Easy, Non-Technical Ways to Protect Your Privacy Online (And Why You Need To)
We all use technology at some point in our lives. Sometimes that technology is as simple as a web browser, search engine, or messaging app. But we often aren’t aware of what that technology is doing behind the scenes or what kind of data it’s collecting about us. It’s important to know how to protect your privacy online – not just for your own sake, but also to protect those around you.
See Firewalls Don’t Stop Dragons with Carey Parker for a complete transcript of the Easy Prey podcast episode.
Carey Parker is the author of Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies and the host of a podcast by the same name. A software engineer by profession, he became concerned about privacy and mass surveillance around 2013, when Edward Snowden revealed the information that made him infamous. Carey had always been a private person, but in a normal way – there are different aspects to his life, and he likes being able to control what he shares with different people in different situations. So he started considering what he wanted to do.
Carey had always wanted to write a book. And he was the IT person in his family – they would ask him why his computer was slow, if antivirus was important, whether Mac or PC was better, and similar topics. He decided to write a book to help everyday, non-technical people do the simple tasks that will really help them protect their privacy. Since then, he’s been able to retire early and focus on helping people shore up their privacy.
Firewalls Don’t Stop Dragons
Carey’s book and podcast are both called Firewalls Don’t Stop Dragons. Carey is a big fan of analogies, and the key analogy in the book is defending a medieval castle. The analogy helps make the idea of defense in depth easier to understand. A castle doesn’t just have one kind of defense. It has tall walls, but also a portcullis, drawbridge, moat, guards, and more. That’s the key of defense in depth – don’t rely on a single form of defense, because there are all different kinds of threats.
The dragon in the book is organizations like the NSA or CIA. If you try to make a completely dragon-proof castle, you’re going to go broke or insane or both. The book is about how to protect your privacy online, but making you completely dragon-proof isn’t Carey’s goal. And it shouldn’t be your goal, either. Instead, Corey focuses on the low-hanging fruit – the simple, easy actions that would make us all better off.
Above all, he wants to make sure people understand that it’s not hopeless. You’re not helpless when it comes to your privacy or security. You may think that the horse is already out of the barn and that it’s too late, but it’s never too late. There are a lot of things you can do today that will have an impact.
Privacy Isn’t Just About You
Privacy isn’t early as much of an individual matter as most people think. Many people feel like they understand the privacy violations that are happening and they accept it. They know they get services like Gmail and Facebook for free because they are tracking them and targeting them with ads. But they accept it because it’s the price of getting those services.
There are so many people … who think they understand all the privacy violations that are going on and they’ve accepted it.
Carey Parker
But Carey tries to make the point that privacy and security aren’t just about you. Your privacy overlaps with other people’s. From a security perspective, if you take an infected laptop to Carey’s house and connect to his wifi, the other devices on his network are at risk. When it comes to privacy, do you ever post photos on social media that include other people? That includes both people you know and people in the background. Even if they’re not on social media, now their photos are. And Facebook keeps profiles on people who don’t have accounts using data like that.
Facebook, Google, and most other large tech companies are really advertising companies that happen to make other products. Many people don’t care all that much about it. But your security and privacy overlap with others’. And beyond your friends and family, we should all be thinking about privacy as a people, society, and democracy.
We should all be thinking about privacy as a society, as a people, as a democracy.
Carey Parker
Protecting Your Privacy Online Matters
Giving away your personal information gives away your power. The book Privacy is Power by Carissa Veliz is a great book for more details about the power of information. Snowden talked about this too. One of Corey’s favorite quotes from him is that saying you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about the right to free speech because you have nothing to say.
Privacy is a right. You don’t have to argue for it or justify it, you just have it. Just because you don’t want it for yourself doesn’t mean you don’t support that right for others. And as a society, we need to be doing things to protect that right. A democracy needs space for privacy. We need to be able to have conversations among ourselves that violate norms, or even laws. Interracial marriage wasn’t legal for much of history, and laws around abortion have changed in the past couple years. Knowing how to protect your privacy online is a big deal.
The children of the first Facebook users are becoming adults now. CNN recently did a story on a woman who’s mother posted about her life almost daily. There isn’t a story about her childhood that her mom hadn’t shared. Her life is an open book because somebody made the decision to share that information online. We’re all connected now, and it’s not just about you. Oversharing on social media might be giving away the private information of someone you know. Protecting your privacy protects all of us.
What Companies Can Do With Our Data
There are a lot of stories about what companies can do with our data. One that comes to mind involves Grindr, a dating app for gay men. Grindr may not have been collecting this data themselves – likely they were using an SDK, or software development kit. Developers don’t want to reinvent the wheel when creating apps, so they will often use SDKs from third parties that allow the functionality they want without having to build it themselves.
In this case, a Catholic news outlet wanted to find out if priests were doing things against their vows. They bought location data from Grindr to analyze and managed to locate one particular person – a priest who not only had a Grindr account, but was frequenting gay bars. The publication outed him and he lost his job.
We’re often told data is anonymized, but location data is really hard to truly anonymize because your movements are very specific to you.
Carey Parker
We are often told that our data will be made anonymous after it’s collected. But some types of data, like location, are really difficult to anonymize. After all, how many people live at your house and also work at your workplace? Even those two data points could be enough to identify you in an anonymous data set. It’s quite easy for even “anonymous” location data to identify individuals.
The Risks of Data Collection
Companies like Google, Facebook, and third-party data brokers are collecting data ostensibly so they can improve the ads they give you. But because they’re collecting that data, it’s stored somewhere. And it can get loose. Hackers can get it, and sometimes foreign governments are interested. That’s why there are so many concerns with TikTok. And in the case of the running app Strava, foreign governments were able to determine that unusual running routes in the middle of nowhere in Afghanistan were actually soldiers running around the boundaries of secret military bases.
Companies collect all this data extensively for marketing purposes. Then bad guys or governments … can get a hold of this data and do a lot more with it.
Carey Parker
Many people don’t think it’s necessarily bad for companies to collect your data for advertising purposes. After all, companies have to make money somewhere. And a lot of people think it’s a better online experience if the ads are actually relevant to you. But the bigger problems show up when bad guys or governments get their hands on the data. It can be bought and sold for a lot of purposes. And much of it is collective data. If you’re traveling with other people in the car, or take photos with other people, you’re unintentionally providing data on them, as well. It exposes us to privacy invasions most of us aren’t thinking about.
It’s Not (Always) the Developer’s Fault
We don’t want to demonize the developers in this. Many times they aren’t aware of the issues or everything it does. They may just want to get some analytic data to make the app better but not realize the SDK is also collecting and selling other data. When Carey was a developer at Cisco, he wanted to know about problems before the customer did. Getting data from third-party software and SDKs helped him do his job.
The problem is that if you’re not careful, the data could be used for other purposes. Data is dual-purpose, and that’s one of the challenges here. There are many valid reasons to get and track this kind of data from a software development or customer support point of view. It does help people make the apps and your experience on them better! But there’s a lot of potential for it to be a major privacy issue, one that not even the app’s developers, let alone their customers, know about.
The Trust Trade-Offs of Privacy
Learning how to protect your privacy online is often a question of who you trust and who you think is more trustworthy. People often want to use VPNs for privacy. WhatIsMyIPAddress.com promotes using VPNs. But you’re always trusting someone. The question is just who you’re trusting. Who do you think is more trustworthy: Your ISP, the coffee shop providing the wifi, or your VPN provider? If your VPN is free, they’re definitely selling your data. Even if you’re paying for it, they still may be selling your data. People assume that connecting with a VPN is more private, but it might not be.
VPNs as a whole are very misunderstood. Their real purpose isn’t what most people think. Originally, VPNs connected road warriors and people working in remote offices to the home office. It would about virtually connecting to another network, not about privacy. We’ve tried to shoehorn the technology into privacy. And if what you don’t trust is your ISP, a VPN can hide your traffic from them. Your ISP is tracking you and noting where you’re going. But you’re trading trust in your ISP for trust in your VPN provider. If your provider is logging everything and selling it to someone, you’re really not protecting your privacy online at all.
VPNs really aren’t meant to do what we’re trying to make them do in terms of privacy.
Carey Parker
If you want a VPN, it’s important to go for a quality one. Carey likes NordVPN and Proton VPN. It can be challenging to tell if they track you or log your data, but there are some things he looks for. Where are they located and headquartered? What legal jurisdiction are they in? Do they do independent third-party audits? These are all good things to look for when looking at a VPN.
Simple Steps to Protect Your Privacy Online
There are all sorts of stories out there of the horrors of online privacy and the dangers of having your information out there. Don’t let those stories intimidate you. Just do the basic things. The 80/20 rule says that 20% of the actions causes 80% of the impact. If you can focus on the low-hanging fruit of that 20%, you’ll be better off than most people. Learning how to protect your privacy online doesn’t have to be overwhelming or complicated. Most of the 20% of impactful things are simple and easy to do – even if you’re not a technical person.
If you do the basic things … and just do a little bit of homework on these, you’ll be so much better off than most people.
Carey Parker
Stop Using Google Chrome
One of Carey’s top tops for how to protect your privacy online is to stop using Google Chrome. He knows it’s the most popular browser in the world. But it’s made by Google, and we’ve already talked about how Google is an advertising company. They try to do good things about privacy, but at the end of the day, they’re conflicted. They don’t want to protect your privacy from them.
Google’s attitude is often that they will protect your privacy from everybody but themselves. And they often say they don’t sell your data, which is technically true. What they actually sell is access to you. They collect your data, use it to feed you targeted ads, and charge other companies for the access. They’re collecting, using, and monetizing your data.
For alternative browsers, Carey recommends Brave or Firefox. If you use Firefox, install the plugins Privacy Badger or uBlock Origin and set your privacy restrictions to “strict” and you’ll be in great shape. Safari isn’t bad either, but it is exclusive to Apple devices. DuckDuckGo makes a decent browser as well.
Any of these alternatives are better than Chrome in terms of privacy. And switching your browser is a super easy step to take. You don’t have to get anybody’s permission or coordinate with other people. It’s easy to import your bookmarks and make the switch.
Don’t Use Google Search
Google search is the most popular search engine and has been for a while. But if you want advice for how to protect your privacy online, don’t use it. We’ve already talked at length about how Google is tracking and storing as much about you as they can and using that data to sell access to you through ads. Plus, Google search has gotten pretty bad lately. You have to scroll through a page or two of results before you get past sponsored crap and AI-generated stuff.
Carey recommends Brave Search or DuckDuckGo. Both are good search engines and good in terms of privacy. He personally uses Brave Search and is quite happy with it. But either one of these two options is good.
Get a Secure Email
Email is a tricky thing to keep private because it’s an open standard. That can be very beneficial. If you’re on Outlook and Carey is on Gmail, you can still email each other because the standards are there. Emails aren’t designed with end-to-end encryption. If you’re using Gmail, your messages are encrypted from your device onto Google’s servers. They’re probably also encrypted from Google’s servers to the recipient. But Google has the keys to the encryption so they can read all of it.
If you really want end-to-end encryption so only the sender and recipient can read the message, Carey’s go-to is Proton Mail. Unfortunately both of you need to be on Proton Mail for it to work seamlessly and be fully encrypted. Proton Mail does have the capability to send encrypted mail to people using other email services, but they have to enter a password and do extra stuff. It’s not impossible, but it’s more challenging. Proton Mail is also easy to use and has a lot of great products – they have calendars, a VPN, a password manager, and are coming out with a document program. There are other end-to-end encrypted email services available, but Proton Mail is the best choice.
Use Email and Phone Aliases
Companies love to get your email address or phone number because most people only have one or two. They become like unique identifiers companies can use to track and identify you across different services and different data sets. One great way to protect your privacy online is to use aliases.
It’s pretty easy these days to get email aliases. Some email providers even offer you a certain number of them for free with your account. If you give out a unique email to everyone who asks, it’s much harder for companies to identify you across all the data. It throws them off the scent.
It’s harder to do the same thing with phone numbers. But you can get VoIP numbers with services like Hushed or MySudo. They cost a little bit of money, so you could do a few or a handful. But it’s great for things like when you go to a restaurant and they want to text you when your table is ready.
Be Cautious with Online Payments
Online payments are an area that people commonly think about when they consider how to protect their privacy online. Carey recommends avoiding Venmo. It’s a social app first and foremost. Everything is public by default. There have been people busted for buying drugs because they put a note in the public transaction. And people were able to find the president’s transactions (and his family members) because Venmo is public. Just don’t use it.
Zelle is used by banks, so if you have to use a payment app, use that one. PayPal isn’t horrible, but it’s not great. Most online systems are pretty bad in terms of privacy. Apple Pay is one of the few that isn’t, but it’s only within the Apple ecosystem right now.
One thing you can do to protect your privacy with online payments is virtual credit cards. To the external world, they look like credit cards. To you, they act like debit cards, and the money comes right out of your account. But it allows you to create custom virtual credit cards for each person you want to pay, and you can limit the amount. It blocks payment processors like MasterCard and Visa from getting a lot of the information they would otherwise. Carey recommends privacy.com for virtual cards.
Social Media is a Privacy Risk
Carey understands the value of social media. Seeing stuff from your family, friends, and people you want to follow can be great. But if you want to protect your privacy online, social media is not going to help with that. Carey personally likes Mastodon, which is similar to Twitter and Threads and is better for privacy. And most networks let you set your profile or your posts as private by default. If you’re the kind of person who wants to post what you’re eating today for the entire planet to see, that’s fine – just know that social media won’t be protecting your privacy.
Social media is generally not good for privacy.
Carey Parker
If you have kids, what you post on social media also affects them. Some people put emojis over their child’s face in photos before they post them, and that’s a good idea. It’s also important to be aware that most phones put location data into a photo’s metadata by default. Many social media apps will strip that away before posting it, but the app itself still has it. And what’s even creepier is that even without this location data, there are a lot of AI tools that can find where a photo was taken just by looking at what’s in the background. There are predators out there who can use even those innocent photos to figure out where your child is.
Switch to a Private Messaging App
Most messaging apps do little or nothing to keep your messages private. If you’re considering how to protect your privacy online, it’s essential to choose a messaging app that prioritizes your privacy. The app Signal is the gold standard of privacy-focused messaging apps. They’ve been around a long time, and are one of the few tools that is free not because it’s selling your data, but because the people behind it truly believe in the mission.
Signal isn’t just the best option for private messages, it’s good and it’s easy to use. If you’re used to iMessage or a similar app, it works almost the same. It doesn’t have some of the fancier features and some of the gifs and emojis are a little different, but it’s still the way to go.
WhatsApp uses a similar protocol to send messages. But when you talk about end-to-end encryption, the ends matter. Facebook bought WhatsApp, so one end is Facebook. They can see everything you send. It’s better than nothing, but it’s not great. And iMessage is pretty good too, especially if you’re messaging another iPhone user. But if there’s an error or you’re texting an Android user, it falls back to SMS, so you can’t guarantee privacy. Carey prefers to just use Signal.
What to Know about Automated Assistance
Automated assistants like Google Home and Alexa can affect your privacy, too. As in many cases, Apple has done better than other companies. They have tried hard to do most of the language processing locally on the device so that it doesn’t have to go into the cloud. A lot of AI language processing is done in the cloud, and that’s where a lot of privacy concerns come in.
Any AI stuff you have to worry about because it’s probably going to the cloud.
Carey Parker
A lot of companies are throwing AI features into products. Behind the scenes, data gets sent to cloud processing and then comes back. They say it’s anonymized, encrypted, military-grade encryption, or whatever. Often people can still figure out who you are from the data, and they might be able to monetize the data. Apple is better because they process many things on the device so it stays private. It’s not perfect, but it’s more private than Google or Amazon.
Your Car Isn’t Private
When you’re thinking about how to protect your privacy online, you probably aren’t thinking about your car. But your car collects more data than you think, and it’s a huge privacy risk. Worse, there’s very little you can do about it. Salesmen are being told not to let the customer leave after buying a car without installing and activating the app. There’s lots of cool things you can do with your car’s app. But cars have cellular modems now and are collecting telematic information.
Car privacy is absolutely horrible and there’s almost nothing you could do about it.
Carey Parker
You might think that if you’re not paying for the in-car wifi or subscribing to the service, you’re safe. But it still happens. It can be useful for some things – like in a car crash, it can call emergency services for you. But it’s also collecting and selling your data. There’s a story about a guy who went to get new car insurance, and everyone was quoting huge increases, even his current company. Finally, he found out that his car had been tracking his driving data and he had unknowingly opted into a program to share that data with insurance companies. They decided he wasn’t a very cautious driver and raised his rates.
Car privacy is really horrible. The website privacy4cars.com has more specific details. One of the privacy policies for a major car manufacturer says they might collect data about your sexual activity. Carey doesn’t care how they do it, that’s not something that should be in a privacy policy for a car! Unfortunately, there aren’t a lot of options on a consumer level. We need laws because right now there’s nothing stopping them from doing it.
Take Steps to Protect Your Privacy
Some people say that to be secure, you need to give up privacy. But Carey disagrees. The key distinction that he sees is that between security failures and privacy failures, security can be fixed. If your computer is compromised, in the worst case you can buy a new computer. It’s possible to undo, fix, or recover from it. Privacy failures aren’t the same. You can’t erase memories or take back info that’s been exposed. Privacy is something you don’t want to screw up because the consequences are more dire and more permanent.
Most security failures can be fixed. … Privacy failures are not the same. You can’t erase people’s memories. You can’t take stuff back once it’s been exposed.
Carey Parker
Convince yourself that privacy is important. And it’s not just about you. It affects people around you and all of us as a society. Frankly, in the United States, we need laws. Vote not just with your wallet but with your vote. Go to town halls, challenge your representatives, and ask when you’ll get legal privacy protections. Regulations are the reason we can go out to dinner and trust that the kitchen is cooking food safely, or that we can take prescription drugs and know they won’t kill us. That all came from regulation, and it’s what regulation does on a good day. To protect our privacy, we need it.
Privacy is important, and privacy is not just about you.
Carey Parker
Learn more about Carey Parker at firewallsdontstopdragons.com. His book, Firewalls Don’t Stop Dragons, is available on Amazon or wherever books are sold. Carey also hosts a weekly podcast of the same name (Firewalls Don’t Stop Dragons) that can be found wherever you listen to podcasts.
Related Articles
- All
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Protect Against Ransomware by Planning for Ransomware
Ransomware is a huge cybersecurity threat, and it’s only growing. It’s especially a risk for businesses, but…
[Read More]PIA: Private Internet ACCESS
The Private Internet ACCESS VPN will deliver the security, performance, and online access most users want. Behind...
[Read More]Everything You Need to Know about Spyware, the Malware that Stalks Your Online Activity
Spyware may sound like something James Bond or another secret agent might use in the latest spy…
[Read More]Easy, Non-Technical Ways to Protect Your Privacy Online (And Why You Need To)
We all use technology at some point in our lives. Sometimes that technology is as simple as…
[Read More]ExpressVPN
ExpressVPN has long had the reputation of being one of the best, fastest, and most secure VPNs…
[Read More]Gmail Confidential Mode: Useful but Imperfect for Email Privacy
Email is a tool that most of us use every day – sometimes all day. And while…
[Read More]