There's no way to have complete privacy, but you can still make choices that give you more of it than you'd have otherwise. It's all about deciding what risks you can take and what you want to sacrifice.
This article gives you 7 steps to help you have more privacy online.
By the way, the advice in this article is meant for average teenagers in liberal countries. If you're in a place that's less free or if you're especially likely to be at risk, you should seek help from resources meant for people in your unique situation.
Step 1: Figure out who's watching you
If you can't have perfect privacy, how do you know what's important to worry about? That depends on who you are.
Even if you're a fairly regular teenager in a liberal country, you should be concerned about mass surveillance, app tracking and online advertising. But, you don't have to go overboard. There are simple things you can do to make it harder for them to spy on you (we'll go over those later).
Closer to home, you should also be worried about your school and cybercriminals. Both of them can directly affect your life in serious ways.
There might also be other people you want to look out for. Often they'll be people you know: they could be a school bully, an enemy or a mean co-worker.
Think about what information about you might be exposed, how that might happen, what the chances are it will and what the consequences could be. There are two kinds of situations you should be worried about the most: the ones were information exposure is most likely and the ones where it would bring the most severe consequences.
You should also think about what you're willing to give up. In some cases, you might be OK with trading the risk of having some information exposed if the consequences aren't too bad or if it's especially unlikely. You might also be willing to go further to defend against a smaller risk if the consequences might be especially awful. What you're comfortable with is up to you.
Step 2: Restrict how much information you create and give out without good reason
You can't misuse data which doesn't exist. If you can reduce the amount of data you make and give out, so much the better.
So, try to give out as little information as you can without good reason. After all, it's very common for information to be leaked or stolen by criminals, even from very big, rich companies. If someone asks you for information about yourself, find out exactly what they want it for and what they'll do with it. Sometimes, they have a good reason; most of the time, they don't.
It's also a good idea not too keep too much information on other people. You might lose their information or be forced to give it over. For example, if you have a system like Ring at your front door, the police might demand you give over what you recorded.
Step 3: Educate yourself on how much different services misuse your data
Many non-free online 'services' can't be trusted with your data. They use your data to target ads at you, they've been caught experimenting on people and they've shared users' information with surveillance agencies.
You should take stock of the ones you use and find out what they use your data for. Do an internet search for news articles about them and privacy. If you don't like what you see and you can get rid of them, do so. If you can't, reduce the amount of information you share with them or try to use them less often.
You should also think about how other people might be feeding your information to online services. You are well within your rights to ask your friends and family not to put your picture up on Facebook or to turn off smart speakers when you're visiting.
Step 4: Install an ad blocker and other browser extensions to protect your privacy
Install a good ad blocker. I recommend UBlock Origin. If you use a browser like Chrome that won't let you install a good ad blocker replace it with LibreWolf. LibreWolf is a privacy-first version of Firefox.
Ad blockers are important because they can stop your browser from accepting the cookies and scripts that companies use to build a picture of your behaviour online. You might also like to install JShelter, which can help stop sites fingerprinting your browser.
Step 5: Adopt good security habits
Privacy isn't just about NSA spooks and analytics companies. It's also about the creep in the school library that looks over your shoulder to steal your password and the dodgy streaming site that puts information-stealing malware on your computer.
Following some simple rules go a long way to make it harder for them to steal your data:
- Change your passwords often. Maybe not as much as your underwear, but 3 months is a good rule to follow. Make sure your passwords are hard to guess -- a simple method is to make a password from 4 uncommon words. Never reuse passwords or use them on multiple sites.
- Always lock your phone and your computer when you step away from it for any length of time.
- Don't download stuff from untrustworthy websites, and don't illegally download software (you should be choosing free software, anyway!). If a site offers you the opportunity to do something illegal or taboo, such as downloading games or watching porn, they're more likely to put malware on your computer.
- Only connect to networks you trust. If your phone connects to open networks automatically, change your settings. Sometimes, people set up networks to steal people's logins.
- Erase your hard disks and factory reset your phones before you sell or dispose of them.
Step 6: Use encrypted services
Encryption scrambles your data so it can't be read by people who aren't allowed to see it. Choose end-to-end encrypted services where possible.
End-to-end encryption means that only the sender and recipient of a message or call can unscramble the data. An example of an end-to-end encrypted service is Signal, a messaging app. You can have end-to-end encrypted videochats with Jitsi. Both Signal and Jitsi are free software.
Try not to use e-mail. E-mail isn't end-to-end encrypted, unless you go out of your way to do it yourself. Even if your connection is encrypted between you and your e-mail provider, messages usually sent without encryption between mail servers. E-mail has also been a special target of intelligence agencies. But, if you want to send end-to-end encrypted e-mail this issue has an article with a guide on how to set it up.
It sometimes happens that non-free services lie about having end-to-end encryption in their software. This was the case for Zoom (although they claim they have changed now). Because of this, you might like to self-host your own service. Of course, you should make sure you know what you're doing -- you don't need to try very hard to spy on someone who's left their server wide open!
Step 7: Think critically about privacy claims
If you've watched any YouTube videos over the past kajillion years, you've probably heard a lot about VPNs. The services VPN companies sell is one where you connect to their network and let their servers get pages for you.
They're much better these days, but the ads for VPNs tried to scare people into buying their services. If you believed what you saw, you'd think every network was full of spies and crackers!
VPNs do have legitimate uses: as the ads say, they're great when you need your computer to look like it's elsewhere, like when you want to watch something online that's only available in one country. Businesses also run their own VPNs so their employees can use the business's own network over the internet.
However, the VPNs in the ads can't protect your privacy like they say they do. You still have to trust the company running the VPN and the companies they buy from. What's worse is some VPNs have been selling user data all along!
VPNs aren't the only example of a service that makes promises to protect your privacy it can't keep. So how can you tell if someone is selling you services that can't help you? A big hint is a lot of advertising that tries to scare you into buying the product. Another hint is if you hear about it a lot from famous people who aren't experts. You should ask yourself if this really was the kind of person who'd be telling you about this if they weren't being paid. If someone's job is making prank videos on the internet, they probably aren't someone to go for for cybersecurity advice!
Beyond the seven steps
It's not too difficult to win back a little of your privacy. If you do what we just talked about, you'll be well on your way to fighting back against those who'd use your information in ways you don't want.
Of course, none of this is enough. Privacy isn't just about the choices we make on our own. No ad blocker, password or encrypted service can defeat all the threats to privacy we face. Winning back privacy for everyone is going to take political effort from all of us. The steps we haven't talked about are the most important ones: tell your friends and family about privacy; stay informed; and, most of all, get involved.
Previous: Who's spying on you
Next: All about encryption