Simple: just uninstall everything Google, Facebook (including Instagram and WhatsApp), Microsoft, and move away from iOS/Android/Windows. Compile your own software, and live off the grid.
At least, that’s what some privacy advocates seem to tell you. The reality is that a lot of services, while being terrible for privacy, do provide value and convenience. Yes, Google Maps has a history of all the places you’ve visited, but the only other real options are Apple Maps and maybe Waze, which are also owned by large corporations. Yes, OpenStreetMaps exists, but it doesn’t have the funding that these large corps do. And these large corporations having this power is an important topic, but it’s not fundamentally a privacy discussion.
That said: there’s a lot you can do that won’t affect you much in convenience. For example, you probably use Google search–but do you really need to? There are several other search engines out there, and realistically, they will bring up what you need just as well. Or, you could use something like a meta-search engine, which is a service that will query other search engines for you. And no, it’s not a major hassle. Below, we will tackle some things you can do to upgrade your privacy online.
This is probably the first place you should start. It’s very easy to move away from Google or Bing, to something more private like DuckDuckGo or StartPage. You can, in your browser’s settings, change the default search engine to DuckDuckGo pretty easily–it’s usually an option on there. Doing this means that companies like Google have less information about you, which is a step up. And when it’s your search data, it’s a pretty major step up.
And before you bring it up: yes, DuckDuckGo has been caught allowing Microsoft trackers, but it does seem like they’re pushing back, and they’re still a lot better than Google.
There’s very little reason to actually use GMail, really, besides a few Google services. Google is known to automatically scan e-mail to improve their ad targeting, which makes sense since Google is primarily an advertising company. There are several really good, private alternatives out there: I personally use ProtonMail, but there’s also FastMail and Tutanota. Some of these services have paid tiers for around $5/month or so, and that’s well worth it. I use Proton’s Unlimited plan, since that also gets me access to their VPN (discussed below).
I can vouch for ProtonMail personally–at least on their paid plan, I get 500GB (a little more with bonuses) storage, encrypted email, two-factor authentication (both TOTP and U2F/FIDO2 support), custom domains, catch-all email addresses, SimpleLogin, and more. Okay, I threw some jargon at you, but basically:
- Encrypted email means that the contents of your emails are encrypted in transit, so only the recipient can see them.
- Two-factor authentication (2FA) means you need two things to log in to your account: a password, and a second factor. This improves security so that others who obtain your password (through, say, data leaks) don’t have access to your email. The second factor can be an authenticator app on your phone that generates a 6-digit code that changes every 30 seconds (hence, Time-based One Time Password–TOTP), or a physical USB key that you need to insert into your laptop or tap to your phone, like a YubiKey (which use standards like U2F and FIDO2), which is more secure than TOTP-based 2FA.
- Custom domains are a way to get an email address on your own domain. If you own a domain, say yourdomain.com, then you can use email services like ProtonMail to get an email ID like firstname.lastname@example.org.
- Catch-all email addresses apply if you own a custom domain. Having your own domain, you can redirect emails sent to your domain but to an unknown address (say: email@example.com) to some place like your inbox or spam. This is very useful! Personally, I use it to see if any services are selling my data–when signing up to say Netflix, I enter my address as firstname.lastname@example.org; then, whenever Netflix (or anyone they sell data to) would send an email to that address, so I’d know instantly what happened there.
- SimpleLogin is an email alias service. If you don’t want a service like Netflix to know your actual email ID, or you want to generate a temporary email ID, SimpleLogin lets you create an alias that will forward mail to your inbox. If you want to stop email to an alias, you can simply delete it.
E-mail has gotten sophisticated, and it’s worth exploring all the options out there, especially those that have good privacy.
This one seems divisive. Switch to Firefox. Mozilla, who work on it, have shown time and time again that they actively fight for your privacy–both digitally, by blocking trackers and such, and in the real world, by fighting for better privacy in laws. Firefox is facing an uphill battle here: there are only three major browser engines in the world: Gecko, which powers Firefox, Waterfox, and LibreWolf; Blink, which powers Chromium-based browsers like Google Chrome, Vivaldi, Opera, SigmaOS, and Microsoft Edge; and WebKit, which powers Safari and all browsers on iOS devices.
There was a dark period where Firefox was indeed slower than Chrome–this led many users to adopt it. However, since then, Firefox has caught up–and realistically, with Internet speeds these days, it won’t make much of a difference. A big difference comes in privacy and features, though. Firefox notifies you when a website wants to use your canvas data (which has legitimate uses, but can be used to track you), was the first to add tab groups (which they removed later, and which I’m still salty about; although Chrome’s implementation is pretty terrible–SigmaOS and Arc do it better), and is far more customizable thanks to them opening up about:config and then making it programmable via a user.js file.
What’s the big deal about Blink (the engine that powers Chrome) being the majority? After all, it is free and open source, right? Yes, but the largest contributor is still Google, so they have some control over that. Moreover, this essentially leads to Google having control over the web. For example, starting as early as January 2023 (although this article says it’s been pushed to 2024), extensions on Chromium-based browsers will not be able to block ads. Gee, maybe a large advertising company having a controlling interest over web browsers isn’t the brightest idea–who would’ve thought? Moreover, it makes web developers lazy. To all web developers who only test their websites on Chrome: you suck and you’re part of the problem. Guess what–Blink isn’t the only engine out there. So if you see websites that work on Chromium-based browsers but not Firefox, report it to Web Compat–and then shame them on Twitter for good measure. Seriously, devs, get it together. Indeed, it’s been found that some websites will say they don’t work on Firefox, but then work on Firefox just fine when you change the user agent (this is part of the request your browser sends to websites, which tells the site what browser you’re using)–and to those devs, I say shame on you. /rant
You can make your Firefox experience much better through extensions and by editing about:config. For extensions, I recommend uBlock Origin, an ad blocker (NOT uBlock), Privacy Badger–which blocks trackers, Decentraleyes–which prevents tracking via centralized content delivery, ClearURLs–which removes tracking info from links you visit, and Bitwarden–a free and open source password manager which you should use instead of your current solution. For about:config, I’d say research it on GitHub or Reddit. This is arguably a more advanced feature, so you should only tweak settings if you know what they do, so I won’t make specific recommendations here.
Please stop using Zoom–its privacy issues are well-known (see Source 1 and Source 2). If your work or university forces it, try voicing a concern–although it likely won’t work, realistically. However, for personal meetings, you can use Jitsi Meet, which is free and open source, and does not need an app (although they have an app if you prefer).
There are few messaging apps I’d recommend, honestly, based on privacy: Telegram and Signal are my top recommendations, in that order. A lot of privacy folks will be up in arms about this specific order (and the Telegram recommendation at all), but hear me out: I started this with the concept that privacy and convenience are often at odds with each other. Yes, Telegram chats are not end-to-end encrypted by default, and yes they use a non-standard encryption–but it’s undeniably the most feature-rich messenger ever–and I’ve used Pidgin and Google Talk. Telegram allows you to download chat histories in HTML and JSON; it has all the stuff people want, like stickers and the animations and themes and voice/video calls; it even has screen sharing. It’s a very versatile messenger, and at least now in 2022, they have a solid way to monetize, through Telegram Premium (which I fully support and subscribe to, by the way), so the earlier concerns of one billionaire funding the entire thing are less worrisome now.
A Virtual Private Network, or VPN, is a way to access the Internet through a middleman, where your traffic is encrypted (or tunneled). It hides your traffic from your Internet Service Provider (ISP) and the government. This means that you can access websites that would otherwise be blocked. This has two implications: privacy, since your traffic cannot be monitored, and censorship–if your government does not allow free speech, VPNs are a way to bypass that. An important consideration with VPNs is a no-log policy and audits–the first means that they do not log what sites you visited; the second means that an independent, third-party company has ensured that your data is safe with the provider. The only two I’d recommend at this point are ProtonVPN and Mullvad. Firefox VPN is fine, although it uses Mullvad in the backend, so you may as well use Mullvad.
These are some great first steps to upgrading your online privacy. There are other ways, some dealing with things like anonymization, and others a little more technical like changing your DNS server, but these are a solid start.