It’s hard to stay off the grid, but you don’t have to give information away...
In the era of social media, targeted advertising profiles and hacks dumping personal information onto the web wholesale, staying anonymous online is perhaps more difficult than ever – and maybe more important. When Ashley Madison’s contact details were uploaded by hackers, 37 million people found their personal lives effectively exposed – but is it possible to avoid that, and similar things, happening to you?
Maintaining complete privacy on the Internet is hard, if not down right impossible – but certainly there are things you can do to make it a little less damaging to you if (and when) the information you give away gets compromised or tracked back to you.
1. Be Wary Of Giving Out Personal Details
There’s a saying that applies to almost the entire Internet these days, which is that if you’re not paying for a service, you’re the product not the customer. That’s true in a number of ways, but in most cases what it means is that Facebook isn’t a company that provides a social media service to its users, it’s a company that sells eyeballs to advertisers. The more demographic information they can collect about you, the better their product becomes.
For this reason, almost every site you use wants to know as much about you as possible. Where you’re from, where you work, what date you were born on, who your friends are – it all creates a profile that makes you more valuable to them.
However, things like your date of birth, the place you went to school and your mother’s maiden name aren’t just interesting details about you – they’re also identifiers that help narrow down a profile to one person. The less you do to put those details out there, the more secure you are.
As a result, it’s worth remembering that not every site needs to know your date of birth, for example. Many of them use it as a completely legitimate way to help you verify your identity when you reset a password, or send you a ‘happy birthday’ email when the time comes, but hackers might not have such innocuous uses in mind – and there’s no way of knowing how secure a forum is, especially if they’re old or amateur in nature.
Our recommendation is that you pick a memorable date that isn’t your birthday to use on the Internet in circumstances where you’re suspicious of a site’s reasons for needing a DOB. If you want to share your birthday with your friends on Facebook, that’s one thing – but posting on an AV forum to ask for advice about a TV, or trying to download a new piece of software? You’ll get nothing out of giving the details away then.
2. Keep Your Online Profiles Anonymous
Obviously, if you want to avoid your activity being tracked back to you, you’ll need to use a pseudonym online – and that includes your email address. While it’s worth having an email address that relates to you personally, it’s also worth having a second one that doesn’t – one you use to sign up to websites which may not be as secure or reliable as the most popular ones, or which you might only want to use temporarily.
The best way to do this is to sign up for a webmail account using a site like Gmail or Yahoo, and then set the email to simply forward to your existing address. That way you can use it to sign up to sites to prevent your login details there being attached to your main email address, but it also means you can keep using a single inbox despite having two email addresses – something that’ll make it convenient enough to become a good habit.
Whether you’re making a main or spare email address, it’s also worth avoiding information that might lead people to learn extra details about you other than your first and surname. Avoid attaching things like middle names and the year you were born to your email address in an attempt to find an account that hasn’t been used yet, because those details could give hackers or other privacyinvaders the confirmation they need to launch an attack on your privacy.
3. Delete Your Unused Accounts
Perhaps the number one way your personal details can be stolen is via a hack that target’s a website’s database. If you’re active on a website there’s not much you can do to prevent such an event but, if you’ve stopped using a site or only signed up to post or read one thing, it’s worth deleting your accounts you’ve finished using in order to prevent needles loss of data.
The fear is that if you leave your account active, it might remain in the system for years to come. In theory, data protection laws mean your account should be deleted after an extended period of inactivity. In practise, it’s surprisingly rare that anyone bothers to prune inactive accounts, especially on smaller sites and forums. If they’re not doing that, they’re probably not keeping the software they use patched either. That’s a dangerous combination.
If you’re wondering what sites still have your details on file, you can check your inbox or mail archive for sign-up emails and, in the event that your account is still active, go any manually delete it. This might be as simple as pushing a button somewhere, or you may have to email an administrator to specifically request it. Either way, it’s worth doing. Remember to delete, not simply deactivate. The former removes your details, where the latter simply marks the account as dormant (so you have to verify it to sign in again) but keeps the details on file.
4. Block Your Browser From Sharing Data
Location data is great for sites that want to know where their users are coming from, but it’s also great for people who want to know who you are and where you live. A geotagged photo on a social media site can easily reveal exactly where you live to people you’d rather didn’t have that information.
As such, you should take great care in allowing sites to track where you are, particularly if you think they might then want to share that information. Disabling location services on your desktop system is always worth doing because there’s very little value that can add in the first place, beyond targeted advertisements – and that can easily be done through IP-based geolocation anyway.
You might also want to turn on your browser’s ‘Do Not Track’ options. This is a protocol-level option that can be optionally forwarded to web servers along with a normal HTTP request, telling the server not to track your behaviour within or across sites. It’s a completely optional setting and technically isn’t part of the HTTP specification even though it’s supported by most browsers and servers now. It isn’t exactly foolproof – for one, it’s completely optional on the server end – but it is better than nothing.
Ultimately it’s hard to remain completely anonymous when you’re on the Internet – the trick is to be selective about what you share and when. It can be easy to give away much more information than you realistically need to – and that’s where the problems start.