This started as a short blog on my paranoia and quickly escalated. I am breaking it into two parts, describing a small piece of my exaggerated plunge into the depths of personal data security on the internet.
If you read my last blog, you may have witnessed something profound. A few days after the last keystroke on the piece, what started as a “book report” on a podcast I had binged the previous weekend, I began a slide into a dark, scary place. The place I found myself tumbling into (slowly at first, then at terminal velocity) was that of the security of my personal information on the internet. Even the typing of those words solicits a chill down my spine, a numbness in my spirit, a lack of will to even continue with this blog. Alas, my experience should be documented. Not only because the rules of data will probably change again in the coming months, but because, just maybe, my paranoia will make your life that much easier and safer.
Spurred by the GDPR
In my last piece, I discussed the GDPR. I am not going to dig deep here, you can just Google (or not, more on that later) the GDPR and learn anything you want to know about the European Union’s new policy that ultimately affects us all. The takeaway here is that the GDPR is (probably) good. It makes the data collected by companies visible and available to us. The question I ask myself now that the information is more visible:
“What do I do with that?”
This is by no means a compressive list of things you must or should do to protect yourself. This is intended to get you started on your journey of internet security. Someone could work days, months, or even years and never completely shield themselves from the massive data-suck that is the internet. The following experiences I describe are meant to trigger your desire to protect your own information. You must ultimately be in control of your digital life and the level of paranoia you allow yourself to experience.
Cleaning Up Email
The first thing I did was open my email deleted items folder, as I described in that previous blog. A quick search for “Terms of Service” turned up, well, nothing actually. “Update,” nope. “GDPR,” nada. This was going to be more challenging than I thought.
A quick scroll to the bottom of the folder revealed the problem. No messages older than a week were in the trash. Clearly, a previous settings purge was responsible. Lesson one: Pay attention to your email before you delete it.
Unable to heed my advice from the previous article, I resolved to be more diligent on the messages I receive each day and determine one by one if I need that online account. After perusing my junk mail and deleted items and monitoring my inbox for a few days, I was able to close out or unsubscribe from many services that I no longer use. Apple Mail has made it easier to unsubscribe by adding a banner to the top of a message they detect as a mailing list.
Gmail has a similar feature.
Almost immediately, my inbox was staying cleaner, clearer and under control! Each day, I get less and less spam, and while it may not be doing much for my online data, it is making me feel less cluttered and freer.
While I was logged into my email, I verified that two-factor authentication was turned on. 2FA, as it is often referred, adds a layer of protection to your accounts. Many services are migrating to 2FA availability, including banks, social media outlets, blogs, etc. Two-factor authentication usually works by sending a code to a mobile device via SMS or with an app. You must then enter that code on the website before you can log in. This obviously adds an extra layer of protection for your identity and data on these services. If it is available, you should turn it on.
Apple recently turned it on for all iCloud customers by default. You can get all the details on Apple 2FA here.
Gmail does not have it on by default, but a few clicks had me quickly secured. I also changed my password, as it had been over 1.5 years since it had last been done.
Tweaking Additional Account Settings
With my email accounts secured, I moved on to additional account settings. Google has a few tools that you should take advantage of. The Privacy Checkup tool walks you through a wizard that allows you to determine what information you want to share with Google and the world. It is obviously up to you what you want to share.
You should read about each of the settings and whether or not turning it off will affect your normal workflow. While many of the items are clearly used for marketing and ad targeting, some are used in apps such as Google Maps and YouTube and turning it off could cause issues. Make a note of everything you disable so you can revert if the need arises. In my paranoia, I disabled everything for now.
I also deleted my Google+ account. I honestly had completely forgotten about Google+. My last post was a link to an article about the Shake Weight in 2011. I don’t think having the G+ account is doing me much good at this point.
Revisiting Browser Settings
After about an hour of clicking around, I felt somewhat better about my Google settings. I stopped using Chrome a few months back for no reason other than some specific sites I visited stopped working with a recent update. Chrome is the dominant web browser of the world with over 62% of the desktop market share. No one even comes close to that number. It is a good browser and has served me well for years, but it has a history of privacy issues that should solicit pause (Source 1, Source 2 …). It is produced by Google, and as with anything Google, ad revenue and data collection are the primary goals. I switched to Mozilla Firefox because of their openness and dedication to internet security and protecting your data.
I did not just install Firefox and forget it, NO! I am a paranoid android and I want to be as secure as possible. Here are a few things I did to protect myself in Firefox:
- I started by changing my default search engine to DuckDuckGo. Simply stated, DuckDuckGo is a search engine that does not track you.
- Second, I installed a browser extension called HTTPS Everywhere. This extension forces websites to use HTTPS and encrypt the traffic flowing back and forth from the site.
- I use private windows or Incognito mode, as it is called in Chrome, when possible. When you use private browsing, the browser does not save data from the sites you visit. They are very clear to point out, a private window does not make you invisible on the internet. You should not use the setting thinking you are anonymous.
- Enable tracking protection in Firefox. This setting blocks the sites from collecting information about you for their own gain.
- Finally, browse the settings of your browser, particularly the Privacy and Security section. Adjust your settings as you see fit but understand that some things will break certain websites. As I suggested above, note what you change and revert if needed. I found that disabling all cookies made doing my job difficult, so I reverted the setting but chose to have it clear the cookies each time I close Firefox.
Again, these suggestions are not a compressive, must-do, end-all-be-all, cure-all-ills docket of obligatory actions. Your experience with each setting will vary and should be consumed with trepidation and trial. Document your changes, revert if something does not work and read/research on your own.
In part two, I will dive even deeper into despair as I attempt to curtail the dreaded social media monsters.