Most of us have been online long enough to know the internet isn’t what it used to be. Under the seemingly seamless experiences and interfaces lies a swarm of invasive and exploitative processes that are built for profit. Every internet company is out there to hunt your data — just look at how a juggernauts like Facebook have been caught using your data. When it comes to protecting yourself, you are largely on your own.
Over the years, however, we’ve grown used to trusting certain online behavior — but we can’t take them for granted anymore. Here are a few things you should stop doing online.
1. Logging in with Facebook and Google buttons
On most sign-in pages, you’ll find Google and Facebook’s instant log-in buttons. But while they may seem like a convenient one-key-to-rule-them-all method that eliminates the hassle of remembering or creating numerous credentials for different websites, they carry a huge privacy trade-off.
Companies like Facebook that rely on advertising for revenue realized their services can’t be everywhere. So they made authentication frameworks. When you click one of these sign-in buttons, you agree to share your activity on the third-party service with host companies such as Facebook and Google (and vice-versa).
So, for instance, if you sign up on a kids clothing store through a Facebook sign-in button, Facebook will know you’re expecting or have children. Therefore, the social network will begin pushing advertisements for kid products to you and possibly exchange this data with other businesses in the same industry.
Over time, sign-in buttons allow tech companies to stitch your digital profile to accurately predict which ads you’re most likely to engage with. Plus, the website you’re attaching gains more info out of this relationship than they probably need. Case in point: When you create a new account on Spotify via Facebook, it automatically fetches your public profile, birthday, and friends list.
It’s, therefore, best to stay away from sign-in buttons, and if you’ve been using them for a while, head over to your Facebook or Google account settings to revoke access to whichever service you’ve linked it to.
Apple, incidentally, has set out to offer a privacy-focused alternative to this with its latest authentication API. Called Sign In With Apple, unlike Facebook or Google, it barely shares any info with third-party services — you even have the option to hide your email address. Apple has been primarily been able to deliver this because most of its revenue doesn’t come from advertising and it has no business snooping on you.
2. Giving away your personal email address
You shouldn’t easily give up your email address, either. Unless you plan to actively use the website, you should instead consider signing up with a burner email.
Disposable email addresses are not as barebones as they were a decade ago. You can have them redirect to your own ID as long as you need the website and, once you’re done, burn it with a click of a button.
Browser extensions like Burner Emails also automatically generate a unique disposable address for you to enter whenever they detect an email field in an online form or sign-up page. From Burner Emails’ dashboard, you can quickly disable the ones you don’t want and forward messages from the rest.
3. Saving passwords in your browser
Most browsers ask if you’d like to save the password whenever you sign in or register for a new platform. But you should never hit that “Yes” button.
The built-in password manager on browsers is not as secure as they are supposed to be. In the majority of scenarios, your credentials will be stored in a plain text format that any intruder can access with a bit of tinkering. In the past, there have also been a bunch of instances where passwords of thousands of users were compromised.
We would recommend switching to a dedicated password manager. These tools are designed to protect your credentials and best of all, they work across all apps and operating systems.
4. Scrolling past terms and conditions
I’m sure we’ve all done it: Frantically scrolling past the terms and conditions so that we can quickly reach the exciting part. In this day and age, however, doing that can be truly detrimental to your personal data and can lead to serious consequences.
We get it. Terms and conditions are long and often too complex for a non-lawyer brain to grasp.
Fortunately, there are a handful of signs you can look for to understand what you are agreeing to. You can search for common terms such as “information” and “data.” Or you can head over to helper sites like TOS;DR, which summarize policies of well-known services in plain English.
5. Browse without HTTPS
When you load a website, you may have noticed the browser automatically appends a few additional characters before the URL. One of those is “HTTP,” an internet protocol that determines how a website structures and transmits data.
A more encrypted and private upgrade to HTTP called HTTPS was released a while back. Its biggest highlight is that whatever information a website exchanges with the server is secured and can’t be covertly tapped into by intruders. Sadly, HTTP is still valid and a lot of websites haven’t felt the need to switch to HTTPS, leaving your data vulnerable to breaches.
Until that changes, it’s wise to steer clear of non-HTTPS sites. You can also install a free browser extension that forces HTTPS across the internet and on every service you visit.
6. Allowing cookies and leaving them there
You probably don’t give a second thought to that Allow Cookies pop-up when you visit a site for the first time. But you should.
Cookies are these tiny pieces of information that companies store in your browser so that they know it’s you when you revisit them for advertising and personalization. While cookies were born as a nifty tool for developers years ago, that’s not the case anymore. Cookies barely have any encryption and can easily end up in the wrong hands.
Unfortunately, most websites don’t function as intended when you entirely disable cookies, either. So what’s the way out? You put them on self-destruct mode since, if you didn’t sign up, you likely don’t have any use for that website.
To do that, you will need a third-party browser extension like Cookie AutoDelete, since the majority of browsers don’t have a native setting for this.