Updated on November 14, 2016.
Much of the privacy protection we need in today’s world can’t happen without technological and legislative solutions, and the ACLU will continue leading the fight for digital security and privacy through our litigation and advocacy efforts. But there are simple steps that everyone can take to improve their digital privacy. While there are many advanced techniques that expert technologists can deploy for much greater security, below are some relatively basic and straightforward steps that will significantly increase your protection against privacy invasions and hacks.
Please note that although we mention a few services below, we don’t endorse any particular services or products as they can change rapidly.
- Install software updates. One of the most common ways hackers attempt break-ins is by exploiting known flaws or bugs in the various applications that are installed on a computer. When responsible application designers learn about such vulnerabilities, they issue a patch to fix the matter. That’s why it’s important to keep all of the software on your devices as up-to-date as possible.
- Use search engines and other services that don’t track you. Not all web services are created equal when it comes to privacy. Many major search engines (including Google, Yahoo and Bing) store both your IP address and all the search terms you’ve used — an extremely revealing and usually sensitive set of data. As an alternative, consider using a search engine that doesn’t track your activities, such as DuckDuckGo, StartPage, or Disconnect.
- Use a password manager. With password crackers able to try billions of passwords a second, strong unique passwords for every account you use are a key part of good security. But strong passwords are very hard to remember, which is why people often make the understandable mistake of using the same password for multiple accounts. If you reuse any password across two accounts, then a compromise of one service can lead to a compromise of the other service. Thankfully there’s an easy solution. Experts suggest that everyone use a password manager that will automatically create and keep track of strong passwords for the many sites and services that we use. Various password manager options you might consider are included in this list.
- Two-factor authentication. Strong, unique passwords for each site are a good start toward protecting your personal information, but your account can still be hacked if someone can obtain your password, for example, by sending you a phishing link that trick you into revealing your password. One of the best ways you can protect your account from hacking and your emails and other private data from theft is by turning on “two-factor authentication,” which requires an additional source of verification besides the password before granting access to your account—typically each time you log on from a new computer. Often this second source of verification takes the form of a code sent to your phone, a popup you have to click on from your phone, or, most secure of all, a $10 USB token that you insert into your computer. A growing number of online services offer two-factor authentication, including most of the big providers such as Google, Facebook, Dropbox, Apple iCloud and Twitter. If you haven’t turned this on yet, do it.
- Don’t sign into your web browser or web service. Signing in to a browser or web service, such as Gmail or Facebook, while you surf allows that service to easily track what you do and where you go online. Sign in only when you specifically need to do so.
- Delete cookies and browsing history. Cookies are small files saved on your device by your browser so it will remember things about you. They are useful for many things but are also used by advertising networks to track you. By deleting all of your cookies as well as your browsing history, you can reset the memory of the systems that track you. Use the help menu of your browser to find out how to delete your cookies and browsing history.
- Use encryption. By using encrypted messaging communications where possible, you eliminate numerous sources of surveillance and tracking. Consider using Signal for encrypted cellphone and text message communication and using Tor to surf the web. An added benefit of surfing the web with Tor is that it defaults to using a privacy-preserving search provider.
- Use free and open source software. Open-source applications are typically not-for-profit, and their computer code is open for anyone to inspect. This transparency reduces the incentives and ability of companies or others to turn seemingly innocuous software into a mechanism for spying.
- Don’t use strange internet-connected devices — computers, laptops, tablets, smartphones, etc. — to connect to your personal accounts. Typing your password into a public workstation at a hotel, an internet cafe, or even a friend’s house means that anyone who has taken control of that machine now knows your passwords.
- Make use of browsers’ “private browsing” or “incognito” mode. Using this setting where possible won’t protect you from all tracking by services you use within the session (or from tracking by your network provider), but it will avoid leaving traces on your local machine. Using a private browsing mode also means that identifying yourself to a service during that session is less likely to be linked to your activities in other sessions. Look in the help menu of your browser to find out how to browse privately.
Remember: You will never achieve absolute security from privacy invasions, but you can make great gains in fighting surveillance by government, companies, or hackers with steps such as the above.
Note: This blog will be updated regularly as technologies and circumstances change. If you think something is out-of-date, please let us know in comments.