Finbarr Timbers

Securing yourself against online tracking

I've had a few people email me asking how they can protect themselves online, and what combination of tools they should use. I thought I'd write up my advice here so that others can beenfit.

Overview

Online security is weird. You start taking reasonable measures, and all of a sudden, you're wearing a tinfoil hat and air-gapping all of your computers. You can go crazy with security, so it's important to be realistic about the types of threats that you face, and choose security options based on the threats you're worried about.

There's some stuff that you definitely should do, and then after that, you start getting deeper and deeper into paranoia territory. How deep you want to go depends on how worried you are (and remember— you're not paranoid if they really are out to get you).

You should definitely do three things:

  1. Install uBlock Origin & Privacy Badger.
  2. Use a password manager like LastPass to generate secure passwords.
  3. Encrypt all of your hard drives.

After that, it depends on how worried you are. If you're concerned that people might be trying to log into your accounts, or access your computers illicitly, you should look at installing two-factor authentication on your email accounts, password manager, and computers.

uBlock Origin

uBlock Origin is an ad blocker that's super lightweight, and just works (there's been some weird controversies about ad blockers… Google 'Adblock Plus' if you're interested). It blocks requests by default, so that, e.g., Google Analytics can't track your visits to sites. This might break some sites, but you can disable it for those sites.

Link

Privacy Badger

Privacy Badger is a tool made by the EFF (a non-profit that focuses on digital rights) that blocks spying ads and invisible trackers. This would, for instance, block the images that BananaTags uses to track forwards from loading.

Link

Password managers

Password Managers are tools that manage your passwords for you. This allows you to come up much more complex passwords that are randomly generated, and to share them securely (no more emailing passwords, or sharing a Google Sheet).

LastPass is the one that I'm most familiar with, and it has a free tier that satisfies most of your needs.

Link

Less crucial security options

Two Factor Authentication (2FA):

2FA is a system where you are required to prove your identity in a second, independent way. As a result, having 2FA enabled guarantees that merely having your password isn't enough to access your account. If John Podesta had 2FA enabled, Russia wouldn't have been able to hack his emails.

You can enable 2FA on Gmail, Lastpass, and to login to Windows. There are multiple ways of using 2FA:

  1. Have a code sent by SMS to your phone
  2. Use an app on your phone that generates codes
  3. Use a physical stick that generates a code (so you don't have to type anything- just push a button).

I'm currently demoing a Yubikey (one of the physical 2FA keys) for work; I'll update this with a review afterwards.

IBA Opt-out

IBA Opt-out opts you out of Google's interest-based ads, which makes it so that other sites can't track you through the ads. This is Google only, so it's less useful than the other tools.

https://chrome.google.com/webstore/detail/iba-opt-out-by-google/gbiekjoijknlhijdjbaadobpkdhmoebb?hl=en

HTTPS Everywhere

Also by the EFF, HTTPS Everywhere makes it so that all of your pages use HTTPS if supported. It's useful to defend against sites that try to inject ads or unwanted material (e.g. on Greyhound, the bus wifi automatically takes over the ads). Unsecured connections can be used for man-in-the-middle (MITM) attacks, where a page steals your data by snooping on your traffic. That shouldn't be a problem as every site you use should use HTTPS, but there's no harm in using HTTPS.

Link