The global stock of digital data is currently doubling every two years – and much of this information is personal in nature.
We do our banking online. We maintain our friendships online. We use smartphones, PCs, tablets, and IoT devices, all of which track our usage patterns.
Our children do their homework online. We book our holidays online. We work online, chat online, and maybe even use online dating.
The internet poses countless risks to our privacy, and rapid technological progress makes effective protection even more complicated.
Does the internet threaten our privacy?
Data is worth real money – this is not just a fact, but the main reason for the threat to our online privacy.
Your browsing behavior and search history, for example, can be extremely profitable sources of information for advertising companies. Have you recently searched for a new apartment? Then advertisers could infer from this that you’re planning a move soon and promptly bombard you with relevant ads for moving companies, furniture, home improvement stores, and home insurance.
While such use of your data is perfectly legal, the financial value of personal data is also high for criminals. Credit card data is openly sold on the dark web. If a hacker can then also break into an airline’s reservation system or an online retailer’s customer database, they’ve hit the jackpot.
Any information you publish online can be used against you. Therefore, you should always be mindful of your online privacy. Let’s take a closer look at why data protection is important online and how you can protect your privacy online.
What is data protection on the internet and why is it so important?
Online data breaches are a serious threat. For example, information about your health could be shared without your consent, or your banking details could be compromised. Your email account could be hacked, and your identity could be stolen.
The risks are far more extensive than most people realize, because the potential uses of this data are virtually limitless. A big data analysis of your browsing history could reveal insights into your private life that you absolutely do not want. Imagine the following scenario: A woman orders folic acid supplements and fragrance-free moisturizer online. She would hardly expect marketing companies to infer a pregnancy from these purchases or her search history.
If she still lives with her parents or has not yet informed her partner, she will be anything but thrilled to find baby congratulations advertising in her mailbox.
This is just one example of how seriously data privacy issues on the internet can impact our lives. It’s about far more than protecting bank details or social media accounts. Whenever you visit a website or download an app, data about you is collected – possibly without your consent or even your knowledge. Naturally, you want to know where this data ends up and how it’s used. You might even want to prevent its collection altogether.
Tips for protecting your online privacy: Data transfer
One way to protect your online privacy is to secure data transmission. Whether you’re quickly searching for something online, writing an email, or using a GPS app on your smartphone – as soon as you’re online, data is transmitted to a server. It needs to be protected along the way.
Securing your communication is a fundamental first step towards your safety and protecting your online privacy. At home, this means setting a strong, unguessable password for your router. You should also change your home network username. Many pre-configured usernames include the name of your internet service provider or router manufacturer, information that can be very useful to hackers. If you use Wi-Fi at home, you should enable WPA authentication to prevent unauthorized access to your network.
Free Wi-Fi is now available in numerous public places, cafes, and hotels. It’s tempting to log in. But beware: Public Wi-Fi networks pose a significant security risk . If they don’t use strong authentication, not only is logging in easy, but so is hacking the connection. Never conduct banking or other sensitive online transactions using public Wi-Fi.
An alternative is to use a virtual private network (VPN). VPNs shield the Wi-Fi signal from hackers. They do this by establishing a private gateway between your device and the internet and encrypting all data traffic. Your actions are then untraceable by anyone. With a VPN, public Wi-Fi networks are therefore just as secure as your own home network.
For every confidential transaction, ensure your browser is secure and uses HTTPS instead of HTTP. Hackers can easily equip simple HTTP websites with eavesdropping software that captures all entered information. This could allow criminals to steal your online banking username and password.
The secure HTTPS protocol encrypts all data transmission using SSL/TLS. This means a digitally secure environment is established where communication between you and your browser cannot be intercepted. Think of it like a secure handshake between you and the website. Websites with SSL enabled display a padlock icon in the browser’s address bar, and the website address begins with “https” instead of “http”. Clicking the padlock icon displays details about the website’s certificate.
Some online messaging services can be easily intercepted. Facebook messages, for example, are only protected if you use the “Secret Conversation” feature in the Messenger’s main menu. (This is only available on iPhones and Android devices, not on PCs.) WhatsApp and Viber, on the other hand, use end-to-end encryption and are therefore much more secure.
Tips for protecting your online privacy: Tracking
Even if you have secured your access, Google, other internet companies, or even your internet service provider could track your web usage. In fact, internet service providers in many countries are legally obligated to do so in order to be able to share your search history with law enforcement agencies if necessary. Therefore, if you want to effectively protect your online privacy, you should prevent your online activities from being recorded.
One option: Use your browser’s private mode to prevent Google or other organizations from tracking your browsing history. In Chrome, open a new incognito window; in Firefox, open a new private window. If you share a PC with others or use someone else’s PC as a guest, your login information won’t be saved on the computer in private mode. (Other users will also not see ads that are actually tailored to you.)
There are also browser extensions that block cookie tracking . Websites can then no longer display annoying ads tailored to your interests. However, only install extensions from reputable sources – hackers frequently disguise their malware as security apps or extensions.
Even if you’ve taken all these precautions, your search history may still be stored on Google’s servers. After all, one of Google’s revenues comes from analyzing search histories and displaying personalized ads to users. If you don’t want this and prefer stricter privacy settings, you should use a different search engine.
However, your internet provider can still see what you’re doing. If you want to prevent this as well, we recommend using a VPN . Does a VPN protect your communication from hackers? Yes. Does a VPN hide your activity from your internet provider? Yes. The same method is used in both cases. All communication is encrypted, and your internet provider doesn’t have the encryption key. The data is therefore unreadable to them. Since the VPN also hides your IP address, it prevents cookie tracking and other tracking methods. No one can trace the origin of your data traffic.
Last but not least, you should never forget to log out of your accounts when you’re not using them. Simply closing the tab or browser isn’t enough. Facebook, for example, tracks its users’ activities even when it’s not open in your browser. Tracking of your activity only stops when you log out. Naturally, you should also always log out properly from bank and brokerage accounts.
Tips for protecting your online privacy: Data minimization
You don’t have to reveal everything about yourself online. There are certainly things you’d prefer to keep private. It doesn’t even have to be anything scandalous. Some people are embarrassed by their middle name, or they have hobbies that no one at the office needs to know about. To effectively protect your online privacy, you should always carefully consider what you publish online – and who you actually want to see that information.
Before posting personal information on social media, always ask yourself if you’re putting your security at risk. Online security risks are real-life security risks. Of course, you want to show friends and family how much fun you’re having at Disneyland. But burglars are just as happy to have that information. If the answer to your bank’s security question is your mother’s maiden name, the make of your first car, or your pet’s name, you should definitely not mention those names on social media.
Carefully check what information the various social networks automatically publish. Perhaps your location? Or who you’re currently with? Many people don’t realize how revealing their profile is to criminals who want to steal their identity or launch a social engineering attack. Is your date of birth public so your friends can congratulate you? This is also information that banks and other confidential accounts often use for identification. Carefully review the privacy settings of your social media accounts and determine who can see what.
Many LinkedIn users, for example, are unaware that the “Activity” section is visible to everyone. This means your employer can also see that you’ve researched other companies or are following them. A discreet search for new career opportunities then becomes anything but discreet. Deactivate the “Activity” section if you don’t want your LinkedIn activity to be public.
Many savvy Facebook users now set their posts to “Friends Only.” However, once you change a post to “Public”—for example, by posting a link to a political campaign that you want your friends to be able to share—this setting may be automatically applied to all future posts. Make sure your default setting is still “Friends Only.”
Speaking of friends: Do you really know everyone you’re friends with on Facebook? Should people you met on vacation five years ago and never heard from again really be able to read your posts? You can adjust your Facebook settings to prevent hackers from sending fake friend requests – restrict friend requests to the “Friends of Friends” option and your risk will decrease significantly.
Your email address and phone number should also not be publicly accessible on your social media profiles. Set your privacy settings so that only friends can see your contact information. You can also choose to block it entirely. While you’re at it, you should also disable search engine indexing. This will prevent all your Facebook posts from automatically appearing when someone Googles your name.
No privacy without security
So far, we’ve focused on your online privacy – but to keep it protected, you first need to ensure online security. Online privacy and online security are inextricably linked. You’ve already secured your internet communication with our tips. Now you need to protect the devices you use to access the internet, whether it’s a laptop, PC, smartphone, or tablet.
We have also compiled some tips for you here:
- Install reliable antivirus and anti-malware software. Anti-hacking software protects your devices from common threats such as keyloggers, ransomware, and Trojans. We recommend Kaspersky Premium , our comprehensive solution against hackers and malware.
- Update your operating system and all software regularly , especially when security patches are released. Security vulnerabilities in outdated software are frequent entry points for hackers. Don’t give them this opportunity. (Important: Replace unsupported operating systems. They are an easy target for hackers. Support for Windows 7, for example, ended in January 2020.)
- Think before you click . Hackers often use phishing to steal login credentials. They send fake emails in the name of banks or companies like eBay, luring unsuspecting users to a manipulated website. Always carefully examine the sender’s address, check the website’s source code, and hover your mouse over links without clicking to reveal the destination URL. Some phishing emails also contain links to photos or news articles. Clicking on these will install malware on your device.
- Protect your smartphone. Activate the screen lock and PIN to prevent unauthorized access. Never jailbreak or root your device. Hackers can then overwrite your settings and install malware. Apps that allow you to remotely wipe all data from your smartphone are recommended. If it is stolen, you only need to activate the app, and your data will be safe.
- When downloading apps, pay attention to the permissions they request. Apps that ask for access to your camera, microphone, location services, calendar, contacts, and social media accounts pose a significant risk to your online privacy. A famous example is Pokémon Go : Initially, the app requested so many permissions that it could see and modify virtually everything in the user’s Google account, except for the password. Fortunately, the issue was quickly resolved with an update that restricted the required permissions.
- Delete unused data, programs, and accounts. The more programs or apps you install, the greater the risk of compromise.
- Use strong passwords for devices, internet access, and accounts. The best password managers even generate completely random, extremely strong passwords for each individual account. But be careful: Never lose the master password for the password manager!
- Change your passwords approximately every six months. This reduces the risk of becoming a victim of hackers.
- Always use two-factor authentication whenever possible to protect your online privacy and ensure online security. This requires a second factor in addition to your password to confirm your identity, such as an SMS code sent to your smartphone, a fingerprint, or a security dongle/fob that plugs into a USB port. This increases security.
Beware of signs of security breaches
Unfortunately, it’s not enough for you to do everything you can to protect your online privacy. The companies where you have accounts also need to take appropriate measures. Sometimes security breaches occur, and customers’ personal data is stolen, published, or destroyed. While companies generally have emergency plans that clearly outline the measures to be taken in an emergency and how to inform affected customers, you can also do a number of things yourself to be optimally protected in the event of a security breach.
First, you should regularly check your bank accounts . Have any unexpected transactions or withdrawals checked immediately. They might be harmless, like delayed direct debits – but your account might also have been compromised.
Obtain a self-disclosure report from Schufa and other credit bureaus. This will allow you to check whether someone has stolen your identity using your personal data and taken out loans in your name. In Germany, with a little planning, this won’t cost you anything, as every citizen is legally entitled to one free self-disclosure report per calendar year.
As soon as you learn of a data breach at a company you do business with, you should immediately change the password for the affected account. It also wouldn’t hurt to change the passwords for your other accounts, especially if they are similar to the compromised account. Likewise, you should change all your security question answers—even if it means inventing a new maiden name for your mother or a new name for your first pet. Alternatively, you can use a password manager , which centrally manages and protects all your passwords.
If a company informs you via email about a security breach and asks you to call a phone number or click a link to change your login credentials, do not reply or call under any circumstances. It could be a phishing attempt. Instead, visit the company’s website or call a number you know to verify whether a security breach has actually occurred.
