How to protect your privacy online
Now that we’ve covered what data privacy is, let’s look at some practical ways you can protect yours, starting with securing your connection.
Keep your connection secure
Be careful on public Wi-Fi
Free public Wi-Fi networks are everywhere, and they’re definitely convenient—particularly if you’re on a limited data plan. Unfortunately, they’re also extremely insecure. Anyone who knows the password can log onto the network and, theoretically, see everything you’re doing online. If there’s no password, that’s even worse!
If you have to use public Wi-Fi, we recommend not doing anything involving sensitive data while connected. That means avoiding banking, social media, and logging into important accounts. Alternatively, you can use a VPN to help secure the connection—see below for more on that.
Choose a router with WPA2 security
Your home Wi-Fi network should have robust security, preferably WPA2. WPA2 stands for Wi-Fi Protected Access 2, and it’s the second generation of the powerful WPA security protocol. It’s generally the strongest encryption you can have on your network, and it helps keep unauthorized users from accessing your personal Wi-Fi and seeing what you’re doing.
Most modern routers support WPA2 and use it by default. If you’re not sure, your best bet is to consult the manual for your router model. Unfortunately, it’s hard to get more specific than that since there are so many different models on the market.
Keep your browsing private
Ensure you only use HTTPS sites
HTTPS stands for Hypertext Transfer Protocol Secure. Essentially, this means the website secures the connections and keeps them encrypted. Sites that don’t use HTTPS (those that use plain HTTP) are more vulnerable to prying eyes.
Most modern web browsers will automatically mark non-HTTPS sites as unsafe, and some won’t let you browse to them at all without jumping through hoops. However, it’s always a good idea to check for the “Secure” symbol in your browser’s address bar before entering sensitive info like credit card numbers. This symbol usually appears as a padlock icon.
Use a VPN
Using a VPN is one of the simplest—and most effective—ways to keep your browsing secure and private. A VPN, or Virtual Private Network, is a network that routes your signal through remote servers owned by the VPN provider. This process helps obscure your location, IP address, and other personally identifiable information.
These “secure tunnels,” as they’re called, also usually come with encryption, and most VPN providers have a privacy policy that includes not keeping any logs. So anyone snooping after your activity won’t be able to tell what you’ve done.
There are a few free VPNs on the market, but we generally don’t recommend using them. VPNs are expensive to operate, so if you’re not paying with money, there’s a good chance the VPN is selling your data—this obviously defeats the whole purpose. The only free VPNs we recommend are those that come as limited trials of paid options.
Instead, we recommend going with a paid VPN like ExpressVPN, NordVPN, or Proton VPN. These options have prices as low as $3.00 per month and all the features you’ll need.
Finally, it’s worth noting that VPNs tend to reduce internet performance since your signal is being routed through distant servers. Some are better than others at this, but they all come with some slowdown. For this reason, we don’t recommend using a VPN with satellite internet—combined with satellite’s already high latency, you’ll be in for a bad time.
Looking for a new internet service provider? Check out our list of the best rural ISPs.
Keep your devices healthy
Perform regular scans for malware, viruses, and malicious apps
One of the most important things you can do to ensure your data stays secure is run regular malware scans on your devices. This applies primarily to Windows computers, although—contrary to popular belief—Macs aren’t immune to viruses. Android phones can also be vulnerable.
The only device we don’t recommend antivirus for is the iPhone. Due to the locked-down nature of the system, there’s not much an antivirus app can do on an iPhone, even if the device was somehow infected with malware. The bigger problem on iPhone and iPad is malicious apps masquerading as trustworthy ones, although Apple does a pretty good job of keeping these off the App Store.
There are a lot of antivirus options on the market. We like Malwarebytes, Norton, and Bitdefender, but they all do more or less the same thing. Note that these apps can be pricey, but we generally feel they’re worthwhile investments. Also they can sometimes slow down devices. If that happens to you, you can disable the real-time monitoring feature and run a scan on an as-needed basis (say, once a week or so).
Only install apps from trusted sources
Speaking of malware, we highly recommend only downloading software from a trusted source. On smartphones and tablets, that means using the device’s official app store. On Mac, the Mac App Store is also a great resource.
If you have to get software outside of the app store, we recommend only downloading from the software’s official website. Installing an app that looks legit, but isn’t, is one of the most common vectors for malware, data loss, and identity theft. Be careful!
Keep your devices (and apps) updated
You know those pesky software updates that interrupt what you’re doing and cause your devices to reboot? Yes, they may be irritating, but they’re also critical to your security and information privacy. That’s because these updates usually contain a slew of security fixes to patch up vulnerabilities in the system. The same is true for your apps and software.
To make things easier, we recommend leaving automatic updates on. You can defer the updates if you’re in the middle of something important or if you’re not sure a key piece of software will work with it, but don’t wait too long.
Use internet safety best practices
Use social media wisely
Social media remains a fantastic tool for sharing with friends and keeping in touch with loved ones. That said, it’s important to remember the risks involved with putting our lives out on the internet and take steps to mitigate them.
For example, you should spend time personalizing privacy settings to ensure you know exactly who can see your content. You may also want to turn off location tracking for posts so viewers can’t see where you are. Finally, it’s a smart idea to only click links from trusted sources.
Be smart about passwords
One of the most basic, and yet most important, things you can do for online privacy is ensure your passwords are up to snuff. These are your first line of defense against unwanted access to your accounts, so they should be strong and unique.
A strong password is often defined as one that’s at least 10–12 characters long, with a combination of uppercase and lowercase letters, numbers, and symbols. You should never use a word that can be tied to you personally, such as a pet or child’s name.
The purpose of making your passwords long and complex like this is to prevent guessing and brute-force attacks. The longer a password is, the more combinations of characters a hacker or program needs to guess, and this increases exponentially.
An 11-character password with only lowercase letters would take just one day to crack. Add a letter to make it 12 and it jumps to 3 weeks. Mix in some uppercase letters and you get 300 years! It gets better, though.
A 12-character password with at least one uppercase letter, number, and symbol would take 34,000 years to crack by brute force. Make it 13 characters and this jumps to an astonishing 2 million years. You get the picture.
Finally, you should avoid reusing passwords across multiple sites whenever possible. This practice helps minimize the damage if someone does get ahold of your passwords. Using a password manager like LastPass can help keep all these complex passwords under control without you having to remember them all, but you can also just write them down on a piece of paper (not a digital document). Someone would have to actually break into your home and find the document to steal them, which is relatively unlikely—but keep it somewhere secure as well. We don’t recommend the sticky-note-on-your-monitor approach.
Enable two-factor authentication
Two-factor authentication (2FA) is a system that requires you to authenticate yourself via two different means in order to log into an account. The first “factor” is your password. The second is usually a code that’s sent via text message or email, generated randomly in an app like Authy, or created on a physical authenticator device.
Two-factor authentication is an extremely powerful way to protect your accounts. Since the second factor requires access to a personal phone, email account, or physical device, you’d have to have been both hacked and robbed in order for your account to be compromised.
Many accounts and services support two-factor authentication, including most major social media platforms and email providers. You can usually find the option in your account settings, in the same place where you manage your password. We recommend enabling it everywhere it’s available. While it might be slightly inconvenient at times, the security benefits are just too good to not use.