As the people who stormed our nation’s Capitol are learning, you can’t rely on the privacy of anything you put on the Internet.
Even if you imagine you’ve deleted your account, investigators with enough motivation can probably unearth it.
For the rest of us—who probably haven’t triggered such investigations—the real worry is abuse of our private data by advertisers, hackers, identity thieves, and more.
While there’s no guarantee of perfect privacy, you can find a variety of programs to attack the problem from different directions, from VPNs to email protectors to scanners that sound the alarm if your data pops on the dark web.
You may have to lay out a little cash, but the alternative is using free services that pay themselves by monetizing your private data.
The Email Nightmare, Part 1
Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it.
Read someone else's mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming.
Encrypting your email is one obvious way to protect the privacy of your messages.
It's a significant and effective technique, one that merits its own, separate roundup, The Best Email Encryption.
See that article for a deeper dive into these snoop-fighters.
Here's a brief summary.
Preveil, Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography.
All but Preveil use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private.
To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key.
Simple!
Using Preveil is even simpler, though.
A high-tech system involving what they call wrapped keys means you never deal with a key, public or private.
It does also mean you can't connect with users of other PGP-based services, but few consumers know how to set that up.
This public key technology also lets me send you a message that's digitally signed, guaranteeing it came from me, with no tampering.
I simply encrypt the message with my private key.
The fact that you can decrypt it using my public key means it's totally legit.
ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself.
With any of these, you can exchange secure messages with anybody who provides a public key.
Of course, not everyone has embraced public key cryptography for their email.
With StartMail and ProtonMail, you can send encrypted messages to non-users, though you don't get the same level of open-source security.
The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app.
Virtru offers email encryption for free, but only if you use Gmail, and only in Chrome.
Like Preveil, it handles key management internally, though it doesn't use public-key cryptography.
You send an encrypted message and the recipient clicks a button to read it, without either of you entering a password.
Given that these tools have their own roundup, we've removed them from this article's product lineup.
The Email Nightmare, Part 2
With the contents of your email conversations encrypted, no hacker can sniff out just what you're saying.
However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service.
That might not sound problematic, but your email address is typically your user ID for many sites.
A hacker who finds your email and guesses your weak password now owns the account.
And, of course, having your email address floating promiscuously around the web just invites spam.
But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA.
The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox, and that your replies seem to come from the DEA.
If you're done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it.
Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management.
ManyMe is unusual in a couple of ways.
First, it's free, which is uncommon.
Second, unlike most such services it doesn't make you register a new FlyBy email (as it calls them) before using it.
Say someone at a cocktail party asks for your email.
You can make up a FlyBy address on the spot, without giving your actual email away.
Abine Blur takes the concept of masking your actual identity online to the next level.
Besides masking your email address, it offers masked credit card numbers, different for each transaction.
You load the masked card with exactly the amount of the transaction, so a sleazy merchant can't overcharge you or use the card again.
It even lets you chat on the phone without giving your actual number.
It's worth noting that Private-Mail and StartMail also offer a modicum of DEA management.
StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less.
Private-Mail offers five alternate email identities, without full DEA management.
Throw the Trackers Off the Scent
As they say, if you're not paying, then you are the product.
You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits.
Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie.
Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for.
Some years ago, the Internet's Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser.
This DNT system never became a standard, but all the top browsers adopted it anyway.
It had no effect, because websites were and are free to ignore the header.
In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers.
You'll find this feature as a bonus in many security suites and some privacy-specific products.
Abine Blur, IDX Privacy, Ghostery Midnight, and ShieldApps Cyber Privacy Suite offer active DNT.
Unlike most such implementations, Midnight deters tracker requests in any internet-aware application.
The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser.
This ranges from your IP address and browser version down to minutiae like the fonts installed on your system.
There's so much information that trackers can create a fingerprint that's almost sure to identify you, and only you.
So, what can you do? Make a liar out of your browser, that's what.
TrackOff mixes up the data sent from your browser so it's different for each website.
Cyber Privacy Suite also scrambles your fingerprint.
Important info still reaches the site, but not in a consistent way that could be fingerprinted.
Steganos Privacy Suite once included a component to foil fingerprinting, but the latest edition has dropped that feature, along with its active Do Not Track component.
Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters.
Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy.
In addition to their other privacy components, IDX Privacy, Ghostery Midnight, and Cyber Privacy Suite include VPN protection.
Passwords Protect Privacy
Passwords are terrible, but we don't yet have a universal replacement.
For security, you must use a different non-guessable strong password for every secure site.
The only way anybody can accomplish that feat is by relying on a password manager.
Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts.
In a perfect world, you already have an effective password manager in place, and you've taken the opportunity to fix any weak or duplicate passwords.
On the chance you aren't already equipped, some privacy products have taken to including password management as a bonus feature.
Abine Blur, for one, offers a complete, if basic, password manager.
It even rates your passwords, giving extra credit for those logins that also use a masked email address.
You can get Steganos Password Manager as a separate program or as part of Steganos Privacy Suite.
Either way, it's not a standout.
You're probably better off with a top-notch free password manager.
Cyber Privacy Suite seeks passwords stored insecurely in your browsers and moves them to encrypted storage, but doesn't do any password management beyond that protective step.
Icloak Stik is a tiny, bootable USB device that provides you with an entire private operating system; more about that below.
Within that private OS, it offers the One Ring password manager built into the Tor Browser.
That's important, because your existing password manager won't work in the Icloak environment.
IDX Privacy doesn't help you manage passwords in general, but it does offer a tool to identify passwords you shouldn't be using.
Enter a password in its Password Detective tool to check if that password has been compromised.
Spoiler: if it's a simple password it almost certainly has.
Don't worry; IDX Privacy transmits a hash of the password for its database check, not the password itself.
Public Exposure
The first sign that your privacy is in danger may be the appearance of your private data on the dark web.
Hackers who breach online data troves are quick to put what they've found on the market.
The free Safe Me mobile app scans the dark web and reports any exposures of your email address, along with breached passwords and other personal data.
As you work through the report, updating compromised passwords, you raise your privacy score.
Configuring your device's security properly also raises the score, as does working through dozens of short security awareness courses.
Where Safe Me specifically seeks data associated with your email address, IDX Privacy collects a variety of other personal information that it then seeks on the dark web.
For each exposure, it offers advice on just what you can do to minimize bad effects on your security and privacy.
Bitdefender Digital Identity Protection also scans the seamy side of the web for your private information, but it goes deeper with its searching than IDX Privacy.
It uses connections between found data to come up with data that might relate to you.
As you review these possible exposures and either verify or discard them, it fine-tunes its dark web search.
Many Other Modes
Just as your private data can be exposed in many ways, software companies find a variety of ways to protect it.
One unusual service comes from Abine DeleteMe.
Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data.
It searches dozens of websites that legally aggregate public information.
Wherever it finds you, it sends an opt-out request to remove your data.
This process can't be fully automated, so DeleteMe is relatively expensive.
Icloak Stik takes privacy to an extreme.
You plug this tiny USB device into any PC, Mac, or Linux box and reboot.
The Linux-based operating system that comes up resides entirely on the USB device.
If you don't need to copy any files to the device, you can pocket it after booting up.
And you can hide your IP address by going online with the Tor Browser.
Once you shut down the host device, all traces of your session vanish.
If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe, provided you've encrypted it.
We've covered numerous products solely devoted to encrypting files, folders, or whole drives.
Some privacy products broaden their protection by including encryption.
Steganos Privacy Suite, for example, includes the Steganos Safe encryption tool, also available as a standalone product.
Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files.
You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others.
With Preveil, storing essential files in your encrypted cloud is a snap.
You just treat that cloud like any other folder.
Sharing with other Preveil users is also easy.
Virtru doesn't offer cloud storage, but it gives you unusual control over your messages and attachments.
You can set messages to expire, disable secure forwarding, and add a watermark to some kinds of attachments.
You can also convert attachments into a protected form that only the recipient can view, just like a Virtru message.
In addition to all of its identity and privacy protection features, IDX Privacy promises recovery if identity theft happens to you, including remuneration for associated costs.
We've determined that we just can't test identity theft remediation, but it's nice to know that if a thief slips past the protective layers, you'll have help with recovery.
One unusual feature in Bitdefender Digital Identity Protection is detection of social media impersonators.
This tool doesn't ask for your social logins or require you to install a special app.
Rather, it scours dozens of social media sites looking for profiles that are either yours or pretending to be you.
Once you claim your actual accounts, any that remain must be impersonators.
Protect the Protectors
When you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness.
If you use an easily-guessed password, or if a stranger shoulder-surfs your login, you could lose control of your privacy protection.
That's where two-factor authentication comes in.
The concept is simple.
With two-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint).
Quite a few of the privacy tools examined here offer a two-factor option, specifically Abine Blur, Bitdefender Digital Identity Protection, Burner Mail, IDX Privacy, Private-Mail, StartMail, and Steganos Privacy Suite.
All these products rely on Google Authenticator or another Time-based One-Time Password generator.
To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program.
Enter the code generated by the app and you're done.
Now, your password alone doesn't grant...