate privacy when browsing the web, you’ll want to use the Tor web browser, which obfuscates your location by bouncing around your internet traffic between multiple servers across the globe.
If Tor is a little too hardcore for you, then I recommend Firefox or Brave. Both web browsers have a heavy focus on privacy and can be configured to make it exceedingly hard for websites to acquire data about you. Both browsers also feature forced HTTPS, which encrypts the data you send to websites, so that prying eyes, like your ISP, can’t see what you are doing on those sites.
What can your ISP see in your browsing history? pic.twitter.com/DQGBX8npkM
— Adrienne Porter Felt (@__apf__) March 31, 2017
6) Use a VPN
This is, without a doubt, the easiest and biggest step you can take to protect your privacy online. VPN’s aren’t just for tinfoil-hat hermits. Indeed, they should be used by everyone from the most ardent privacy enthusiasts to your dear old grandma. You can’t hope to get the most online privacy possible without using a VPN. So get one today.
7) Say goodbye to smart home products and Android devices
Android is owned by Google—a company whose aim is to know as much about you as possible. That means if you want the utmost mobile privacy possible, you’ve got to get rid of your Android device. Android devices send ten times the amount of data about your activities to Google as iPhones do to Apple. Get an iPhone and don’t allow any Facebook-owned or Google-owned apps on it.
Sadly, achieving the ultimate privacy possible also means you’re going to have to give up many of the smart home devices that are becoming ubiquitous. That includes smart speakers from Google, like the Home lineup, and those from Amazon, like the Echo line of speakers. But it’s not just smart speakers you need to toss. Also gone are connected home security products, like those made by Google’s Nest division, which were recently revealed to have hidden microphones in them.
— Jellenne (@jellen805) December 11, 2018
8) Use a secure messaging app
Finally, any direct messaging you send should only be done through highly secure messaging apps. This disqualifies any messaging apps owned by Facebook (Messenger, WhatsApp) and Google (Hangouts). It also disqualifies Skype, as Microsoft doesn’t encrypt Skype calls or messages.
Apple’s Messages are a great option if you own an iPhone. But then all your friends need to own an iPhone or else your texts won’t be encrypted when it reaches them (Apple’s Messages will send your texts as regular unencrypted text messages to Android users). That means your best option for secure messaging is the cross-platform Signal. It’s widely regarded as the most secure messaging app on the planet, and since it is cross-platform, it works on Android, iOS, Mac, and Windows. Need more proof of how secure the app is? Signal is Edward Snowden’s messaging app of choice.
— Edward Snowden (@Snowden) November 2, 2015