Recently, several friends asked my advice on how to improve their internet security when browsing the web, checking email, and scrolling through news feeds on their phones.
I confessed that while I was no expert, I was happy to share what I do to protect my own privacy online. Afterwards, each friend independently encouraged me to provide these tips to a wider audience — not as a self-help tutorial, but as an informal guide to internet security.
A proviso: I live in a Google universe. I use Chrome, Gmail, and a Pixel phone running Android 11. While most of these tips work on other platforms, not every suggestion is replicable. It’s also worth stating that I have no affiliation with any of the tools I recommend. Support them if you like — I encourage you to do so — I receive no remuneration for any referral.
Finally, it may seem that I am against advertising. I’m not. Ads can be an important source of revenue for some websites, particularly for news publications that use it to pay their writers. My objection is to advertising that has no business in my personal life. Trackers — those insidious little pieces of code that follow people all around the Internet — are my enemies.
Let’s Get Started!
This guide has three sections:
- Web browsing
- Phone settings
While the order of the sections is not important, following the order of points in each section does make a difference. I will make a few proclamations along the way, which are meant to save you some research, but by no means is meant to dissuade you from learning more.
Before we begin, we need to start at zero and get your browser to a more pristine condition:
- Go to ‘Privacy and Security, Settings’ and ‘Clear Browsing Data’ — all of it: browsing history, cookies, cache, and app data. Keep your passwords.
- While we’re here, navigate to ‘Cookies and other site data’ and ensure that ‘Block third-party cookies’ is selected and ‘Send a “Do Not Track” request with your browsing traffic’ is switched on.
Congratulations: we have a clean start!
If you have a Google account, it’s time to limit tracking. You can always ease off the settings and grant more access later, but for now we need to clear your account’s histories:
- Go to ‘My Activity’ and ‘Delete activity by… always’.
- Go to ‘Activity controls’ and ‘Clear web and app history’. Set auto-delete to 3 months.
- Also in ‘Activity controls’, pause ‘Location history’ and ‘YouTube history’, and turn ‘Ad personalisation’ off.
You can stop here, but if you’re okay adding a couple of third-party extensions I recommend:
- Privacy Badger — Built by the Electronic Frontier Foundation (EFF), a nonprofit organization that defends civil liberties in the digital world, this extension automatically blocks invisible trackers and lets you manage domains and widgets.
- AdBlock — Not to be confused with Adblock Plus (ABP), AdBlock (with a hand in the octagon) is the original open-source Google Chrome ad management tool and is optimized to improve browser speeds as well as minimize intrusive advertising.
Google Mail does an incredible job of blocking junk email, phishing attempts, and unwanted senders. However, permissions-based subscriptions and shopping cart confirmations often embed invisible ‘tracking pixel’ codes in the body of their emails. See my article “Facebook’s Deep Fake” on The Startup to read more on how deep the links can go.
While email software doesn’t block these kinds of ‘web beacons’, most let you block the images that trackers use. In Gmail, go to ‘General Settings’ and turn on “Ask before displaying external images”. Emails might look a little broken, but at least advertisers can’t track you.
If you wish to see more beautiful emails, consider another Google Chrome extension called PixelBlock by Canadian entrepreneur Omar Qureshi. This tiny plug-in allows you to safely download images into your email message and see at a glance if you’re being tracked.
While your choice of apps determines how much personal data gets shared with advertisers, there are two system settings in Android under ‘Advanced Privacy Settings’ that allow you to limit and confuse trackers.
First, ‘Opt out of personalized ads’. Second, reset your phone’s AAID (Android Advertising ID), and continue doing so from time to time. This reset effectively forces advertisers, such as Facebook, to start rebuilding their profile of you from scratch. For iPhone owners, Apple’s identifier for advertisers (IDFA) in iOS can also be reset in the system’s Privacy menu.
Regardless of these system settings, it is also a good idea to limit app permissions to only those functions you think that it requires. For example, I only allow ‘Location’ to a handful of apps that need it to function, and rarely allow access to my ‘Contacts’ or ‘Camera’.
As with Web Browsing, clear the search history and set your mobile browsers up similarly to your desktop. If you’re open to giving another mobile browser a go, I recommend Brave, which provides a suite of controls and options for trackers, cookies, and ad management. In Android, you can set Brave to be your default browser and set Google Discover to use it to open all news feed articles. You can also enable Brave Rewards, which is an opt-in program where you can get paid to see ads.
Like Apple’s Tim Cook Twitter response to Facebook’s Dan Levy, I believe that people need to have choices over the data that advertisers collect about them and how it gets used. Broadcast advertising is fine: we expect it in the information age — but tailored, targeted, and tracked advertising is akin to junk mail and violates our personal privacy.
Eventually, Apple will update iOS 14 to make advertising more transparent by notifying people about trackers and deep links ahead of time. Google may not follow suit with Android, as they are inextricably linked to advertisers in their business model. Even so, Google has improved its position on privacy in the last year and has added more robust controls, such as the Google Dashboard, for better personal data management.
There you have it: my approach to protecting my privacy online. I hope it’s useful and, if nothing else, provides some measure of security for future browsing, pixel-free emails, and phone app tracking transparency. May your future data be yours, and yours alone.