GlobalSign Blog

06 Apr 2018

9 Online Privacy Myths Keeping You from Maximum Online Privacy

Given how much data we share every day, maintaining online privacy is not easy. On top of that, cybercriminals, corporations and governments are trying to strip away the little privacy that internet users have left.

In 2018, this concern is more important than ever. From allegations of election interference and surveillance to the most recent charges of unauthorized data access and usage against Facebook and Cambridge Analytica, fresh new infringements on our right to privacy seem to appear daily.

There’s plenty of advice about digital privacy and security, but not all of it is good. That’s why we’ve gathered 9 of the most important online privacy myths that need to be debunked:

Myth 1: Hackers Only Target VIPs and the Wealthy

High-value targets are an attractive proposition for hackers, but many prefer casting a wide net and taking advantage of absolutely anyone they can capture - yourself included.

To understand why you might be a perfectly valid target, you have to understand that hackers and scammers aren’t always after the biggest bank account they can find. If they access sensitive trade secrets in a mid-level employee’s files, for example, they can blackmail the company or sell the documents to one of the company’s competitors. They can infect thousands of users with bots that they can then harness to launch DDoS and hold websites for ransom. They can manipulate a user’s social media accounts to sell hundreds of fake likes to desperate marketers or to give fake accounts a collection of friends to make them seem real.

Anyone can be a target - and when hackers aim to hit as many users as possible, then everyone is a target. Yourself included.

Myth 2: Incognito Mode/Private Windows on Your Browser Help Keep You Anonymous

Many popular internet browsers feature private modes, but the level of privacy offered by these settings is paper thin at best. To their credit, these browsers are often very upfront about both the capabilities and limitations of their private modes, but whomever reads the instructions?

Essentially, these modes prevent your browser from collecting cookies, which sites use to track your traffic. That’s a good start, but it’s not enough if you want to remain anonymous (or as close to it as possible). Websites can still fingerprint users, send tracking pixels to their cache and identify visitors’ IP addresses.

How about proxy extensions for your browser? Well, it’s a step in the right direction, but it’s not enough. Not all proxy extensions are encrypted and those that are will be limited exclusively to browser functions. That means that any other online communication your device conducts outside of your browser (for example, push notifications from your apps) won’t be covered. However, a proxy extension will help hide your location and potentially prevent cookies and other tracking tools from reaching your browser, depending on the proxy you use.

The best browser to remain anonymous is Tor. This free browser sends traffic through several layers of encryption to hide your traffic, location, and identity. Tor is a very powerful online privacy tool, but it can (sometimes significantly) reduce browsing speeds, and websites will still receive any data you give to them willingly.

Myth 3: If Your Facebook Is Private, Only Your Friends Can Access Your Data

Facebook has a lot of privacy and security settings, and you’ll have to understand them all to paint a clearer picture of what they can and can’t do with your data. However, here are a few givens:

The first point is only the beginning. Facebook has a wide array of different settings that can be fine-tuned to make your account as closed or as open as possible. It’s important to explore them all and understand how they work. You may be surprised at how open some of Facebook’s default settings are.

The second point is important because it’s at the heart of the recent Cambridge Analytica controversy. People were shocked when whistleblower Christopher Wylie revealed that the company had accessed the data of millions of users without their consent and then used it to help the Donald Trump election campaign in the US.

This underscores the importance of closely reviewing your app permissions. Do you trust every app or company you’ve added? Do you know how all of them use your data and whether or not they sell it to anyone else? Do you really need that app to access everything that it has asked for? Each of these questions usually involves a tradeoff with convenience or functionality on one end and privacy on the other. And then there are cases like Cambridge Analytica, where we can see that those rules aren’t necessarily followed.

Myth 4: Any VPN You Choose Will Keep Your Traffic Safe and Private

Not all VPNs were created equal. Using one is important for ensuring maximum possible online privacy, but some will actually take a step backwards if you’re not careful.

As enticing as they are, free VPN services should be ignored. Always remember - when a valuable service is provided for free by a for-profit company, you’re not the customer, you’re the product. There are different ways to run a free VPN, and most of them involve monetizing users’ data. Whether this means selling your traffic logs or injecting ads into the sites you visit, it doesn’t translate into much more privacy for you.

Paid VPNs answer to you, the paying customer… unless they belong to the 14 Eyes. The 14 Eyes is a term in the privacy community that refers to an alliance of 14 countries that share surveillance data and/or data and surveillance legislation. If a VPN is located in one of those countries, it is highly likely that it keeps some sort of logs on its users and/or their traffic. Law enforcement or other government agencies can then request this data virtually at will.

The best possible service is a paid, full-featured VPN that doesn’t track its users. VPNs can avoid onerous surveillance legislation simply by registering in countries that have no such laws on the books. For example, NordVPN, a popular full-featured VPN, is registered in Panama, which has no online surveillance laws whatsoever. NordVPN’s no-logs policy means that nobody can demand a log of their users’ activities, and if they do, there’s nothing there to surrender.

Myth 5: Your Phone Will Always Choose the Most Secure Internet Connection Possible

No. Your phone will choose whichever connections you allow it to or whichever ones you give it, so make sure you’ve reviewed your settings.

It’s widely known that public Wi-Fi hotspots are a privacy and security nightmare, so if you use them regularly, consider securing your traffic with a VPN or changing your habits. If your phone has been set to connect to open hotspots automatically, then you need to turn this setting off immediately. Public Wi-Fi hotspots are the perfect place for hackers and scammers to collect data from unsuspecting users.

You’ll be in better hands with your phone’s mobile data service. 4G is often encrypted and is much harder to intercept. It’s not impossible - authorities in numerous countries have found lone telephone towers in the wilderness set up by cybercriminals to intercept wireless data traffic - but it’s a much more expensive and involved operation. In addition, telecoms often cooperate freely with the government whenever they want to access user information. One way or another, encrypting your mobile data using a VPN app is probably a good idea.

Myth 6: If Your Device Is Offline, That Makes It Totally Safe

Staying disconnected is an excellent, if inconvenient, way to keep your device secure. Most hackers and scammers work online, and if you have no internet, you have no hackers or scammers, right? Not quite.

Viruses and malware are very good at spreading via physical data storage as well. Indeed, the notorious Stuxnet worm, which was used to incapacitate Iran’s uranium enrichment efforts, was propagated using infected USB flash drives. Other viruses and malware are often perfectly capable of doing the same. Even if your computer is disconnected from the internet, make sure it has a program capable of checking and quarantining files introduced using CDs or USB drives.

Myth 7: Encrypting Your Traffic Will Keep Your Data Totally Private and Secure

Encrypting your own traffic is one of the most important steps you can take to ensure online privacy. However, don’t forget that every website storing your information is a potential weak point that could reveal your information to the public. You can only ensure 99% security and privacy up to the point when your data leaves your hands.

These unwanted exposures may occur due to malice, incompetence, or a bit of both. The scandalous Equifax breach in 2017 exposed millions of Americans’ sensitive data to hackers, and experts are still trying to figure out who should be more at fault - the hackers themselves or the executives who behaved so irresponsibly with users’ data.

In other situations, you may not be aware of the extent to which your data is being shared by services that you trust. Google collects a worrying amount of data about our traffic to target us with ads. As I mentioned above, it’s important to review your Facebook settings so you know exactly how your information is used and who can see it. Even then, the unfolding Cambridge Analytica controversy has proven that you may never truly be aware of how your data is shared. Indeed, the best way to stay private is to never share your information with the world in the first place.

Myth 8: Once You Have a VPN and an Antivirus, Your Privacy Is Virtually Guaranteed

No matter how many state-of-the-art security tools and software you protect yourself with, your system will always have a weak point - you. Social engineering, and the countless scams it has produced, is one of the most powerful ways to breach a system. They turn the owner of the system against themselves.

Scams are growing more and more sophisticated, but if you’re a system administrator, even the throngs of Nigerian princes eager to transfer their inherited wealth should worry you. Not all older internet users have the same immunity to paper-thin scams as younger users do. That’s why it’s important to block suspicious emails, establish clear data sharing guidelines and educate users on recognizing scams that might evade your detection.

Short of a good file scanner and malware filter, there’s not much stopping you from downloading a virus or other malware if you trust the person sending it. Viruses are designed to be undetectable, so someone you know and trust could unwittingly transmit one to your device. Powerful antivirus software will do much to prevent threats like this, but nobody’s perfect. Antivirus software companies have to constantly update their databases to identify new emerging threats, and it’s not always possible to predict them, so they’re often one step behind in their cat-and-mouse game.

Myth 9: Data Collection Is Impossible to Avoid and Anonymity Is Impossible to Achieve

This one’s a bit of a tough nut to crack. Strictly speaking, true 100% online anonymity probably is impossible to achieve. You can come pretty close, but to do so, you may have to sacrifice much of the functionality and features that make the internet such a great and convenient tool. However, using just a few simple tools like a full-featured VPN and antivirus software will get you a long way towards your goal without sacrificing much. You’ll also have to change your browsing habits to minimize the amount of data you share with the world. At some point, only an extraordinary and targeted event would be able to reveal any personal data you’d like to keep private and if that’s the case, most users can rest assured that they are browsing privately.

The fight to protect online privacy is an uphill battle, and it’s one with many different opponents - from over-reaching corporations and cybercriminals to governments interested in mass surveillance. As long as the corporations whose services we use are unwilling to respect privacy as a right, the fight will continue to be a difficult one. Nonetheless, there is a wealth of tools at your disposal to help you maintain your privacy and security online.

If you do your homework, the reward will be worth it - you’ll breathe easy knowing that your online traffic and sensitive data are secure from prying eyes and malicious hackers.

About the Author

Harold is a cybersecurity consultant who also works as a freelance blogger. He lives in New York, where he loves to go on coffee walks with his golden lab, Ernie.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign

Share this Post

Write for Us

Apply Now