I take online privacy very seriously, especially since I’ve been a victim of identity theft before. While no system is absolutely foolproof, there are a number of things that you can do right now to reduce the risk that your personal information will be used maliciously. Some of these tips are a little geeky, but most are quite simple. Best of all, none of them will cost you an extra penny!
1. Get a Better Browser
(Difficulty – Easy)
First things first, if you are not using a browser with built-in phishing protection, stop what you are doing right now and get thee a replacement! What is phishing? It’s a despicable attempt by scumbags to trick you into revealing personal information on phony sites. Ever received an e-mail from eBay, PayPal, or a bank asking you to re-confirm your account by clicking a link and typing in your username and password? That was a phishing attempt, and if you DID enter that information, it was likely stolen. While most newer browsers offer some protection against phishing, some do not. I’m looking at YOU, Internet Explorer 6. You too, Apple Safari!
Suggested browsers that all include phishing protection:
- Mozilla Firefox (Windows / Mac / Linux)
- Opera (Windows / Mac / Linux)
- Google Chrome (Windows only at the moment)
2. Use OpenDNS
(Difficulty – Medium)
This one is essential, but don’t run away in fright. It’s simpler than you may think. In short, OpenDNS is a free Domain Name Service (DNS) that you can tap into from your computer (or your router). Setup is easy. You don’t even have to install anything.
What can it do for you? A lot!
For starters, it provides additional protection against phishing, which is enough reason alone to use it. In conjunction with a better browser, this is a double whammy against phishing attacks. OpenDNS also automatically corrects common misspellings and re-directs you to the appropriate site. For instance, if you type craigslist.og, it will automatically forward you to craigslist.org. Slick.
That’s not all, though. OpenDNS gives you extensive control over content filtering. Want to quickly block access to an individual site or adult-related sites in general? Done. Check out the screenshot below.
Again, all of this is FREE. For best results, configure OpenDNS on your router, not just your individual computer. That way, everyone on your home network is automatically protected.
3. Use a Password Manager
(Difficulty – Medium)
You probably have a lot of account information to remember, don’t you? Most people nowadays have online access to banks, credit cards, utilities, and a plethora of random Internet services, such as eBay, Flickr, and (shudder) MySpace. Wait, don’t tell me that you use the same username and password over and over again, do you? DO YOU?
Recycling the same login information for every site is a brutally-bad idea. You are literally putting all your eggs in one basket, and if your information is compromised, it’s compromised everywhere. How, then, do you manage to remember all those usernames and passwords if you create new login information for every site?
Some people use pencil and paper, some type it into a text document and hope for the best, and others (like myself), use a password manager.
Personally, I like KeePass, and I’ve written about it before. Essentially, it’s a program that securely organizes all my usernames, passwords, and security questions. All you have to do is set a secure master password and lock all your information within the database.
Best of all, it’s free, and the learning curve is pretty slim. You can also carry it around on a portable USB flash drive. That’s what I did in Greece this past summer, and thanks to KeePass, I never had to type a single password at all the Internet cafes I visited.
Just try it. It may change the way you handle login information.
4. Protect your E-mail – Use Disposable Addresses
(Difficulty – Easy)
Ever visit a site that requires you to enter an e-mail address for some obscure reason? Or maybe you need to enter an e-mail address into a web form, a public forum, or anywhere else that may result in a deluge of spam in your inbox.
In times like these, a temporary, disposable e-mail address works wonders. All you have to do is generate a disposable address (valid for a few minutes or hours), use it for your intended purpose, and then walk away. No spam from that site will touch your real inbox.
While there is a growing number of disposable e-mail services available, here are a few of my favorites:
- 10 Minute Mail – As the name suggests, it offers disposable e-mail addresses valid for 10 minutes, but if you need more time you can reset the countdown with the click of a button. While the address is valid, you can read and even reply to incoming e-mails. No registration is required.
- Lite Drop – Offers disposable addresses valid up 60 minutes, but you can always reset the timer to extend the allotted time. You can read, reply, and even view an RSS feed of your inbox. No registration is required.
- Mailinator – This one takes a slightly-different approach. Instead of generating an address beforehand, Mailinator creates an account as soon as an e-mail arrives for it. You can simply enter any name that you want, such as firstname.lastname@example.org, or maybe email@example.com. You can check that address by entering it on Mailinator’s site. I suggest using obscure names, since anyone else can also check that e-mail address by entering the same name. See their FAQ for details.
- Fake Name Generator – Why stop at just e-mail? With Fake Name Generator, you can generate an entire fake identity, right down to fake phone, birthday, SSN, and credit card number! Of course, it also generates a disposable e-mail address that you can use for whatever purpose you like.
5. Take Advantage of Virtual Credit Card Numbers
(Difficulty – Easy, when available)
Are you comfortable using your credit card for shopping online? I am, but I often add an extra layer of security by utilizing a temporary credit card number. The idea is brilliant, yet simple. Not all credit card services offer this, but for those that do, here’s how it works.
Whenever you want to buy something online, simply generate a virtual card number that is tied to your real one. Submit the virtual number and expiration date to the online merchant and buy your product as usual. That’s it. At no point did you reveal your true card number.
Most services also offer additional customization, such as the ability to limit the transaction amount as well as auto-expiration of the virtual number. For instance, you could generate a virtual number that expires in two months and has a total transaction limit of $25. Any amount beyond that will be rejected. You could even generate a number that’s valid for only one usage.
A few companies that offer this service are:
- Citibank – Virtual Account Numbers
- Discover – Deskshop
- Bank of America – ShopSafe
- PayPal – Secure Plug-In
To see if your existing Citi card offers this ability, take a look under the Tools & Services menu in your account. You can also view existing cards with this feature.
If virtual numbers are available to you, it’s certainly worth the effort to use them. Adding another layer of security and privacy to online shopping never hurts.
6. Protect your Phone Number
(Difficulty – Easy)
How would you like a more secure, controlled environment for your phone number? There are two solutions that I like – one for the short term, and one for the long term.
- Short-term protection – inumbr.com
Formerly knows as CraigsNumber (for providing privacy on Craigslist listings), inumbr is an auto-expiring, FREE phone number service that forwards calls to your home or mobile phone without revealing your actual number. Think of it as a disposable e-mail address, but for your phone. You can create a temporary phone number that’s valid for as little as one hour, or as long as one month.
Trying to sell something online, or need to make a listing in the classified ads? Generate an inumbr first and keep your true phone number a secret!
- Long-term protection – GrandCentral
GrandCentral (by Google) is a similar FREE service, but the number that they generate for you is your permanent number. However, you can link that number to all your existing phones and create custom ring setups. Depending on the caller, GrandCentral will ring my cell phone, my wife’s cell phone, my office phone, or all my linked phones!
Concerning privacy and security, my favorite feature of GrandCentral is the ability to simply mark a caller as spam (just like an e-mail inbox), and never hear from them again! Telemarketer or ex-boyfriend/girlfriend harassing you? Hit the spam button by their number and kiss them good-bye!
GrandCentral is currently in private beta, but you can go ahead and reserve a number.
7. Don’t be an Idiot.
(Difficulty – ???)
My final point is that none of these solutions are worth a pitcher of warm spit if you can’t protect yourself from… yourself. Use common sense. Question everything. As with phishing, most attempts to gather your personal information come in a masked form. Do you really think that e-mail full of typographical errors is truly from PayPal? Do you really think that nice prince from Nigeria wants to give you a million dollars? C’mon.
The last few years have witnessed the rise of the social network, and it concerns me how many people willingly (nay, eagerly!) give away practically all details of their private lives online. I think we’re only starting to see the far-reaching implications of such actions. And no, I’m not just talking about posting drunk party pictures of yourself on Facebook for the world to see and then wondering why you got fired. I’m talking about a widespread increase in identity theft directly related to the hapless vomiting of personal information online.
Remember that just because you pass through a login into your preferred social network, it doesn’t mean that any information you post about yourself is safe and secure. Yes, there are unscrupulous people out there who will stop at nothing to harvest your identity for malicious purposes. Flies are attracted to the dung heap, so to speak.
Just be careful. In the last few months I’ve seen a drastic increase in Facebook spam due to people with hijacked user accounts. It’s annoying, disturbing, and disgusting. Don’t let it happen to you.
This is by no means a thorough list. Do you have any other ideas on how to protect yourself online? I’d love to hear them.