7 steps to ensure online privacy protection

Whether due to the unfortunate rise of data breaches, geopolitical conflict, or policy developments with privacy implications, internet users should have the tools to ensure online privacy protection.

In an effort to cut through the noise and keep things straightforward and accessible, here are 7 steps for bolstering online privacy protection. Implementing these measures does not require a technical background; rather, it demands a little proactivity that will ultimately pay off in dividends.

Concerned about the privacy of sensitive online searches and how the content of those searches could be used in the future? Suffice it to say, some quick research will reveal that your wariness is warranted.

While we’re on the topic of research, the first step to ensure online privacy protection is to switch from Google to a private search engine, such as DuckDuckGo, Startpage.com, or Qwant. These engines keep search activity anonymous, do not sell your data, and do not track your activity online to offer up a dizzying array of ads.

DuckDuckGo, for example, offers a browser extension and mobile application that blocks Google’s (and other engines') trackers across the internet. And, there is a difference between using DuckDuckGo and browsing in Incognito mode. According to DuckDuckGo:

“Incognito mode mainly just deletes information on your computer and does nothing to stop Google from saving your searches, nor does it stop companies, Internet service providers, or governments from being able to track you across the Internet. By contrast, DuckDuckGo search is completely anonymous, and if you add our app[lication] and extension on top, we help keep you private when browsing off of search results.” 

These distinctions are worth understanding when attempting to cultivate online privacy protection.

• Find out more about DuckDuckGo

• Find out more about Startpage.com

• Find out more about Qwant

In a Bitwarden community survey for Data Privacy Week, Tuta Mail, Thunderbird, and Proton Mail were selected as some of the top privacy-centric email options. What differentiates these services from Gmail, Outlook, AOL, and Yahoo?

Unlike these more popular options, Tuta Mail is ad-free, open source, and end-to-end encrypted. A quick note on encryption: Encrypted data means it is rendered useless to anyone who does not have the decryption key. Tuta Mail will never have access to the decryption key because it stays with you, the user, in the form of your username and password.

Thunderbird is also a popular free and open source email client favored by the Bitwarden community in the Data Privacy Week survey. Both services are committed to promoting online privacy protection.

• Find out more about Tuta Mail

• Find out more about Thunderbird

Using WhatsApp for sensitive messages? If so, this is not the most optimal solution for fostering online privacy protection. Instead, consider messaging alternatives Signal, Threema, Element, and Session.

In a thorough article about WhatsApp versus Signal, The Guardian’s privacy reporter Kate O’Flaherty discusses the drawbacks of WhatsApp and the arguments in favor of Signal. The pro-Signal case in a nutshell: it’s very similar to WhatsApp from a user-friendliness standpoint. Still, it is singularly privacy-focused and does not rely on an advertising-based business model for profit. Additionally, maintaining written documents that summarize compliance efforts related to email privacy and data retention policies is crucial for safeguarding personal information.

• Find out more about Signal

• Find out more about Threema

• Find out more about Element

• Find out more about Session

Security enthusiasts know that creating strong and unique passwords helps isolate and limit the impact of a data breach. Privacy enthusiasts know that applying unique usernames can carry that protection even further and help ensure online privacy protection. Additionally, it is crucial to monitor your online presence and the information that others may post about you to maintain control over your digital identity and protect your personal information.

Bitwarden includes the ability to generate secure usernames and passwords in every plan, available across the Bitwarden desktop app, web client, mobile app, and browser extensions. Find out more about the Bitwarden username generator.

Email aliases, sometimes referred to as masked or anonymous emails, create a layer of obfuscation and anonymity by using unique addresses that forward to your personal email address. These aliases generally have no connection whatsoever to your identity or personal email, providing an extra layer of protection, particularly in terms of privacy. 

For example, if an online retailer requires your email, you can use an alias. You will still receive coupons and updates, but the retailer will not have your actual email address and cannot use it to match you with any other online information tied to you. This is clearly a significant benefit for those who prioritize online privacy protection. Personal information can often be found on specific pages, such as social media profiles, making it crucial to use unique usernames to protect your privacy.

Sadly, data breaches still occur too frequently, with usernames, emails, and passwords often getting into the wrong hands. Fortunately, many (but not all) websites protect passwords by saving a hashed value of the password, which can be difficult, if not impossible, to reverse. However, that protection does not always apply to email addresses, which are more often stored in plain text, allowing others to compile and correlate them in databases on the dark web.

Email aliases help enhance online privacy protection. Hackers cannot learn your real email address from data that may have leaked on the web. Also, if you see that someone else is emailing you via that specific address you provided to the online retailer, you’ll know your info was sold, and you can disable that alias or create another.

Bitwarden currently supports integrations with SimpleLogin, Addy.io, Firefox Relay, Fastmail, DuckDuckGo, and Forward Email.

• Find our more about SimpleLogin

• Find out more about Addy.io

• Find out more about Firefox Relay

• Find out more about Fastmail

• Find out more about DuckDuckGo

• Find out more about Forward Email

VPN, or Virtual Private Network, is defined by the Electronic Frontier Foundation as:

“A method for connecting your computer securely to the network of an organization on the other side of the Internet. When you connect to a VPN, all of your web browsing data appears to originate from the VPN itself, rather than your own Internet Service Provider (ISP). Sensitive information could include submissions from contact forms or credit card information.

Using a VPN masks the IP address assigned by your ISP from the sites you access, adding an extra layer of privacy. Along with masking your origin IP address, it also encrypts your data while in transit to the site you are accessing.”

In short, VPNs add an extra layer of privacy. While private search engines anonymize your data, they do not prevent your ISP (or any interim ISP if you are traveling) from seeing what sites you visit — not an ideal scenario for those who care about online privacy protection. It is also essential to include a link to the privacy statement at prominent locations on the website, making it accessible for users to review their rights and the information being collected.

Here’s the catch: there are loads of VPN options on the market. Not all of them are created equal, and they’re not perfect. The article linked above walks through their limitations.

Ultimately, using a VPN is better than having no VPN. Services recommended by the Bitwarden community include Mullvad VPN and Surfshark.

• Find out more about Mullvad VPN

Password managers are one of the simplest and most fundamental tools available for strengthening online privacy protection.

Like it or not, our online world revolves around passwords. To stay safe from data breaches, you need to create strong and unique passwords for every account; however, remembering them all without help can get tricky. Using a password manager lets you easily protect yourself and your data. Bitwarden, for example, generates, stores, and secures user data in an end-to-end encrypted vault, all in service of helping users build online privacy protection.

Prioritize password managers that offer some form of two-factor authentication (2FA) because it helps increase user security for websites and applications and strengthens online privacy protection. The name refers to a requirement that users must use two separate methods to verify their identity to access an account. A helpful definition for 2FA is that logging into a service involves something that you know, such as a password, and something that you have, such as your phone, hardware token, or other authentication code. Additionally, Internet Protocol addresses are personal information that can identify individuals, making them a target for hackers; using tools like VPNs to encrypt IP addresses is crucial for maintaining security and privacy.

A common example is when you log in to a website with a username and password, and then receive an emailed code for final validation of your access. The username/password is the first factor, and the code received in your email is the second factor — hence, two-factor authentication. Two-factor authentication is one of the most effective strategies for enhancing online privacy protection.

Most implementations share codes that expire within a set timeframe, adding additional protection. Ideally, the password management solution enables 2FA for vault access and individual websites and accounts stored within the password vault.

A few of our favorite third-party authenticators are Ente Auth, Aegis, 2FAS, and Bitwarden Authenticator.

• Find out more about Ente Auth

• Find out more about Aegis

• Find out more about 2FAS

• Find out more about Bitwarden Authenticator

Of course, if you are using Bitwarden, you can also bundle two-step login for 3rd party websites with the integrated authenticator in Bitwarden Password Manager. For more, see this help article on using the standalone Bitwarden Authenticator.

Are you ready to get started with Bitwarden? Start a free trial for your business or sign up for a free individual account.

Securing devices is crucial for protecting personal information and enhancing online privacy, especially with the increasing use of internet-connected devices that collect data.