Online tracking has become more rampant and pervasive in the last few years. Thanks to the ongoing pandemic, many people spend significantly more time online, whether because of remote work or school, or just because there’s not much else to do while in self-isolation.
For many, the extra time online and, by extension, the extra data handed over to Big Tech companies like Facebook and Google, is cause for concern. These tech giants hoover up as much data about people as they can get, use it to construct detailed profiles and then use or sell those profiles to target people with ads. While some people may think that doesn’t sound so bad and that they’ve got “nothing to hide,” that’s really not the case.
Thankfully, there are ways to fight back and protect your online privacy from invasive tracking practices. But before we get too deep into it, I want to be clear that online and digital privacy can be a slippery slope. It’s pretty easy to find yourself in a spot where it feels like maintaining any level of online privacy is impossible. That’s not the case, but it can definitely feel that way.
Avoiding the privacy rabbit hole
Last year, towards the beginning of the pandemic, I decided I wanted to take my online privacy more seriously. I started doing research and making changes to how I use online services, apps and other digital products. It quickly became overwhelming and seemed like every day there was some new privacy threat and a fresh tool that was extracting my data.
To avoid arriving at that same spot, I recommend thinking about how ‘private’ you want to be online. Even taking a few small steps to curb digital tracking can help. In an ideal world, no one would have to pick between using an online service and maintaining their privacy. Hopefully, in the future, we can put a stop to invasive online tracking.
For now, I think the best approach is to assess, reduce and mitigate (borrowing from the ‘reduce, reuse, recycle’ mantra). Start by assessing the digital products you use and consider your privacy needs. Think about what your privacy goals are, and then approach the rest from there. For me, I found the best choice was to work towards reducing tracking instead of focusing on stopping tracking entirely. That approach may not work for everyone, however.
Then, reduce your reliance on software that’s privacy invasive. If you can, stop using invasive software entirely. While not using invasive software is always the best option, it’s also important to recognize there may be plenty of reasons why you can’t fully ditch some things. As an example, I still need to use Facebook for work, so I can’t delete my account and stop using it entirely. That’s where the mitigation comes in: there are tools you can use to reduce the privacy damage from services you can’t stop using.
With all that in mind, what follows are tips for ways to improve your online privacy, as well as a collection of helpful resources for improving online privacy. This isn’t the ultimate guide to fully protecting yourself online — it’s more of a “getting started” with some basic privacy tools.
One final note before getting into it: you may need a level of technical proficiency with some tips below. Be prepared for some websites and services to break or not work properly. I’d also advise you to take your time and do some research, especially if you’re not totally sure what a setting or app does.
Pick a better browser
First up, one of the best things you can do for your online privacy is select a better web browser. Chances are, you’re reading this using Google Chrome. Unfortunately, Chrome isn’t great when it comes to privacy. Granted, Google is making some changes to how Chrome handles cookies that will help, but it’s also developing a new way to track users online — you can read more about that here.
Your best bet if you’re concerned about online privacy is to use Firefox, but with a few tweaks. Out of the box, Firefox isn’t the best when it comes to privacy either, but with some changes, it can be one of the better options.
PrivacyTools, a not-for-profit organization that researches and recommends different privacy solutions, suggests using Firefox and offers some guides about how to ‘harden’ Firefox to make it a better privacy option. This blog post details some basic settings, like how to enable DNS over HTTPS, change your search engine from the default, Google, as well as how to enable Firefox’s built-in Enhanced Tracking Protection (ETP). PrivacyTools also offers a guide to web browsers on desktop, Android and iOS, along with more in-depth tweaks to further improve Firefox’s privacy protections on desktop. We’ll dig into mobile a little more below.
I’d recommend starting with the blog post and following those steps. If you feel you need more, try the advanced options in the browser guide. However, keep in mind some of these settings will break some websites. In other words, take your time and don’t just enable everything at once — it’s better to turn on small batches at a time so that if you notice a website isn’t working right, you can easily troubleshoot and fix it.
But what about…?
I can almost hear the clattering keyboards as various browser stans type angry replies in the comments. Yes, Firefox has its issues, but it also happens to be the most adaptable and, with some effort, one of the better privacy options.
Let’s start with some of Firefox’s issues. One possible problem is performance, but as someone who’s primarily used Firefox for the last few years, the browser is in a pretty good spot! In most cases, I get roughly equivalent (and sometimes better) performance using Firefox than Chrome or its derivatives. The one exception would be Microsoft Edge, which has significantly better RAM management on Windows thanks to various Microsoft optimizations. However, Edge isn’t a great option when it comes to privacy. You’ll need to weigh those options and decide which is more important to you.
“While I’d argue that breaking the browser monoculture is a great reason to use Firefox, I also recognize that some people need Chrome or its derivatives.”
Another possible issue is that Firefox doesn’t work with some websites. This isn’t so much a Firefox problem as it is a symptom of browser monoculture. Because Chrome (and Chromium-based browsers like Edge and Brave) are the dominant options on the web, many web developers prioritize building sites to work with Chromium browsers. That might mean you’ll receive various “browser not supported” messages while using Firefox. I find them few and far between, with the biggest culprits being Big Tech apps designed specifically to work with one browser (ahem, Microsoft Teams).
While I’d argue that breaking the browser monoculture is a great reason to use Firefox, I also recognize that some people need Chrome or its derivatives. The simplest solution is to use two browsers — Firefox for everything, and Chrome or a Chromium-based option for the few sites that don’t work right. If you go this route, I’d recommend not using the second browser for anything other than the few services you need it for to keep it isolated from everything else you do online.
If you really need a Chromium-based browser and can’t switch to Firefox, there are a few options. First, and best, is to use Ungoogled Chromium. Unfortunately, doing so can be complicated.
Chromium is the open-source foundation for Google Chrome and other browsers, like Microsoft Edge and Brave. While you could just use Chromium, it is, unfortunately, not a private option. Part of the problem is that Google largely controls the Chromium project, even though it’s open source. Through that control (and through Chrome’s dominance), Google can shape new web technologies and standards, often in a way that benefits Google and hurts competition. Ungoogled Chromium is a variant of Chromium with all the Google stuff stripped out, making it one of the most private browsers available.
Installing and using Ungoogled Chromium can be tricky, especially if you’re a Windows user. The project’s GitHub page lists a few ways to get the browser on Android, various Linux distributions and macOS. There are also ‘binaries,’ which are more traditional installation packages. However, the binaries come from anyone “willing to build and submit them,” and the GitHub page warns that “authenticity cannot be guaranteed.” In other words, there’s a (likely small) risk that whoever built the installation package tampered with the files.
Further, it’s worth noting that Ungoogled Chromium doesn’t have an automatic update system and several other potential non-starters for the average user. Ultimately, it’s a pretty extreme, albeit privacy enhancing, option for browsing the web.
The other, significantly less extreme option is to use something like Brave. Brave is another Chromium-based browser with several included privacy features like built-in ad and tracker blocking. It’s a pretty handy option for non-technical people who want an out-of-the-box solution with little effort to set up or maintain. The flip side is that Brave’s privacy protection doesn’t stack up to a hardened version of Firefox or Ungoogled Chromium. Still, it’s better than nothing.
There’s also the issue of Brave’s Basic Attention Token (BAT) system, which essentially strips ads from websites and instead serves ads directly to users through Brave notifications in return for a small deposit of BAT, an Ethereum-based digital advertising token. In other words, Brave pays users in cryptocurrency for viewing its ads, and users can either cash out what they earn or contribute it to online creators they like. BAT has had a few controversies around it, and there’s plenty of mixed opinion on the system. If you don’t like it but want to use Brave, you can turn it off.
“It may be tempting to download every privacy extension recommended to you, but there’s a few reasons why you shouldn’t.”
For Mac users, Safari is also an option, albeit not a great one. It offers some built-in anti-tracking features, which is nice, but since it’s closed source (aside from the Webkit rendering framework), it can be hard to trust. I’d say you’re better off using it than Chrome, but there are better options.
Finally, there are several mobile-only browser options, like Bromite, that offer solid privacy improvements over Chrome and derivatives. That said, I think most people prefer to use the same solution across their devices where possible, so unless you only browse the web on your mobile phone, I’d probably avoid mobile-only options.
Privacy enhancing extensions
Once you’ve selected a browser and hardened it to improve it for privacy, there are a few extensions you can use to enhance it. It’s worth noting you can use these extensions without hardening your browser as well, if you’re looking for a less involved system with some small privacy enhancements.
One important note about extensions: less is more. It may be tempting to download every privacy extension recommended to you, but there’s a few reasons why you shouldn’t. First, extensions can impact performance. The other major flaw is that extensions can make it easier for websites to ‘fingerprint’ your browser, a technique that gathers certain hardware and settings details from your web browser to construct a unique digital fingerprint to track your activity across the web. (Firefox has tools for fighting fingerprinting hidden in the ‘about:config’ menu, which you may have enabled when hardening the browser.)
PrivacyTools recommends several extensions, but in my experience, only some are really necessary. First up is uBlock Origin, an open-source wide-spectrum content blocker. It’s more efficient than most other blocking extensions. By default, uBlock blocks ads, tracking and malware domains. There’s plenty of flexibility for advanced users who really want to tune their blocking settings, but the default should be more than enough for most people. uBlock can also be tweaked to handle some more specific blocking offered by other extensions recommended by PrivacyTools, so it’s really a great option.
One note about ad-blocking: yes, online ads can be annoying, but they are also one of the main ways websites like MobileSyrup stay afloat. uBlock can be disabled on a per-site basis — you should disable it on websites you want to support (like MobileSyrup!).
Another great extension is HTTPS Everywhere, which can automatically upgrade your browser’s connection to a site to the encrypted HTTPS protocol instead of using the unsecured HTTP variant. While a great add-on to use, Firefox recently added similar functionality to the browser. There are some minor differences in how the extension and built-in functionality work. Generally, I’d recommend Firefox users enable the built-in functionality and skip this extension.
There’s also ClearURLs, which strips tracking content out of URLs. I use it more for the convenience when copy/pasting URLs so I don’t have to manually strip those details, but there are some privacy benefits too.
Finally, a great add-on to use is Firefox’s ‘Containers.’ In short, the add-on lets you create different ‘containers’ for websites that helps isolate data stored by individual websites, like cookies. Firefox offers a few different flavours of Containers. For example, there’s the Facebook Container add-on, which automatically isolates Facebook and any related website, like Instagram, into a separate container. This lets you use Facebook without it being able to track you across various websites.
Containers are a core part of the ‘mitigation’ step mentioned above, as they let you use some websites and services that are heavy on the tracking while keeping them contained from the rest of your browsing data. Aside from keeping browsing data isolated, containers can be handy if you have multiple accounts with a given service — for example, I have a personal Twitter and also use the MobileSyrup Twitter. I can log into my personal Twitter in one container and MobileSyrup’s in another to easily swap between the two accounts.
Firefox includes the basic container system in the browser, which you can enable from the Settings menu. By default, you have ‘Personal,’ ‘Work,’ ‘Banking’ and ‘Shopping’ containers, and the ability to create more as you see fit. Users can assign a colour and icon to each type of container, and Firefox marks each container tab with a coloured bar.
There are a few add-ons that make use of containers as well. Again, there’s the Facebook Container extension, which automatically turns any Facebook or related link into a container tab. There’s a similar option for Google too. Firefox offers a ‘Multi-Account Containers’ add-on, which expands on the built-in container functionality offered in the browser. Finally, there’s a ‘Temporary Containers’ add-on that automatically opens in effectively one-time-use containers.
You can run multiple container add-ons at the same time, but keep an eye out for conflicts — for example, there are certain steps you need to take if you want to run the Facebook and Multi-Account container add-ons at the same time.
Except for containers, these extensions are available on Chromium browsers too.
Steps to take with your mobile phone
Unfortunately on mobile phones, options are more limited than on desktop, especially on iOS where all third-party browsers are effectively Safari with a different UI. PrivacyTools still recommend Firefox on iOS, but there’s no access to the add-ons and other configuration tweaks that make it a better privacy option. PrivacyTools also recommends the DuckDuckGo Privacy Browser — I haven’t tried it myself, and can’t really speak to how well it works.
Brave is an option on iOS, but it ran into some issues with Apple over the use of its BAT system. And again, Safari is an option.
As for Android, there’s Brave (assuming you’re okay with the issues mentioned up top), Bromite and Firefox. Again, I’d recommend Firefox, especially since it’s one of the few Android web browsers that lets you install add-ons (albeit, only a limited number). It also lacks access to some of the more advanced hardening features recommended by PrivacyTools, but Mozilla is working to bring those over as it improves the recently revamped mobile Firefox.
For add-ons, you can get uBlock Origin and HTTPS Everywhere (mobile Firefox doesn’t yet include the built-in HTTPS-Only mode, so you’ll need to use HTTPS Everywhere to get that functionality). Unfortunately, Firefox’s container system isn’t on mobile, so you can’t use it or the related add-ons.
Aside from browsing, a great way to improve privacy on your mobile device is to delete unused apps and regularly review permissions for apps you do have installed (more on this here). When installing apps, make sure to review the permissions they need and try your best not to give apps free access to everything on your device. Where possible, try using the web services instead.
Remember when iOS 14 introduced those handy new camera and microphone indicators? If not, here’s a brief refresher: iOS 14 started showing little green and orange dots on the screen when an app accessed the camera or microphone. That feature revealed several apps, like Instagram (granted, Instagram says it was a bug) were accessing the camera, even when users weren’t taking photos. If that camera indicator sounds useful, you can get an app that does something similar for Android phones.
Unfortunately, when you download apps and grant permissions, they gain the ability to do stuff like that. Apps can also access phone logs, messages, pictures, storage and more, if you grant permission. One way to prevent that behaviour is to use the web version — going back to Instagram, it offers a comprehensive Progressive Web App (PWA) you can use with your browser that works almost as well as the native app. Plus, if you make the effort to use a hardened version of Firefox to protect yourself, those benefits should extend to a PWA running via the Firefox browser on your phone.
Start with small steps to improve your privacy — it adds up quick
There are many approaches you can take to improve your digital privacy, and this article really only scratches the surface. Most of what’s covered here I’ve tried myself — I currently use Firefox with ETP and other privacy features enabled, uBlock to block some trackers Firefox misses and some containers to isolate services I need to use but don’t trust, like Facebook. It works great for me.
That said, what works for me may not work for others. As such, I also recommend doing research and trying different privacy tools.
At the same time, some people may feel my tips don’t go far enough — to be fair, I don’t. I tried to strike a balance between being able to access the tools I need while also protecting my privacy. There’s much more extreme privacy measures you can take.
Some resources I’ve used while learning more about privacy were, of course, PrivacyTools as well some subreddits, like ‘r/privacy’ and ‘r/privacytoolsIO.’ Both subreddits are great places to learn more about privacy tools, ask questions and dig deeper if you want to do more to protect your privacy online.