A Few Easy Steps Everyone Should Take to Protect Their Digital Privacy

Steps To Improve Digital Privacy

mytubethumb play
%3Ciframe%20thumb%3D%22https%3A%2F%2Fwww.aclu.org%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fvideo_thumbnail_1030x580%2Fpublic%2Ffield_image%2Fvid16-digitalprivacy-thumbnail-v01.jpg%3Fitok%3D66Z_uLln%22%20class%3D%22media-youtube-player%22%20width%3D%22576%22%20height%3D%22324%22%20title%3D%22Steps%20To%20Improve%20Digital%20Privacy%22%20src%3D%22%2F%2Fwww.youtube-nocookie.com%2Fembed%2FvSQQXS3q1k8%3Fwmode%3Dopaque%26amp%3Bmodestbranding%3D1%26amp%3Brel%3D0%26amp%3Bshowinfo%3D0%26amp%3Bcolor%3Dwhite%26autoplay%3D1%26version%3D3%22%20frameborder%3D%220%22%20allowfullscreen%3D%22%22%3EVideo%20of%20Steps%20To%20Improve%20Digital%20Privacy%3C%2Fiframe%3E
Privacy statement. This embed will serve content from youtube-nocookie.com.
Updated on November 14, 2016.
 
Much of the privacy protection we need in today’s world can’t happen without technological and legislative solutions, and the ACLU will continue leading the fight for digital security and privacy through our litigation and advocacy efforts. But there are simple steps that everyone can take to improve their digital privacy. While there are many advanced techniques that expert technologists can deploy for much greater security, below are some relatively basic and straightforward steps that will significantly increase your protection against privacy invasions and hacks. 
 
Please note that although we mention a few services below, we don’t endorse any particular services or products as they can change rapidly.
 
  • Install software updates. One of the most common ways hackers attempt break-ins is by exploiting known flaws or bugs in the various applications that are installed on a computer. When responsible application designers learn about such vulnerabilities, they issue a patch to fix the matter. That’s why it’s important to keep all of the software on your devices as up-to-date as possible. 
  • Use search engines and other services that don’t track you. Not all web services are created equal when it comes to privacy. Many major search engines (including Google, Yahoo and Bing) store both your IP address and all the search terms you’ve used — an extremely revealing and usually sensitive set of data. As an alternative, consider using a search engine that doesn’t track your activities, such as DuckDuckGoStartPage, or Disconnect
  • Use a password manager. With password crackers able to try billions of passwords a second, strong unique passwords for every account you use are a key part of good security. But strong passwords are very hard to remember, which is why people often make the understandable mistake of using the same password for multiple accounts. If you reuse any password across two accounts, then a compromise of one service can lead to a compromise of the other service. Thankfully there’s an easy solution. Experts suggest that everyone use a password manager that will automatically create and keep track of strong passwords for the many sites and services that we use. Various password manager options you might consider are included in this list.  
     
  • Two-factor authentication. Strong, unique passwords for each site are a good start toward protecting your personal information, but your account can still be hacked if someone can obtain your password, for example, by sending you a phishing link that trick you into revealing your password. One of the best ways you can protect your account from hacking and your emails and other private data from theft is by turning on “two-factor authentication,” which requires an additional source of verification besides the password before granting access to your account—typically each time you log on from a new computer. Often this second source of verification takes the form of a code sent to your phone, a popup you have to click on from your phone, or, most secure of all, a $10 USB token that you insert into your computer. A growing number of online services offer two-factor authentication, including most of the big providers such as GoogleFacebookDropboxApple iCloud and Twitter. If you haven't turned this on yet, do it.
  • Don’t sign into your web browser or web service. Signing in to a browser or web service, such as Gmail or Facebook, while you surf allows that service to easily track what you do and where you go online. Sign in only when you specifically need to do so. 
  • Delete cookies and browsing history. Cookies are small files saved on your device by your browser so it will remember things about you. They are useful for many things but are also used by advertising networks to track you. By deleting all of your cookies as well as your browsing history, you can reset the memory of the systems that track you. Use the help menu of your browser to find out how to delete your cookies and browsing history.
  • Use encryption. By using encrypted messaging communications where possible, you eliminate numerous sources of surveillance and tracking. Consider using Signal for encrypted cellphone and text message communication and using Tor to surf the web. An added benefit of surfing the web with Tor is that it defaults to using a privacy-preserving search provider
  • Use free and open source software. Open-source applications are typically not-for-profit, and their computer code is open for anyone to inspect. This transparency reduces the incentives and ability of companies or others to turn seemingly innocuous software into a mechanism for spying. 
     
  • Don't use strange internet-connected devices — computers, laptops, tablets, smartphones, etc. — to connect to your personal accounts. Typing your password into a public workstation at a hotel, an internet cafe, or even a friend's house means that anyone who has taken control of that machine now knows your passwords.
     
  • Make use of browsers’ “private browsing” or “incognito” mode. Using this setting where possible won't protect you from all tracking by services you use within the session (or from tracking by your network provider), but it will avoid leaving traces on your local machine. Using a private browsing mode also means that identifying yourself to a service during that session is less likely to be linked to your activities in other sessions. Look in the help menu of your browser to find out how to browse privately.
Remember: You will never achieve absolute security from privacy invasions, but you can make great gains in fighting surveillance by government, companies, or hackers with steps such as the above.
 
Note: This blog will be updated regularly as technologies and circumstances change. If you think something is out-of-date, please let us know in comments. 
 
View comments (17)
Read the Terms of Use

Anonymous

But if we do these things then how is the media, government, and ACLU-friendly partners going to block so-called "fake news" from being viewed by people?

Anonymous

The EFF has an extension for browsers called Privacy Badger. Maybe that could be added to the list? eff.org/privacybadger

Anonymous

Privacytools.io has much more information and is more helpful. Please use some of their info here.

Anonymous

Also you can set up virtual machines and delete them when you're doing doing sensitive things online.

Anonymous

If you hadn’t in some other article or another, you oughta make mention for proxies and VPN, while warning against free VPNs.

Clarence Willett

I wanted to sign up as a supporter of this website but refuse to put my phone number on the internet as I am terminally ill and do not appreciate or need phone calls at my home when I am trying to rest. It is I think on your part asking too much I don't mind going online and responding to an email but I do not want phone calls I already am overwhelmed by them for all sorts of sales and political b*******that I do not have the mental space to trouble myself with!

Anonymous

I don't think, that Signal is really a good option for IM.

1. It requires the use of a smart phone. Even their desktop app requires one. You cannot use Signal with e.g. a Linux computer only. When using Signal, one also forces ones contacts to use Android or iOS, which they might not like.

2. The use of phone numbers as id doesn't sound good. In many countries of the world a phone number or SIM card is linked to an id card by law. Passing ones phone number is different from passing ones email or IM address.

3. Signal runs on the Amazon cloud in the US. Nothing wrong with that, but as a user I would like to be able to select a different server, maybe one run by a trustworthy local cooperative.

I suggest to recommend one (or multiple) of the federated, open IM technologies. E.g. Conversations, the Android XMPP client, does now do OMEMO encryption by default.

Pages

Stay Informed