Our respective governments legislate and mandate the retention of data and the provision of data on demand for persons of interest. They surveil society as a whole and trade with corporations for even more data and any associated insights. They monitor and analyse all this data to identify opportunities and threats.

While there is legislation to protect you and your rights online, enforcing it is complicated. This is primarily for two reasons; firstly, legislation can be contradictory (for example, one European law might protect an individual’s right to be forgotten, while another might require telecommunications providers to store communications data for at least one year). Secondly, the Internet is universal, but our legal systems are not. As data flows across borders, it enters different jurisdictions that are regulated by different legislation and different judicial systems.

It’s a bit of a mess. Legislative initiatives like the GDPR are steps in the right direction, but there is a long road ahead.

I worry about the future my son faces. He will never know privacy, at least not the same way that I did growing up. I was lucky enough to grow up playing in the backyard with my family, or in the bush with my friends or simply hanging out by myself; perfectly entertained by a book or my imagination. If I experienced angst, stress or conflict with other kids at school, when I got home I was free of it until the next day. Whereas, my son will never know a life without the Internet. He will never know what it is like to be offline or to have a life that isn’t driven by interconnected technology.

While I am hopeful that our future will see more regulation of the industry and us having full control over our own personal data, the reality is that online anonymity is a thing of the past for most people. We are too busy and the convenience offered to us by all the apps and services available is too great to refuse.

Don’t get me wrong, you can be invisible online, but it takes dedicated computing equipment, time and effort. Only the most dedicated and paranoid can achieve it and maintain it.

For the rest of us, there are a bunch of relatively simple things you can do to limit the data that is collected, increase your security, help minimise the filter bubble and help protect your identity and your privacy.

What can I do?

When it comes to using social networks, smartphone applications and other online services, there is a general rule to remember:

If you do not pay for the product you are using (smartphone app, social network or service), then YOU are the product.

Even if you do pay for the product, you should be reading the T&C’s and Privacy Policies to see what data is shared.

Using an “incognito” or “private” browser window is a misnomer. They do little more than not save which webpages you visited:

In the coming weeks I will publish detailed “how-to” articles on specific steps you can take to increase your privacy and harden your system, but there are several things you can do right now to vastly improve your privacy online.

1.Use a different password for every account.

Passwords are a flawed authentication mechanism. We pick ones that are easy to remember… and, when we use the same password on multiple accounts, the password is only as secure as the weakest website you’ve used it on. Website authentication credentials are hacked all the time. (You can check whether your account has already been compromised by entering your email address here: https://haveibeenpwned.com )

Using a password manager, such as 1password, will help you generate strong and unique passwords for every account. You only need to remember your master password and let the password manager deal with the rest.

The caveat: password managers are only as strong as your master password. If you lose your master password, or if it is a weak one, you are still at risk.

To create a strong master password, avoid using common words or key combinations. Instead, use a memorable phrase and substitute letters with characters and numbers. For example, you might find it easy to remember “Mary had a little lamb, its fleece was white as snow”. That can easily be morphed into a strong password: MHAl1ttleL@mb-IFWWAsn0w.

Even if you use a password manager you should periodically change your passwords.

2. Use Two-Factor Authentication (2FA).

Many providers now offer 2FA. If it is offered, turn it on. Especially for email, financial institutions and social networks. (What is 2FA?)

3. Don’t click links in emails.

Phishing attacks are rampant. A phishing attack is an email that falsely claims to be from a trusted source, such as your bank, and that includes a call to action in the form of a request for information (usually asking you to click a link in the email) to confirm some detail, or authorise a transaction.

If you do click that link and enter your authentication details, it will be on a fraudulent website purpose built to capture your information and your account will be compromised.

The emails will look legitimate. But, legitimate institutions will never send you an email asking you to click a link regarding any type of sensitive information.

You can carefully look at the sender address or the link’s URL, they will always be incorrect. But, the safest thing you can do is to ALWAYS delete the email without clicking anything and go to the website directly to login and action anything required. If in doubt, pick up a telephone and call them.

4. Install Firefox and privacy enhancing plugins.

Mozilla, who make Firefox, are committed to enhancing your privacy.

Ditch your current browser and install Firefox.

Open the settings/preferences:

Navigate to the “General” section and make Firefox your default browser. Scroll down the page to “Firefox Updates” and select the radio button next to “Allow Firefox to automatically install updates”. Navigate to the “Search” section. Change the default search engine from Google to DuckDuckGo in the drop-down menu. Turn off all search engines under “One-Click Search Engines” except DuckDuckGo. (You can always go directly to google.com if you need to). Navigate to the “Privacy & Security” section. Select “Always” under the “Tracking Protection” and “Do Not Track” sections. Scroll down to “Security” and ensure “Deceptive Content and Dangerous Software Protection” is enabled.

To automatically block tracking scripts, enforce SSL encryption on all websites, block advertising and automatically delete cookies; you should install and configure the following privacy-oriented plugins:

To be clear, completing this step in full will vastly improve your online privacy. While you can still be fingerprinted, the plugins listed will encrypt your connections to websites, block tracking scripts and automatically remove tracking cookies.

5. Don’t use public WiFi.

Either tether to your phone or enable your phone’s WiFi hotspot and use 4G data instead. (If you do enable the WiFi hotspot on your phone, always set a password).

If you must use public WiFi, connect to a Virtual Private Network (VPN) first. A VPN will encrypt all traffic between your machine and its server, preventing anyone spying on your traffic while you do things like login to websites or your Internet Banking.

When you are connected to a VPN, the only people who will know what sites you’ve visited are you and your VPN provider. But, this in itself creates another issue. Not all VPNs are equal. Not all can be trusted. Do your research on the different VPNs available before choosing one. Don’t rush this process.

You should avoid VPNs that record (log) user activities, such as Onavo VPN (Facebook Israel). You may also want to avoid VPNs based in The Fourteen Eyes.

Look for VPNs who use Perfect Forward Secrecy (PFS), also known as “Forward Secrecy”. PFS protects past sessions against future compromises. In other words, if any of your encrypted traffic is captured now, it cannot be decrypted later even if an encryption is key is compromised.

6. Set up a dedicated debit card for online purchases.

Contact your bank and set up a new, linked bank account with a dedicated debit card attached to it.

Use this card exclusively for all online purchases. Keep a little bit of money in the linked account, but not a lot.

If your card details are ever compromised, you can only lose as much of your hard-earned cash as you have deliberately transferred into that specific account.

That will mitigate the risk of lost funds.

If you want to increase your privacy, then use cash to buy pre-paid debit cards or gift cards and use those online.

If you’re completely paranoid, you could instead use those pre-paid debit cards to purchase Bitcoin and then run the Bitcoin through a tumbler. Bitcoin isn’t as widely accepted as Visa or Mastercard, though.

7. Update your permissions.

For whatever social networks and services you use, update your permissions to ensure what you share with others only goes to the audience you intended it to.

Carefully consider if you really need to share what you were about to share.

If you use tools like Strava or Garmin to track your run/ride/swim, set up a privacy zone around your home and work addresses.

Be aware that the photos you take with your phone contain location data that shows exactly where they were taken. If you post the photo online others may be able to extract this information from the image.

For this reason, you should always consider what is visible in the background of the photo. Is there a private letter on the bench? What else is reflected in the mirror? Are you wearing expensive jewellery? Are your children in the photo?

There are several things you should consider before posting photos of your children online.

8. Opt out of Ads.

There are digital services that allow you to opt out of advertisements, such as http://optout.aboutads.info

Do this.

Opt out of tailored advertising wherever you can, for example Twitter, Google and within the privacy settings on your mobile device.

When you opt-out of tailored advertising you will still see ads, but they won’t be as relevant to you. This is a good thing, as it means you’re not being as tracked as you were.

If you install uBlock Origin, as suggested above, you won’t see many ads anyway.

9. Keep device operating systems and apps up-to-date. Back up what you need.

The web is not a safe place and attackers constantly strive to exploit vulnerabilities in web browsers and their plugins to run malicious code without your knowledge.

For example, a perfectly legitimate website may unknowingly serve you malicious content through third-party services on their site, such as advertising. This is known as a “drive-by” attack.

In recent years there has been an increase in ransomware attacks, where an attacker locks you out of your files until you pay them a fee to restore access.

It is not advisable to pay a ransom, as there is a strong likelihood the attacker will simply increase their ransom demands once they know you are willing to pay. So, it is important to consider what data you have that is irreplaceable (such as your photos) and keep these backed up.

Check for system updates regularly and apply them when they are released, they often fix security vulnerabilities and keep you in control of your own data.

10. Use an email provider who doesn’t scrape your email

Unless you use email encryption, the body of your email is sent across the web and stored in clear text with all the privacy of a traditional postcard. If you do use encryption then the email metadata (To, From, Time, Date, Subject etc) is not encrypted.

Choose an email provider who cares about your privacy and who does not scrape the content of your email.

Finally, stay vigilant.

Don’t blindly trust your providers. Always read Terms & Conditions and Privacy Policies carefully. (It only takes a few minutes and you don’t need to speak legalese to understand when something doesn’t look right). Keep your software up-to-date. Before you act, think carefully about what apps you use, what systems you integrate and what you post online.

Picture two houses that neighbour each other in your street.

One house has the front door closed. The lights are on. People are active inside. The front door of the other house is wide open, it’s dark and quiet and it’s obvious that no one is home.

Which house is more likely to get burgled? The one that poses the least amount of risk and requires the least effort.

Don’t be that house.