Increasing Your Digital Privacy Online
A Guide To Help Make Your Personal Information Less Visible by Others Online
Download the PDF version
Through our digital literacy and internet safety professional development programs that we provide to law enforcement, educators, and other working professionals, we have become aware of cases where problematic students, clients, and customers will harvest personal information they locate and collect online about a police officer, teacher, or employee that will then be weaponized and used to the aggressor’s advantage. Once this information is gathered, it can be posted publicly as a form of public shaming, or as a weapon to commit a variety of different crimes such as mischief, criminal harassment, extortion, and several other crimes.
The targeted gathering of personal information online, that is later weaponized, is commonly known as “Doxing”. Here’s a great doxing definition from the internet security company Kaspersky:
“Doxing (sometimes written as Doxxing) is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public — without the victim’s permission.”
So, what are some strategies that employees can implement to minimize doxing and reduce the weaponization of one’s personal identifiable information:
Be careful About TMI (Too Much Information)
For those who study online behaviour, there is something psychologists call the “disinhibition effect” – this is where people will say and do things online that they would likely never say or do off line – most people like to overshare online
without understanding the risks. It is amazing the amount of personal information that the internet knows about you, why? – because you posted it thinking it was going to stay private. No matter what the social media platform, app, or privacy settings, you needed to understand that once something is posted online it can become public, permanent, searchable, exploitable, copiable, searchable, and often sold. This is why it is important to minimize posting the following information:
- Any kind of personal identifiable information such as your address, phone number, drivers licence information, credit card information, social insurance number, place of employment, pictures of your vehicle and its licence plate number.
- Any kind of personal information about your spouse, partner, or children
- Any kind of intimate image or video of you and your partner
- Sharing that you are currently away from home on a holiday 4
Yes, we have seen people post the above noted information online! This is information that a potential threat can use to target you both online and offline.
Lock Your Device:
In several cases that we have investigated, especially when it comes to educators, we have found that a problematic student got access to a teacher’s computer or cellphone that was left unattended and unsecure. It is so important that when not using your digital device, or leaving it unattended, that settings are put in place to ensure that access by others cannot be obtained without a password. These types of security settings are usually found in the settings applications of your device. If you have a device that uses a biometric security protocol (facial recognition, fingerprint), it is also an excellent way to secure your device.
Having a strong password to both lock your devices and secure your social media platforms, apps, and personal accounts is important. Strong passwords should be:
- At least 6-8 digits in length
- Contain an uppercase letter, lowercase letter, number, and symbol – as an example #Wh1t3H@tt3R!
It is important to use different passwords for different accounts. It is estimated that about 65% of those online use the same password for multiple accounts. The danger of this practice – if your password is compromised, it allows access to all your accounts where that password is being used. The challenge – if you have multiple accounts, often it is a difficult to remember individual passwords for individual accounts. This is why we recommend the use of a reputable password manager. The one that we both recommend and use is https://www.lastpass.com/ Most password managers, such as LastPass, allow the user to store their usernames and passwords in a very secure and encrypted environment, which can be accessed at any time with just one password. It should also be noted, Apple’s “keychain” is another way to store passwords in a secure and encrypted environment. However, the one challenge with browser- based password managers – if a person has already logged into your device, then they can also see and access the stored passwords without further authentication.
We here at the White Hatter also utilize a written username and password log book for all our accounts that we keep secured and hidden. If for some reason we cannot access our digital password manager, this log book becomes our emergency backup.
IMPORTANT NOTE – Many social media platforms allow for an automatic sign-in option once you hit the platform. We would recommend that you do not use this function from a privacy and security standpoint!
As the name suggests, two-factor- authentication (TFA), also known as multi- factor-authentication (MFA), provides multiple authentication vectors to keep an account or social media platform more secure.
After signing up for TFA/MFA, if another person attempts to access one of your online accounts that you own, from a device that you do not own, then even if they have your password, a code will be sent to your device or email address that only you can see. If the person who is attempting to access your account can’t see this code and enter it when prompted to do so, then their access will be denied. Also, if you do receive a TFA/MFA code to your device, it alerts you to the fact that someone does have your password and is attempting to access your account – a great alert to change your password immediately.
If we were all to use TFA/MFA we would see the number of account takeovers and hacks drop dramatically.
It should also be noted that if a social media account or any other online account doesn’t utilize TFA/MFA, then many password managers such as LastPass, also allow for their own TFA/MFA as an option which we would strongly recommend.
Your home router is one of the most important security digital gatekeepers in your home that can help you, and others who use your home network, to stay more private, secure, and safer online. We actually recommend the Gryphon Router as one of the best home routers on the market, especially for those who have kids https://gryphonconnect.com . The Gryphon is not only a router, but it also provides filtering and monitoring capabilities, a Virtual Privacy Network Option (we talk about the importance of VPN’s later in this guide), and it also protects your network from what are know as Direct Denial Of Service Attacks (DDOS). DDOS attacks have increased in frequency and when targeted by such an attack, it will prevent you from accessing the internet for an extending period of time, which can be problematic if working from home and need an internet connection.
For more information about what a router is, what it does, and how to secure it, here’s a great link https://www.allconnect.com/blog/ultimate-internet-router-guide
To protect your devices from covert malicious software that can be remotely downloaded onto a digital device, that is designed to harvest personal information (like a keystroke logger), or to take covert control of your device (like a remote access trojan – also known as a rat), or to cause other digital havoc, such as deleting all the information on your device, you need to ensure that you have good malware protection on your desktops, laptops, and cell we use is called BitDefender https://www.bitdefender.com/
Some believe that if they have an Apple Computer, malware protection is not needed – this is a false belief given that Apple is under heavy attack as well.
Specific to cellphones, we do recommend that malware protection be placed on Android devices. However, given the “sandboxed” nature of the iPhone, which makes it extremely secure, we don’t believe that malware protection is needed at this time.
Many social media platforms and apps provide privacy settings to help reduce the amount of personal information that can be viewed by others. Here are some links to help you lock down some of the more popular social media platforms being used by adults:
Meta (Facebook, Instagram)
Virtual Privacy Networks (VPN)
Virtual Privacy Networks, also known as a VPN, are an important tool that can be used to help protect your data, and stealth your location, especially when using unsecured/open WiFi.
When connecting your device to open WIFI, like you can find in Starbucks, an airport, or a library, the information that you are sending is often unsecure and unencrypted. It is because of this fact that there are both hardware and software hacks (often called “packet sniffing”) that allow another person to intercept and see the data you are sending. The benefit of using a VPN:
1. It encrypts all your communication so that even if it is intercepted, it can’t be read, and
2. It also allows you to change your location thus making it harder for a person to figure out where you are located.
Remember, you get what you pay for. Many people will ask us about free VPN’s – something that we do not recommend. Free VPN’s collect your personal information and will sell it other data brokers; also free VPN’s often slow down your internet connection. This is why we recommend a premium VPN. The one that we use here at the White Hatter that does not collect or store any of our personal information or internet activity, and does not slow down our internet connect is called “Private Internet Access”
Google Chrome is the most popular browsers being used online. However, we know that Google is one of the biggest offenders when it comes to data mining what we are doing online and selling it to other data brokers for their financial benefit. It is because of this fact, we recommend both the Firefox Browser https://www.mozilla.org/en-CA/firefox/products/ or the Brave Browser https://brave.com/ as a better option from a privacy standpoint.
Neither Firefox or Brave collect or sell your private information and both offer options that assist in blocking ads and online trackers.
Another great option to help block online trackers on the Chrome, Firefox, Edge, and Opera browsers is “Privacy Badger”, a browser extension that you can download to help stop online advertisers and other third-party trackers from seeing what you are doing online. https://privacybadger.org/
A third option is “Ghostery” that offers a full suite of privacy options that they call “Ghostery Dawn” including a private browser, private search function, and a tracker/ad blocking option https://www.ghostery.com/private-browser
Again, because we know that Google is one of the biggest offenders when it comes to data mining what we are doing online and then selling to others for their financial benefit, we recommend using other more private and secure search engine
options. The two that we recommend are:
Both of these search engines offer private search functions – they don’t collect where you go and what you are looking at. Both offer other privacy and security options that you can opt in to, such as web and app tracking protection.
Again, Google’s G-Mail is one of the most popular email servers being used around the world. We also know that Google is also data mining and storing information that we are sending via G-Mail. If you are looking for a more secure and encrypted email server that
keeps the content of your email private, we recommend Proton email.
When it comes to messaging apps, rather than using Meta’s “Messenger” or “WhatApp”, Google’s “messages” app, or “WeChat”, think about using the secure and encrypted “Signal” App https://signal.org which doesn’t collect or store your personal information as an alternative.
How To Monitor What The Internet Knows About You
As mentioned throughout this guide, we know that Google is one of the biggest data brokers of personal information online, and it is our opinion that if we can use other non-Google products, it can go a long way in minimizing what the internet knows about us. However, if there is one Google product that we do recommend it is “Google Alerts” https://www.google.ca/alerts. The one downside to using Google Alerts – you will need a Google/Gmail account.
In the Google Alerts search block, we want you enter your name in quotation marks, “John Doe”. The quotation marks are called a “Boolean”, and when used it tells Google Alerts to search your full name online every day, and if it finds anything it will send you an alert to your G-Mail account. Now if you receive an alert don’t panic, given that there may be 50 other people around the world with your same first and last name – click on the alert and read it to make sure it is you. This is an excellent way to monitor what the internet knows about you and what others can see. Given that you can enter several search criteria into Google Alerts, we would also suggest that you create alerts for your “email address”, “home address”, “cellphone number”, and any online “usernames” you have had or are using, again all surrounded by quotation marks.
Talkwalker https://www.talkwalker.com/alerts is very similar to Google Alerts, however it has been our experience that Talkwalker will pick up on things that Google Alerts does not, and Google Alerts will pick up on things that Talkwalker does not. It is because of this fact that we use both, it a great one-two monitoring option.
Another great tool to monitor if your email or phone number credentials (like your passwords) have been comprised in a data breach is https://haveibeenpwned.com Once you search your email or phone number on this site, it will let you know if it has been compromised and where it was compromised. Why is this important? – because now you know that you need to change your password on the compromised site.
Incognito or Private Viewing Mode
Several of the most popular browsers such as Chrome, Safari, Firefox, and Edge offer the ability to search the internet on your device, but at the same time prevent the history on your device from recording what you have been looking at online. On the Chrome platform it is called “Incognito” and on the other platforms it is called “New Private Window”. Why is this important from a privacy standpoint – if someone accesses your device without your permission and attempts to have a look at your “history” to see what you have been doing online, nothing will be there. Both Incognito and New Private Window wipe local traces of where you have been, what you’ve searched for, and the content of forms you’ve filled out. Here’s a great article on how to set up Incognito and New Private Window on several different browsers https://www.computerworld.com/article/3587752/online-privacy-best-browsers-settings-and-tips.html
IMPORTANT NOTE: Although “Incognito” and “New Private Window” wipe traces of where you have been online, it’s important to know that your Internet Service Provider will still have a full record of your internet search history. This information is accessible by law enforcement via a production order.
We hope that you found this privacy guide useful
The White Hatter Team