1.3 Online Privacy Decisions
With more and more accounts and online transactions becoming part of daily life, managing who has access and who can see your data has become a seemingly arduous task.
An online presence consists of accounts on systems using various services, requiring the use of multiple passwords and an understanding of the implications of shared content (and metadata around that content). Initial security choices that you make when building and managing a business or your personal online presence can have long lasting implications for your brand and personal integrity, far into the future.
Below you will be introduced to some best practices and some tools people and businesses use to make security compliance more manageable. For example, password managers are helpful for keeping track of all your passwords.
The following tips should be considered for every computer that you use, whether at home, work or school. Tablets and mobile devices can also have security software installed for free, for example, Avast[1].
Securing Your Device
Ensure that every device you use is secure. The best way to do this is to download security updates to your OS (Windows or Mac) as soon as they are available. Malwarebytes is an free add-on to make sure your device is regularly scanned for viruses.
Turn on the cookie notification function or session cookies in your web browser settings. Cookies can be used for data-mining, marketing, and tracking your interactions online. See Google’s tips for enabling, clearing, and managing cookies[2] in Chrome.
Vary your IP address by turning off your modem when you are finished with the Internet for the day. Search providers and other services you access online can see your IP address. As you may know, every computer uses one unique IP address to connect to the Internet, but turning off your modem and reconnecting changes that IP address to a new one each time.
Furthermore, enable 2-factor identification on as many web-apps as possible. And never open email attachments if you are not sure what they contain and/or who they are from.
Use Search Engines and Web Browsers Wisely
Turn on your web browser’s “clear history” and “clear cookie” functions so the record of sites you visited and cookies you accept are automatically deleted once you log off. If you are using a public (or school) computer, activate the erase history function in the browser settings before you log off.
Configure your work and home web browser to protect your personal information. In the “set-up”, “preferences” and “options” menus, where your personal information is requested, use a pseudonym instead of your real name, and an alternate email address. It is usually a good idea to create an email address that you use for signing up for new web services, rather than using your personal or work email. For this pseudonym email account don’t provide any additional personal information beyond what is required to set-up the email address.
Never enter sensitive personal information, such as telephone or social insurance numbers or other identifying financial or health information as search terms or into online forums. They may be linked by service providers with other aspects of your identity or captured by hackers or identity thieves.
Consider exploring and using search engines that do not to collect any personal information at all, such as DuckDuckGo[3] and StartPage[4] (previously known as the metasearch engine Ixquick).
Email and Instant Messaging
Don’t reply to spammers even to say “remove me from your list.” That only confirms for them that your email is active and you will probably receive more spam from them. Also the “unsubscribe” options they provide can be a trap as well, so ignore them.
All email and instant messaging (IM) programs have archiving capabilities. Pressing the delete button may delete the message from your view and prevent your retrieval of it, but the messages are still retrievable by the service provider. In fact, some IM programs automatically save your chats unless you proactively select otherwise. Look for features on your IM service that allow you to prevent the recording or archiving of your conversations. Remember, though, that email in particular is virtually always saved on backup servers.
Select Good Passwords and Create Algorithms to Use Them Effectively
- Develop strong (complex) and varied (multiple) passwords for your programs and functions and never write them down at work.
- Use nonsensical (except to you, of course) combinations of letters, numbers and symbols for your passwords. The strongest passwords are typically the longest ones without many repeating characters.
- Think of a passphrase that is easy to remember such as, DogsGoBark and then vary it by including the service name and special characters.
Password Managers are very helpful to store and safely retrieve your passwords. On your home computer, or at work if you have administrative privileges, you can download and use either KeePass[5] or Password Sentinel[6], both free, trusted applications.
Choose Internet Applications, Services and Websites Carefully
Investigate new applications, services and websites before you use them. Choose ones with good reputations that have transparent privacy policies.
If you are uploading or creating content or images on third party websites, such as Picasa, Facebook and YouTube, the information is stored on their servers, so if the website, service or application is sold or goes bankrupt, the privacy and security of your information may change regardless of what the original service agreement or privacy policy says.
Consider that the best protection for your personal information is to not upload it in the first place or use pseudonyms, aliases and alternate/protected identities wherever possible. Be sure to read the user agreements, though; some hosts deny access to their services for users that provide false information, so be aware of the risks before taking them.
Read Privacy Policies and User Agreements
Yes, they are often long and boring but they are important. Pay particular attention to the part of the user agreement or privacy policy that explains how the service will collect, use, share and store your personal information, and who it says owns the information (including photographs and other images) uploaded or created while using the application, service or web site. It is typical for services to claim some form of access or control over your words and images, such as the right to share it with 3rd party clients, so be prudent and selective about what you think is reasonable or fair.
Look for a statement in the user agreement about cancellation of your account. Does the service allow total deletion or are you only able to “deactivate” your account? Does the agreement clarify what happens to your account information if you cancel?
Be suspicious of privacy policies that are hard to find, vague, or written in a way that is confusing. Privacy policies do not have to be long to be good, and they should be clear and accessible.
Look for a statement in the privacy policy about how or where to complain if you are unhappy about the collection, use, disclosure or storage of your information. There should be a process for complaining and a person who has authority for handling complaints about policies and breaches (i.e. a privacy officer).
Check to see if the host participates in a “privacy seal” program. Sites and services that do participate in privacy programs show some level of concern for users’ privacy, and the program may provide an alternative source of resolution for complaints. Some examples of reputable privacy seal programs are: Verisign[7] and TrustArc[8] (formerly TRUSTe). Privacy seals on their own, however, are not guarantees of privacy protection.
Look to see how the privacy policy or host states it will address or manage changes to its privacy policy. Will it notify you by email, announce changes prominently on its web site or just simply modify the policy? The way a host makes changes to its policy reflects its respect for the privacy principles of notice, knowledge and consent.
Many of our everyday activities can significantly increase the chances of a security breach, but we don’t always know that we are making these choices. For example, SpiderOak employees work in a zero-trust environment “where, by default, nobody is trusted either inside or outside of the infrastructure – eliminating inside threats, permission creep, and unintentional exposure.” (SpiderOak, n.d)[9]
- Avast Software. (n.d.) More than free antivirus. https://www.avast.com/ ↵
- Croft, Patti. (2022, July 28). How To Clear Cookies On Your Google Chrome Browser. https://allaboutcookies.org/how-to-clear-cookies-chrome ↵
- DuckDuckGo. (n.d.) https://duckduckgo.com/ ↵
- StartPage. (n.d.) https://www.startpage.com/ ↵
- KeePass. (n.d.) KeePass Password Safe. https://keepass.info/ ↵
- Password Sentinel. (n.d). https://www.passwordsentinel.com/ ↵
- Verisign. (n.d.) Verisign enables the world to connect online with reliability and confidence - anytime, anywhere. https://www.verisign.com/ ↵
- TrustArc. (n.d.) https://trustarc.com/ ↵
- SpiderOak. (n.d.). About us. https://spideroak.com/about/ ↵