Maintaining privacy and security online today is harder than ever before. Misconceptions abound, and mistakes are easy to make.
This is a minimal guide to online privacy. It will teach the fundamentals of how to stay safe, and where the line between being careful and being paranoid lies. There is far more to learn than what will be discussed, but most users won’t need much more in practice. There are no affiliate links here.
Your ip is a unique string identifier that represents you online. Unless your internet plan sets a fixed ip for your residency, it will often cycle between other ips.
Your ip can give someone a general idea of where you are located, since it is chosen by your local ISP. It will not reveal your address, but it might pinpoint you to a general radius in your city or town. Check your ip geolocation here.
Realistically, there is no danger to someone finding out your ip. However, that doesn’t mean you should give it out freely.
A proxy will mask your ip in some application (e.g., your browser), so that when you visit a webpage it will show the request originated from somewhere else (i.e., a different ip). However, proxies are insecure and your real ip can be easily found.
A VPN is a sort of proxy 2.0, since it includes encryption and masks your entire network’s ip, not just that of one application. In general, VPNs are always better than proxies.
There are many free VPNs out there. However, most free (and even paid) VPN companies will sell your private information to earn a profit, simply because they can, thus defeating the purpose of a VPN. Moreover, many will cave in to governmental pressure to hand over logs, should they keep any.
You should look into different VPNs yourself to find one to your liking, but we suggest Mullvad due to its priority on privacy and ease of setup.
Tor is a type of browser that encrypts your browsing session by making your request hop through various computers. Due to the way it works, your connection speed will likely be impacted. It is however a very secure – although not at all infallible – way to browse the web. The vast majority of people do not need to use Tor.
When you enter “google.com” in your browser, your computer needs to find out what the associated ip of Google is. To do that, it asks a DNS server for the answer.
The result is that your web requests are logged, typically by your ISP acting also as your DNS provider.
Ideally you should change your DNS settings on your browser/smartphone/PC to point to a privacy-centric/encrypted DNS provider (e.g., one that uses DNS over HTTPS). Here are some good suggestions.
While avoiding using common email providers like Gmail and Yahoo is quite hard, it is a good idea that you at least set up more privacy-centric email accounts. Services like Protonmail and Tutanota are free, do not track you, and offer better security than their more widely-known counterparts.
Many passwords are used too often to be secure, or have been discovered in previous company breaches. Sometimes one of your online accounts has been exposed by a hacker, and you might not even know about it. You can use the following site to check your emails and passwords to find out if you should worry. (In general, writing your password on a foreign site is a terrible idea, but HaveIBeenPwnd has an excellent reputation. It’s your call.)
Password managers are often lauded as the best alternative to remembering your passwords, but this is not true. Managers centralize all your passwords into a single point of failure; meaning that if someone finds out the master password or hacks the app (e.g., 0 day exploits) you might be screwed. They aren’t bad at all, but memory trumps technology.
Forums and social media websites in particular use a variety of tools to keep track of you. This isn’t necessarily for malevolent purposes: Cookies for example can track you to keep you logged in over time, and your ip and user-agent can be checked to prevent people who aren’t you accessing your accounts.
However, tracking is often problematic. Cookies track you across sites to collect information on you, and your ip can be stored for many months or years in logs, which later can be sold or shared with organizations or governments.
For example, Reddit stores your ip for 100 days, and can keep it longer if it is requested to do so. Facebook in turn has so many privacy concerns that there is a Wikipedia page dedicated solely to numbering them.
Without a doubt, the most important thing to stay private online is to not share any personal information. Do not post pictures of yourself, or share your name, address, cellphone number, and the like. Moreover, you should either not share, or modify stories that could be used to identify you due to how unique they are.
Your browser is capable of installing addons to make your browsing experience safer, more private, and more pleasant. There are a number of them that you should consider installing, but if you’re going for must-haves only, check ublock origin.
A honeypot is a trap website made to catch people doing illegal things, typically by law enforcement. In general, the more illegal the content discussed on a website, the more likely it is that it has honeypot-like purposes. Because of this, rules will often be extremely lax on these sites, and sharing of extremist content will be encouraged.
In general, the idea of honeypots is not widely used on the clearnet. Typically, if illegal content is seen, law enforcement will either keep ties with the owners of websites in order to be able to act if there is danger, or they will simply send requests for personal information of users if they deem it necessary (e.g., 4chan).
What appears to be more common is the use of (paid) informants. These are people who use the website regularly as normal users, and are typically trusted by the userbase, but who report to law enforcement of anything interesting they come across (e.g., illegal content shared via private messages, insider-only information).
Should you worry about these things? Certainly, you should try to keep your data secure, and try to care about your privacy. However, paranoia can be devastating if not kept under control.
Long ago I heard the following saying: “If Mossad wants to get you, they will get you.” In general, this tries to convey the idea that no matter how much you protect yourself, if a powerful enough entity wishes to know who you are and everything there is to know about you, they will.
And, if you constantly worry about keeping a low profile, you might be fighting a losing battle. As Edward Snowden has said: “Today, everyone is on the list, no matter how innocent. Systems of mass surveillance strive to record all people, in all places, at all times. The question is no longer “Am I on the list?,” it is “What’s my rank on the list?””