Keeping your personal information and online activity to yourself is an ambitious goal. Large tech companies such as Google, Facebook and Microsoft are invested in tracking everything you do online – and sometimes offline. Even some small websites and apps will do their best to make a profit from snooping on you.
So, how far must you go to gain a measure of privacy, and what sacrifices will you have to make?
Even though it can be extremely difficult to avoid being tracked, you can still limit your exposure by embracing a strategy of anonymity, rather than privacy.
We won't venture into the territory of becoming a totally anonymous digital wraith. That takes serious commitment, skill, and specialised software, making it far beyond the scope of one article.
On this page:
- How your email gives away your identity
- Stop using your real name online
- Lock down social media visibility
- Messaging apps and services
- Microsoft's data tracking
- Google's data tracking
- Facebook's data tracking
Privacy versus anonymity online
Privacy refers to stopping people from collecting data and
tracking your activities.
Anonymity is not so much about avoiding being tracked, but rather not letting anyone know it's you that they're tracking. You gain anonymity by making it harder to link tracking data back to your real identity.
But solid privacy practice is still important because offering up less data makes it harder for third parties to piece the puzzle together.
How your email gives away your identity
Your email account is a major weak link for a few reasons. Using the same email address to sign up to multiple services can allow companies to realise it's the same person behind various online accounts, especially if they're owned by the same company.
Create accounts using an email address, rather than sharing data with Facebook or Google.
If you use Gmail as your email provider, you might have signed up to non-Google-owned services by clicking that handy button to create the account, rather than creating one with its own login and password.
This links the two services and allows some of your information and activity to be traded in both directions.
Many email providers (largely Google) can read and track every email you get.
Plus, new accounts will send you a confirmation email when you sign up to them, letting a nosey email provider know what accounts you've created and when.
If you want the simplicity of using the same email address for every online account, don't provide personal details in your account profile or email address. And use a privacy-centric, encrypted email client that doesn't gather info from your inbox such as ProtonMail, Mailfence and Tutanota among many others.
For services you don't plan on using much, you can create temporary email addresses using websites such as Temp Mail, 10 Minute Mail or the many other disposable email services available (do a web search for "disposable email" or similar). Using these services has the potential added benefit of keeping you off spam lists.
If you're happy to juggle multiple email addresses, a password manager will help you keep track of which logins you've used for each service.
Stop using your real name online
Make sure visible usernames don't unnecessarily reflect your
real name. If you want friends to be able to recognise you, consider only subtle changes, or using a nickname. Or you might let your profile photo do the talking for you, but keep in mind facial recognition technology is becoming more effective and widespread, and regulations about its use have been criticised as unfit for purpose in Australia.
If you change your name for an account you've previously
used your real name on, this won't keep your details from the company that runs
the service because they'll remember your original details. It also won't keep
you safe from bad actors who gain access to those server files. But it can keep you
safer from irate people tracking you down and harassing you.
Some services such as YouTube let you have multiple user profiles you can easily switch between, meaning you can interact with different types of content using different identities.
Lock down social media visibility
Make sure your social media accounts are set to private via each
service's privacy settings. The level to which you can do this varies depending
on the service, but most give you at least some control over who can see your
posts, activity and personal information.
Consider what information a social account needs. Your location, birthday, gender identity or education history might not serve any purpose for you, but could provide valuable information to others who might not have your best interests at heart.
And think twice before you post personal information, even if only your friends can see it. Just because your account is secure doesn't mean theirs is.
Messaging apps and services
Most messaging services aren't totally private. Unless the service is end-to-end encrypted (E2EE), the company running it can read your conversations and record your activity – as can anyone else who gains access.
SMS messages are unencrypted and pass through a large number of servers and towers to get where they're going. Not only can your provider read every text you send, it's reportedly not hard for others to intercept your message traffic, too.
The solution is to find yourself a privacy-focused app that uses E2EE, then convince friends and family to sign up.
Apple's proprietary iMessage service and Signal are both E2EE by default, meaning only you and your message recipients can see your conversation.
For services you don't plan on using much, you can create temporary email addresses using websites such as Temp Mail and 10 Minute Mail
iMessage conversations that have been backed up to iCloud are also encrypted, but Apple has the key for this encryption and could theoretically access it. Apple's Messages app uses iMessage between iPhones (shown in blue text bubbles), but uses unencrypted SMS/MMS for messaging other devices such as Android phones.
Signal's conversation history can be difficult or impossible to transfer to a new device, depending on the devices and context.
It might be difficult to get your friends and family to embrace a new messaging platform. In these cases, some unencrypted messaging services such as Facebook Messenger and Telegram have the option to create one-on-one 'secret' chats that are E2EE.
Microsoft's data tracking
Microsoft collects and shares plenty of data about you. Some of it you can limit via settings menus, but not all.
The only way to really keep off Microsoft's radar is to avoid Windows and other Microsoft products entirely. See Microsoft's stance on privacy.
Many Linux distributions (or distros) such as Qubes OS and Kodachi are set up around privacy, but you'll generally get less snooping compared to Windows from any of the popular options such as Ubuntu, Manjaro, Mint and many others.
If you don't like the sound of Linux, one compromise is to use Apple products. Apple markets itself as a privacy champion and while it collects plenty of data about your products and usage, it has a policy of not collecting or sharing personal information. See Apple's stance on privacy.
Using Apple devices isn't as private as even the more user-friendly Linux distributions, but it's less of an overshare versus Windows or Google products.
Google's data tracking
You can try to limit Google's data tracking and sharing, but there's only so much you can do.
To stay off Google's radar, you need to stop using its products altogether.
This includes Android, ChromeOS and Nest devices, as well as services such as Gmail, Chrome, Google Assistant, Google apps, and anything else owned by this data-collection behemoth.
Facebook's data tracking
Even if you lock down your Facebook account, the company is
still collecting a huge amount of data about you.
The best you can probably do is keep your real name hidden, but if you've ever used it for your current profile you're out of luck. This goes for Instagram, WhatsApp and Facebook Messenger, too.
If you have any apps linked to your Facebook account, remove those permissions.
And avoid using your Facebook account to sign up to any
other websites or services.
The only real way to keep Facebook at arm's length is to
shut down your account, delete the app, and never open it up again. It's up to
you to decide if it's worth it. See Facebook's stance on privacy.
Use a VPN
Your IP address is one of the easiest ways to track you around the web. Using a VPN is a cheap, safe and simple way to get around this.
But make sure your VPN provider is trusted and avoid free VPN services, which on the whole have a bad reputation for privacy (it's been said that if the service is free, you tend to be the product).
Keep clear of cookies
Most web browsers these days disable unnecessary web cookies by default, but it's best to check in your settings menu that third-party, tracker and advertising cookies are switched off.
That said, there are other ways browsers and websites can track you, which can be harder to control.
Only so much you can do
This is hardly an exhaustive list. Companies and bad actors are constantly inventing new ways to track you around the web and beyond.
You might be able to keep your real name and personal information out of the equation, but completely masking your movements requires a level of sacrifice, commitment and expertise beyond the average person's scope.
But that doesn't mean you should adopt an in-for-a-penny attitude and let it all hang out. You can still regain some control over who knows your information and activities. How far to take it is up to you.
Stock images: Getty, unless otherwise stated.