Guest blog: 14 tips for protecting your online privacy

Image by the brilliant Stuart F Taylor

Sometimes people ask me how I stay anonymous as a sex blogger. The honest truth is that, while I have a few cast-iron rules for online privacy (never give away name or address unless there really is no other option, separate devices for separate lives, etc) I am not enough of an expert to give you the advice you’d need to keep your own online persona from bleeding into your real life – and vice versa. But this week’s guest blogger Stella – @MlleLicious – teaches security awareness and is here to share with you some key tips to protect yourself online. So whether you’re worried about sharing nude photos, or want to avoid online stalking and harassment, the advice below gives some key online privacy tips. With thanks also to @NathOnSecurity who proofread and made some suggestions.

Online privacy – tools to keep you safe

I have an ex who stalks me online. Or rather, he gets his friends to stalk me online. So I am here to offer you what I hope will be helpful advice to avoid such situations. I think good privacy settings and habits are useful for everyone, whatever their risk scenario. I also have a partner across the other side of the world, so I can tell you a few things about sending nudes, secure messaging and connected sex toys. And frustration and longing, but that would be another blog!

What is a risk scenario?

When thinking about online privacy, first you need to think about your risk scenario. This can be as simple as mapping out the devices and platforms you use. Add on who can view or use those and who you don’t want to allow access to. Think about who you are and what aspects of your life you might want to keep private.

If you are sharing devices or passwords with anyone, think about if you should continue.

My risk scenario for example, did not originally involve disabling “tagging” of me in photos. Now I go to every platform and de-select that option. I used to be happy if friends tagged me in pictures or threads. Until the day a friend had a party and tagged me and others in a picture she posted. I was not at the party or in the photo, but she tagged me with some others as a “wish you were here”. Harmless enough, except I was out that evening with other friends and returned home to my ex’s anger. Someone had seen that tagged image and sent it to him. Neither of them bothered to read it, they just saw it as proof I was lying about my location.

I find that making people request permission to tag me in photos has made them a little more aware of online privacy – and their online behaviour. We have been encouraged to post pictures and video, to geo-tag ourselves and hashtag our feelings and the brands we use. None of this is inherently bad, it can be fun. The problem is that we have to opt OUT of this over sharing of our lives and not opt IN.

This means you have to go through all your platform and device settings and check what they are allowing or tracking. The simplest thing to do is never allow location or contact sharing when you set up an app or account. Or, just go into settings/privacy and it will show you which apps are using which features. Then you can simply untoggle.

It can be a pain in the ass to go through all your settings, but it is worth it. I am more than happy to be contacted by DM if you want any help. The advice below assumes that you know your way around your devices and settings already. If you don’t or if your device or a platform is confusing, do ask for help. Many apps and services are set up to harvest data and make it super difficult to opt out.

You are NOT stupid and you ARE tech savvy

We drive cars and take medicine without having to be experts on how it all works. The same applies to tech stuff. So here are some simple ways to stay private that are easy to set up and run pretty much without you having to think about them.

  1. Use a password manager. Lastpass is free to use and easy to set up. Password managers store all your passwords in an online vault. You protect this with one master password. You install lastpass on your devices , following the links to “add extension” (which is sometimes only available if you pay, but these are well worth subscribing to). Then the password manager auto-fills your passwords for you. Some websites and platforms still do not support auto-fill, so it won’t work all the time, but it works for Facebook and many others. It is better than having to remember all your passwords and it keeps them secure. You can add an extra layer of security to your accounts by adding Yubikey verification to your 2FA (2 Factor Authentification) This means that as well as perhaps having an SMS code sent to a device, you also use a yubikey which either sits in your computer as a USB or can be touched via NFC.
  1. Make your accounts private. Unless you use your instagram or Facebook for professional purposes, it is worth making it all private, so people have to request access. It is worth periodically going through your privacy settings to check they are all still set as you requested. You can also change your URL (or how people search for you) on Facebook or Linkedin etc. I have made mine completely different to my name.
  1. Use secure messaging. Apps such as Signal, Wire , Line and Threema are all secure messaging apps. All of these have encrypted messaging so that your communications cannot be read. However, do not back up your message history to your device or cloud. Use the timed chat feature in these apps so that messages delete automatically after a set time. If an app offers a passcode lock to open it, take that option if you worry someone might access your device.
  1. Watermark your photos and send them on timed chats. Apps like Canva are simple to use and offer watermark options. Or just write the recipient’s name in lipstick on an area that won’t be cropped out! Then send via timed chat so they have from seconds to hours to keep that image. You could also use sendsecure to send and receive files, should you want an extra level of security.
  1. Turn off location access in your device camera. Photos contain all sorts of information such as time, date, location if you don’t remove it. This is called metadata, specifically EXIF (Exchangeable image file format). Right clicking on an image to see “properties” will show you what is contained in any image. You can often remove data using the same menu on a laptop. On a phone, Fluntro or Photoexifeditor are useful. Equally, photo apps such as obscura (ios only) are lovely and also show you clearly what metadata is in each photo as well as allowing you to change it.
  1. Be aware of your surroundings. In any photos or video you send, make sure there is a blank or anonymized background. It may be possible to identify you or your location from views that may be seen from windows, personal photos, certificates or trophies, birthday or anniversary cards, college or team scarves or pennants, paperwork or decorations with your initials. Take care to make the background as neutral as possible.
  1. Avoid direct links to your name and address. If you stream or blog and accept payment or gifts: never use an account with your real name or address visible. Paypal and venmo are secure payment transfer sites. Just make sure you make your account totally private. Venmo can show payment records if you don’t. Use a locker or post office box to receive mail and try to get someone else to collect it for you.
  1. Porn Pass – Hard Pass!: One of the best ways to navigate the proposed porn pass legislation is to use a VPN (Virtual Private Network). These change the location of your internet provider. So you can access content available outside your own country. There are many VPN providers, I use Protonvpn but there are others. Just bear in mind that your VPN provider can still see your activity, so choose one that you trust, read reviews like this VPN review from TechRadar. You can also use Tor. Tor has been designed so your ISP (Internet Service Provider) cannot see what websites you are visiting. Instead, this trust is passed to a Tor exit node, which can. To put it simply, a Tor exit node doesn’t know your IP address but it does know what websites you are visiting, and any unencrypted requests (non-https) can be viewed by the exit node operator. This means if you use Tor to login to a website that does not use https, the operator of the exit node can view your email address and password. To avoid this, only use websites which use https, and use a disposable email address if possible. You should avoid using your real identity while using Tor.
  1. Turn off airdrop and re name your devices/wifi network: In Settings/General/Airdrop, choose to only receive from contacts or no one. Often unwelcome photos arrive via airdrop on public transport. In addition go to Settings/General/About and give your device any name but your own. This way your device will not identify you in public areas.This name is what will show up on your in car bluetooth linked systems, so choose wisely!
  1. Create disposable or junk email accounts. Gmail, protonmail are decent free and secure mail accounts that you can use to create accounts for all those occasions where you need to register with email. Such as hotel or restaurant wifi. Or you can use any name @mailinator.com- just beware as any mail sent to mailinator is accessible to anyone. So it is excellent if you want to use a fake name to use a store wifi, but not if you are signing up for anything in your real name.
  1. Get a privacy screen– these can be fitted by apple or most stores or you can do it at home. They prevent someone seeing your screen if they are next to you. You can also get ones that just rest on your computer screen while you work or browse.
  1. Run your updates: make sure that you run all your app updates. These are like vaccines for your apps. It means that the latest security fixes will apply to the apps you use.
  1. Change default passwords on connected toys, wifi set up, home assistants, everything. Make sure that anything you use that is internet or bluetooth connected has a password that you created. My vodafone hotspot, for example, had a password of admin admin which meant that anyone could have used it. When I set up my we vibe and other connected toys, I changed all the settings, device name, and made sure no one could add me as a contact on the app without invite.
  1. Remember you are not alone. The revenge porn helpline is a great source of support and information. If you need advice on abuse, stalking or revenge porn, please do not feel ashamed or that it is your fault. You have a right to live your life with passion and fun. Consenting adults have the right to enjoy themselves as they please in private. Betraying trust is immoral and often illegal.

I think everyone should be able to live life passionately, fully, recklessly. I think tech is a huge part of that and my LDR would be impossible without it all. So live life large and enjoy yourself. Just proceed advisedly, and be aware of your online privacy, because tech is often not set up to protect you. But that is not your fault, it is because our world is designed for profit, not love and passion.

 

If you have any questions about your online privacy, or the advice given above, both Stella @MlleLicious and @NathOnSecurity have said they are happy to be contacted via Twitter. Thanks to both of them for sharing their advice!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.