The CEO of a major technology company once famously opined that, in the Internet Age, “You have zero privacy. Get over it.”
Some of us would rather not. We’d like to keep our personal information – whether it be what we share with friends on Facebook or our credit card details – under some control. We’d prefer not to let such information out into the wild, where it can be bought and sold and, often, used against us.
If you, too, are a privacy traditionalist, take heart: there are things you can do to make browsing, shopping, socialising, and other online activities less of a threat. That CEO was right in some ways: we probably can’t keep all of our private information private. But we can certainly make accessing it harder for those who’d like to make it public.
The risk If you’re like most people, your email account contains addresses, information about your bank accounts, and even credit card numbers or passwords. It’s a treasure trove for identity thieves. And if attackers gain control of your email account, they can also gain access to (and reset the passwords of) your other accounts. Finally, attackers can harvest your friends’ emails for spam or phishing attacks.
How to protect yourself Don’t use email to send critical data. And make sure you use encrypted connections. That means using SSL (look for the lock icon in the upper left of Safari’s window) for webmail and a secure protocol (usually IMAP or POP3 over SSL) for other accounts. (In Mail, for example, go to the Accounts preference pane, choose an account, open the Advanced tab, and select Use SSL.) Do that on your portable devices and on your Macs.
Use very strong passwords for your email accounts. Password utilities like 1Password (www.agilebits.com) and Mac OS X’s own Password Assistant utility can help you generate and manage them. If you create a password yourself include letters, numbers and other symbols.
The risk Your email address alone is worth money to spammers, scammers, and other thieves, and is therefore worth safeguarding.
How to protect yourself Use one-time email addresses for different online accounts and services. Many ISPs will provide such addresses for free; MobileMe, for example, provides up to five such aliases (Mail ? Preferences > Addresses). If that email address starts getting spammed, you can cut it off without changing your primary address.
Some spammers still crawl web pages looking for text strings that look like email addresses. So make sure your email address doesn’t show up in online forums or blog comments, much less any websites you control. Or use a simple obfuscation technique, such as username (at) domainname (dot) com to make the address harder to recognise.