Let’s be clear. Your personal information online is not always yours to control.
Thieves could grab a Social Security number stored unencrypted in a doctor’s computer; the National Security Agency could order an e-mail provider to unlock correspondence; even the phone company could supply the police with a map of your whereabouts for the last several months.
For now, short of living in a cave without a cellphone, there are no fail-proof technological tricks to avoid this exposure. But there are a variety of tools to minimize your digital footprint.
Some of these tools cost money, making digital privacy something of a luxury for those who can afford it. Others are free. But all of them take effort and awareness.
“A lot of people say, ‘I don’t have anything to hide,’ ” said Mike Janke, chief executive of Silent Circle, a company outside Washington that markets a private communications tool to individuals and businesses. “I say, ‘Tell me the last time you had a private conversation — or thought you did.’ ”
Experts say never to use the same password on multiple sites. Reality says that following that advice is nearly impossible.
But keeping strong and safe passwords, which means keeping multiple passwords, is crucial to protecting accounts. A relatively safe bet is to use a password manager. They generate random passwords and store them in an encrypted safe, to which only you have the key, usually in the form of a master password. Several are available, including Dashlane, LastPass and RoboForm; some work better than others on mobile devices. Apple’s new operating system, iOS 7, includes a so-called Password Generator that can produce “a unique, hard-to-guess password” as well as “remember it for you.”
Two-step authentication is another worthwhile safeguard. Many large Web companies, including Google and Yahoo, along with recently breached services like LinkedIn, now offer this option. If you turn on two-step authentication, entering a user name and password sends a code to your phone by voice mail or text message. The service then requires that you enter the sent code. It takes extra time to set up and use the system, but far less than it would take to clean up a thief’s mess.
Tricking the trackers
Whether it is to avoid peeping criminals or advertising networks, there are several options for keeping your browser history to yourself.
Tracker blocking tools let you see the companies tracking your activities on the Web, and to block them if you wish. Some of the popular blocking tools include Ghostery, Disconnect and Abine. To the dismay of advertisers, some browser makers now offer consumers a way to block so-called third-party cookies, tiny pieces of code that track where you go on the Web.
It is possible to take much stronger steps, too, and Tor is one of the most popular options. Originally developed for the Navy, and used by agents for the Federal Bureau of Investigation, Tor’s browser prevents Web sites from knowing who you are by rerouting Web traffic through a series of other points. Using Tor with your e-mail service, would most likely prevent a government agency from detecting your Internet Protocol address, though not from compelling a service provider to turn over your messages.
If you do not want Google or Bing (the two main search engines) to compile your search history data, there is the upstart search engine DuckDuckGo.
Its founder, Gabriel Weinberg, says his company has no interest in saving user search history. The company makes money by serving advertisements based on the keywords searched, right then and there, and discards the search history. So if the government asks for user information (that hasn’t happened yet, he said), it will not get much. “If the data doesn’t exist, there’s nothing to hand over,” he said.
An e-mail is like a postcard, it can be easy for others to read. And an e-mail provider’s promise of encryption provides little comfort. For starters, when a message is sent from a Gmail user to a Yahoo user, for example, it travels on the wide open highway of the Internet, vulnerable to theft. And a government can order an e-mail provider to unlock the correspondence — whether through a search warrant from police agencies or a National Security Letter from an intelligence agency.
Remember the basics
Even the most advanced privacy tools might not work, though, if the basics are ignored. And perhaps the most basic safeguard of all — the equivalent of hand-washing in digital hygiene — is to keep software updated. A host of known security bugs are often fixed with each release, and ignoring those sometimes annoying calls to update are done at your peril.