Digital Privacy & Cybersecurity Guide: Easy Steps

While the internet can be a fun, exciting place, there is a darker underbelly to our online activity that is becoming more prominent in the public consciousness. As our lives become increasingly connected as we continue full steam ahead into the digital age, we need to consider the repercussions of the digital age. The dramatic loss of our privacy is one such repercussion.  

In our day-to-day internet use, we share a lot of data. Whether posting your lunch on Instagram, or buying knick–knacks on Amazon, we are sharing a lot of our personal information with these sites. However, while it may seem like you are in control with what data you possess and share, once you share them with the internet, that data is stored, aggregated into a profile, and monetized – often sold to the highest paying advertiser.  

How much information exists online about you may shock you. Not only will every bit of information entered online will usually be stored by cookies, potentially fueling targeted ads, but through a combination of basic computer information that is frequently stored including your IP Address, device, browser plugins, cookie settings – even your mouse movements and clicks – make up enough information to identify you as a unique user. Browser fingerprinting is real and can easily identify your online – and you have no control over this inherently personal information.  

Hopefully, you can use this guide as a starting point in thinking about your online behaviour to be more private. While the average user will have already shared lots of data with the world (and as a result, these giant corporations in the sense of tech and data collection), it is never too late to start thinking about how to protect your privacy in the digital age.   

While there are many threats to online security through malicious people or programs that threaten your privacy and security online like cybercriminals and data breaches, the fact is that these events are random and can be unlikely to happen – but that does not mean you should not take precautions to prevent the loss and spread of your personal information. In the case your information does get out there in the case of a hack or a data breach, you want to be proactive and protected.  

If you are curious about if you have been affected by a data breach, check out haveibeenpwned.com. The site not only can tell you if and when your data may have been breached, but it can let you know the context of the breach and what kind of info might have been exposed. 

There is a more omnipresent threat to online privacy, one that impacts you every day without your realization. Tech giants collect and sell your data every day, with very little you can do to remove that information if it is out there. Oftentimes, you consent to this exchange of information when you click “I agree to the terms & conditions,” you didn’t read. It’s okay. I didn’t use to read them either. But that does not mean that it is okay that information can be sold to whoever wants to buy it.

While there are definite steps you can go to in preventing this exchange of your data, oftentimes it comes at the cost of loss of user experience or at times, even access to certain apps or sites. However, there are solutions that can prevent this behaviour from the companies you interact with online, and keep your information private and secure. We will highlight some of these strategies in the following guide, however not all of these solutions will work for everyone, and this guide is not all-encompassing.

Privacy is a fundamental right in Canada and is one that should be protected. Many people will shrug off the use of their data collected from their online history. Many think “I don’t do anything bad, I have nothing to hide”. However, due to this collective lax attitude, tech and data companies have taken advantage of your easily available information, monetized it, and is continuously pushing the boundaries of what people will accept. With facial recognition and similar technology continuously improving, tech companies have increasing responsibility for how they manage personal data.

The precedence is there, and even landmark legislation like the EU’s General Data Protection Regulation and California’s Consumer Privacy Act are being subverted and worked around for these companies to still effectively store and monetize your data. It seems that until wide-ranging reforms happen, your digital privacy will be in your own hands.  

In writing this guide, we have provided some entry-level methods for improving your digital security and privacy. Security and privacy are not the same thing: security protects you from malicious actors, privacy protects your personally identifiable information from companies, governments, and other snooping eyes.  

How many passwords do you have? That number likely is not high enough. Ideally, you should be using a unique password for any and every online account you may have. I know far too many people reusing the same 1 or 2 passwords for everything. While this is convenient, as you do not have to guess which password you need to fill in each time, it is also very risky behaviour that could lead to your accounts being compromised as a result of a data breach where your password is leaked.  

If there is one takeaway I want readers to get from this article, it is that having complex, varied passwords is one of the easiest, most basic levels of protection.  Password Managers make the use of your varied passwords easy and safe. All you need to remember is one password – for your manager – and you have safe access to all your accounts while being able to use some extremely hard-to-crack passwords.  

• BitWarden–An open-source password manager with a free option.  
• LastPass – An effective password with a free-tier and an impressively comprehensive premium option. 

As you read more and more about online privacy, you will realize that many companies in tech only care about privacy on a surface level and that effective privacy measures is antithetical to the company’s business model. Google is a behemoth in data; it does not help the company make money to be conscientious about their user’s data, as invasive that is from a user’s perspective.  

If you care about your privacy deeply, it is probably time you end your relationship with Google. Google can feasibly track everything you search within Chrome or any other Chromium browser.

The following Browsers are some of the better browsers for the combination of privacy and usability. More privacy-orientated individuals may look to the Tor Browser, but due to its typically slower internet speeds along with the fact some sites will not work properly, we cannot recommend this for most users.  

• Safari – The built-in Apple browser is one of the better options for products within the Apple Ecosystem, and is highly recommended to use on iOS since all the alternative browsers on the Apple Store will be Safari reskins. Safari has built-in anti-fingerprinting and anti-tracking measures on the browser and has a wide range of extensions like AdGuard that can beef up your privacy. However, just like using a Chromium browser, Apple will probably still be collecting your data on Safari, you are just more private to other entities.   
• Mozilla Firefox – Firefox is one of the better mainstream browsers for privacy. Firefox has been around for ages and is decently fast and powerful, while also being open-source and overall respectful to your privacy. We recommend using the available extensions on Firefox like uBlock origin and adjust settings like opting out of telemetry.  
• LibreWolf – LibreWolf is a fork of Firefox with improved privacy and security measures, with uBlock origin and more useful extensions pre-installed.  
• Bromite– Bromite is a Chromium-based browser with a dedication to security and privacy. Using patches from other privacy-focused Chromium browsers, as well as built-in adblocking and DNS over HTTPS support make it out favourite Chromium-based browser available that actively avoids your information going to Google.

Yes, Google is ubiquitous in 2024. There is a good chance that you use Google or a similar search engine daily. However, Google’s range of user data available makes it more than just the most powerful search engine available – it also makes it one of, if not the largest names in data.

• DuckDuckGo – DuckDuckGo is one of the more successful-privacy-orientated Google alternatives. DuckDuckGo features sponsored links, but those links are selected by the keywords you are searching, rather than selected by analyzing your online activity. DuckDuckGo promises to not store any of your info and never to track you. While we love the privacy-based model, the search engine is not as powerful as Google and will not tailor search results for you either – because DuckDuckGo does not track you.
• Startpage.com – Google did not get to where they are in the tech world if it was not for their impressive results – everyone uses Google because Google is easily better than other search engines out there. So, what if you want to switch to a more private search engine without sacrificing Google’s search power? Enter Startpage. Startpage is a privacy-focused search engine that uses Google’s search results, with none of the trackers or selling of your search data.
• Qwant – If you do not want to give up user experience for privacy, considering looking into Qwant. Qwant does not track your searches but offers trending topics, web resources, news and images regarding your searches. While the search results will not be personalized, we appreciate that this search engine feels comparable to other search engines with less-than-stellar policies on tracking and selling data.

In 2024, e-commerce is essential. Shopping online is one of the greatest conveniences of the modern day, so you may wonder what the best methods of keeping your financial information safe and private.  

• Cryptocurrency – Cryptocurrencies have gained a lot of traction in the past few years, and while many people are using them as an investment opportunity, the original purpose of Cryptocurrencies like Bitcoin was to provide an anonymous, deregulated currency, making it an excellent way to pay for products online. While paying with crypto may not be the most convenient way to shop online, as more and more retailers are accepting crypto, the barrier of entry is lowering.  

If you are interested in learning more about Cryptocurrency, including some of the best places to buy and trade Crypto in Canada, we recommend you to check out our Cryptocurrency exchange guide.  

• Payment apps – Paypal, Apple Pay, Google Pay – These apps can be way safer than using your credit card online. These services do not share your credit card information with the merchant, and Apple Pay and Paypal also use two-factor authentication to improve your security.  However, your payment information will still go through these companies, quite often sharing personally identifiable information with the vendor. Payment apps are a more secure way to shop, but they are not more private.  
• Virtual Credit Cards – Virtual credit cards are designed for online use and are offered by many Canadian banks or 3rd parties. Virtual Credit Cards are separate from your credit cards, and are preloaded, so if your information was to fall into the wrong hands, your entire line of credit is not at risk. Virtual credit cards will usually only have a name of the account holder attached to them, so while they do have personally identifiable information attached to them, they have privacy comparable to your regular credit card, with more security. Canadian banks like CIBC, as well as third parties Koto and Stack offer virtual prepaid credit cards that can be used online.  

It should be no surprise that social media can be a huge privacy concern if you are not careful. Social media sites are places where we share with the world things that we love and make us happy – but they also share other things with the world that we might not realize.  Facebook has received a lot of negative attention regarding selling all kinds of your user info to users – even information outside of the Facebook app. Scammers regularly target people on Facebook or other social media these days and can use readily available personal information or unsecured accounts to hack unsuspecting people. This is why it is incredibly important to stay on top of social media privacy policies and any changes these giant corporations may make.  

Some things we recommend for any users of social media to protect their information include:  

• Read and research the applicable privacy policies – being aware of what social media companies track and what they do with your data is half the battle. Almost every social media platform will track and likely sell user information. However, you as a user often have some degree of influence to the extent that these social media platforms can sell and track your data, and there are ways you can opt-out of certain forms of tracking.  
• Monitor privacy settings – each social media platform will have varying degrees of privacy settings that you can choose between, however, the default settings may not do enough to protect your privacy. Limit the amount of personal information that someone who does not follow or friend you can see, and do not give the platform permission to access your location or post on your behalf.  
• Use 2FA when you can – 2FA, or two-factor authentication, is an extra level of security that many social media platforms offer, but will likely need to be activated in the settings. 2FA will make your profile require both a password and another factor of authentication to access the social media app, with that 2nd factor usually being a code that will be sent to your phone. While it will make logging in a longer process, it also protects your accounts from being hacked if you have your phone on you.  
• Delete – if you stopped using a social media account, consider deleting that account. Social media apps could access information and activity, even off app, so having an application or account with a social media company you do not use increases the risk your information falls into the wrong hands. 

Chances are that one of your emails is linked to several of your online profiles. In the event of a data breach, information connected to the email could be leaked, and if a malicious user was to break into your email, lots of your personal information is at risk. This is why using an encrypted email is so important.  

• ProtonMail – The Swiss-based email provider Protonmail offers end-to-end encryption and zero access encryption to secure their emails, meaning ProtonMail themselves cannot decrypt your emails. ProtonMail offers a free tier, options for business use, and is open-source.  
• Mailbox.org – A German-based email provider, Mailbox.org, offers high-level encryption, virus protection and anonymity at every point of use. At 1 Euro per month, Mailbo.org is inexpensive. Also, they are powered by 100% eco-friendly energy.  

Are you getting tired of having your email filled with advertisements from companies you were coerced into giving them your email? Since your email is likely required for most of your online activity, it can be hard keeping your email private. Using a pseudonymous email can prevent excess spam to your personal email, but could pose vulnerabilities in the case of a breach. A better solution is using e-mail aliases, which can be randomly generated so you can use a unique email address each time you need to fill one in. Not only are you able to keep your information safe because the email is completely separate, but you can also find out who are the worst offenders of sharing your data.   

• AnonAddy – AnonAddy is an open-source email alias provider, that features self-hosting, up to unlimited aliases in its’ higher tier, and affordable pricing with a free option.  
• SimpleLogin – Another open-source email alias provider with great, user-friendly and privacy measures. You can self-host, have access to up to unlimited aliases with the paid options, and a very usable free tier.  

Messaging is a topic that is important to discuss when it comes to bolstering your digital privacy. Common messaging platforms like Facebook Messenger and WhatsApp track and retain a lot of personal information, and your phone carrier can store any and all of your texts. If you are looking for a more private messaging service, we have a few suggestions. 

• Signal –  Signal is an open-source, independent non–profit messaging service that offers end-to-end encryption on all your messages or voice calls. Signal is community-driven and completely free, and all you need to sign up is a phone number.  
• Session – If Signal is not your vibe and you want an alternative, Session is an effective alternative. Session is a fork of Signal features end-to-end encryption on your messages and minimizes sensitive metadata. The one main benefit of Session over Signal is that Session does not require your phone number.  

The best anti-virus is safe browsing habits, including not downloading from untrustworthy sources. However, there are many anti-viruses that can help ensure your protection from malware, adware and spyware.  

Just like any service or product offered in the digital age, be wary of free services. While free versions of Kaspersky, Bitdefender and more are available, they often will do so to sell your data. While this can save money, it seems not ideal to recommend these services in an article about privacy. However, built-in anti-virus like Windows Defender can be ample anti-virus for most people.  

• Bitdefender– Bitdefender is an anti-virus company that offers a wide range of anti-virus options for the home or office. Bitdefender has options for users of all budgets, including free options. Bitdefender offers a smooth user experience with solid virus protection you can set and then forget.   
• Kaspersky– Kaspersky offers several anti-virus options in a range of paid and free tiers. Kaspersky offers solid protection, with excellent malware detection, while also being light so it does not slow down your internet connection noticeably.  

A VPN, or Virtual Private Network, creates an encrypted tunnel in a sense that helps keep your connection private and hides your IP address from online entities – whether your internet service provider, the websites you visit, third-party trackers, or malicious users. However, using a VPN will not make you completely anonymous online, as there are many ways that websites can track you. If you are looking into a VPN to keep your IP address hidden, or you just want to get around region-locked content, we have collected a list of some of the best VPNs available for Canadians in our full guide here.  

Using DNS resolvers  

DNS is a lot less common of a topic than VPN use is, but DNS resolvers are handy tools that do a lot. Servers have IP addresses too, which are a lot more difficult to remember or query than the URLs and search engines we use today. DNS, or Domain Name System, work like a phonebook, taking our queries and giving us the IP address of the website, so we can access the site. DNS is incredibly helpful in our daily internet use, but domain requests can track your requests of sites you to enter, and since they are typically unencrypted, anyone between you and the DNS server can see these requests, including your ISP, network administration, etc.  

An encrypted DNS resolver can be a helpful tool to help keep these connections secure, and have other functions too, including being an improvement on your adblocker, blocking many ads at the source, as well as block DNS queries on the level of the operating system, like blocking queries Apple sends to your Mac to identify you.  

• NextDNS – is an encrypted DNS resolver that can be used to block ads and trackers at the source, keep your internet safe and family-friendly, and has a free plan and an inexpensive paid plan.      
• LastPass – An effective password with a free-tier and an impressively comprehensive premium option. 

Where does Canada stand on digital privacy laws? 

Canada is a land where freedom of speech and privacy is protected. Canada’s government has proposed a privacy bill C-11, which will update Canada’s digital privacy laws for the first time in more than 20 years. However, some critics say the bill does not do enough.  

What are cookies, and what do they do? 

Chances are, if you have visited a website lately, you would have gotten a notification asking you to accept the sites’ cookies. Cookies are files that websites send to your device to monitor your website use and remember information about you. Certain examples of information that cookies may help a website remember to include your shopping cart on e-commerce sites or login information. As you browse a site, the cookies save information about you and track your browsing habits. These cookies can either be from the website itself, saving site-specific information that improves your browsing experience (debatably), or they can be 3rd party cookies from advertisers trying to find out what ads they should target you with. 

What is the difference between a DNS server and a DNS resolver?  

DNS, or Domain Name System, is the protocol that allows us to access online content through addresses that humans can understand and easily type out.  

A DNS server is the first server that your browser communicates with when you are trying to access a webpage. There is a common comparison to a phonebook, where the DNS lets you type the address (“looking up a number in a phone book”), and the website will discover the IP address of the site you are trying to access. Every time you access another domain name request, your browser will be communicating with the DNS server, and as a result, your DNS server knows what pages you are visiting. This means potentially every time you load a new webpage, you could be leaking information regarding what pages you visit and when.  

A DNS resolver is a server designed to receive DNS queries from the web, and will track down the IP address for that hostname., or if failing to find the hostname within its local cache, the resolver with contact a DNS root server, which starts a process which narrows down which server has information on that query, and when found, will return the page’s IP address to your browser, and you can access the page you searched.