20 Best Tips to Stay Anonymous and Protect Your Online Privacy
Now that so much of normal life revolves around the internet, the privacy of each and every one of us is at risk. Advertisers, service providers, and governments all around the world are increasingly interested in tracking every single movement we make online. Whether you’re a whistle blower, a political dissident, or simply someone who hates the idea of third-parties scrutinizing your surfing habits, there’s a wealth of tools available to keep prying eyes off of your web traffic.
In this post, we’re highlighting 20 ways to increase your online privacy. Some methods are significantly more extreme than others, but if you’re serious about maintaining your privacy, these tips will help shield your actions and data from snoops.
OTR Encryption If you're worried about your personal messages being monitored, Off-the-Record Messaging is an important layer of protection. Not only does it encrypt the communication channel, but it also offers proper authentication, deniability to third-party observers, and forward secrecy to drastically reduce the risk of being compromised in the future. If you're on a Mac, Adium provides built-in OTR support. As for Windows and Linux, you can use the OTR plug-in for Pidgin.
Signal Private conversations should never be subjected to mass surveillance – even on our mobile devices. We now know that our own government simply doesn't respect our privacy, and that's entirely unacceptable. To fight back, Signal enables encrypted chat, phone calls, and video messages with a system that helps verify the identity of your contacts. Folks like Edward Snowden and the EFF recommend using Signal to avoid surveillance, and the ease of use on iOS and Android makes friends and family much more likely to convert.
HTTPS Everywhere In spite of some infamous security issues, SSL is still extremely important for keeping your Web traffic safe from prying eyes. If you want to keep nosy packet sniffers out of your business, your Web traffic should always be going through SSL connections. Sadly, not every website supports SSL. Even worse, many websites that do support SSL still default to unencrypted connections — and the Electronic Frontier Foundation wants to change that. The HTTPS Everywhere browser extension, provided for free by the EFF, forces SSL connections on countless websites. Chrome, Firefox, and Opera users can all take advantage of this wonderful extension, and keep important Web traffic private and secure.
Certbot Browsing over an HTTPS connection is an important protection for consumers, but what about those of us disseminating information online? How do you know that your SSL implementation is set-up correctly? Certbot has your back. Thanks to the good folks over at the EFF, you can use automated tools to easily turn on HTTPS support for your site.
Privacy Badger If you're looking for a Popeil-esque "set it and forget it" method of blocking trackers online, try out the EFF's Privacy Badger add-on. Available for Chrome, Firefox, and Opera, this browser extension monitors when sites try to track your browsing habits, and automatically thwarts future tracking attempts. The list of blocked content automatically improves as you browse — no need to manually block trackers. Better yet, you can configure this add-on to disable WebRTC tracking as well.
GnuPG Email is notoriously insecure. Even if you're connecting to your email server over an SSL connection, there's a good chance that your message can be intercepted on the way to the intended recipient. So if you want to send private messages over email, you're going to need to add a layer of encryption. When you and your recipient use GnuPG (or equivalent tools), you can easily prevent simple snooping. Of course, it's always possible for vulnerabilities to emerge, but imperfect protection is always better than no protection at all.
Tor Browser If anonymous browsing is what you're after, the Tor Browser is what you need. It uses a vast network of computers to route your Web traffic through a number of encrypted layers to obscure its origin. Tor is a vital tool for political dissidents and whistleblowers to anonymously share information, and you can just as easily use it to help protect your privacy. This customized fork of Firefox automatically connects to the Tor network, and includes some of the privacy-enhancing browser extensions discussed later in this post. This package has everything you need to use Tor successfully, but you'll also need to change your web surfing behavior to retain as much anonymity as possible. Abide by the Tor warnings, and remember this isn't a magic bullet.
VPN If you're very serious about maintaining your anonymity, consider investing in a VPN solution like TorGuard or Private Internet Access. While the protection isn't perfect, they will help you to disguise your activities online. Your real IP address will be hidden from the world, and your traffic will remain indecipherable to nosy ISPs or governments. Even if your country is actively on the lookout for VPN traffic, you can still benefit from so-called "stealth VPNs." TorGuard offers its stealth VPN service at no additional cost, and it will make government detection and interference much harder to accomplish. For those of you being held hostage by your government, VPNs are by far the best bet for bypassing censorship and snooping.
DNS Leak Testing Even if you're using a privacy service like a VPN to hide your IP address, it's still possible to give away clues to your identity via your DNS traffic. Thankfully, it's easy to detect if your configuration is leaking your DNS information. Simply head over to DNSLeakTest.com, and run the extended test. If the results show the third-party DNS service you're using (like TorGuard), you're set. If your ISP's DNS info shows up, you have a DNS leak. Follow the steps listed on the "How to fix a DNS leak" page, and then test yourself again to make sure everything is working as intended.
Virtual machines While the browser is a massive vector for snooping, it isn't the only place that third parties will try to attack. PDFs and other seemingly harmless files can serve as homing beacons, and potentially alert government entities when you're viewing planted contraband. To prevent unintended breaches of privacy, open suspect files inside of a virtual machine. Load up your favorite Linux distribution inside, configure it to your liking, and then save a snapshot of your VM. Next, download your desired file, and then shut off your virtual machine's access to the Internet. Once you're sure that the VM is cut off completely from the network, you can now open the file safely. Read what you need, make notes, and then shut down the VM. Next time you need to view a file inside one, you'll have your snapshot ready to go.
Tails Live Operating System If you want to take privacy beyond a simple VM solution, you can instead boot up a live OS from a CD or USB stick. Knoppix and Ubuntu are good options for normal use, but Tails is custom-built for preserving your privacy and anonymity. Your traffic is automatically routed through Tor, encryption tools are built-in for IM and email, and it won't interact with any of your existing OS installations. It's an excellent all-in-one package that's easy to use. Still, you need to be vigilant. All of the same Tor disclaimers apply, and if you're using this on a shared PC, you could still be tracked with the likes of a simple key logger.
Blocking Third-Party Cookies Third-party cookies are one of the most common methods that advertisers use to track your browsing habits. If you visit two sites using the same advertising service, rest assured that the advertiser is keeping tabs on that information. However, every major Web browser offers the ability to turn off tracking cookies. While this is far from a panacea, it shuts down the most common vector used by advertisers to build usage profiles. No sense making it easy for them, right?
Blocking Location Data In recent years, many sites have begun using location data to offer specific services, and serve targeted advertisements. Mapping applications have legitimate reasons for gathering location data, but that same technique can be used to help identify who you are. Any proper browser should let you toggle on and off location data, and we recommend leaving it off completely. At the very least, demand that websites prompt you for access before gathering the data. That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. If you're browsing the Web without a proxy or a VPN, you're effectively broadcasting your IP to every server you come across, and that information can be used against you. It's not necessarily something you have to worry about constantly, but it's worth keeping that fact in the back of your mind if you're criticizing your local dictator or blowing a whistle on the NSA.
Do Not Track The "Do not track" HTTP header is an optional message that browsers can send to Web servers. You can easily enable it in your browser's settings, but it's rather limited in scope. For this to work at all, the Web server needs to be configured to respect this flag. There is absolutely no requirement that any website needs to obey this setting, so don't expect widespread protection from trackers. Still, you don't have much to lose. The only potential issue here is that it's an additional datapoint for browser fingerprinting. But if enough people are using it, that shouldn't be a real issue.
Plug-In Management Even if your browser is configured properly to hide your identifying information, plug-ins can still be used to endanger your anonymity. If you're serious about remaining anonymous, you should avoid running plug-ins altogether. Unfortunately, that can leave a number of popular websites completely unusable. To solve this problem, we recommend a hybrid approach. First of all, configure your browser to require your approval to run any plug-in. Next, make sure you're running sandboxed plug-ins. While this is mostly considered a security issue, a rogue plug-in could be used to gather your personal information by an organization like the NSA. Chrome can be configured to completely disallow un-sandboxed plug-ins, but it can be trickier with some other browsers. Windows users can run their browsers inside of an application called Sandboxie, so less sophisticated browsers can receive similar benefits.
Thwart Search Engine Tracking URLs It's no secret that Google makes money by tracking your behavior for targeted ads, and that's problematic from a privacy perspective. Using DuckDuckGo is a good alternative for some of us, but the quality of Google's results can be difficult to forgo. Thankfully, you can easily sidestep one of Google's most obnoxious behaviors: URL trackers. When you click on a URL in Google, it actually loads a redirect URL first for easier tracking. Even worse, simply copying the link from Google can give you a long, messy tracking link instead of the plain URL you really want. But when you use this simple little Firefox extension called Searchlinkfix, it does away with that completely.
Browser Leak Testing Is your browser disclosing personally identifiable information? Head over to BrowserLeaks.com, and take a gander at all of the data your browser is giving away. This toolset will never be completely exhaustive, but if you want to verify that your privacy and security precautions are really working, this site is an invaluable asset.
Panopticlick Depending on how your browser is configured, there's a chance that online advertising giants and nosy government agencies can identify your browsing behavior by recognizing just a few telltale markers. To discover exactly how unique your browser's fingerprint is, head on over to Panopticlick. This handy little tool, owned and operated by the Electronic Frontier Foundation, quickly tells you just exactly what your browser is broadcasting to the world. The more information given away, the easier it will be to identify you as a unique individual.
Multiple Email Addresses When you sign-up for user accounts across the web, using a different email address for each site is a good way to throw unscrupulous third-parties off of your trail. If you're merely creating a throwaway account on a whim, consider using disposable email accounts from sites like Mailinator or YopMail. Anybody can access those inboxes though, so use discretion. If you actually want to maintain legitimate accounts on sites like Facebook or Twitter, you can create numerous free email accounts, and then configure email forwarding to funnel all of the messages into a single inbox. It's a lot of additional work, but it also offers the benefit of being able to easily detect which sites are selling your information to spammers.
Of course, internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology and well-executed social engineering. You might think that you have nothing to hide, but that doesn’t mean you shouldn’t enjoy the benefits of online privacy. It’s a lot easier to shove your fingers in your ears, and pretend like the NSA and your ISP aren’t watching every move you make. But what you browse is your business, and your business alone. Now is the time to stand up for yourself, and take back your privacy.