Some websites and services do not take your privacy very seriously. They follow you in all sorts of ways via the browser on your PC or the apps you use on your smartphone. In addition, parties such as Facebook and Google know a lot about you. Time to take matters into your own hands.
Tip 01: Advertising Networks
Many ad networks personalize ads based on your online activity. If you don't want that, you can adjust that for Google, for example. Although Google has one of the largest ad networks with DoubleClick, there are of course countless other ad networks that map your surfing behavior and use it when showing advertisements. Via websites such as Youronlinechoices.eu and networkadvertising.org you can see which advertising networks have placed an active cookie in the browser, whereby you can generate a so-called 'opt-out cookie' to let them know that they can no longer track your surfing behaviour. . Note: this only applies to the browser you are currently using. There are, of course, many other options for limiting following behavior and surfing anonymously. In addition to using an ad-blocker (see tip 2), you can think of using the special Brave browser, using the browser's incognito mode (which prevents the storage of cookies) and surfing with the Tor browser via the underlying Tor network.
Tip 02: Ad blockers
Many websites depend on advertising revenue for their survival. Although many ad networks do make a big difference by following you via 'super cookies' or, even more ingeniously, a fingerprint of the browser. It is created by combining all the details of your browser, such as version numbers, language preferences, installed plug-ins and fonts. Almost every browser turns out to be unique. Check out Panopticlick.eff.org or www.amiunique.org. It also makes no difference with this technique whether you have connected via a VPN. It's obvious, but one of the best ways to prevent this and thus better protect your privacy, is to install an ad-blocker, as a plug-in for your browser. Well-known ad-blockers are Adblock Plus, uBlock Origin and Disconnect. With these ad-blockers you can also easily add an exception for websites that you trust, that are ad-friendly (without intrusive banners) or that do not work optimally with ad-blocker. Depending on your browser, you can often also use an ad-blocker on your smartphone or tablet that will block banners and trackers from ad networks.
Limit what Facebook shares with apps, websites and even your friends Tip 03: Privacy on Facebook
Facebook is full of personal data, after all you put that on it yourself. However, that data is shared in many ways with all kinds of apps, websites and even your friends. To the level that your friends can see which restaurants or articles you like based on your own website visit. It is therefore a good thing that you have the necessary control over this yourself. To do this, log in to Facebook and go to the Institutions. This is how you determine Privacy with whom you share and sub Timeline and tagging you'll find a helpful option to check the posts you're tagged in first so they don't just pop up on your timeline. Go to Apps and websites to see exactly what you share with which apps. Don't be alarmed, that sometimes goes too far. Uncheck what is not necessarily on for you. Under Advertisements you can influence the advertisements that are shown to you. There are three main options. Preferably choose Not allowed Bee Ads based on partner data and with Ads based on your activity in Facebook company products that you see outside of Facebook products. Preferably choose No one Bee Ads featuring your social actions.
Tip 04: Limit Google's power
Just like Facebook, Google has a system whereby apps and websites can access your account and, in addition to general account information, can sometimes also view and manage files stored in Google Drive and read your calendar or contacts. On Myaccount.google.com you can see which apps or websites are involved and also what rights they have. You can revoke access if necessary. It is also a good idea to check the information that is stored in your Google account and limit it if necessary. This can be done via Activity Controls. A detailed explanation is given for each part. For example, you can prevent your search activity from being saved, your search and/or viewing history from being saved with YouTube and your location being tracked on all (logged in) devices. It is striking that Google rarely seems to throw anything away: information is stored very far back in your account. This is also clear on the relevant page, and you can see, for example, in an overview map where you have been in the past period. Maybe it's also a good time to protect your account a little better with two-step verification?
Tip 05: Permissions apps
The apps that you install on your smartphone or tablet often get quite a bit of freedom to poke around on your smartphone. With Android you can limit this by revoking certain permissions. Before installing an app, therefore, check what permissions the app asks for. Such details can be found in the Google Play Store, at the bottom of the page. During installation, you automatically give permissions for permissions that are very common, such as internet access (although it can just as well be abused). Also during use, permission is sometimes requested, such as permission to consult your contact list, camera or microphone. Since Android 6.0, you have control over the granted permissions at any time. For this you go to Settings / Apps. You can view there per permission group which apps use that permission. To do that, tap something like All permissions. You can also revoke the authorization there. Want an overview of the permissions a specific app has? Then go to your list of all applications and click on an app. below Permissions see what the app can access.
Tip 06: Trackers in apps
Free apps, there is always a catch. Many makers use trackers to monitor your behavior, so that they can deliver more targeted advertisements, for example. This is not necessarily harmful, the majority of them are probably even harmless, but the lack of transparency with such trackers does logically raise privacy and security concerns. Appstack is a handy website where you can look up the presence of (known) trackers per app. The website was created by the French organization Exodus Privacy, which has developed analytics software to identify trackers in Android apps. To complete the picture, you can also see what permissions those apps ask for. Privacy Lab, part of the American Yale University, investigated which companies are behind such trackers and what influence they have on your privacy. It tracks the findings on a public page on GitHub. Interesting fact: Gillette has already worked with dating app Tinder, to be able to deduce from the swipes of users in a certain age group how attractive beards are found.
Tip 07: Advertising ID
Aided by a unique advertising ID, which is the same in every app and browser on the smartphone, advertisers can easily follow you and build a profile about you. Every time you sign up for a certain service, and thus provide more information, you contribute further to it. On Android this is called the Google Advertising ID (aaid) and on iOS the Identifier for Advertising (idfa). You can find them, at Android, under Settings / Google / Ads. For iOS, go to Settings / Privacy / Advertising. On both platforms you will find an option to reset that ad ID. You can somewhat compare this to deleting cookies in the browser on your PC. You can also prevent (or limit) apps from displaying personalized ads. Keep in mind that unfortunately, even if it's strictly against the rules, app makers regularly use (or combine) other details from your smartphone to identify you. This often concerns details that cannot be reset, such as the serial number of your smartphone or the imei number of your SIM card.
With a firewall you can specifically block trackers and ad networks Tip 08: Firewall
Don't trust a particular app, but can't live without it? It takes some detective work to block certain ad networks or trackers, for example, but it is possible. For example, with NoRoot Firewall, which, as the name implies, does not require root, you can see which network traffic is taking place in the foreground and background. All traffic on the smartphone passes through that firewall, thanks to an internal VPN connection. You can see neatly arranged per app which internet addresses are accessed. For example, the weather app The Weather Channel makes seventeen requests immediately after launch. You can also control what traffic can and cannot pass through and, for example, block known ad networks. Although given the large number of trackers, the latter is almost impossible.
Tip 09: Block trackers
The free and open-source app Blokada shares some similarities with NoRoot Firewall, but takes a more thorough approach. The app blocks internet addresses of ad networks, trackers and malware based on a built-in blacklist. It is picked up at the first start and refreshed daily. Due to the efficient operation, your device will become noticeably faster and another pleasant side effect is that you save a lot on your data traffic. The app cannot be found on Google Play, perhaps because it goes against Google's business model. But you can easily get it from www.blokada.org. Beforehand, make sure to allow installation of apps from unknown sources via Settings / Security. After installation, all you need to do is turn on the app. You will receive a notification when access to a certain internet address is blocked, with an option to whitelist that address. With the option Don't Show turn off the notifications. This can also be done via the Blokada user interface with a slider. There are a few alternatives to Blokada, such as AdGuard and AdAware, the latter of which, incidentally, requires root access.
Tip 10: Public DNS Server
A DNS server is used to translate names on the Internet into IP addresses. Most devices simply use the ISP's default DNS server, but you can choose another public DNS provider if you prefer. Such public DNS providers often handle requests faster and usually offer better privacy, because they don't keep a log of your DNS requests, for example. They also offer extra protection while surfing, for example by blocking unsafe websites with malware and DNSsec (see tip 11). Well-known examples of fast and reliable public DNS providers are CloudFlare, Google DNS and Quad9. Although you can change the DNS server on individual devices, it is more convenient to do this for all your devices at once via the router settings. If we take a Fritz!Box as an example, you first open the configuration page in your browser and browse to Internet / Account Information / DNS Server. For example, enter the addresses 1.1.1.1 and 1.0.0.1 for IPv4 (CloudFlare). If your provider and router support IPv6 (and chances are pretty high these days), do the same for the IPv6 DNS servers. For CloudFlare, those addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001.
The setting of DNS servers is preferably recorded in your router Tip 11: DNSSec Support
It will happen to you: you type in the web address of your bank, but come to a counterfeit website that looks exactly like it, but aims to extort information from you. The chance of such manipulation is quite small if you use the correct address, but it does exist, and is called dns spoofing. Fortunately, with dnssec (in full Domain Name Security Extensions) there is a kind of signature or authentication feature for domain names. A DNS server can use this information to check whether you are indeed being sent to the correct website. The public dns servers almost all use this security feature, but many Dutch internet providers are lagging behind. XS4ALL already supports it, but KPN and Ziggo do not yet. With a simple check you can quickly and easily check whether you are protected by validation of dnssec signatures. If not, you might consider adjusting the DNS server addresses (see tip 10).
Tip 12: DNS leaks
Do you choose to surf (anonymously) via a VPN connection? Then of course you also want all your dns requests to be sent via that secure tunnel, and not via the normal unsecured route, for example to the server of your internet provider. If it does, we call it a DNS leak. You can imagine that this entails the necessary privacy risks. If you want to check whether you are suffering from such a DNS leak, you can easily test it on various websites, such as www.dnsleaktest.com, dnsleak.com and ipleak.net. It is good to know that various VPN providers have built-in protection against dns leaks in the software. Also, to prevent leaks, you can manually set the DNS server addresses of your VPN provider or a public provider.
