The Online Privacy Guide You’ll Actually Use

Most online privacy guides provide an avalanche of information and overwhelm the reader. This one aims to outline more basic measures that will bring a “good enough” measure of online privacy to most people.

Note: Anyone being targeted by a stalker or other criminal should consider much more in depth measures of staying off of the radar. Consider reaching out to organizations like Operation Safe Escape and the book Extreme Privacy by Michael Bazzell. Some states in the U.S. also have government programs that help victims keep information offline.

Contrary to popular belief, maintaining your online privacy is not hopeless. In fact, for most people, just a handful of pre-emptive actions and a few new habits will go a long way towards protecting your privacy.

1) Start with Email

These days your email address is becoming almost as important as your real address. Due to the number of data leaks and breaches that seem to happen every month, an email address is often the key to start building a dossier on a person through online research.

Consider setting up an email “system” incorporating multiple email addresses. First, create a new email address at a highly secure provider such as Protonmail or Tutanota. Both of these services have free tiers. It is okay to create this email address under your real name, but it will only be shared with close family and friends. You can then forward your previous email addresses to this new email address.

You’ll then set up a secondary ‘public’ email address that will be used for signing up for online services and handing out to whoever you need to.

2) Protect Your Phone Number

If your email address is becoming as important as your real home address in the online world, then your phone number is like your social security number. Websites and apps rely on phone numbers for verification even though there are completely legitimate reasons why people need to change their phone numbers and hackers have myriad ways to abuse this system. This can lead to permanently losing access to critical online accounts.

For this reason, it is recommended to open a free Google Voice account and port your current phone number to Google Voice so that you retain full control over the number. Your carrier should then provide you a new number for a minimal fee. This new number should be a closely guarded secret. You can then set Google Voice to forward all calls to the new number.

Careful! Your new phone number will be exposed if you have to dial out on mobile, rather than the Google Voice website or app. Apps such as MySudo and Hushed cost money, but may provide an extra layer of security as well as an additional phone number that you can use as your primary means of sending and receiving phone calls.

3) Obscure Your Home Address

It is so hard to make your home address completely anonymous that people under immediate physical threat should leave ASAP and not return without an escort. Yes, you will likely need to find another place to live.

Most of us, though, have far less extreme options.

First, make a habit of regularly removing your information from data broker websites. Often they will ask for an email address in order to complete the request, so setting up an email address not linked to your real name and used only for this purpose is not a bad idea. There are numerous places online where you can find lists of these data broker websites. My own guide can get you started.

Second, consider putting out disinformation about your address. Ever see a magazine offer that seems so unbelievably cheap it can’t be real? Yes, they are trying to hook you into a long-term subscription, but that’s not the only reason. They sell your information to the very data brokers and marketers that supply information to the above websites.

The good news is this gives us an avenue to put disinformation about our address into the wild. Wired is one such magazine that frequently offers 1 or two year subscriptions for an outrageous $5 per year and sometimes even includes a free gift. Come up with a very ordinary sounding “John Doe”-type name and buy yourself a subscription. Bonus points for paying with a method not linked to your true identity. Privacy.com is one way to do this, but a pre-paid credit card paid for in cash is another (keeping a pre-paid credit card like this on you in general isn’t a bad idea actually).

Finally, securing an alternative street mailing address through UPS or a personal mailbox service of some type is key to making sure this sticks. You’ll get your real mail at that address and use your real address only for magazine subscriptions and marketing materials that you deliberately sign up for under your pseudonym.

The USPS is not a great option for this though as it is easy for online services to tell that you’re using a P.O. Box and some services will not allow you to ship to them. If you have no other choice, at least make sure the post office you choose has a street address option.

4) Keep Location and PII Data OFF Social Media

For all of its foibles, social media is amazing for keeping in touch with friends and family. Sharing those important milestones like the birth of a child is so easy and joyful thanks to Facebook and the like. There is a dark side to that though. You are creating a timeline of your (and, more importantly, your child’s) life for posterity.

Have you ever seen the kind of post going around social media that invites you to share information like your first car? Well, guess what one of the most common security verification questions are for password resets is. That’s right, “What was the make and model of your first car?”

Here are the guidelines for safe(r) social media use:

1. Be very suspicious of memes asking you to re-share a post after adding your information.
2. Only share content that you directly create (in other words, don’t copy/paste text posts to “show support” or to “officially notify Facebook” of anything)
3. Only share information on travel after the fact. If you are leaving family, or important possessions, at home, real time updates can be used for real time crime.
4. When sharing pictures, be mindful of rapidly evolving facial detection and geolocation technology and how you can’t be sure how the images will be needed in the future or why someone may be looking at them.

5) Use a VPN

A VPN, which stands for virtual private network, is essentially an encrypted tunnel that protects your internet traffic. Many people understand the principle behind using a VPN but are hesitant to pay for it. Unfortunately, using a free VPN is not really an improvement over using no VPN at all.

For most people using a VPN at home is probably overkill, but if you ever connect to any kind of free wifi like at a coffee shop, you should definitely protect yourself with a VPN.

6) Consider Paying for Critical Services

Looking back on my own journey into information security, I’m not sure what took me so long to come around to the idea of paying for services such as email and VPNs. I will even admit that the security offered by Gmail is honestly pretty solid. However there is a big caveat: If the service is free, then you are the product being sold, not the customer.

We know that Google employees have the ability to look in our email. The cases we know about involve catching truly despicable criminals, but how much do you trust Google employees?

My outlook now is that the few dollars a month it costs me for my email and VPN services is worth it to know that I am the customer and the companies I choose to work with work for me. Protonmail seems to be setting industry standards for security, but Tutanota is great too and comes down to around $12 per year. That’s a small price to pay for peace of mind.

Wrap-Up: Embrace The 80/20 Privacy Principle

The steps in this article outline the 20% of actions that get you 80% of the privacy benefits. There is always more you can do, and you’ll always be able to find some dork such as myself lecturing you about how you need to do more. But the measures in this article will get you started out on the right foot.

Even small measures can cause enough doubt and confusion for someone that may be targeting you to give up. You know the old adage that says you don’t have to be faster than the bear, just the person next to you? It applies here too. Most people do absolutely nothing to protect their privacy online.

Lastly, have FUN! Privacy should really be seen as a lifelong hobby. You can really geeking out over this stuff and the cat-and-mouse game that you play with people search websites. If you’re not actively being searched for by someone like an estranged ex, or other stalker, it’s perfectly okay to just dip your toe in the waters. You don’t have to jump in head first and risk burning yourself out trying to implement the same measures that a politician or celebrity would.

To help you out, I created a privacy resources Start.me page. Consider bookmarking it and spending an hour a week marking items off the checklist. Pretty soon you may just find yourself enjoying the process.