on the Internet

Countersurveillance refers to measures that are usually undertaken by the public to prevent surveillance.

Recently I watched a documentary, Citizenfour by Laura Poitras. It made me think… and it made my friends think… about what can we actually do, to protect ourselves from governments and big tech companies collecting data about our every move, without our consent, and without any reasonable suspicion of us doing criminal activity.

I am an IT professional. Not an IT security professional, but an IT professional with a generic IT security training … and here I give you a list of ten things you can do to protect your privacy on the Internet.

[1] Use communication tools which have end-to-end encryption
End-to-end encryption is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to decrypt the conversation.

For your email: use protonmail. For instant messaging: use signal.

[2] Use incognito (private) browsing to surf the web
Private browsing is a privacy feature in some web browsers, eg. firefox. When operating in such a mode, browsing history is not saved, and local data associated with the session, such as cookies, are cleared when the session is closed.

[3] Use different search engines – not always the same
Options at your disposal: google search, microsoft bing, duck duck go.

[4] Don’t give your PII data to websites
PII means personally identifiable information: name, address, bank account number, credit card number, social security number.

Not giving your PII data to a web service is sometimes unavoidable, e.g. when you do online shopping. But at least think twice (do you trust this website? do they have a reasonable privacy policy?) before giving out your PII.

[5] Use disposable virtual credit cards for online shopping
Essentially this means use a credit card only once. Many banks provide disposable online credit cards. The card is not actually created physically, it is only a number.

[6] Use bitcoin for online shopping
If your shopping vendor accepts bitcoins, this is the ultimate privacy-conscious way to pay money.

[7] Ask websites to delete your personal data (in the EU)
If you are in the EU, you can ask the websites you use to delete your personal data. The The General Data Protection Regulation (GDPR) regulation enforces them to honour your request within a reasonable time (days).

[8] Use a different password for every website
(This only occured to me after watching the Snowden documentary, where at some point they mention that your password, or rather the password hash code can also be considered PII data.)

[9] Disable location sharing on your mobile phone
This is inconvenient, and honestly does not add much value if you want to hide your location from the government (the mobile network providers know where you are anyway). But it helps you to hide your location from tech companies owning the apps running on your phone.

[10] Use VPN
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Essentially, by using a VPN you can pretend to be somewhere else.