Lemme ask you a question: you got something to hide?

Don’t answer. You’ll look really stupid talking to your screen, and I already know the answer. Of course you do. Everyone does. You might not know it, but trust me: you and your browsing history are a goldmine of data and there are a lot of people who want your nuggets. Governments want to know what you’re doing, marketers want to know how to make you spend money, and there are bad dudes out there who just want to figure out how to take it. It’s a privacy nightmare.

But hey, good news: I don’t give a fresh umber colored kiwi what you do on the internet. In fact, I’m so actively, passionately disinterested in ever finding out, I’m going to spend the next couple of minutes giving you all the tips and info you need to keep your business so private nobody will know what you do online — even you, if you drink hard enough.

So let’s get started.

View the full infographic

Why do companies want my data?

“But Jack”, you might be thinking, “I’m not a strong-haunched superstar like you, I’m just some human. My data can’t be that valuable”. And you’re right, you don’t have a superstar haunch like mine, but you still have a pulse, and that means you’re potentially worth a lot of money to someone. Data is the new oil, after all, and online activity (what you click on, search for, stream, type, buy, not buy...) is the most valuable resource in the world.

If you think I’m being paranoid, you’re right. It’s sort of my thing. But I have plenty of reasons to be.

You're worth $$$$

The Google universe (which includes YouTube), Facebook, Amazon, Apple, and Microsoft hoards so much user data that it was collectively worth $3 trillion by the end of 2017. That’s 442 billion pieces of avocado toast for the kids.

Google, Facebook, etc. make money by knowing you really, really well — so they can sell you to advertisers. The better they know you (your age, gender, family, what you like, what you don’t like, the state of your finances…), the more money they can sell you for. Kinda like pimps.

To more than the big 5

Oh, but they’re not alone. There are lots of companies that track your online behavior every day. For example, there’s one marketing firm that owns an average of 3,000 pieces of personal data about each of the 350 million people in their database. And that’s pretty standard in the business.

And your boss is a creepy douche

And then there’s your employer, who wants to know if you’re planning to shoot up in the bathroom. And the government, who wants to know if you’re planning to shoot up… anywhere. As well as anything else about you.

If your personal data is the new oil, then you’re fertile, delicious, pre-2012 Venezuela.

How are they gathering my data? (super easily)

Grabbing your data ain’t exactly as tricky as stealing the Declaration of Independence.

Your IP address

Some crazy people name their computers, but as far as the internet is concerned your computer’s ID is a string of 11 numbers and three dots that tells them who you are and where you’re connecting from. Kind of like a license plate, if your license plate took notes on every road you drove on and where you park.

Case in point: Canada's privacy commissioner ran an IP address through a couple of search engines (Google, Bing), and found, among many other things:

Searches for legal advice due to a personal injury

Visits to sites about a specific religious group

A variety of usernames used around the web

Participation on an internet board, and…

Some perverted stuff HMA!’s not letting me talk about

And that’s just with Google. And while I know it’s not hard to find disturbing stuff on Google, this is still pretty messed up. Especially since it is really easy to find someone’s IP address: it’s logged on websites you visit, it can be grabbed by browser add-ons, and it can be included in your emails.

Google

Anyone who thinks Google can be trusted with your data is more naive than my Uncle Kevin, and my Uncle Kevin thought the trip to the glue factory was a good idea. Just like every other company in existence, Google ain’t your friend, buddy.

For example, Google said they’d stop reading your Gmail emails in order to show you targeted ads in 2017… but they're still reading your emails — just not for ads. Google's lawyers must have been really proud of themselves for that amazing legal maneuvering.

Look, hooves to the fire, I’ll admit it’s got upsides. It can add events and reservations to your calendar, detect spam and fraudulent sites, and let you use that newish Smart Reply function if you’ve had one too many and you can’t text without smashing your face into the screen.

But it was Ben Franklin who said “Those who would give up a lot of privacy for a little convenience deserve neither privacy nor convenience”, or something like that. I might be misremembering it, so… I could Google it, but that would defeat the purpose of this whole section about online privacy.

And if you think it stops there, you must be eating what they turned Uncle Kevin into. Google doesn’t need Gmail to know everything about you: it uses its search engine, the Chrome browser, YouTube, Google Maps, Google Drive, Google Play, Google Books — whatever it can get its hands on — and sells all that sucy data to the highest bidder, and then the lowest bidder, and every bidder in-between. Here’s the full list if you’re a masochist for this junk.

Can’t get worse? Of course it can, my friend. That’s why I’m excited to reveal that Google has started attaching things like your real name and phone number to their delightful data packages.

Facebook/social media

“What do you mean, the website I post all my personal crap on collects all my personal crap?”

Yeah, ease off the sarcasm there, buddy, that’s my job. You might be at peace with the idea that Facebook is creepy, but do you know just how creepy they are? Every time you click a “like”, Facebook makes a little map of all the places you’ve been online. Even when you don’t click that button. Even if you’re logged off Facebook. Even if you don’t have a Facebook account. Are you stalking me right now, Facebook? (I hope not, I’m about to hit the hay. And I got my favorite jelly).

But hey, don’t take it from me. Judging from some of his old IM records, Facebook founder Mark Zuckerberg himself agrees with me:

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb &@#$s.

Of course, ol’ Zuck didn’t censor himself. I had to do that to keep you special snowflakes from getting offended at a bad word. So try getting offended at how Facebook is treating you instead.

Have an account at _____?

Yeah look, I should probably stress for the more naive in the audience that these aren’t special cases. Everyone has ways to gather data on you.

Signed into Yahoo? Then you’re being tracked across searches, emails, news sites, and more. That Microsoft Account you use to log in to Skype, Outlook, Xbox Live, etc.? Also being tracked. Your Apple ID? They’re not thinking different about your data. I could go on and on and on...

You get the point. You sign up with any online service, you don’t sign up for online services — you’re getting tracked.

Cookies (the computer kind)

No, pastries aren’t being lil’ snitches: whenever you visit a website, it drops a little bit of data onto your computer as a matter of course. It’s not unusual. Not sure why they’re called cookies, there are a few conflicting stories and they’re all boring, but what matters is, they’re everywhere.

The thing is, cookies are a lot like vegetables: they’re good for you and help things run smoothly, but they’re also a little hard to swallow, and they sell your personal information to advertisers and aren’t like vegetables at all.

If you live in the European Union, you probably knew all that thanks to the “cookie law”, which is why websites won’t shut up about asking your permission to gather your data. If you live someplace without a cookie law, just know that they’re always there. Watching you. Taking notes. Being weird.

Your online fingerprint

Unless you wear gloves all the time like me (I need to hide my mutant freak-hooves), you probably leave your fingerprints all over the place. Even on your browser.

Web cookies can be deleted, and IP addresses aren’t fixed, so the people and companies that want to track you cannot rely on them alone. So what they do is add all the personal data that’s being leaked from your browsers and plugins (seemingly harmless things like your screen resolution, the fonts you use, the accounts you’re logged into, etc.), mix it all together, and concoct your own super-accurate unique profile, which can be traced back to you even across different browsers.

That right there is your online/digital fingerprint. And just like my mutant freak-hooves, you can’t melt it off with acid.

Why should you care about private browsing?

Because you shouldn’t be for sale. You’re a person. Not a product. Act like it, dammit.

You’re a person. Not a product. Act like it, dammit. Because it can cost you money. For example, a travel company or airline could look at the country you’re visiting it from and adjust their prices accordingly, or increase the price for a ticket or room everytime you check it to freak you out into booking it.

For example, a travel company or airline could look at the country you’re visiting it from and adjust their prices accordingly, or increase the price for a ticket or room everytime you check it to freak you out into booking it. Because it’s safer to stay private. There are a lot of sickos out there, and you might be closer to one than you realize. The less they know about you, the better.

There are a lot of sickos out there, and you might be closer to one than you realize. The less they know about you, the better. Because it can get you fired. The kind of stuff you do online should be your own business, but not everyone agrees, and it could cost you your job now, or a new job later. Screw that.

As promised, here’s your guide to browsing privately

Now that I’m done trying to scare the crap out of you, let’s talk solutions. Because while you can’t punch Facebook in the face, you can still flip it the metaphorical bird.

Basic-ass level

So, want to pretend you’re doing something useful to keep your privacy protected? Then this is the level for you!

Your browser’s incognito mode

What it is: Your browser likely has an incognito / private / invisible mode, which gives you a few privacy enhancements on your machine only. Better than nothing. Technically.

Your browser likely has an incognito / private / invisible mode, which gives you a few privacy enhancements on your machine only. Better than nothing. Technically. How it works: When you launch incognito mode, your browser doesn’t store your history, searches, and cookies for later. Once you close your private browser window, anyone who uses your device after you won’t be able to see what you did.

When you launch incognito mode, your browser doesn’t store your history, searches, and cookies for later. Once you close your private browser window, anyone who uses your device after you won’t be able to see what you did. What it does: Incognito mode is good for two things: buying tickets for airlines or hotels, or for when you share your computer with someone and you don’t want them knowing what you’re doing. In the former case, it prevents the constant jack-up of prices that cookies normally allow, and in the latter… that’s pretty self-explanatory. Just don’t forget to disinfect the keyboard.

Incognito mode is good for two things: buying tickets for airlines or hotels, or for when you share your computer with someone and you don’t want them knowing what you’re doing. In the former case, it prevents the constant jack-up of prices that cookies normally allow, and in the latter… that’s pretty self-explanatory. Just don’t forget to disinfect the keyboard. What it doesn’t do: Kinda like man nipples, incognito mode feels good but it’s pretty useless. It doesn’t stop your internet provider, your employer, your school, your government, or the sites you visit from seeing what you’re up to. Nothing, nada, zilch.

Do Not Track request

What it is: Most browsers now come with a “do not track” option. It lets you theoretically “opt out” of being tracked by sites you visit.

Most browsers now come with a “do not track” option. It lets you theoretically “opt out” of being tracked by sites you visit. How it works: Once you’ve enabled your browser’s “do not track” function (see how for Safari, Chrome, Firefox, Explorer, and Edge), your browser’s HTTP header will politely ask every website you visit to please not track your activity, install cookies, or collect data about your browsing habits.

Once you’ve enabled your browser’s “do not track” function (see how for Safari, Chrome, Firefox, Explorer, and Edge), your browser’s HTTP header will politely ask every website you visit to please not track your activity, install cookies, or collect data about your browsing habits. What it does: … and then the website will ignore your browser’s request, and continue tracking you. Because that’s all it is: a polite request.

… and then the website will ignore your browser’s request, and continue tracking you. Because that’s all it is: a polite request. What it doesn’t do: Anything. You’re still every bit as trackable as before you asked not to be tracked. There are no laws compelling websites to comply with your request, so most of them pretend they didn’t hear you. Enjoy your placebo, though.

Anonymous email

What it is: An inbox that’s designed for anonymity and privacy, so the world doesn’t know how many people you invited to your cat’s bar mitzvah.

An inbox that’s designed for anonymity and privacy, so the world doesn’t know how many people you invited to your cat’s bar mitzvah. How it works: Some anonymous email services give you a temporary, disposable address, perfect for one-time signups or a quick exchange. Some are browser add-ons, so you can use them as you navigate. Some of them really, really want you to know they’re based in Switzerland.

Some anonymous email services give you a temporary, disposable address, perfect for one-time signups or a quick exchange. Some are browser add-ons, so you can use them as you navigate. Some of them really, really want you to know they’re based in Switzerland. What it does: A proper anonymous email service can help encrypt the messages you exchange, and avoid using any identifiable details that could link you to the email address in question.

A proper anonymous email service can help encrypt the messages you exchange, and avoid using any identifiable details that could link you to the email address in question. What it doesn’t do: Your laundry. Or anything outside of email security.

HTTPS Everywhere

What it is: A magical little plug-in that makes sures all your connections have a proper HTTPS address.

A magical little plug-in that makes sures all your connections have a proper HTTPS address. How it works: Pretty much as written on the tin. Install it on your Opera, Firefox, Chrome, or Android, and it’ll rewrite all your connection requests to ensure you get authentic, honest-to-god HTTPS, rather than some cheap low-quality knockoff.

Pretty much as written on the tin. Install it on your Opera, Firefox, Chrome, or Android, and it’ll rewrite all your connection requests to ensure you get authentic, honest-to-god HTTPS, rather than some cheap low-quality knockoff. What it does: A HTTPS address is about the lowest standard of online security you can expect from a website. So this extension is your wingman on the net steering you away from the worst, most open sites and being all “man, you can do better, respect yourself”. Not to say that it’s standards are much higher: all it really does is offer some small level of protection from being spied on by hackers or whatever.

A HTTPS address is about the lowest standard of online security you can expect from a website. So this extension is your wingman on the net steering you away from the worst, most open sites and being all “man, you can do better, respect yourself”. Not to say that it’s standards are much higher: all it really does is offer some small level of protection from being spied on by hackers or whatever. What it doesn’t do: Anything extraordinary. It won’t stop your ISP or anyone else working through legal channels from knowing who you are or what you’re up to, so while you’re not exactly an open book, you’re more like a teenager’s diary: mom and dad will stop an annoying little brother from stealing it but they’re definitely reading it when you’re at school.

Smart-ass level

Oh, you’re still reading? Good to see you’re serious about privacy.

VPN

What it is: Besides being my purpose for living, a Virtual Private Network (VPN) is an app that obscures your activity so that nobody on the outside can see where you came from, where you are, what you’re doing, or where you’re heading online.

Besides being my purpose for living, a Virtual Private Network (VPN) is an app that obscures your activity so that nobody on the outside can see where you came from, where you are, what you’re doing, or where you’re heading online. How it works: You download a VPN to your computer, smartphone, and/or tablet. You switch it on. You select a location from a list. The VPN will encrypt your connection and route it through a server at your selected location, hiding your activity and your location from anyone trying to spy on you.

You download a VPN to your computer, smartphone, and/or tablet. You switch it on. You select a location from a list. The VPN will encrypt your connection and route it through a server at your selected location, hiding your activity and your location from anyone trying to spy on you. What it does: It hides your searches, your downloads, your page visits, etc. from hackers, nosey neighbors, your employer or school, and the government. A VPN makes public Wi-Fi secure, since everything you do is encrypted and therefore gibberish to anyone who may be watching. Also, it lets you see the web as if you were in the country of your choice, which is great for getting around censorship or geoblocks. Finally, it makes you a sex god. [citation needed]

It hides your searches, your downloads, your page visits, etc. from hackers, nosey neighbors, your employer or school, and the government. A VPN makes public Wi-Fi secure, since everything you do is encrypted and therefore gibberish to anyone who may be watching. Also, it lets you see the web as if you were in the country of your choice, which is great for getting around censorship or geoblocks. Finally, it makes you a sex god. [citation needed] What it doesn’t do: A VPN can’t stop you from handing over data to advertisers, Google, Facebook, and others, either directly by logging in to their services or indirectly via fingerprinting. It also can’t stop spies from just looking over your shoulder, so try to retain at least a little spatial awareness.

Of course, my bosses up top are telling me this is the perfect time to shill our product, so: get HMA! Pro VPN to keep your data safe from online hackers, spies, and thieves! It’s so good your life will never be the same.

Clearing your Flash cookies

What it is: Flash cookies (also known as “Local Shared Objects”) aren’t like normal cookies, although they function similarly. They save your browsing data when you go to websites that use Adobe Flash, hence the name, but unlike normal cookies they aren’t saved on your browser. And yes, they’re exactly as boring as this whole paragraph was.

Flash cookies (also known as “Local Shared Objects”) aren’t like normal cookies, although they function similarly. They save your browsing data when you go to websites that use Adobe Flash, hence the name, but unlike normal cookies they aren’t saved on your browser. And yes, they’re exactly as boring as this whole paragraph was. How it works: Advertisers are constantly developing new tools to get their fix of user data. The Flash plug-in does that, and it gets away with it by being an add-on component and technically not a cookie. To get rid of them, go to the Adobe Settings Manager in your browser, and clear some or all of your Flash cookies through the storage panel — or just get a tool like CCleaner to do it for you, slacker.

Advertisers are constantly developing new tools to get their fix of user data. The Flash plug-in does that, and it gets away with it by being an add-on component and technically not a cookie. To get rid of them, go to the Adobe Settings Manager in your browser, and clear some or all of your Flash cookies through the storage panel — or just get a tool like CCleaner to do it for you, slacker. What it does: Removing Flash cookies ensures you’re not leaving any crumbs of personal activity behind after you flush out all the other regular, easy-to-delete browser cookies. Otherwise it’s just like emptying out your garbage bin when you have a mountain of used adult diapers sitting in your guest shower: you technically made things cleaner but you shouldn’t go patting yourself on the back.

Removing Flash cookies ensures you’re not leaving any crumbs of personal activity behind after you flush out all the other regular, easy-to-delete browser cookies. Otherwise it’s just like emptying out your garbage bin when you have a mountain of used adult diapers sitting in your guest shower: you technically made things cleaner but you shouldn’t go patting yourself on the back. What it doesn’t do: Important as it is, clearing your Flash cookies does nothing to encrypt and secure your browsing, searches, online shopping, banking, etc. It’s just a routine chore you gotta do every couple of days, like taking a shower or feeding grandpa.

Flushing your DNS records

What it is: Think of the DNS (domain name system) cache as your browser’s phone book. It uses it to know exactly where to send you, whenever you ask it to take you a specific site. Anyone who has access to your computer (even remotely) can, with a bit of technical know-how, get the list of sites you’ve visited by messing around in the DNS cache — even when you’ve been using incognito mode.

Think of the DNS (domain name system) cache as your browser’s phone book. It uses it to know exactly where to send you, whenever you ask it to take you a specific site. Anyone who has access to your computer (even remotely) can, with a bit of technical know-how, get the list of sites you’ve visited by messing around in the DNS cache — even when you’ve been using incognito mode. How it works: Look, we’re about 50 paragraphs in and we all got better things to do, so just check out these guides for Mac, Windows 10, and a number of browsers. Rebooting and restarting your router clears up its own DNS cache, to be on the safe side.

Look, we’re about 50 paragraphs in and we all got better things to do, so just check out these guides for Mac, Windows 10, and a number of browsers. Rebooting and restarting your router clears up its own DNS cache, to be on the safe side. What it does: Flushing your DNS records stops people with access to your computer from reading your DNS cache and extracting a neat list of everything you’ve visited. So if you decide to bunk with Edward Snowden, this is a must-do.

Flushing your DNS records stops people with access to your computer from reading your DNS cache and extracting a neat list of everything you’ve visited. So if you decide to bunk with Edward Snowden, this is a must-do. What it doesn’t do: Protect your privacy while you browse. Like the Flash Cookies thing, it’s just a chore you gotta remember to do.

OTR Encryption

What it is: OTR (or Off the Record, if you don’t want to sound pretentious) is a kind of messaging app that lets you talk to others in a completely secure, 100% private channel. Perfect for planning a birthday party for your creepy, obsessive friend, or creating a shrine for that fella who just doesn't love you that way. Yet.

OTR (or Off the Record, if you don’t want to sound pretentious) is a kind of messaging app that lets you talk to others in a completely secure, 100% private channel. Perfect for planning a birthday party for your creepy, obsessive friend, or creating a shrine for that fella who just doesn't love you that way. Yet. How it works: To dumb it down, it basically uses a bunch of hashes and encryptions to make peeking into the conversation impossible for anyone except the one other person you’re talking to.

To dumb it down, it basically uses a bunch of hashes and encryptions to make peeking into the conversation impossible for anyone except the one other person you’re talking to. What it does: Ensures nobody — not a single other person — can spy on your instant messages. There are no logs, no breadcrumbs, no nothing. It was as if the conversation never happened.

Ensures nobody — not a single other person — can spy on your instant messages. There are no logs, no breadcrumbs, no nothing. It was as if the conversation never happened. What it doesn’t do: What do you think, smart guy?

NoScript

What it is: NoScript is a browser extension for Mozilla-based Web browsers (So that’s Firefox and… Seamonkey? Is that a thing?) that stops all Flash, Java, Javascript, and other plugins from running on sites without your permission.

NoScript is a browser extension for Mozilla-based Web browsers (So that’s Firefox and… Seamonkey? Is that a thing?) that stops all Flash, Java, Javascript, and other plugins from running on sites without your permission. How it works: Kinda covered this base in the section above.

Kinda covered this base in the section above. What it does: Most of the tools trackers use to get your data are executed via plugins and the aforementioned scripts, so putting a stop to them means disarming the main data mining tools your online stalkers employ. It’s also pretty good for stopping web-based malware.

Most of the tools trackers use to get your data are executed via plugins and the aforementioned scripts, so putting a stop to them means disarming the main data mining tools your online stalkers employ. It’s also pretty good for stopping web-based malware. What it doesn’t do: Anything for people who prefer Chrome or Opera. It also doesn’t work for Edge but let’s face it: no one’s using Edge anyway. Like most of these tools, it also can’t stop you from volunteering information to search engines and social media.

Paranoid-ass level

Now we’re talkin’ my language.

Tor

What it is: Tor stands for The Onion Router (onion, because of its many layers. Get it, you ogres?). The mother of all anonymity networks, it includes the Tor Browser, Tor Messenger, and support for many third-party apps and operating systems.

Tor stands for The Onion Router (onion, because of its many layers. Get it, you ogres?). The mother of all anonymity networks, it includes the Tor Browser, Tor Messenger, and support for many third-party apps and operating systems. How it works: Tor bounces your online communications randomly around a worldwide network of anonymous relays while securing them with several layers of encryption. Like a VPN with less choice, and on crack.

What it does: It makes your browsing untraceable, which makes it very useful for people with the brains to be cautious with their privacy — journalists, human rights workers, whistleblowers, and of course hackers. You know, people doing something with their lives. You should give it a try.

It makes your browsing untraceable, which makes it very useful for people with the brains to be cautious with their privacy — journalists, human rights workers, whistleblowers, and of course hackers. You know, people doing something with their lives. You should give it a try. What it doesn’t do: Win any races. With all that layering, and bouncing, and encrypting, it can be excruciatingly, God-take-me-now slow.

Live CD / live USB key

What it is: Call it live CD, live disk, live DVD, or live USB drive — essentially a “plug and play” operating system. Or a computer on a stick, if you want. The Linux-based, USB-based Tails (the Amnesic Incognito Live System), or the DVD-based IprediaOS, are the best-known examples.

Call it live CD, live disk, live DVD, or live USB drive — essentially a “plug and play” operating system. Or a computer on a stick, if you want. The Linux-based, USB-based Tails (the Amnesic Incognito Live System), or the DVD-based IprediaOS, are the best-known examples. How it works: Take Tails, a USB-portable, anonymous operating system that you can literally carry with you in your pocket, plug it into any computer, use it to your heart’s content, and then unplug it — without anyone being able to tell that you ever used it at all.

Take Tails, a USB-portable, anonymous operating system that you can literally carry with you in your pocket, plug it into any computer, use it to your heart’s content, and then unplug it — without anyone being able to tell that you ever used it at all. What it does: Tails comes with built-in Tor browsing technology, NoScript to block data-soaky Java and Flash, an advanced ad blocker, encrypted email and chat, and file encryption.

Tails comes with built-in Tor browsing technology, NoScript to block data-soaky Java and Flash, an advanced ad blocker, encrypted email and chat, and file encryption. What it doesn’t do: Google, Facebook, Yahoo, etc. will still know what you did last summer, as long as you’re logged into any of their services. Plus, like any Tor-based technology, it will pulverize your patience with its sloth-like browsing speed.

Wrapping up

Alright, my hooves are starting to hurt. Let’s summarize:

Everyone wants your data, and they’ll do everything they can to take it. And you got two choices: you can either be a stubborn ass like me and do everything in your power to fight the man and stay independent and private, or you can be a sheep and just let them take whatever they want, whenever they want it. No matter what you pick, these SODs will never see you as a human: so are you willing to be sheared naked and exposed to the world? Or are you gonna kick ‘em back?

Me, I’m gonna kick till I kick the bucket, but hey: HMA! is telling me I’ve gone about 10,000 characters over the limit, so that’s my cue to exit stage left.

I’d say “see you later” but if you learned a damn thing from this article, I won’t be.