F-Secure’s new Data Discovery Portal helps you uncover the wealth of data tech giants store about you. Once you click through it, you are likely to ask yourself “What can I do to keep Google, Facebook, Twitter, and other companies out of my private life?”
This is a fair question. And it deserves a real answer. You shouldn’t have to sacrifice your privacy to use the internet like a normal human being.
But everything you share on these sites, down to the photos you post, is tracked and processed. Often in ways most of us don’t even want to think about. And that won’t change in the foreseeable future.
Quitting may not be an option.
The easy answer is to quit. Delete your accounts. That’s it. Actually, even that’s not so easy.
But there’s a reason Facebook continues to grow despite a streak of privacy scandals that resulted in a record $5 billion fine (which represents less than 1% of Facebook’s nearly $600 billion market capitalization).
For many people, the services Facebook, Google and other tech giants offer are the internet. They help us keep in touch with loved ones, keep up with the world, and may even be essential for people’s jobs. And these services won’t offer anything for “free” unless they get something in return.
It’s not possible to avoid having the services you use track you while you are using them. But there are steps you can take to limit the amount of data you offer to them, and any hacker who breaches these systems or takes over your accounts.
Here are some tips on how you can start to take back your private life.
Separate social media from your private data.
When you use social media, you have to assume that everything you’re doing could become public or, at the very least, used to profile you.
Take a look at how much Google knows about you:
Erka Koivunen, F-Secure’s Chief Information Security Officer, suggests that if you want true privacy when you’re communicating online, you should use an encrypted app. He recommends Signal and not WhatsApp, noting that WhatsApp is more secure than SMS or email but creates a “shadow profile” based on your activity.
Otherwise, you should assume that sites have access to your Facebook messages, your Twitter direct messages, and your Google Gmail. While a human may not read them directly, computers may parse them in order to target you with ads.
Erka also recommends physically separating your social media activity (especially Facebook and Twitter) from the more private things you do online (such as online shopping or accessing financial accounts).
“Use one browser for social media activities, and then a different browser for work-related stuff and random web surfing,” he says. “Facebook has trackers on virtually every page on the internet – and they’ll track you even when you are outside their platform.”
If you’re really interested in privacy, he recommends doing what some of his colleagues do: only use Facebook on a dedicated browser on a hardened throw-away computer.
“This may be too much of a hassle for most,” he says. “But it’s a step you need to take if you want to use Facebook and maintain your privacy.”
The role Google plays in the lives of millions, if not billions, of internet users is truly awesome.
When you use the Data Discovery Portal, you’ll see that your Google archive can include up to 44 “products” ranging from Calendar and Google Photos to your YouTube history. For a sample of what the site might know about you, take a quick look at Google Activity for a detailed record of your recent Google searches and sites visited using Google’s Chrome web browser.
If you’re committed to using Google but don’t want to create a data trail of everything you do related to the site, use it without logging in. Many of us spend our lives logged into Google without thinking about it. So inside your dedicated social media browser (not Chrome if you want to avoid Google’s tracking), go to Google.com and click on the upper right corner circle to log out. Or just never log in if you haven’t already done so.
If you want to use Gmail, you will have to log in. And unless you log out of Google every time you’re done, you will be tracked all the time.
If you’d rather not deal with these issues at all, consider using alternatives to Google. You can use a paid email service like ProtonMail, or a privacy-focused web search service like DuckDuckGo.
Lock down your privacy settings.
Privacy settings are designed to meet the service providers’ needs, not yours. They change constantly and do not guarantee your privacy in any way.
However, Erka still advises checking them out and locking them down as best you can. At the very least, disable Facebook’s ‘Application Platform’.
“I recommend disabling it and keeping it disabled for the simple reason that it effectively reduces one’s exposure to Facebook worms and trojans that seek to highjack your online identity and put it under the control of a puppet master half a world away,” Erka says. “Even if my personal OPSEC (operational security) fails and I click a malicious link, chances are that by disabling the App Platform, I will get away unscathed.”
You should also consider locking down identifiable details like your age, relationship status and location.
Facebook – and, likely, anyone who hijacks your account – will still know these details or be able to figure them out. But anything you can do to limit how easy it is to impersonate your identity online is a good thing.
If you want to take even more steps to secure your accounts and your online life, check out this guide to locking down your LinkedIn profile. You can also listen to this episode of our Cyber Security Sauna Podcast featuring Erka giving more OPSEC advice.