How to remain (mostly) invisible online

Users should first re-evaluate what's important to them when it comes to privacy

With such a heavy reliance on the Internet for all sorts of interactions and transactions and the many ways people are connected via their mobile or desktop devices, is it possible to remain invisible online?

While this might be a challenge for many, there are ways for privacy-obsessed users to leave as little a trace as possible when venturing into cyberspace.

Users should first re-evaluate what's important to them when it comes to privacy, says Frank Ahearn, a privacy expert and author of the book "How to Disappear."

[ 8 tips to enhance your online privacy ]

"Is it OK that apps have access to their GPS [global positioning system] location, their camera, photos and phone book?" Ahearn says. "Privacy is an odd sort of thing. It is not tangible, and sometimes out-of-sight leads to out-of-mind."

Still, it's important to consider when people use a medium owned or operated by a third party, such as the Internet, an elevator with a camera or a mobile app that requires connectivity. "We need to accept that there presently is no privacy in those circumstances," Ahearn says. "Therefore, it is less about maintaining and more about personal awareness."

Internet users can better protect their privacy online "by thinking of their private information as gold; do not give it away," Ahearn says. "Place a personal value on private information and recognize that sites want to profit [from] the information they extract. The best way to combat that is to supply untrue information. Deception has a positive purpose in the digital world," and in fact is the best ally a user has to truly protect his online information.

Ahearn is not a believer in privacy software and similar tools. "We do not know if anonymizers or privacy email sites work or are telling the truth about their services," he says. "The average person cannot tell a real Babe Ruth signature from a fake, nor can the average person test if software or Web sites are truthful in their claim."

The only way not to be tracked online is to not make a connection, Ahearn says. An example he cites is the use of a prepaid mobile phone.

"The idea is when a user makes a call their identity is not known since no identifiers are attached to the phone," Ahearn says. "This is half-right. When the user purchased the phone from the store, the transaction was captured on camera and so they are connected to the phone. An identity can be discovered from this action." If the user sent someone else to make the purchase, that person would be connected to the phone."

The problem with privacy tools is users do not know if the tools offered will actually work to protect their privacy, Ahearn says. "I tell all of my clients that if they cannot prove the tool, it does not work and a different strategy must considered," he says. "I believe Snapchat guaranteed photos would immediately disappear. But they lied and look what happened."

Still, vendors are offering a number of products designed to help users maintain their privacy online, and these provide a variety of features designed to help keep information private.

In addition to these products, for those users who want to get online and not employ deception tactics, there are a number of options to enhance privacy.

One is to use a virtual private network (VPN) when online. "This way your data traffic is encrypted, and thus difficult to detect by spies or any hackers--whether you use a phone, computer or tablet," says Robert Siciliano, an identity theft expert. "Data transmission may still occur due to ads, but the VPN will put a stifling effect on it."

"There are inexpensive anonymizing VPN services that are easy to use," says Randy Abrams, research director at NSS Labs, an information security research and advisory company. "These services hide your IP address, which does significantly increase privacy, even when using public Internet services."

Another tactic is to install Hypertext Transfer Protocol Secure (HTTPS), a communications protocol for secure communication over a network. Privacy seekers should install HTTPS browser plugins wherever they can, Siciliano says. "It's free, though currently not available for smartphones," he says. "HTTPS means security on the visited Web site."

Users can also be less visible by limiting the information they share online.

"Follow the minimum necessary rule; only fill in the fields that are mandatory when filling out online forms," says Vinny Sakore, cloud security program manager at ICSA Labs, a vendor-neutral firm that tests and certifies security products. "When prompted, do not 'opt in' unless you absolutely need to. Stay away from contests and 'free giveaways' where your personal information is requested."

Users can also quit or limit their activity on social networks. "One of the most common and effective steps to reduce one's footprint is to give up all social networks," Abrams says. "Giving up social networks can reduce both targeted advertising and stalking."

For those users who like their privacy but also enjoy using social media, it's a good idea to post only when you're connected via your password-protected, secure workplace or home Wi-Fi, Siciliano says. "And in some cases you may need to post via computer, not your smartphone," he says.

On sites such as Instagram, Facebook and Google+, set the privacy settings to not allow anyone outside your approved list to view your information," Sakore says. "Also, be careful about approving posts and images where you are 'tagged,'" he says.

For added privacy on mobile devices, users should put their device into airplane mode--which suspends data transmission--while using apps such as games. "You don't need to be online to play all games," Siciliano says. "Being offline means your personal data can't be transmitted."

[ Five new threats to your mobile device security ]

Also, turn off cellular data connections. "Unless you absolutely must know every single e-mail that's coming in when you're out and about, switch off the cellular data," Siciliano says. "Check your e-mail only when you're on a secure network."

Other tips for mobile users are to turn off the GPS and Wi-Fi on your mobile device, and "dumb down" your phone.

"GPS, Wi-Fi and geolocation can pinpoint your location fast," Siciliano says. "Keep them off unless you need them. To turn off geolocation, start with your apps that take photos, then do the rest. Then you won't have to worry about government agents finding you."

You can also ditch your smartphone and use a feature phone. "Though even a simple cellphone can be used as a tracking device, it makes it hard for anyone to get your location and data, since you can't get on social media or play online games with a dumb phone," Siciliano says.

Join the CSO newsletter!

Error: Please check your email address.

Tags NSS LabsICSA Labssecurityprivacy

More about FacebookGoogleICSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bob Violino

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts