Little Book of Privacy

How to stay relaxed and be secure online.

A healthy, private internet for powerful users

We believe that the internet should be safe, open and inclusive. It needs to offer choice and the possibility to stay private. Wait — what’s privacy again? In recent times, this term has mostly been associated with violations, data leaks and personal information that’s being sold from one company to another. Internet users feel betrayed, hopeless and don’t believe in a private web experience anymore. And we get why.

But here’s good news: you can reclaim your privacy and gain back control over your very own internet experience! It’s actually surprisingly easy. Everyone can do it (promise!). All it’ll take is some time to read this booklet, pick the tips you want to implement and get started.

What risks are you actually facing?

There’s risk, always, everywhere – online as well as offline. Of course, not everyone is exposed to them equally, and the ways people (can) protect themselves vary. On the web, it depends on how and how much you browse and where you’re located. In any case, it’s crucial to understand the risks you want to address before taking any steps. Here’s what to be aware in particular:

Data breaches & fake profiles:

Even when organizations are careful with user data, it’s possible that email addresses, passwords and even more sensitive data could get exposed in a data breach. Or, sometimes, we may even unintentionally reveal more than we should or want to about ourselves. Unfortunately, scammers only need a few personal details in order to create fake profiles, which may cast a bad light on the person/people affected for a long time.

The web never forgets:

According to the GDPR, you can ask for your data to be handed over to you or have it deleted; however, sites might not comply with this request and neither may those who don't offer their services out of Europe.

Trackers everywhere:

Trackers, cookies? You've most likely heard about them before. Trackers are tiny elements on websites that observe and record your behavior in order to pass it on to the page owner(s) or third parties. Some of them even track you across numerous websites.

Tracking cookies are supposed to tell website owners and advertisers about your browsing behavior and what you’re interested in. It is then used to personalize your web experience. Oftentimes that means that you see customized ads, matched to your interests. Ultimately, the cookies put together a lot of information about you and store it in a profile. That may sound convenient but, unfortunately, these profiles aren’t necessarily accurate. In the best case, that means that you get less relevant ads. In the worst case, the information you see on some websites doesn’t fit your needs and expectations. Also, be aware that your profile can influence, for example, the prices at which products and services are offered to you.

Stalkers, trolls & other types of harassment:

Even if the Internet rarely allows us to be completely anonymous, it is still easy to hide behind an online identity. Some people take advantage of this to bully, troll or rant against others. Especially in social networks and forums, this has become a major issue in recent years. Since we leave so many traces on the internet, this may have further, even more unpleasant consequences. In a worst case scenario, if someone finds enough personal information about you online, they could follow you from online to offline.

Fake News & Filter Bubbles:

News recommendations are convenient and, let's be honest, many of us prefer to read content that is in line with our opinion. But what if that content isn’t accurate? Or what if we lose sight of the big picture because we are only exposed to a small part of it – how can we form our own opinion?

How much control do we really have? And how much do we willingly give away?

Many of us feel that we have little control over their security, privacy and the quality of the information we see online. Maybe that's how you feel, too. Yes, there is room for improvement – but all too often we are rather lazy and use only a fraction of the tools available to us. Or we rely on convenient all-in-one solutions, putting a huge amount of personal data in the hands of a single company without hesitation. Why? Because we don’t want to give it more thought than absolutely necessary. Or maybe also because we simply don’t know how many alternatives we actually have.

15 tips for a better digital life.

Starting over:

It’s time for a Data Detox! Together with the Tactical Tech Collective, Mozilla has put together a nice little package of practical tips, called the Data Detox Kit. It’s a program that will make you feel like a whole new online person. Don't feel ready yet for the full program? Feel free to begin with one of the following tips instead (or all of them)!

A tidy browser, a tidy mind – well, that may not be directly what “they” say but it’s still true!

  1. Delete your browser history. Whether you’re using Firefox, Chrome, Safari, or a different product – all of them offer this functionality. You’ll usually find it in the settings menu under "Security" or in a separate area. This is how to take care of it in Firefox.

  2. Delete your Google activities history. Log into your account, open the “My Activity” section, and scroll through it. Surprised by all the information stored here, maybe even shocked? Feel free to delete it: In the menu on the left, click to go to “Delete Activity by“ > change date to “All time“ and products to “All Products“ > click “Delete“ > click “OK“ to delete if a pop-up appears.

Convenience may be tempting – but isn’t always the best solution:

All of us, some more and some less, tend towards convenience. Sometimes that means that we willingly give up a lot of control. In order not to have to start a major digital cleanup every other week, simply make sure that not so much of your data is collected in the first place. It’s easier than you might think! One simple way: avoid all-in-one solutions. They can put together a 360-degrees view on you and also, they’re not necessarily the perfect fit for all users anyway. Time to try some alternatives! Let us give a couple of examples:

While many users choose their favorite browser to use on their desktop computer, most never switch the pre-installed browser apps on their mobile devices.

Give Firefox Focus a try. Our super-fast privacy browser blocks many known cookies and tracking, and lets you browse the web well protected.

Sharing is caring – but there needs to be limits!

Got it: you’re really into sharing and happy to let your friends try your cake, use your car occasionally or don’t even mind lending your favorite pen to a stranger. However, when it comes to your data, you might want to consider being less generous and set clear limits:

  1. The art of saying no: Tell your web browser what to store and what not – for example, you might like it to save your passwords but not your browsing history. You can also choose if you want to share usage information with the browser maker and whether or not you allow cookies. BTW: When using Firefox, you don’t need to worry about the latter. We already block a lot of third-party cookies by default and the privacy settings in Firefox make it incredibly easy to choose between standard and rather strict preferences.

    The easiest way to protect your privacy in all browsers is to stay below the radar of data collectors. If you’re using private/incognito mode, your browser won’t save a history of your activity on your device or cookies set during that browsing session.

  2. We love social media! However, these websites (and others) might not work properly when you’re browsing privately: They will not only track what you do while being logged in, but also your activities beyond the respective network that takes place in the same browser window. For them, your browsing information is particularly valuable because they’re able to connect it to your account and might ultimately get to know you better than some of your best friends. Worried? No need to, Firefox is here to help: Get the Facebook Container extension, which makes it harder for Facebook to track you on the web outside of Facebook.
  3. There’s actually even more to keep in mind when it comes to social networks: as you know, they’re made to share personal stuff with people we know (some better, some less). It’s on you to decide how much private information you want to share though. That applies to your posts as well as your location, things you like, your phone number or who you spend time with. Remember: all of this data is not only visible to the respective social network, but might also be for advertisers and the general public if you keep your profile publicly available. Also, if you share less, there’s less that could fall into the hands of people you don’t know or trust.
  4. What feels right for you today might change tomorrow. And that's totally fine. It doesn't hurt to reevaluate your view on the analogue world and the web occasionally and adjust them if necessary.

What does the world know about you?

To an extent, we can control what information about ourselves is available on the web. Unfortunately, this can’t protect us entirely against dangers. A particularly bad one is identity theft. Here’s what you might want to consider:

  1. Search your name online occasionally. This will give you an idea of what others find out if they’re interested in you, what information is already around, and what you might want to get removed.
  2. Don’t have time? Set up a Google Alert for your name and get notified if you are mentioned on a website.
  3. Breach alert: If your data actually becomes public through a known breach, it is crucial to react as quickly as possible and change your passwords. Firefox Monitor is a handy tool that will send you a message if that happens.

Stay safe online:

There are a bunch of tools that can help improve your level of privacy and security. And that’s great! However, you’ll still require passwords to protect your accounts. Would you expect the newest high-end home security system to protect you from burglars if you had no apartment door? Here’s what to do:

  1. Set up strong passwords. It might not come as a surprise: “password”, “12345” or your birthday are most likely not the best choices. A strong password is, in the ideal case, random, contains upper and lower case letters, numbers and special characters. So-called passphrases may also be an option, as they are difficult to unlock by algorithms (and even more so by humans) – similar to randomly compiled passwords. Also, make sure to get a separate password for each of your logins so that, in case one gets leaked during a data breach, you don’t have to update all of your logins.
  2. Some online services will ask you to additionally protect your accounts with security questions. They suggest e.g. the name of your pet, your first car or your home address as a kid. However, anyone who knows you well enough (or manages to get that information from a data leak or even just a quick web search) might know the answers to these questions too, which makes them ineffective. The solution is easy: there’s no need to provide correct answers to security questions when setting them up. The respective services will not check on accuracy; just make sure to remember the answers you provide.
  3. Wondering how you’re supposed to come up with and remember all your passwords and security answers? Please don’t write them on a piece of paper that you keep next to your computer (yep, people do that). Instead, get a password manager that not only safely store your passwords, security answers and other private information, but also helps you generate random passwords and lets you easily use them across all of your devices.

    There are several great password managers on the market; some are encrypted with a master password, others with biometric features (fingerprint, face scan). Choose whichever works best for you – and maybe you want to give Firefox Lockwise a try? It will store all of your passwords securely and is available for your mobile devices as well as your desktop browser, so that you have your login information ready whenever you need it.

Not just for IT professionals:

A strong password is important and a first step towards enhanced online security. Want to double the safety? Try multi-factor authentication (MFA) – many services offer it already!

  1. MFA gets its name from the fact that it requires multiple factors – like, for example, a password and a biometric scan – to log you into your account. You might know that system already from ATMs, where you need both your bank card and a PIN to withdraw money.
  2. There are many different options for MFA, depending on the types of devices you use; you may choose physical keys or entirely software-based solutions. All of them share one major advantage: Nobody will be able to log into your accounts unless they have the required factors. Even if one (a physical key or a password, due to a data breach) gets stolen, you’re going to be safer.

Safer connections:

Public WIFI is unquestionably convenient – especially when you can connect without a login. Unfortunately, that means that these networks may not be very safe because they’re basically unprotected. Here are our recommendations:

  1. Ideally, avoid publicly accessible WIFI networks, especially if they are not password protected. Anyone can access them and poorly protected devices in the network can easily be attacked.
  2. Perhaps you just need to do something urgently and depend on a public WIFI. That’s fine. If the network asks you to enter an email address in order to connect, please don’t enter the one you normally use. Rather get a new one for less trustworthy sites and services and don’t use it for personal email correspondence, important accounts or online banking. That way, you won’t really mind if you receive a lot of spam afterwards.
  3. Avoid naming your phone, tablet or computer after yourself. It might seem convenient and easy to remember but it also helps others to recognize them as yours.
  4. Disconnect and remove all used public WIFIs once you don’t need them anymore. Otherwise, your devices may automatically reconnect to them whenever you’re nearby. You may not even notice it but it does create an unnecessary security risk.

How about your Bluetooth?

Bluetooth is a great invention that can save us a lot of cable clutter. However, most people don’t use it permanently. If you don’t own a smartwatch or another device that needs to be connected to your phone all the time, switch Bluetooth off. This can save battery power and, at the same time, removes a weak point that intruders might make use of.

The secure site:

It’s not unusual to see addresses on the internet start with HTTP. This is a protocol that makes it possible to load web pages in the browser. Try, whenever possible, to use the encrypted option HTTPS instead. This is especially true if you are using a public WIFI: even if the connection itself is not encrypted, HTTPS will ensure that the data you transmit is encrypted nevertheless.

Email accounts and online identities:

Your email address doesn't necessarily reveal a lot about you. However, if you use the same address for a number of services and websites, you leave a trace. Your email address may become the center of your online identity, connected to all types of (browsing or account) data. Maybe you want to think about getting more than one for different purposes?

Resist the urge to click:

Sometimes it’s easier said than done – don’t click on dubious links! Most web users know to be particularly careful when it comes to e-mails that appear to come from their bank or an online retailer. However, when we receive links from friends and family it should be fine, right? Well, there are exceptions:

  1. From time to time social media accounts get hijacked and scammers send fraudulent links to the friends of the affected person. If you receive a message from a friend’s account that looks fishy or contains an odd, unknown link, give them a call to find out if they actually sent that note.
  2. It’s also possible that nobody’s account got hijacked but your uncle still sends you a fraudulent link because he simply doesn’t know better. If you don’t know the site and prefer to be safe over being sorry, do a quick web search before clicking!

Look at the bigger picture:

We already talked about how people tend to like convenience – remember? When it comes to information we consume, it might be nice to just see our attitude and expectations confirmed because it’s pleasant and calming. But does that make the information accurate? Do we get the big picture or just a rather small extract?

  1. You can, of course, have your favorites but check out different outlets from time to time to learn about different opinions and give other perspectives a chance.
  2. Ask yourself: Do the different outlets report on the issues you care about? And is the information shared more or less consistent or does it differ a lot? That’s the best way to battle filter bubbles and misinformation.

Disable (unnecessary) location services:

Today’s mobile devices typically have the ability to determine, store and share their location. That’s convenient for navigation or when you’ve lost your phone. At the same time though, this quite sensitive piece of information may also be used by apps, even if you don’t want it.

  1. Decide case by case: Many social media apps offer to share your location when you post something. It’s up to you if you want others to know where you are and it’s totally fine to say no.
  2. Decide for each app: For each of the apps on your device that wants access to your location information, you can decide if you want to share it. All major operating systems allow for you to change your settings so that you limit access for individual or all apps.
  3. Avoid background localization: Another reason to do so is that some apps not only save your location when you use them – many of them also run the location service in the background and may create complete motion profiles of you over time. The app vendor may then use this information for a lot of purposes, even sell it, which may not suit you.

Don’t need it? Delete it!

Even if you bought a smartphone with lots of memory so you’d never have to delete anything ever again, cleaning it out from time to time isn’t a bad idea. Why?

  1. Limit the weakpoints. The more apps you have on your device, the more entities have access to your data – and it’s impossible to have the full overview all the time.

  2. Spring-clean your phone: Check which apps you have installed on your device and if you’re still using them. Delete the ones (and any related accounts) you actually don't need anymore.

  3. Limit the access. Also, reconsider the permissions you once gave to the remaining apps, including social networks, and ask yourself: Does this app really need access to my location? My contacts? My photos? My camera and microphone?

Friendly reminder: What are trackers again?

News recommendations are convenient and, let's be honest, many of us prefer to read content that is in line with our opinion. But what if that content isn’t accurate? Or what if we lose sight of the big picture because we are only exposed to a small part of it – how can we form our own opinion?

We distinguish between first and third-party trackers, or tracking cookies. You may find first-party trackers on news sites, for example. Their job is to notice when a new or recurring reader comes to the site, check out which articles they read, how much time they spend on each page, and so on. They may use this information to improve the quality of their offering and determine what readers actually like.

Third-party trackers, on the other hand, may log a visitor's entire website visit, for example, for the purpose of displaying targeted ads to them. This even works across different websites someone visits; plus, there’s rarely just one tracker on a site. They often work hand in hand with others to find new ways to convince you through ads to spend money, sign up for services, and then share more information about yourself.

As you might already assume, this information is very valuable. That’s why the companies who have it make a lot of money by selling it to others. Unfortunately, no one involves you in this decision. That’s why Firefox blocks many third-party trackers by default in order to give you back more control over your online experience and reduce your chances of being followed around the web by ads and dubious companies.

Questions & Feedback

Do you have questions or feedback? Please don’t hesitate to reach out to us, we’re looking forward to hearing from you!

Twitter