Tips for Protecting Your Privacy Online

  • submit to reddit

computer keyboard with a lock, chainIn the course of writing her book, Dragnet Nation, Julia Angwin tried various strategies to help protect her privacy. Here, she shares some tips for readers, starting with how to build better passwords.

Passwords are the first line of defense between your private data and an attacker – whether it is a criminal hacker or a spy agency.

But most of the conventional wisdom about building passwords is terrible. People are often told they should change their passwords every three months; that their passwords should be made strong with multiple symbols and letters; and the passwords should not be written down anywhere.

Computer scientist Ross Anderson has summed up this terrible advice as “Choose a password you can’t remember, and don’t write it down.” Faced with that impossible task, most people use passwords that are easy to remember – the most popular password is still 123456 – and use it for every single account.

It’s actually better advice to choose a more secure password and write it down somewhere in a safe place. After all, it’s much less likely that someone will break into your house and steal your master password list than it is that someone will hack into your account from afar through a weak password.

However, even if you write down your passwords, you still face the difficult task of dreaming up the dozens of passwords that seem to be required for modern life. At first, I tried to make up my own passwords, but after I stumbled on this password-strength estimator, I realized that many of my homegrown passwords were still easy to crack. So, after much searching for a perfect password strategy, I came up with a two-tiered solution for building strong passwords:

I used 1Password, a password management software that generates and store passwords, for less important accounts – such as my frequent flier and online shopping accounts. Like its competitors, KeePass, 1Password generates strong passwords from strings of letters, numbers and symbols and stores them on my machine in an encrypted file.

I used a simple, low-tech passphrase-generating system called Diceware, for more important passwords – such as my e-mail and online bank accounts. It works like this: roll a six-sided die five times, then take the numbers you roll and match them up to the Diceware word list, which contains 7,776 short words. Repeat this five times and you will end up with a five-word passphrase that is hard for attackers to crack, but easy to remember.


One of the easiest and simplest things you can do to protect your privacy is to be a smarter Web browser.

This is surprisingly difficult because most popular Web browsing software is set up to allow users to be tracked by default. The reason is simple economics – you don’t pay for Web browsing software, so the companies that make it have to find other ways to make money.

The most egregious example of this conflict came in 2008 when Microsoft’s advertising executives helped quash a plan by the engineers to build better privacy protections into the Internet Explorer 8 Web browser. Microsoft has since added additional protections – but they are not turned on by default.  The situation is no better at Google, whose Chrome Web browser has a “buried and discouraged” the Do Not Track button, and is pioneering the use of new tracking technology that cannot be blocked. And it’s worth noting that the other big Web browser maker, Mozilla Corp., receives 85 percent of its revenues from its agreement to make Google the default search engine on Firefox.

Even worse, many of the tools that Web browsers offer to protect privacy are not effective. Tracking companies have refused to honor the Do Not Track button. And Google Chrome’s Incognito mode and Internet Explorer’s InPrivate Browsing mode won’t protect you from being tracked. Those settings simply prevent other people who use your Web browser after you to see where you’ve been online.

And so, in order to prevent the most common types of tracking, I ended up loading up my Web browser – Mozilla’s Firefox – with a bunch of extra software. It sounds like a lot of work, but most of this software can be installed in a few minutes. Here’s what I used:

I installed HTTPS Everywhere, created by the Electronic Frontier Foundation and the Tor Project. This tool forces your Web browser to use encrypted Internet connections to any website that will allow it. This prevents hackers – and the National Security Agency – from eavesdropping on your Internet connections.

I installed Disconnect, a program created by former Google engineer Brian Kennish, which blocks advertisers and social networks, such as Facebook and Twitter, from tracking which websites you visit.

I set my default search engine to be DuckDuckGo, a search engine that doesn’t store any of the information that is automatically transmitted by your computer — the IP address and other digital footprints — so DuckDuckGo has no way to link your search queries to you. That means DuckDuckGo won’t auto-complete your search queries based on your previous searches or based on your physical location, as Google does. So you’ll have to be a little smarter about your searches, and remember to bookmark the pages that you visit often, to save time.

After browsing with my ungainly setup for nearly a year, I found a Web browser that had all the features I wanted built in — called WhiteHat Aviator. It has built-in HTTPS Everywhere, it doesn’t retain or sell your online activity, and it uses Disconnect to block trackers from advertisers and social media companies. Its default search engine is DuckDuckGo.

It’s built by a computer security firm called WhiteHat Security, but it hasn’t been audited by any computer security experts yet, as far as I can tell. So use it at your own risk (and currently you can only use it on the Mac OSX operating system). But I’ve been using it for a few months, and after some bugginess in the beginning, I’ve started to enjoy the unusual feeling of having privacy as a default setting.

Another option that Angwin suggests for protecting your privacy online includes opting out from data brokers — which she says is no easy task.

Julia Angwin

Julia Angwin is an investigative journalist for ProPublica and former reporter for The Wall Street Journal. She is author of the new book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance.
  • submit to reddit
  • Frogman Rotkopf

    I chose to use the DiceWare method for keeping passwords for all my important accounts after I had one of my email accounts hacked. Just for the heck of it, used not only the English list but also the German word list. Then I wrote them down on one of those little notepads you can buy at the dollar store so it would stand out from my home-made notepads. It’s a bit of a chore to wade thru the longer passwords but well worth it knowing I won’t get hacked again.

  • Jerry Leverenz

    WhiteHat Aviator sounds great but whats the catch? They must be doing all this work for some reason. What are they getting out of offering this free service?

  • Anonymous

    I love ad block plus. I am amazed at how much faster the web is without ads.

  • agonist

    Why wouldn’t you just use 1Password for your bank and other important accounts? It can generate random strings up to 30 characters long,which would take even the NSA thousands of years to crack.

    It’s liberating to be freed from the burden of remembering passwords. I’m down to three: the password to unlock 1Password, the one to unlock my phone, and the one to unlock my computer.

  • Cathryn Sykes

    I never save passwords on my computer. I have dozens of them written down in a book which is NOT kept in my office.

  • Anonymous

    What about the default browser on the Mac Safari ?

  • Warren Taylor

    WhiteHat Aviator is available for Windows. I’m downloading it now.

  • Anonymous

    The problem I have with a lot of this is that I use several devices — including a laptop, desktop, tablet and phone — to access my accounts. None of the password savers work across all these devices. SRWare Iron at least saves my passwords across devices, for those devices which will run it, and deletes most of the Google tracking…. and when I tried to add Disconnect, I was told that it was not an approved version of Chrome and I should use a less secure version.

    I’ve tried a number of other more-secure apps, and found that they simply do not have the usability of the mainstream stuff. I’m sure the NSA has a whole file drawer on me already, and wonder why I need to keep them uninformed about me…

  • Anonymous

    Dashlane works with all my devices.

  • Paula White

    When she was interviewed by Terry Gross she was asked how much more online privacy she had after all these strategies and precautions, and BOY, were there a lot and they were pretty advanced to my way of thinking. The answer was 50 percent.

  • Marcia MacInnis

    WhiteHat Aviator’s EULA gives them permission to track your browser activity. Is this something they added after you wrote your article?

  • David Wallace

    Among the things I do are: 3 password levels – low level simple password for junk sites, mid-level password for sites I feel need some protection, and high-level password for anything finance or personal that would have a huge impact if hacked.

    I also use StartPage (similar to DuckDuckGo), HTTPS Everywhere, TOR, false names and email (free accounts), false bio info on social media and random friends. Anything to confuse and confound the snoopers.

  • Jamaica

    I can
    access any blocked content from school via HotspotShield, plus this app is
    free, couldn’t be better!