What Is Internet Privacy? On Big Data Tactics and Personal Data Protections
A few years ago, you’d rarely hear about internet privacy outside of industry journals and techie blogs. Today, it’s absolutely everywhere, from coffee shop conversations to the world’s biggest newspapers. Hackers violate it, but so do social media sites, marketing companies, and even governments. And nobody can afford to take it for granted.
Your passwords, ID numbers, financial information, browser history, and more are prime targets for privacy violators. There’s a profit to be made from your data – and plenty of ways to obtain it. But there are also many things you can do to protect it. Best of all, you can do so without sacrificing all the conveniences of the modern internet.
Let’s explore the fundamentals of internet privacy and why it’s so important. We’ll also examine how it’s violated and what you can do to avoid losing it.
What, Exactly, Is Internet Privacy?
We could go on and on about the intricacies of internet privacy. And we will, but first we’ll give you the short version.
Internet privacy is, essentially, your ability to retain control over your online data. This means being informed of who sees and uses your data, how it’s used, and why. It means being able to provide as much (or as little) non-essential information as you feel like online. And it means knowing that any data you do provide is handled responsibly and securely.
Does Internet Privacy Even Exist?
The basic concept of privacy is pretty natural to understand. There are many aspects to your existence and identity, and not all of them are up for grabs. You keep some information to yourself and share some with those you trust. If that trust is broken, or if an untrusted person listens in, you lose control over that information. Your privacy – your right to control who knows what about you – is violated. Pretty obvious, right?
But the concept of internet privacy is often disputed. Some think that every part of the internet is public, and thus so is anything you do on it. To these naysayers, there is no expectation of privacy anywhere online. But we disagree.
To us, the internet is simply an extension of real life. It’s so integrated into our existences as to be inescapable. If the internet can’t be private, nothing can be.
And the powers that be work very hard to assure us of our privacy. You can set your social media profiles to “private.” Online retailers assure you that your billing information is always kept private. Forums have private messaging systems, and web browsers have private browsing modes. If internet privacy isn’t actually real, then these statements are unacceptable trickery.
Internet privacy is as much a right as privacy in general. We have the right to go for a walk without telling everyone we meet our vital statistics. Store owners can’t stalk us just because we went window shopping. People we confide in (usually) don’t sell our secrets for their own profit. The same principles should also apply when browsing the web.
Why Is Internet Privacy Important?
Think about the things you do online. You post life updates on Facebook, your email to colleagues, you buy new gadgets from online shops. Maybe you use dating apps like OkCupid or Tinder. Or perhaps you’re working on a family tree with the help of DNA analysis services like 23andMe.
Now think about the information you transmit to perform these tasks. Facebook knows your name, birthdate, workplace, family, friends, and contact info in addition to what you post about. Work emails can contain sensitive information about clients, coworkers, and projects. Retailers need your full name, address, and credit card information – plus they know what products you like and use. Dating sites know your sexuality, dating preferences, and the things you say to potential partners. Genealogy companies literally have your DNA on file. And many of these sites and services track your location, usage habits, IP address and other metadata.
Imagine what could be done with all of that data. Your everyday internet use could reveal nearly everything about you. And advanced algorithms could process that data to fill in the remaining blanks. Sure, an independent hacker could steal your identity using your data. But without internet privacy, a company could legally take your identity – and sell it to the highest bidder.
And we can already get a taste of what that’s like. Advertising companies purchase your data from online shops and use it to send you targeted ads. Fun quizzes and surveys on Facebook harvest your profile data for sale to marketers and political candidates. Seemingly innocuous phone apps compile precise maps of your real-world activity and sell it to data brokers. Web companies are making it clear that their real product isn’t a service or an item, it’s your data.
Who Should Be Worried About Internet Privacy?
Not everyone takes their personal privacy seriously. Bring it up, and you’ll eventually hear the refrain, “I’m not worried. I have nothing to hide.” But internet privacy isn’t about hiding things. It’s about retaining control over your information, and thus yourself. You don’t need to be full of secrets to want a stake in your identity, reputation and personal security.
Every Internet User Is at Risk
Internet privacy is everyone’s business. As we’ve seen, data collectors don’t discriminate when they engage in their activities. The only requirement is that you use a particular site, service, or app. Once that’s met, your data is up for grabs regardless of how sensitive you consider it. What’s public for you may be private for someone else, but you’re both targets nonetheless.
And since the internet connects you to others, there’s a domino effect in play. You may have a minimal Facebook profile, but chances are one of your friends doesn’t. If that friend’s data is harvested, yours could be included by association. Perhaps the most egregious example of this is the Cambridge Analytica scandal. A Facebook survey app collected data from its users, along with all of their friends. Millions of people have their information compromised, and most of them were completely unsuspecting.
Big Brother Is Watching
Privacy violation by association is also a key component of government surveillance programs. The NSA’s PRISM program, for instance, monitors, analyzes, and stores telecommunications data. Emails, browsing histories, timestamps, locations, and more are all collected. The program is supposed to target only non-US citizens suspected of terrorism. But in practice, it collects data from millions of innocent people from the USA and abroad. Emailing someone in a different country or texting a family member of a targeted individual is sufficient cause for surveillance.
So should you be concerned with internet privacy? Without exception, yes. Even if you never post online, you provide more data than you think. Location, IP address, device ID, browsing history… passive internet activity reveals a surprising amount of information. And even the most cautious internet users know someone who isn’t. That weakest link could compromise your carefully-protected data with just a few bytes. Internet privacy must be available to – and practiced by – all to reign supreme.
How Is Internet Privacy Violated?
From the obvious scams to low-key logging to legally-endorsed surveillance, there are many ways for your personal data to be compromised. We’ve discussed a few of these methods briefly, but the more you know, the better you can protect yourself. Let’s take a close look at the tools and tactics used by internet privacy violators.
Hidden in the code of nearly every website you visit, trackers are perhaps the most ubiquitous privacy detriment. They’re often invisible, taking the form of a web cookie that resides inside your web browser. Others are more visible “web beacons” like the Facebook “Like” buttons you see around the web. But both do the same thing: create a trace of your web activity and send the data back to the tracker owner.
Advertising trackers are particularly common. They’re used to keep track of the content you view so that ads can be targeted at you. The more an ad aligns with your interests, the more likely you are to click it. And every click earns the advertiser (and the ad provider itself) more money.
Want to see just how well ad trackers work on you? Take note of the ads you usually see on any given site. Then open a new private browsing window – in Firefox, it’s called a Private Window; in Chrome, it’s called an Incognito Window. Revisit the site in the new window and see what kind of ads you get. They’ll seem much more random and unrelated to each other than you’re used to.
Trackers don’t seem like huge privacy violations until you consider the amounts of data they collect. Virtually your entire browsing history is stored by these third-party trackers. And in some cases (like Facebook’s), that history is directly linked to your real identity.
Just as your fingers have unique whorls and ridges, your computer and browser have unique identifiers as well. These range from being device-specific (like MAC addresses and serial numbers) to fairly general (like browser versions and screen dimensions). However, when combined with one another, these traits create a fingerprint – a sort of signature that can be used to track you.
Fingerprinting works by requesting various pieces of information about your device and browser when you load a site. Many fingerprinters make use of fairly obscure data, like your WiFi settings, fonts, and installed plugins. Your particular combination of data is unique enough to reliably track your activity, even across different browsers.
The biggest offender is the “transfer to third parties” clause. Most privacy policies contain a section detailing the third parties your data is given or sold to. Often, this isn’t a list of specific companies but rather the circumstances under which the transfer may occur. Typically, these circumstances include “when it is in the company’s legitimate interest” to transfer the data. This vague phrase could mean anything – is it in the company’s legitimate interest to make money? If so, your data could be sold to third parties.
You should also check for data retention policies. What information does the site store, and for how long? Do you have to provide excessive information to use the site (a phone number for a forum, for instance)? And do any third-party site features, like help desks and live chats, have their own policies?
Generally, you want to use sites that collect as little info as possible. And ideally, the site policies will state that data is never sold to third parties. If that statement isn’t present, assume that the opposite is true – and be careful what data you provide.
That free game you just installed sure looks fun. But did you check the permissions before hitting “Play”? You’re likely to see some items on the list that just don’t add up. Why does this block-breaking game need access to location, text messages, contacts and microphone?
The answer, of course, is data. Many free app developers make a living by invading users’ privacy and selling their personal data. Location and contact data are especially lucrative, as they’re highly specific and personally-identifying. But even device fingerprinting data (like we discussed in the last section) can turn a profit when sold to advertisers.
Spyware, Malware and Exploits
For as long as the internet has existed, hackers have tried to take advantage of its users. The Trojan horses and Nigerian prince emails we all know are still out there, but newer dangers are more sophisticated.
Take keyloggers, for example. These programs can be tiny and are often hidden in other, more legitimate-looking applications. They do what their name suggests: log your keystrokes and send them to the creator of the malware. That person can then see the URLs you type as well as any usernames and passwords you enter. Just like that, all of your online accounts are compromised – as is the data within them.
Other modern data-grabbing scams utilize social media. The hacker hijacks someone’s Facebook account and messages the person’s friends with links to phishing websites or data-harvesting apps. Once the link is clicked, the clicker’s account is then compromised as well, allowing the plague to spread. This technique is especially lucrative as Facebook accounts tend to contain large amounts of personal data.
Out-of-date apps and OSes are also huge sources of personal data for hackers. Software is frequently updated to close security holes, but old versions remain vulnerable. Automated hacking programs can scan networks and the internet at large to find devices running these older versions. From there, it’s easy to break into the device and obtain any desired data.
Three entities can monitor and control what you do online: your network administrator, your ISP, and your government. Each of these entities has its own surveillance tools that it uses to do so. Because your internet traffic needs to pass through each of them, it’s vulnerable to interception by any or all of them.
If you use the internet at your school or workplace, chances are it’s monitored or censored to some degree. Often, social media sites, streaming sites, online stores, and other “distractions” are blocked. But even if they’re not, the network administrator can still see what you do online. The detail level varies, but it typically includes at least the domains you visit.
Your ISP is another nosy network snooper. ISPs have always monitored and logged users’ internet traffic. They’ve used that data to throttle connections and provided it to law enforcement upon request.
But the end of net neutrality in the USA opened up a new use for user browsing data: sale to third parties. Legally, such data must be “non-identifying.” However, as we’ve seen in previous examples, non-identifying data can become identifying in combination with other pieces of data. It’s enough of a concern that several states have passed laws banning ISPs from selling user data without permission.
Finally, the most formidable privacy invader: the government itself. The UK is attempting to enact the Snooper’s Charter, a law that obliterates most internet privacy in the country. Law enforcement in the UK could monitor your internet usage live, read communications and even decrypt encrypted data.
Things aren’t much better across the pond, either. America’s infamous NSA programs are still gathering massive amounts of personal telecommunications data. Some, like the Xkeyscore program, use it to build hyper-detailed profiles of individual internet users. Others, like PRISM, force private companies like Microsoft and Yahoo to grant the agency access to user data. Even encrypted Skype calls aren’t safe from the NSA.
How Can I Protect My Internet Privacy?
You’re not likely to achieve total anonymity online. But there are plenty of ways to thwart privacy violators and boost your online security. Here are our recommendations.
Always Use HTTPS
Remember how every website URL used to begin with HTTP? Well, that’s largely been replaced with HTTPS, a secure version of the same protocol. When you visit an HTTP site, the traffic is unencrypted and visible to anyone watching. Hackers, network admins, and ISPs can see the URL, the site content, and any data you upload. HTTPS adds a layer of encryption that drastically reduces the amount of information that can be seen. The site content and the specific pages you visit within a site aren’t visible when you use HTTPS.
Most reputable websites now automatically use HTTPS, but some still don’t. Browser extensions like HTTPS Everywhere “convert” HTTP sites to HTTPS for added security. In general, avoid using HTTP sites as much as possible, and don’t enter any sensitive information on them.
Take Control of Your Cookies
Cookies have many legitimate uses – they keep you logged in and remember user preferences. But many cookies only benefit third parties, specifically advertisers. Most browsers allow you to block third-party cookies, preventing cookie-based trackers from watching you. Some sites use third-party cookies for additional functionality, like displaying embedded video. In these cases, you can add the site to a whitelist without universally enabling third-party cookies.
If you’d prefer not to disable third-party cookies entirely, you should at least clear them regularly. Doing so limits the amount of information that trackers can link together. It’s still an invasion of privacy, but it’s not as comprehensive as it would be otherwise.
Use Strong Login Credentials
No company is too large to experience a data breach. When this happens to a site you use, your username and password could be exposed. If you use the same credentials on other sites, your internet privacy will be severely compromised.
Even in the absence of a data breach, your password is still at risk if it’s not strong enough. Passwords made up of birthdates, simple words and common phrases can be brute-forced in a matter of seconds. From there, a hacker could access your address, credit card information and private communications.
The solution? Strong login credentials. Every account should have a unique password. That way, if one is compromised, your other accounts will still be safe. A password manager like LastPass can simplify credential management and even generate secure passwords for you.
If possible, enable two-factor authentication on your accounts. You’ll need your password as well as an extra verification step to access an account. This could be a security image, secret question, or text message verification code. Whichever you choose, it will decrease the chances of anyone gaining unauthorized access to your account.
Limit Disclosure of Personal Information
The information a site requests should be commensurate with its purpose. It’s not fishy for an online retailer to require your mailing address. But it is fishy for an online game to require one. Excessive information requests point to an ulterior motive: data harvesting and selling. The same applies to mobile apps and permission requests.
Be careful about handing out your email address, too. Chances are, everything you do online ties back to that email address, so it’s a vulnerable point. Knowing your email address makes it easier to find out more personal information about you as well. And that email newsletter you signed up for to get a discount code? It’s probably the reason you’ll be getting tons of spam in the near future.
The more enigmatic you are on social media, the better. Facebook, Twitter, and Instagram are like pick-your-own farms for personal information. An identity thief could do a lot with your date of birth, hometown, mother’s maiden name, and favorite color. All of that is relatively easy to find on Facebook. And your endless tweets make it incredibly simple to assemble a profile of your likes and dislikes. A good rule of thumb: don’t post anything you wouldn’t want everyone on Earth to know. And even if you do want that, lock down your privacy settings as tight as they can go.
Get a VPN
Many privacy-enhancing tools exist, but none is more effective than a virtual private network, or VPN. A VPN creates a secure “tunnel” between your computer and the rest of the internet. You can alter your location and IP address easily by selecting a different VPN server. And your traffic is secured with ultra-strong encryption that can’t be broken by any existing computer.
The result? Network admins can’t see what you’re doing. Your ISP can’t monitor or throttle your connection. Government surveillance tools see nothing but gibberish. Website operators have no idea who you are or where you’re browsing from. Advertisers can’t use your IP address to follow you around the web. And hackers can’t intercept your data with fake networks or man-in-the-middle attacks.
VPNs have other benefits as well. Some allow you to view international streaming content that’s normally geo-restricted. Switching IP addresses gets you around article limits and paywalls on news sites. P2P-friendly VPNs let you torrent freely without worrying about getting banned by your ISP or sued.
There are a few drawbacks, though. VPNs tend to reduce internet speeds since they add an extra waypoint for your internet traffic. Certain websites, especially banking sites, can detect VPNs and block them from accessing content. And the most trustworthy VPNs – the ones that don’t monitor or log any of your personal data – cost money.
You can get a decent VPN for under $10 a month; even less if you prepay for several months. Our top picks include AirVPN, NordVPN, Private Internet Access, CyberGhost and TorGuard.
Use a Secure Search Engine
Search queries can reveal a lot about you. From health problems to interests to upcoming travel plans, many pieces of your life are detailed within them. So, of course, your search queries are used for ads. It’s no coincidence that Google, Bing, and Yahoo search engines are products of advertising companies. The data they use to create and target ads comes from your searches.
But you can avoid this privacy invasion by using a privacy-friendly search engine. Many options are just as full-featured as the main search engines, but they don’t sell your search data. DuckDuckGo searches the biggest search engines on your behalf and compiles the results without betraying your privacy. Disconnect Search lets you change your search location to view region-specific results. MetaGer is an open-source search engine that uses a proxy server to let you open links anonymously.
Whichever private search engine you choose, you’ll be much more secure than you are with Google or Bing. You won’t give any companies free data, ad fodder, or tracking opportunities. And when it comes to internet privacy, the importance of that can’t be understated.
Summary: Without internet privacy, your personal data – name, address, bank numbers, even medical information – is up for grabs. It’s harvested in sneaky ways by ISPs, site owners and hackers, who often sell it to advertisers.