No, Your Incognito Browser Isn’t Actually Private. Here's How to Safely Surf the Internet
With data breaches like the Equifax hack becoming more common, investing in your online privacy has never been more critical. And let's be real: that incognito browsing option you think is cloaking your every move? It's not really doing that.
There's no way to be truly anonymous online, but there are plenty of basic steps you can take to make it harder for hackers and advertisers to track you. Here's what a handful of online privacy and security experts recommend doing to actually browse the web privately:
Secure the Basics
If you're not actively trying to hide online, but rather wish to manage some of the information other sites and companies can collect, experts suggested taking the following steps:
- Comb through the privacy settings on your Facebook, Linkedin, Twitter, and other social media sites (look for things like your location settings, which you should turn off)
- Enable two-factor authentication (a security process that requires an added measure beyond a password, such as inputting a code that is texted or emailed to a user) whenever possible
- Use a password manager like Sticky Password or Dashlane, and never reuse passwords (and make sure to set up two-factor authentication for your manager, as they are also susceptible to hackers)
- Turn off GPS, Wifi, and Bluetooth to "limit your devices from attempting to connect with external devices and networks, some may be legitimate, some may be malicious," suggests Joel Wallenstrom, the CEO of Wickr, a service which offers encrypted messaging
- Create a "master email" address which is only used to recover important accounts (not for stuff like online shopping or mailing lists), which no one else knows about
- Make sure you're not searchable by phone number on Linkedin, Facebook, etc.
- Unsubscribe from superfluous mailing lists, like stores you never purchase anything from
- Use a HTTPS connection instead of HTTP, which will encrypt your connection with websites (there are plugins you can get for Chrome, Firefox, and Opera so you are always using HTTPS)
- Use an alternate search engine that does not track you like Duck Duck Go
- Check out Have I Been Pwned, a site that can tell you whether or not you've been the victim of a data breach (you can also sign up for notifications)
Experts also suggest opting out of social media altogether. If that's not possible, a service like Xpire will comb through your status updates and "friend" lists to help you delete old posts and better manage your online presence.
And one more thing: don't use your social accounts to log in to other websites or apps. "Yes, it’s convenient but it gives them access to a lot more personal information than just providing an email address would," says Wallenstrom. "You have no idea how they use or who they share that data with."
Use a VPN
"The best way to stay invisible on the web is to blend in with the masses, and make it so detecting you costs more than it's worth," say Todd Millecam, the CEO of SWYM Systems, Inc., an IT firm.
VPN services could help with that.
A VPN, or virtual privacy network, is a service that keeps your activity private when you use public Wifi (typically at a cost). Your PC connects to a VPN server, which will route your traffic to another point on the Internet in an encrypted tunnel and then eventually to your ultimate destination, making it more difficult for hackers (or your employer or internet service provider) to track your activity.
So how to you choose a VPN? You want to avoid the free ones and pay for one instead. Also, choose one that does not log your data, and look for other built-in features, such as malware, ad and tracking blockers.
Alternatively, you can use Tor, which routes your connections through a number of different computers. "It's more secure than a VPN, but can be quite slow," Nick Cano, a senior security architect at cybersecurity firlm Cylance Inc. says.
Install an Ad Blocker
These browser plugins stop ads from identifying and tracking you. Cano suggests uBlock Origin, although some VPNs also include this feature so you may not need to download anything else.
Mark Herschberg, a cybersecurity expert and principal of White Knight Consulting, suggests installing a tool that disables cookies as well, (cookies store pieces of information about the user or a website on your browser and make using certain websites easier/more seamless). One in particular that he recommends is Privacy Badger from the Electronic Frontier Foundation.
Use Encrypted Email and Text Services
Encryption makes it harder for hackers and other third party entities to access your data by encoding it in a way that can only be decoded with a certain key. "Encryption is the best way to keep your identity a secret," says Millecam. "They'll still know where you are on the web and who you're talking to, but they'll have no idea what you said."
For email, Cano suggests using something like Protonmail, which is free, and Jamesson likes CryptUp, a Chrome extension that allows you to send and receive encrypted email via Gmail. For texting, there are plenty of options. Apps like Signal, Telegram, and Confide encrypt texts (Confide is the preferred encryption app of White House leakers) so you can text privately. For team or company-wide security, services like Wickr offer encrypted messaging, calling, and video conferencing.
"[This] ensures your conversations remain private and not stored on servers that are vulnerable to breach," says Wickr's Wallenstrom. "What you don’t save can’t be accessed."
Additionally, if you're signing up or registering for something, Guerrilla Mail can generate random, temporary mailboxes. And if registering for something requires your name and address, consider using something like Fake Name Generator (unless it's for shipping or billing purposes).
Consider Temporary Credit Cards
Your credit card information is valuable and extremely easy for hackers to access. That's why some banks and third party companies like Privacy have options to create virtual, temporary online cards. The cards are tied to your actual credit card, but have a different number, security code, and expiration date. They also have virtual limits which you set yourself.
Try a More Secure Device
If you're prepared to go further, there are other (more expensive, less convenient) options. For example, the Librem 13 laptop by manufacturer Purism, is described by Gizmodo as "a surveillance paranoiac’s fantasy." It will require a hefty payment (it's listed at $1,400) and you'll likely have to learn to use a new operating system (one that is more secure than Windows), but it offers far better security than your typical PC. One feature touted by Gizmodo is its physical kill switch, which deactivates the webcam and microphone (it also has one that disables Bluetooth and Wifi) by shutting off all power to them. Meaning you can throw away that piece of tape over your camera.