The modern Western world is completely different from even 30 years ago. Technology is ubiquitous, and our digital personas have – for better or worse – become tightly integrated with our “real world” selves; to this, digital literacy has become an essential skill to participate in society. Although threats to digital privacy and fraud are everywhere – threats like scams and identity theft that could cause serious harm to an individual’s physical, mental, and financial wellbeing – there are steps individuals can take to ensure the privacy of their personal information and make a more just e-society. Below our friends at the Toronto private investigation agency Haywood Hunt & Associates Inc. have outlined 5 of the best ways to protect yourself from online fraud.
- Use services that inherently protect privacy and be better informed about those that do not. Many free services generate profit via advertising, and in many cases the product they sell to advertisers is personal information about the user’s observed habits and interests, locations, etc. The most popular and egregious example is Google/Chrome, though most large companies (e.g. Facebook (Cambridge Analytica)) do this to some extent. There are many alternatives to these privacy products; for example, the DuckDuckGo search engine – which claims not to track the search patterns of its users over time – can be used instead of Google, or Firefox or Brave (both privacy-centred browsers) can be used instead of Chrome. There are a variety of privacy-focused social media sites, though none are too well known.
For the cases in which a privacy-violating service must be used, it is important for the user to be informed by reading the company’s EULA and TOS, as this can help users understand the following: how their data will be collected, used, stored; what rights they may have to their data (e.g. requesting corrections/deletions); and how they may opt-out of privacy violating components (e.g. through clearing or preventing the storing of cookies, or otherwise toggling certain settings).
- Use a Virtual Private Network (VPN). A VPN can mask a user’s IP address and help ensure privacy via anonymity; this is useful for situations in which the user does not want to be tracked. VPNs may also help overcome some forms of fraud because the fraudsters will have less available information, e.g. when using a VPN to access banking resources on public Wi-Fi. However, a VPN must be trusted and well-researched, as they (somewhat like an internet service provider) may essentially act as spyware, observing all internet traffic that passes through their servers.
- Use a password manager to create strong, unique, secure passwords for different websites. If a user utilizes similar passwords across their web ecosystem, only one compromised password or data breach (a seemingly frequent occurrence) could be enough to compromise a user’s identity. For example, though a banking service may have strong security practices, a small gaming site may not; if a data breach occurred with the latter and a similar password was used, an individual may soon find their bank information stolen. Using strong and unique passwords across different websites – enabled by a password manager that encrypts data at rest with a strong form of encryption (e.g. AES-256) – is a relatively easy way an individual can protect themselves against impacts of breaches that are otherwise outside their control.
- Use common sense. This is perhaps the most important aspect of personal digital literacy and privacy/fraud protection in 2022. For example, a user should delete suspicious emails, and should especially not click links within them. They should also ensure that the website from which they are downloading software or purchasing something is the legitimate business/product website, i.e. not a spoof laced with spyware or ready to steal credit card information. When using a service that exposes personal information/images (e.g. Facebook), an individual should use the most private setting possible that accomplishes their sharing / data dissemination aims. A user should not access sensitive data over insecure channels. Personal information should only be shared over trusted channels with trusted individuals. If a user is unsure about whether their practice is unsafe, they should assume it is and consult a friend or professional for advice.
- Petition governments to introduce legislation that protects privacy. Although there is much more that could be done, there has been a fair degree of action on the part of lawmakers to draft legislation that protects privacy, allows a user to be “forgotten” (data erasure), or requires a corporation/institution to be very clear about their data collection and storage practices. However, much of this has been focused on Europe, and (except for California) has not permeated to North America. To better protect against attacks on and inconsistencies with their personal information, users should reach out to their local MPs and ask that similar protections be brought in at a federal level.
As Phil Zimmerman, creator of Pretty Good Privacy, wrote (as a corollary of Moore’s Law) in 2013, “the ability of computers to track us doubles every eighteen months.” Likewise, the capability for a user to be scammed or have their personal information harvested/stolen doubles every 18 months. By using privacy-focused services/practices, a VPN as necessary, a password manager, and common sense, and being engaged in government policy, a user should be able to successfully navigate the ever-evolving complex web and protect themselves against the illegitimate actors therein.