1. Keep your contact information private.
When a website asks for your information, you don’t have to share it. If you must give it out, use an alias with sites you don’t trust. You can start a separate email account for shopping or signing up for new accounts; be sure not to mix it with the address you use for friends and others you trust- that’s how they connect your activities to you. The best way to do this is with Blur, which allows you to ‘Mask’ your identity by generating new email addresses and strong passwords each time you are asked to create an online account.
When creating security questions for online accounts, use “fake” answers that only you know – anyone can Google your mother’s maiden name, or figure out your high school mascot.
2. Don’t click on suspicious links or emails.
If you receive an email or text message that feels a bit “off”, it probably is. You should never, under any circumstances, click on a suspicious link. Phishing scams are malevolent attacks to obtain stolen personal information. Many phishing scams attempt to impersonate a bank representative or an IRS agent, baiting their victims into divulging personal details like bank account numbers, social security numbers, and answers to security questions. Most legitimate institutions won’t ask you to give out your personal information over email after clicking a link. If you’re ever in doubt about a suspicious message or link, contact the organization who sent the message using a different form of contact. For example, if you received a suspicious looking email from Bank of America, try calling the bank on the phone directly and inquiring about the message, rather than clicking any links.
3. Delete what’s out there.
There are countless companies (and new ones appearing all the time) called data brokers that collect huge amounts of personally identifiable information (PII) from a variety of sources like government public records and social media. They will sell this information to anyone with a few bucks to spare and can help to facilitate ID theft. You can remove your information from these sites with DeleteMe’s DIY Guide, but the process can be very tedious and time-consuming. Instead, you can use DeleteMe, which removes your information from the biggest data brokers for just $129/ year.
Request that a company delete the information they have about you once you no longer need their service. E.g. if you change healthcare providers, contact the old healthcare provider to delete the information that they have about you.
4. Use strong passwords. Use a password manager.
Although likely overstated at this point, using strong and unique passwords for all of your online accounts is absolutely essential to staying safe online. It’s impossible to remember all of your passwords, so it’s important to use a password manager like Blur. Blur is free to use (they do have paid versions) and will help you create and manage all of your strong passwords.
If you’re using the same password for all (or many) of your online accounts, your compromising your own security and privacy. If an ID thief were to learn the password for your online banking portal, what else would they know the password to?
5. Use Two-Factoractor Authentication (2FA or MFA) whenever possible.
Two-Factor Authentication requires you to use two “factors” in order to gain to access sensitive information – for example, when logging into your Amazon account – providing an extra layer of security. In addition to a username and password, you’re usually required to provide a “single-use” code when logging in. In most cases, you can have a code sent to your phone. Using 2FA makes gaining access to your online accounts nearly impossible for hackers and data thieves.
6. Use a VPN (Virtual Private Network).
Using a VPN, or Virtual Private Network, will reroute your IP address, disguising and encrypting your browsing traffic while you surf the web. Without a VPN, your Internet Service Provider (e.g. Comcast or Verizon) can monitor your browsing activities. This may be used for marketing purposes, or to sell the information to other businesses and advertisers. Similarly, using a VPN will keep hackers from being able to intercept your browsing activities – a common practice among ID thieves. Before choosing a VPN, be sure to do a thorough review of each software — some VPNs like Psiphon sell your browsing data to third parties to make a quick buck and keep their software cheap.
Avoid public wifi hotspots at all costs. If you must use them, be sure to protect yourself with a VPN.
7. Stop secret tracking.
There are thousands of hidden “trackers” online that follow your every move when surfing the web. You can stop them with a tracker blocker like Blur, which blocks marketer’s attempts to track your browsing activities, and it even blocks their attempts at re-targeting you on different websites that you visit in the future.
8. Use a private browser.
A private browser will not track your online activity like Google Chrome will. You’ll be able to use the internet without your browser saving things like cookies, temporary files, and a history of the pages you visit. Incognito mode on Chrome or similar function on other browsers do this, but only to some extent. To be truly private, check out Epic Privacy Browser, Brave Browser, or try DuckDuckGo’s browser extension.
9. Use an encrypted messaging app.
Using an encrypted messaging app like Signal, WhatsApp or Telegram will ensure that only the people who are able to read your conversation are the ones who participated in it. This way, you can prevent snooping and make sure that your messages aren’t being used for marketing and advertising.
10. Use a private email client.
Email clients like Gmail or Yahoo read your emails in order to send you ads. Gmail even goes so far as to track your location data and your purchase history. Instead, consider using an email service like Fast Mail or ProtonMail, who won’t read your emails. If you don’t want to give up your current email address, you can use Blur’s Masked Email feature for your online accounts and shopping. You can prevent Masked Emails from forwarding to your account, so they cannot be used in marketing.
If you don’t like it, speak up!
You have the right to privacy, but you need to stand up to protect that right. If you’re not happy with a site’s privacy policy or your not happy with how they treat your personal information, speak up! Support organizations like the American Civil Liberties Union (ACLU), the Electronic Privacy Information Center (EPIC), and the Electronic Frontier Foundation (EFF). Sign petitions and talk to people you know about why privacy matters. The more people are talking, the harder we are to ignore!