Before migrating my website from WordPress to Ghost, I had a post up about my 2020 New Year's Resolution to tighten up my online privacy through a series of very easy choices. I hopped over to the Internet Archive and pulled up a snapshot of that post from 2020 and have copied it here below, but with some significant edits and revisions for 2022.
My approach is simple:
- Install browser extensions that block trackers.
- Move away from Google services as much as possible.
- Install and use a 3rd party password manager.
- Cease using Facebook/Meta products as much as possible.
- (Optional) Subscribe to a VPN service.
Browser Extensions
As a Mac/iOS/iPadOS user, I use Safari for a lot of my browsing out of convenience; it also helps that Apple takes user privacy very seriously.
Some websites allow hundreds of different data collection companies to watch you, build a profile of you, and serve you ads as you browse the web. Intelligent Tracking Prevention in Safari uses on-device machine learning to help block those trackers. And you can get a snapshot of all the cross-site trackers Safari is blocking by visiting your Privacy Report in the Safari toolbar.
Advertisers can also create a “fingerprint” of your device to target you based on characteristics like your browser configuration, and fonts and plug-ins you’ve installed. To help prevent this, Safari has built-in fingerprinting defense, which shares a simplified system profile with websites you visit. Making it even more difficult for data companies to identify you.
If you don't have Safari and their Intelligent Tracking Prevention, I recommend using Firefox, and installing the following two extensions:
In addition to blocking advertising and ad trackers (UBlock Origin) and all trackers (Privacy Badger), you'll also notice dramatically faster browsing and an ad-free experience on news websites, Twitter timeline, et cetera.
Detach from Google Services and Gmail
I’ve been a loyal Gmail user since April 2004. I have my entire adult digital life stored in my [email protected] address. My first two startups were run from that account and I can leverage the power of their search and summon anything in the 18+ years of use.
While completely amazing, that scares the bejeezus out of me because I have no control over my data or how it’s used. Everything is residing with Google, and likely used to help target advertisements specifically to me. No company should know that much about me.
Let’s be real: Google is not a good company when it comes to privacy and security (see: Exhibit A, Exhibit B). Google – or any company, for that matter – should not be able to cobble together data found in my Gmail inbox that contains recent online purchases, what credit cards I use, my mortgage documents, due dates, et cetera. It’s predatory bullshit, and I don’t have to acquiesce.
Solution: Fastmail
I did a lot of research over the past week or two about email hosting. The new provider had to, at a minimum:
- Value user privacy and prioritize security.
- Allow for a custom domain to sever dependencies on one service (e.g. I was locked into my [email protected] address and it isn’t portable – it’s tied to Google forever and ever).
- Never, ever rely on advertisements for revenue generation.
- Fully integrate with macOS, iPadOS, and iOS, as well as offer a robust webmail interface.
- Offer enough storage to last another 15+ years of email.
I found all that and more with Fastmail, who has an operating model based on “service in exchange for money” — you know, the old fashioned way of running a business.
I made the switch to Fastmail with my bolen.co domain and couldn’t be happier. The service is $50/year, which I’m more than happy to pay to take back my data and provide a sense of privacy.
2-Factor Authentication
A few weeks ago, I received an email from Hulu that someone in the U.K. signed into my account on their iPhone. I thought I had a pretty solid password, but as it turns out, it was reused, and likely found via a breach.
I’ve been using 1Password to manage passwords on macOS and iOS for a long time, but this was truly my wake-up call. While having a memorable, reusable password for multiple services is nice, it’s not as secure as a second-step authentication method (authenticator app, SMS, etc).
What I love about 1Password is the Watchtower feature. It shows, at a glance, the number of compromised passwords from breaches, passwords that may be vulnerable, passwords that you’ve reused, and passwords to unsecured (read: non-https) logins/websites.
My goal for the new year is twofold:
- Replace all duplicate and weak passwords with new, unique passwords.
- Use a 2-step authentication method on every site that offers one.
An added bonus: I have an Apple Watch and can store my One-Time Passwords (OTP) for frequently visited sites in the 1Password Apple Watch app for easy access. There’s really no excuse to not lock everything down.
Delete Facebook
Facebook sucks. It’s a pox on our democracy and is truly an evil company who’s quest for growth and engagement trumps (pun intended) your rights to privacy and security.
- The Facebook mobile application has access to your microphone (unless you disable it via settings).
- The Facebook mobile application destroys your phone battery life.
- Facebook, in general, tracks your every move across the internet.
I am not really in a position where I can fully close my Facebook account for myriad reasons, but I can control how I access the platform and how they access me/my usage. To that end, I am proactively:
- Removing Facebook from all mobile and tablet devices.
- Only accessing Facebook from a secure Facebook Container in Firefox.
- Limiting my exposure to Facebook to only a few visits per week.
Besides, who needs to be exposed to casual white supremacy and anti-tax sentiments thanks to their news feed algorithm?
VPN Service
It's really hard to find quality reviews of VPN services on the internet. Once you search for something like "best VPN 2022," you're flooded with sites that are stuffed with affiliate links. It's big business, but it sucks when you're trying to get an actual review of a service.
So, reader, I offer you this affiliate-free recommendation: NordVPN. I've been using it for 3+ years and it seems to work perfectly fine on all of my devices.
Conclusion
I really hope this list inspires you to take your account privacy seriously. I cannot stress enough how easy it is to make the small, incremental changes to your online habits, and how you get such an outsized benefit for doing so.