Find out how you can significantly improve the protection of your personal data in only 60 minutes.
Privacy settings are the key to what you share
The initial release of BitsaboutMe is all about raising the awareness what digital data trail we leave behind. By connecting to your various online accounts you can get a comprehensive overview about the data that is stored about you by the various players. Now it is on you to decide to what extend you are comfortable with what you see.
Unfortunately the large players (Google, Facebook, Apple, etc.) make you trade-off data privacy against the convenience of e.g. syncing data between devices among other features. The good news is that most data collectors now make it possible for you to manage what data they store and what not.
Your smartphone is a very powerful surveillance device that knows almost everything about you. For iOS, the collected data generally stays locally on your device, while an Android phone, depending on your settings, might share plenty of data directly with Google.
In both cases review your privacy settings for the phone and the browser (Safari/Chrome) and decide for yourself to what extend you want to share your emails, web activities, location history, contacts, calendar etc.
Your Google account
If you have a Google account, it is worth checking myactivity.google.com. Myactivity.google.com is an easy to use interface to see what data they have collected about you, to delete that data and also to disable future tracking.
If you do not have a Google account your Google activities are still tracked based on your cookies, but you cannot see it. You can still manage what Google tracks about you here.
Your social networks
Also for the various social media accounts, it is worth visiting their privacy settings. The situation here is slightly different as social media posts are by nature already public to some extend. Just be aware that you share not only with your friends and followers but also with the entire ad industry and not only what you post and like but every website you visit that has the respective share button. This corresponds to 90% of all web pages.
Passwords are still the number one security risk for your personal data. It is save to assume that your email address – and hence login – is already common knowledge so all it takes to get access to the majority of your accounts are your passwords.
Take good care of your passwords
- Choose strong passwords
- Use unique passwords
- Avoid phishing sites and phishing emails
- Keep your computer safe from password-capturing malware
Protect your devices
- Protect every device with a password (see above)
- Always install the latest security updates for your operating system
- Encrypt your devices (BitLocker on Windows, FileVault on Mac). Encryption is the default on iOS, but has to be enabled explicitly on Android devices.
To find out if your account has been compromised in a major breach you can check your email address at Have I been Pwned?
Why does it matter?
Too simple passwords
Passwords are cracked by try and error. Simple passwords can be guessed more easily, a four-digit number has only 10’000 combinations (1 second for a computer) while a 8 character password using letters, numbers and special characters has 3’025’989’069’143’040 combinations (depending on the exact rules), which is a number even the fastest computers cannot crack.
Using the same password on multiple accounts
The more online accounts you have the higher the chance that eventually your email and password are leaked. Even if the breach happens on an irrelevant account, e.g. some news site, if you use the same password everywhere, now also your social media and payment account are compromised. Stolen passwords are sold for millions on the dark net and hackers use them to get access to all kind of accounts.
Managing your cookies
A radical move is to delete all cookies every time you close your browser. There will be no more tracking based on cookies but you also lose the benefit of 1st party cookies that websites remember you and your preferences when you visit them.
Hence a more pragmatic approach is to block 3rd party cookies. 3rd party cookies do not provide any value but just keep track of your every move online.
This image is done with a Firefox plugin called Lightbeam and shows the tracking from only a couple of days surfing the web. The circles are the 24 visited websites (1st party) and the triangles the tracking websites (3rd party) associated with those sites. In order to stop those 3rd party sites from tracking you, you should disable 3rd party cookies on all your devices.
That is how you block 3rd party cookies on your devices:
- Firefox: Privacy > History > Use custom settings for history > Accept third-party cookies > Never
- Chrome: Setting > Privacy > Content Settings > Block 3rd party cookies and site data
- Internet Explorer: Tools > Internet Options > Privacy > Advanced > Third-party Cookies
- Microsoft Edge: Settings > View Advanced Settings > Block Only Third Party Cookies
- Safari: 3rd party cookies are blocked by default
Opt out from ad tracking on your smartphone
- iOS: Settings > Privacy > Advertising
- Adroid: Settings > Google Settings > Ads
Set your browser to “Do Not Track”
This is a self-governing indicator for the ad industry to not track users who send this signal.
- Firefox: Privacy > Tracking > Manage your Do Not Track settings
- Chrome: Setting > Advanced Setting > “Send a “Do Not Track” request with your browsing traffic
- Internet Explorer: Tools > Internet Options > Safety > Turn on Do Not Track requests
- Microsoft Edge: Menu button > Advanced settings > Send Do Not Track requests
- Safari: Settings > Safari > Privacy and Security > Do Not Track
All those measures will not stop tracking to 100% but you should see a significant decrease in targeted advertising after those simple steps.
With online display ads becoming more and more invasive the use of adblockers has become very popular. In the last couple of years the install base of adblockers has exploded and reached 600 million in 2016.
You can find a variety of free and paid solutions here.
Also note that ads are the flip-side of the free content culture of the internet. Some of your favorite high quality news outlets heavily depend on the online ad dollars supporting their shrinking print businesses. When online display ads are increasingly being pushed back those revenue will have to be replaced by some form of micro payments or subscription model.
By making use of online services, we generate every day large amounts of data. The use of those data is the business model of large internet companies whose advertising revenues finance the “free” services that we all use. In many cases, there is a trade-off between privacy and convenience where everyone has to find its own balance.
The sharing of personal data is an individual cost-benefit consideration. When you share more data, online services become more personalized, resulting usually in a more convenient usage. However, this involves the risk of subconscious manipulation or the phenomenon of the information bubble. In this information bubble you only get to see content that complies with your own world view. That may give you a good feeling, but in some ways it is also a distortion of reality.
Google offers a wide range of “free” and useful online services. Thus, the internet giant collects a large amount of information about you, among other things to display the best search results.
On the Google Search page, you can directly check and delete your search activity, access the most important privacy settings in your Google account and learn how Google Search works with the data you generate.
By clicking on Settings at the bottom right corner of the Google page, you can see your entire search history. There you can also delete your search queries over a specific period of time, if you wish so.
Moreover, in Search settings, you can choose in which language your search results should be displayed.
Under Your data in Search, you can also define whether you want to see personalized advertising or just random advertising. It is also the place where you have control over all the Google products you use. Further, the Activity settings let you control whether the following data is stored by Google:
- Web & App Activity
- Location History
- Device Information
- Voice & Audio Activity
- YouTube Search History
- YouTube Watch History
If you just want to delete your browser data, you can do this directly in Chrome:
- Launch Chrome on your computer
- Click on the three dots in the upper right corner
- Click on “History” and then on “Clear browsing data”
- In the box above, select a time period. To clear everything, select “The beginning of time”
- Select the items you want to remove
- Click on “Clear browsing data”
To get an overview of your Facebook activities, you can explore your Activity Log:
- Login into your Facebook account
- Click in the menu bar on the top-right corner on the arrow and then on “Activity Log”
The activity log lists all your past actions and content in chronological order. By clicking on the pen on the right side of an entry, you can selectively remove activities and comments from your Facebook history, as well as eliminate “Likes” and delete your location history.
If you use the Facebook app, you can delete the browser data on your smartphone, as well as remove cookies and the cache file of websites that you have visited in connection with the use of the Facebook app.
- Open the Android settings and click on “Apps”
- Scroll through the list and look for “Facebook”
- Click on “Memory”
- Select either “Clear data” or “Clear cache”
- Launch the Facebook app
- Tap on the “More” button at the bottom
- Choose “Settings” and then “Account Settings”
- Click on “Browser” and then on “Clear Data”
Moreover, your mobile phone number is a key identifier for Facebook to connect contact information from Instagram, WhatsApp, Messenger, and Facebook. The company also owns some numbers that users did not add themselves.
If this is the case for you, you can remove your mobile phone number from Facebook and still secure your account. To do this, go to “Mobile” in the Facebook settings and remove your mobile phone number there. So that your account is still protected by two-factor authentication, go under “Settings > Security and Login > Use two-factor authentication” where you can set an app such as Authy as second factor for the login.