Privacy and convenience are often at odds, both in the physical and digital worlds. With each passing day, fewer activities can be done without being tracked in some way or other. This is particularly exacerbated online, where plenty of tracking mechanisms hide the true nature of web interactions. Not all is lost though. We can take several measures to improve the privacy of our web interactions, some of which are outlined below.
Of course, these measures don't make you invisible on the internet - they just reduce the extent of attribution and subsequent targeting by online services. A sufficiently well-resourced and determined adversary can always join the dots; hopefully, your privacy needs are not that extreme. These measures may also not be applicable or feasible in your specific situation or you may disagree with the approach, so feel free to research further before you adopt them. With those caveats in mind, here's the tl;dr.
- Use a privacy-focused VPN
- Use a privacy-focused web browser
- Use a privacy-focused DNS service
- Use email aliases to sign-up for services
- Use email tracking protection
- Use an end-to-end encrypted messaging platform
- Use an end-to-end encrypted email service
- Use disposable phone numbers
- Use disposable credit/prepaid cards
- Use a webcam privacy cover
Virtual Private Networks (VPNs) have long been used to hide the origin IP address for privacy reasons, or to access geo-restricted services, or to surf the internet securely on public wifi networks. Most VPN providers collect and store session metadata and logs though, and it is not uncommon for them to share your web browsing history upon request from law enforcement (for legitimate reasons) or other third parties often without consent. After a lot of research, I find these to be the best privacy-focused VPN services out there:
If you want to know my rationale for picking these services, see the comparison here. If you want to avoid using a 3rd party VPN service and host the VPN server yourself, have a look at my tutorial on setting up Algo VPN on DigitalOcean.
Privacy-Focused Web Browser
For the most private web browsing experience, you not only need VPNs but also a browser that focuses on privacy. While Chrome offers several features to improve your privacy, these aren't enabled by default. I tested Safari, Firefox and Brave browsers and walked away with some interesting insights.
For the desktop/laptop, Brave offered the strongest tracking protection by default, with the browser offering a randomized fingerprint to websites as opposed to the unique fingerprint presented by Safari and Firefox. As with Chrome, these browsers do allow you to tinker with the privacy settings and take a restrictive approach, but that may be arduous for most people, so the defaults do matter. Brave is adding web3 support (e.g. crypto wallet, ENS domains, Unstoppable Domains) quite rapidly, and there is a chance that the bloat might inadvertently leak your private data over time. Firefox is probably still the leanest officially supported option apart from the Chromium open-source browser.
For mobile use, Firefox Focus is an open-source, privacy-focused browser for iOS 11.4+ and Android 5.0+ devices with built-in tracking protection and ad blocking. Its primary goal is to protect user privacy, but you also get the added benefit of improving browsing speed as fewer ads are loaded.
Cover Your Tracks is a project by the Electronic Frontier Foundation that tests your browser to see how well you are protected from tracking and fingerprinting. Use it to understand whether you have sufficient protection against web tracking.
Privacy-Focused DNS Service
Do not use the default DNS servers provided by your ISP. From both a security and privacy perspective, you have two good alternatives - the public resolvers provided by Google (primary:
18.104.22.168 / secondary:
22.214.171.124) or Cloudflare (primary:
126.96.36.199 / secondary:
188.8.131.52). Both companies are extremely well regarded in the security industry; they offer fast DNS lookups, support advanced DNS security mechanisms like query minimisation, DNSSEC, DNS over TLS and DNS over HTTPS, and store logs up to 24-48 hours only for troubleshooting and security investigations. (Google may store certain anonymised logs longer, but they explain their log sampling policy clearly here).
As the name suggests, an email alias is an alternative or forwarding email address that you use in place of the actual one. So any email sent to the alias address (say,
email@example.com) is forwarded to the actual address (say,
firstname.lastname@example.org). Using this technique, you can create unique alias addresses for each service that you'd like to sign up for e.g.
email@example.com and so on, each associated with the same email address. If any of these services happen to be in a breach and your data is found online, you'll know the exact culprit. However, depending on the service you choose, the usage varies. See this post to understand how you can use Gmail, Protonmail, Zoho or SimpleLogin to configure aliases.
Email Tracking Protection
DuckDuckGo recently launched Email Protection in beta, a free email forwarding service that removes hidden trackers from emails and then forwards the emails to your regular inbox. To facilitate this, you simply create a new @duck.com email address and use that to sign up for newsletters in place of your real address (the mapping is done while creating the address). This approach works well if you are only receiving emails though, and not if you plan to correspond with the sender.
With the iOS 15 release, Apple now offers Mail Privacy Protection to thwart tracking pixels embedded inside emails. Coupled with IP address masking, this prevents senders from knowing whether recipients opened an email. Another feature, Hide My Email, allows users to share random email addresses that forward to their regular inbox, although this is part of the iCloud+ subscription. While this is a win for consumers, this is sure to have an adverse impact on email marketing companies who use open rates as a tracking measure.
End-to-end Encrypted Messaging Platforms
End-to-end encryption (E2EE) is a form of communication where the network traffic is fully encrypted in transit, even from the service provider, and can only be decrypted by the sender and recipient. It prevents communications from being intercepted or manipulated in transit using public key cryptography, and offers stronger guarantees on the confidentiality and integrity of the transmitted data.
Despite receiving some flak for enforcing phone number as a requirement for using the platform, Signal is still considered the best E2EE messaging client. In my opinion though, WhatsApp comes a close second. Despite the brouhaha around the updates to their terms of service and the inexplicably poor public communications, their choice of protocols used is still top notch.
End-to-end Encrypted Email Service
Along with messaging, email is still a ubiquitous mode of communication, despite numerous attempts to "kill email" over the past several years. And E2EE is both relevant and valuable in the context of email services too.
ProtonMail, Fastmail and Tutanota are popular privacy-focused E2EE email service providers. Each service offers a variety of features, though Fastmail does not offer a free tier, only a free trial. ProtonMail recently rebranded itself to Proton, pushing out a suite of privacy-focused services like VPN, encrypted cloud storage and encrypted calendars, and updated its price tiers. Skiff Mail is the newest kid on the block, with a decentralized productivity suite to differentiate against other services. If you want a quick primer on Skiff, see my post here.
Disposable Phone Numbers
Apps and services typically ask for a valid email address and phone number during registration to combat account fraud. This certainly helps fight bots or scammers looking to take advantage of the system, but also increases user privacy risks due to data leaks and breaches. Having a disposable or "burner" phone number can help deal with this challenge with a bit more nuance. Now, you may have seen burners being used by criminals on television shows and hence be wary of them, but there are legitimate uses of a second phone number too. Looking to put something up for sale on Craigslist? Visit a new place? Or test drive a new app in beta? Or simply download a white paper? Yep, burner phone numbers are just fine.
There are a plethora of apps that offer burner phone numbers at reasonable rates. Burner does a good job if you are in US or Canada. Hushed supports 40 countries and is a good option if you are travelling. My personal favourite is MySudo - a simple app that allows you to create multiple profiles, and even offers an entry-level plan with a single phone number for free.
Disposable Credit/Prepaid Cards
Despite multiple preventive attempts by card providers, banks and regulators, credit card fraud continues unabated. Insecure, magnetic stripe-based transactions are prevalent in the US and parts of the world, making it trivial for point-of-sale device compromises and card skimmers to access unencrypted card data. Most cards in Europe and Asia are now equipped with a 4 or 6 digit PIN, but even that is sometimes optional for online transactions. It isn't practical to constantly monitor card statements, and fraudsters often get away with unauthorized purchases before you have a chance to report and terminate the card.
Until anti-fraud solutions catch up, it makes a lot of sense to leverage disposable or single-use credit cards. These are often linked to a physical or main credit or prepaid card account, and get destroyed/regenerated after each transaction, making subsequent transactions useless even if the card is compromised. You can also set per transaction and monthly limits. Disposable cards are also useful to thwart the egregious practice of auto-renewal without consent while subscribing to trials or product evaluations. While there are plenty of virtual card providers in the market, I'd recommend Privacy, Revolut and Wise (depending on your country).
Webcam Privacy Cover
Finally, I'd be remiss if I didn't talk about the intersection of privacy and the physical world. With remote video meetings fast becoming a norm, your laptop camera is likely to be heavily used. This introduces a serious privacy risk, opening up your physical life to surreptitious monitoring by malware and exploited software vulnerabilities. It is absolutely vital that you cover the camera when not in use. I have found the CloudValley webcam cover to be a cheap and effective way to accomplish this. If you prefer an external web camera instead, you can consider the Logitech C930e 1080p HD webcam with privacy shutter instead.
Well, there you have it. If you made it till here, I hope you picked some useful privacy tips along the way. Not all the tips may be relevant in your situation, but they should definitely provide a checklist for your next privacy checkup!