Blog Post

How to Safeguard Your Privacy Online

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

As privacy issues continue to monopolize our national conversation, sparked by everything from Google’s proposed takeover of DoubleClick to Facebook’s Beacon advertising platform to warrantless wiretapping by the NSA and various other activities that bring to mind tinfoil hats and black helicopters, I’ve started to wonder: How does one attain some semblance of privacy on the Internet? For while I can live with the fact that national security concerns may warrant some invasion of privacy at some point, I am not comfortable giving up personal information as to how I think for the sake of companies and their marketing departments serving me relevant advertising.

I know I am a part of a specific targeted demographic and I realize that marketers value, above all, the ability to understanding the basic incentives of targeted demographics. Further, I realize that it is exceptionally difficult to live in society today without being classified for marketing purposes – i.e. I am a male living in Silicon Valley and working in venture capital– and that this practice has been done for years via credit card purchases, mortgage information and other sources of data. What bothers me is that gathering my personal data gives marketers access to my personal habits, which they can then analyze in an attempt to understand why I do what I do and use their conclusions to serve me up [what they hope is] more relevant advertising. And what scares me is that some people call this a feature and are willing to grant access to their private digital footprint in return for this so-called relevant advertising.

To borrow an example from a friend of mine, I don’t care if my local grocery chain store knows that skirt steak and Corona beer are usually purchased together by males between 24 and 42 years of age. However, I do care if a search engine company knows that I purchased these items at the grocery chain store at four in the afternoon on Saturday, recently bought a round-trip ticket to Argentina and returned an item to the Macy’s in Union Square last weekend. Do they serve my needs any better by inserting advertising for Niman Ranch beef, hotel discounts in Buenos Aires and Macy’s latest sale on my Facebook page? I understand why, in terms of advertising rates, this is good for Facebook, but why am I giving up my privacy for this service?

So here are some ways to regain a reasonable facsimile of privacy on the Internet — or at least attempt to give marketers the most limited amount of personal information possible. Some of these are fairly practical and easily accomplished while others, admittedly, are way off the fairway and only for the serious privacy advocates and full-blown conspiracy theorists.

Feeling Practical But Not Paranoid?

Do not use desktop search tools like Google Desktop or Microsoft Desktop Search. A full index of every keyword on your hard drive in the hands of marketers is very useful for the purposes of targeted advertising.

Do not use webmail from a service provider like AT&T, Google or Microsoft. Same reason as above, except here it applies to every email you send or receive.

Do not use browser toolbars or desktop gadgets. Both of these types of add-ons from companies like Yahoo and Google are known to gather information on your online activity for marketing purposes.

Remove all social network accounts. There is loads of good information there that can be used for targeting and correlation. At the very least, remove all personal information and have a username that does not give any clues to your true identity.

Clear your browser cookies after every session. Alternatively, only search using and enable AskEraser. To take erasing your footprint a step further, do not accept any browser cookies by default. This additional step will make web surfing slower and more intrusive as you will have to manually accept or deny cookies. That being said, if you surf for an hour without accepting cookies by default you will become much more aware of them, and that in and of itself could prove enlightening.

Change your local username daily. Browsers and other software have been known to pass local usernames to servers as part of their operation. If your username is something like “first.lastname” this is clearly useful information for data collection purposes.

Use Opera. With Opera, you can mimic another browser’s identification string, which helps mask your browser’s settings and reduces the information that you send to a web site when you visit.

Paranoid and Happy to Admit It:

Do not make international phone calls. Even if warrantless wiretapping by the NSA does not concern you, you need to be aware of Echelon.

Do not have a home broadband connection. If you have a home broadband connection, a network service provider can map your name to your IP address to your physical location. Again, your name, where you live and your Internet activity is all useful information for marketers.

Use free Wi-Fi. If you don’t have a home broadband connection but you will still want to be connected, find a free wireless access point at a local coffee shop. To further hide your existence, every time your computer associates with a wireless access point, manually change your MAC address.

Install a host-based Intrusion Detection System (IDS) like OSSEC. Assuming that you are already using a personal firewall, anti-spam and anti-spy software, a host-based IDS will ensure your computer isn’t being used without your knowledge. For an additional level of security, you could block all Internet traffic except for HTTP (port 80) and then log and trap anything else.

If you’re not satisfied being paranoid and want to venture into the land of Ted Kaczynski, you should give up on email, not have a home phone, use a pre-paid mobile phone that you change frequently, get all of your physical mail at a P.O. box and do every transaction (including buying a home or cabin in the woods) with cash.

But perhaps you want to live in our society, write on popular blogs — even have a public profile. I do, which means that I have a public presence for marketers to analyze. But I also follow most of the practical advice that I give above, because the only way to maintain a semblance of privacy on the Internet is to take responsibility for guarding your information – to whatever degree you see fit.

31 Responses to “How to Safeguard Your Privacy Online”

  1. One glaring omission from this list that would negate 1/3 to 1/2 of the items on this list is to sign up for Services like Life Lock that protect your identity online.

  2. The content provided above is really good and gives the basic idea of how a person can secure his privacy when he is online and can prevent his data from bieng stolen.

  3. Allan Leinwand

    @Dave – Yes, JPMorgan Partners did invest in Narus and they do produce a deep packet inspection platform. While some forms of DPI can raise privacy concerns, there are many other uses of the Narus DPI platform. And, yes, you are still on our Technology Advisory Board :) Your suggestions are good ones – thanks!

  4. Hi Allan,

    Might I suggest a few more for the list?

    The first one is hard to do, but it’s, “Don’t invest in companies that sell tools that make it easy to spy on users.”

    Panorama/JP Morgan invested in Narus, the company that made the monitoring gear the NSA used to spy on anyone using the AT&T network. Narus’ CTO is even on the Panorama advisory board (so am I…although after this post, who knows? :)

    Other things to consider:
    1. Get an account at dreamhost or another hoster that allows ssh, and use putty to set up a ssh session as a SOCKS proxy. Then all your surfing traffic appears to originate from a web host rather than your actual location, and all your local traffic is encrypted so your broadband provider can’t spy either. It also makes it easy to use “secure” web sites because you always appear to surf from the same “safe” IP address that will be known by your bank, broker, etc., despite the fact you’re actually surfing from a bar in Ecuador. Or so I’ve heard.

    1. Use VMware Workstation to provide a separate virtual machine for surfing and email. Use another for private documents. (and you can use the SOCKS proxy trick with the virtual machine too…) VMware server sucks for desktop use but it’s free. Workstation is cheap and much better.

    2. Use Copernic for desktop search – no privacy issues; it’s all local.

    3. Check out for web-based secure email that’s actually secure.

    4. Use an adblocker in Firefox so even if the bastards get your information, they can’t use it to harass you online.

    5. Pay for your broadband service in the name of a company, not your individual name.

    Interestingly, in my VP Marketing role at Zeus Technology, I use a service called leadlander that does a reverse DNS lookup of every IP address that hits our web site, and I get a daily report that says which companies own those IP addresses. You can bet we call those companies first. We also know when competitors view the site.

    A good idea (that I haven’t yet implemented) is for companies to themselves use proxies for outbound traffic (although SOCKS isn’t necessary – a VPN tunnel to a box with a non-company IP address is fine) – to prevent their competitors and vendors from tracking what they’re doing.

  5. Allan Leinwand

    @Shawn – I agree on using Firefox or Opera and mentioned this one, so good thought! I absolutely agree on PGP, but the lack of integration with many email clients makes this a challenge. On Tor, I thought of mentioned this too, but given the recent news of folks doing packet sniffing off Tor endpoints gave me second thoughts on this one. A quick Google search finds: and (and yes, I cleared my cookies after this search :)

    @Peter – thanks and agreed some of these many be tough for the everyday surfer, but the more folks that understand the problem the better, IMHO.

  6. You missed a few more easy steps and a few harder ones, stop using Internet Explorer, and use either Firefox or Opera. Firefox will clear your private data when you close the session. Microsoft IEx is full of security holes leaking all sorts of information about you and your habits.

    If the option is there, don’t use Microsoft products, Apple has a fine operating system with OSX, and please try Linux and install Ubuntu.

    Download, experiment, and test PGP which encrypts both your e-mail and files so ex-lovers, competitors, non-state actors or the intelligence community can’t read your private communications.

    These next two suggestions might be a little tough for the average consumer, but still worth a try.

    Check out Phil Zimmermann’s Secure VoIP project, Zfone which will allow you to make secure encrypted SIP VoIP calls anywhere in the world

    Try configuring and installing Tor on a spare machine, Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

  7. Allan Leinwand

    @Vince – thanks for the comments and I look forward to using your plugin. Any chance the code will be open source?

    @Zoli – in general I agree with your comments but think that most people are not in tune to the privacy concerns of this century. And, if my suggestions are parody, then I guess I’m a silly imitation of myself!?! ;)

  8. Well you’re a real paranoid for sure.
    Most of youre tips garantee user anonimity. I’m developping a firefox plugin which attempt to provide privacy using obfuscation.
    My plugin (called SquiggleSR) generate false queries on Google and click on some results (no adwords cause that’s fraud…). Because I’m quite a paranoid too, I’ll try to make this realist (simulating browsing on pages with double-click ads). It’s available on
    If you want make search engine very angry :
    – Stop using them instead as dns server (for instance don’t make search for!!)
    – When you make a research in order to buy something…don’t click on adwords, simply copy/past addresses in your browser! Who knows, maybe someday company will rewards costless clients (i.e : those who don’t use search engine)

  9. Allan Leinwand

    @Rahul and Nhick – thanks, much appreciated.

    @kp – I agree some are very impractical, but does that not show you how little control you have over your privacy?

    @yoda2unow – who would you trust with this 1 bucket of information? The government? Google?

    @Papa – I agree that privacy is nearly impossible to a certain degree. Still, there are things people can do, IMHO, to give them some privacy. Your example of Joe and Jane works great if they both shop at Walmart or have credit cards that sell their information to others for marketing purposes (and I always check that before I sign up for a credit card). On the Internet, both Joe and Jane don’t need to shop at the same store or even a single store regularly, they just need a broadband connection and a network service provider who tracks their activity (

  10. I originally posted this on as a response to an article about Google and privacy…

    OH PLEASE! Where in the entire universe did anyone believe that there was such a thing as privacy? Huh?

    Why are we continuing this charade of believing that anything posted anywhere in the Electronic Kingdom is sacred? THERE IS NO SUCH THING AS PRIVACY! Get over it and get on with your public lives! You INSIST on giving away the most intimate details of your life and then turn around and expect some sort of privacy? Get a grip!

    Meet Joe and Jane Average

    Walmart can describe Jane almost to the centimeter. Bra size, panty size, hose preference, dress size, shoe size. And then her personal habits. Deoderant, bady wash, perfume, eyeshadow, lip gloss, hair color (Jane is trying to cover that grey.) And she appears to be concerned with her “bikini lines” because she recently bought the latest trimmer.

    Joe average is just that, average. Except Walmart knows the size of his penis by the condoms he buys (Magnums – Joe is pretty well hung.) Walmart can guestimate fairly accurately how often Joe is getting some… buys a 12 pack once every 6 weeks.

    What Joe doesn’t know and Walmart (and Jane) does know is the size of Jane’s lover’s penis. Seems she’s buying a 3 pack every other week. Has been for almost two years.

    We GIVE away the most intimate (secret) details of our lives and then have some expectation of privacy? Duh!!!!

  11. you’re kidding right? No broadband at home, change your MAC address each time, no webmail, etc. I think that these are things that MOST of us don’t have time to ‘wipe’ clean nor are really practicle to do so. A better solution would be to allow consumers to control who gets this data by hosting it somewhere in 1 bucket and allowing or not certain online vendors to ‘tap’ the bucket when the consumer wants to use a web service. Now, I have control, dont have to ‘wipe’ anything clean and the online vendor still gets his data for marketing purposes. ~b.