Bulletproof privacy in one click
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon
So you've heard a lot about defending your online privacy, but you aren't sure what the big deal is. Or perhaps you just want to see how good of a job you've done protecting your privacy online (so far).
Well, look no further! This article will cover the various methods to conduct an online privacy check. This will include reviewing both technical and non-technical ways that your information can be leaked on the Internet. Then we'll suggest a privacy app that can help you avoid data exposure and some of the more technical privacy traps that people fall into all the time.
Before we get into the nitty-gritty of how to conduct an online privacy check, let's delve into the intricacies of data exposure. Here we'll be shedding light on the mechanisms through which our sensitive data may unknowingly find its way into the public domain.
Involuntary Geolocation
Although there are many subtle ways someone can figure out your location online, even if you don't give them permission to do so, the following three methods are the most common:
Metadata Scanning
Metadata scanning is a way for governments, hackers, and scammers to figure out where you are, based on the things that you post online.
There doesn't have to be any identifiable feature in a picture, nor any unique slang in a text-based post. Instead, the technical details that are included in many photos and social media posts can be examined to see if GPS tracking or location approximation has been turned on.
This technical information about images and online posting is called metadata. In many cases, the location that a social media post was created from - or the GPS of where a photo was taken - will be tattooed into all of your posts and uploads.
Important: Location metadata doesn't require your consent, most of the time. It's something that you need to actively block or scrub.
We have a complete guide to metadata that will show you all of the tools and techniques that you can use to sanitize your images and posts before they go up online. Use them, please. It's for your own privacy's sake.
IP Address Leaks
The next tool in the geolocation toolbelt, and one that law enforcement loves to use because it's so easy, is analyzing IP address leaks.
There are several ways to get your real IP address online, even if you're using a VPN. That's because a lot of services will simply pass that information through, in one form or another. IP leaks can happen when Torrenting, using WebRTC voice/video/chat, or just because you never hid it in the first place.
The best tool to check for IP address leaks is IPLeak.Net. They provide a no-nonsense interface that will let you check if your system, or your Torrent trackers, are leaking your IP address. If they are, it can be looked up using a WhoIs service. This will result in either your location or your ISP's location being displayed.
This can be counteracted by using a true privacy app, which we'll talk about at the very end of the article.
DNS Leaks
The last common way that people can get your geolocation is by making use of DNS leaks. DNS leaks involve querying what your DNS server is and making an educated guess as to where you're located based on the results.
You might think: I'm safe because I don't use my ISP's DNS. Maybe you switched your DNS servers to one of the big public DNS servers. But that doesn't matter if your ISP is using a transparent DNS proxy! They might be intercepting your DNS requests and rerouting them locally, which could easily give away your location.
In some places, transparent proxies are perfectly legal as long as it's in the ISP's Terms and Conditions (T&Cs). In others, the practice can only be used to execute government-mandated blocks. Once again, such blocks can be combated with a privacy app, as seen at the end of the article. ISPs who don't warn their customers about transparent DNS proxy activities might be subject to civil or criminal penalties.
To test all of this, check out DNSLeakTest.Com and run their utilities online. This will show you what third parties can detect about your DNS, and whether or not your ISP is using a transparent proxy to change your DNS query locations.
The next category to cover is the history that you've left behind as a result of prior hacks, data scrapes, and the constant information gathering that takes place online.
A good place to see what major hacks may have impacted your privacy is HaveIBeenPWNed.com. By plugging in your E-mail address, this helpful site looks up every public leak it can find and scours the archives for you. Whatever hacks it finds, it then lets you know the exact extent of data exposure. This is a critical step when you do an online privacy check.
The resulting report tells you just how screwed you might be. It's easy enough to change passwords, particularly if using a secure central password manager. But it's much harder to change your physical address. And it's impossible to change certain core identity features like your medical history, for example. But at least you can partially safeguard the use of your information by subscribing to a credit tracking service or the like.
Now as for the constant subtle information gathering and resulting data exposure that goes on all the time: That's harder to deal with. The various details about your hardware, software, patch levels, options, and habits can add to a portfolio that uniquely identifies you.
This is called device and browser fingerprinting, and it can be used to track you even if you never log into a website or accept any cookies.
One of the best places to check out how much of your information is being gathered is by running a scan at AmIUnique.Org. This will quickly tell you how much a standard Javascript test can pull from your typical browser or web app.
This is one of the toughest tracking methods to beat. VPNs are virtually useless against it, passing most of this information right through. It can even be used on the Dark Web, which is normally far more anonymous.
This time, a privacy app is your only option if you want to use websites 'normally'. The other option is to turn off some or all aspects of scripting, which will break the majority of websites out there. Keep reading to find out more about our suggested privacy app.
Your Social Media Footprint
Social media leaks are just as important as technical leaks, as far as your privacy goes. Remember that whatever you put out there stays out there. Thanks to archive sites such as The Wayback Machine, anyone who wants to create a public record of their history can do so. And not just people… some bots make frequent requests to back up any site that covers subject matter that they've been programmed to study or scrape.
Therefore, understanding what is in your social media profiles is critical for conducting an online privacy check to maintain the level of privacy that you desire. In addition to the metadata issues mentioned above, oversharing personal information can form a roadmap that helps others interpret the movements and decisions you make. The combination of everything you leave on social sites is called your social media footprint.
Anything you leave in your personal or business profile should be considered public knowledge. If you want to make those things private, start by editing those profiles.
One of the most difficult sites to balance is LinkedIn. Particularly if you are job hunting. You want to leave enough information to fill out a professional profile, but not enough to be used against you in a social engineering attack. So consider what you want to be publicized and what you share on social media. Never base any passwords, verifications, or validations on information listed on your social media.
Once you've cleaned up your social media profiles, and gone through your post history to scrub any additional information that you don't want to leak, you're ready for the next step: Checking your communications apps.
Scrubbing Your Chat App Profiles And History
Just like you did for social media, you need to go through your profile on every chat app and message board that you use. Eliminate any information that you don't want to be made public. It's easy to just numbly fill out everything on a chat app's sign-up page, without really thinking about the impact of making that information public. Now is the time to correct that.
If anything, chat apps and message board profiles should have even less information than social media accounts. You can always link people to social media if you want them to be able to delve a little more deeply into your life. But leaving that information open to the public removes your control. And privacy is all about control.
Next, you should turn on all appropriate encryption and privacy options in the settings of each app. Although it's more of a security matter than a privacy issue, you should also consider turning on Two Factor Authentication (2FA) when available. Remember all of those sites that we were talking about before? The ones that get listed in your HaveIBeenPWNed profile? Those are exactly the reasons to use 2FA.
If you're really concerned about your personal safety in addition to your privacy, consider ditching your chat apps and only using Signal. It's fully encrypted, end to end. This is the app of choice for journalists, protestors, whistleblowers, and activists. Signal allows for a higher level of privacy than any other chat app. But if you want to take a look at the competition, check out our article: Compare the Best Encrypted Chat Apps
You've done your online privacy check and reduced any data exposure, it's time to do something about your future privacy.
Installing A Privacy App
Now that everything has been cleaned up, it's time to install a real privacy app. So, what's our suggested privacy tool? No, it's not a VPN.
Most VPNs do next to nothing for your privacy, which is why so many of them have stopped mentioning it in their ads. They were never designed for privacy and can even add to your data exposure.
Hoody, on the other hand, is a dedicated privacy tool. It neutralizes all tracking and fingerprinting techniques used by websites. By spoofing your data, device fingerprints, and browser fingerprints on EVERY tab and on every browser, Hoody allows you to be completely untraceable. Without your fingerprints, finally, everything you do online can be 100% private.
Of course, privacy tools are only effective if you continue to be vigilant.
You should always keep an eye on possible avenues of data exposure. Things like bank account activity, and credit report activity, and be aware of the typical approaches that scammers make. But once you've secured your privacy online, hackers, scammers, and law enforcement won't have nearly as much data to work with. So you'll be in much better shape.
Download Hoody today and enjoy true online privacy for the first time.
Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.
Chapter 14: IoT Hacks
Dive into the unsettling world of government-controlled GPS tracking!
Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies
It’s time to uncover how government surveillance gets personal.
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon