Is Your Online Privacy at Risk?

Learn How to Protect It

hacker with two laptops

In This Article, You'll Learn…

• Who's tracking you online (and how)

• Why using strong passwords is critical

• How multi-factor authentication helps

• How to safeguard your email address

• When you need to encrypt your email

(No time to read right now? Just want to see the list of things to know? Here you go.)


Online privacy is a precious thing: Once personal information gets out, it's on the Internet forever. So protecting your online privacy is critical.

In this article, we'll introduce you to some apps and techniques that will help you do that.

Note: Some of the apps mentioned here are free and some have a cost. We have not fully evaluated all of them and the OnlineSafetyZone does not endorse any product. We have no affiliations with any of the companies providing these apps.


There's a saying that “If you're not paying for the product, you are the product.

online data trackingThink about Google search, Gmail, YouTube, Facebook, and similar sites. How much do you pay to use them? You probably don't pay in dollars, but you do pay in information.

These companies monetize you via trackers that monitor your online behavior, which they then sell to advertisers, credit bureaus, and political data intelligence firms.

You might be shocked at how much data these companies have about each of us, and how predictive our online behavior is about our income level, political leanings, credit risk, and other things.

A few years ago, there were effective methods to block trackers. But then someone figured out how to do “browser fingerprinting” which looks at the unique configuration of fonts, screen size, browser settings, and other things on your computer (or tablet or phone). This fingerprint can be used to track you around the web.

Does your web browser protect you from trackers?

Try the Cover Your Tracks tool to find out.

So, what can we do?

Some apps that help prevent trackers from collecting data about you are…


  Cyber Privacy Suite

  Ghostery Midnight


The easiest way to lose your privacy online is via weak passwords. A weak password is one that is short, uses only letters and often common words, is easy to guess, and/or is used in multiple places.

login screenTo protect your online privacy, always use strong passwords.

These are long (at least 18 characters), use a combination of uppercase and lowercase letters, numbers, and symbols, do not contain words found in the dictionary, and are never used in more than one place.

See our article about password management for more details on how to create and use strong passwords without having to worry about remembering them.

Multifactor Authentication

Using strong passwords is a good start, but adding multifactor authentication helps protect your online privacy even more. Authentication is just a fancy way of saying “logging in” or accessing something.

multifactor authenticationMultifactor authentication (MFA) is sometimes referred to as two-factor authentication (2FA).

Regardless of whether we call it MFA or 2FA, it's helpful because without it, there's just a password between your private information and a hacker, so he has only one thing to breach. With MFA, a hacker now has to get past two barriers.

Using just a password is “one-factor” and not very secure, especially if that password can be cracked. Adding a second factor (either “something you have” or “something you are”) increases the cracking complexity significantly.

Here's how we “count” authentication factors:

  One factor is something you know (such as a password)

  Another factor is something you have (such as an authentication app)

  And yet another factor is something you are (something permanent about you that doesn't change, like a fingerprint or iris)

Multifactor authentication can be used to access email, websites, and even some installed software such as tax preparation programs. It can be used on desktop and laptop computers, tablets, and smartphones.

A website may offer (or require) MFA as part of their login process. Your bank's website, for example, might text you a 6-digit code after you provide your username and password. They will only complete your login after you provide the code they sent.

Unfortunately, there are ways hackers can compromise an MFA system that uses texting. The explanation is a bit too technical, but just be aware that it's not the most secure method of MFA.

A more secure way of doing MFA is using an “authenticator” app on your phone or tablet. These require a simple one-time setup, and then the app generates the 6-digit code which you provide to the site you're logging into.

The explanation for how this works is also a bit too technical, but it involves your authenticator app and the remote site sharing a “secret handshake” during setup and then it just “magically” works.

One of the best known authenticator apps is Google Authenticator

  Google Authenticator for iOS (Apple iPhones and iPads)

  Google Authenticator for Android (Android-based phones and tablets)

An alternative is Zoho Authenticator…

  Zoho Authenticator (iOS and Android)

These are free and easy to set up. Using MFA is an extra step, but one that more than doubles the protection of your online privacy.

Your Email Address

For most people, their email address is pretty sacred. They've used it for a while and it would be a difficult hassle to switch to a different one.

email addressSo it's important to remember that anywhere you provide your email address is a potential leak point.

A hacker who finds your email address, maybe from a data dump from a company's security breach, only has to guess your password (see the importance of strong passwords and using MFA above).

Ideally, it's best to only provide your email address to people and sites that have a legitimate need for it. There are times, however, when a site requires an email address, but doesn't really need it, at least not after that one encounter.

In these situations (for example when an online merchant needs an email address) you can use a “disposable” email address. This is a real, working, legitimate email address but it's not the one you normally use. Instead, it's provided by a company that acts as a “middle man”, protecting your real address.

There are some disposable email addresses that only last for 10 minutes… just long enough for you to sign up for something and confirm your address. (But do not use this type of email address as your login username.)

And there are others that are more permanent but let you delete them if you no longer need them or they start getting too much spam.

Two places to check out for disposable email addresses are…



Email Content

In addition to protecting your email addresss, the content of your email sometimes also needs protection. For example, you might need to send information to your accountant to prepare your tax returns, or you might need to send medical information to a doctor.

You probably don't want that stuff flying around the Internet where anyone can intercept it and read it.

Luckily, many companies who legitimately need people to send this type of information are now setting up “secure online dropboxes” which provide a way of sending information safely.

email addressBut if you need to email sensitive information to someone that doesn't use such a service, you can consider using encrypted email.

(Note: This is more complicated than the things discussed above, but for those who truly need an extra layer of protection, it can be worthwhile.)

Encrypted email uses something called “public key cryptography”. It works kind of like safe deposit boxes that need two keys to open. You have one key and the bank has another key. Neither you nor the bank can open the box without the key from the other.

The most secure way to use encrypted email is when both sides of the email “conversation” have dedicated software. But it will sometimes work if you're the only one using it, by using a special type of email account (see below).

Dedicated software for encrypted email…

  Preveil (integrates w/ Gmail, Outlook, and macOS Mail but requires both sender and recipient to have it)

Special email accounts for encrypted email…



These are replacements / supplements for whatever email service you already use (Gmail, Outlook, macOS Mail, AOL, etc.)


It's way better to protect your online privacy *before* it leaks out to the Internet than afterwards. We talked about several ways to do this and pointed you to some apps that help with the effort.

If you have any questions about protecting your privacy online, please <>.


If you have any questions about anything here or if there's an issue you'd like us to talk about please get in touch.

Want More Info Like This?

Get our Free Newsletter