
When’s the last time you actually read the privacy policy of a service you use or website you visit often?
If you haven’t already, do yourself a favor and take a look at any of our VPN reviews. It doesn’t matter which (though if you’re thinking about signing up with a particular VPN provider, or are already using one, it’ll be more beneficial to take a look at that review in particular).
Notice something?
We always dedicate a section to dissecting the VPN provider’s privacy policy. Sometimes we find we need to go the extra mile by digging deep into the company’s history too.
There’s a very good reason for this – several, in fact. But the most basic reason is we know you probably aren’t going to read the privacy policy yourself.
Hey, we’re not judging!
A 2012 study showed it would take the average internet user 76 working days every year to read the privacy policies of every website and online service they encounter or use. Who has that kind of time on their hands?
So we take the stress off you by dealing with VPN providers’ privacy policies and giving you the important bits.
But what about other websites and online services you use?
Well, we’re not suggesting you take 15 weeks off from work every year to read them all. But you should at least start skimming through them. Or even use the “find” option to search for keywords.
Here are our best tips on how to do so and why.
Prioritize the Websites and Services You Use Most (Or Are Contemplating Using)
It’s going to be impossible for you to sit and read through all of the privacy policies relevant to your life online. But take a few moments to think about the websites and online services you use the most.
This is a good starting point and helps to narrow your focus.
You might find yourself unsure of which ones to include. There are even some that might seem so obvious you don’t think to include them on your shortlist (this is called having a blind spot).
Kick Start Cheat List
To help you out, here are a few too-obvious-to-think-of places to start:
- Your operating service provider. This is the company basically controlling your device, after all. So whether you’re using Windows or Mac, Android or iOS, take some time going through the company’s privacy policy.
- Your device’s manufacturer. This is another one very easy to overlook, but just as important as your operating system. Especially as the government is known to force manufacturers to add security flaws allowing them to access your data (or intercept shipments to add those flaws themselves). Intel, for example.
- Your ISP. There’s really no way to get around using your ISP, but it might be worth the time it takes to find out whether yours is one of those selling your data without your consent.
- Your browser’s developers. Some browsers, like Mozilla Firefox, are better for online privacy than others (especially Google Chrome). Whatever browser you’re using, take the time to find out exactly what data they’re collecting and how they’re using it.
- Your search engine. This is another one that’s so obvious you don’t even think about it. But, as is the case with browsers, some search engines (like DuckDuckGo) are great for online privacy, while others (again, Google especially) aren’t.
- Your email service provider. If you weren’t already aware, some email providers (like Google’s Gmail) give the government access to your emails, while others (like ProtonMail) use end-to-end encryption so only you can access your private messages.
Pay Very Close Attention to Anything Free
By now, everyone knows the saying “there’s no such thing as a free lunch.”
If you’re using an online service without having to pay for it with money, you’re almost certainly paying with your private data.
This is the biggest reason we strongly recommend avoiding free VPNs, for example. Never mind the fact they often don’t bother with important security features – they’re almost always actively hoarding your personal data and selling it to the highest bidder.
But this is also true for any free service.
You’d need to be living under a rock not to have heard about the Facebook-Cambridge Analytica data leak scandal.
And besides, similar to Gmail, Facebook is part of the NSA’s PRISM program for government surveillance.
Facebook (and its many subsidiaries, including WhatsApp and Instagram) and everything Google owns aren’t the only examples, of course. But they are among the most commonly used services you should be scrutinizing.
When Skimming, Look for “Data We Collect” and “How We Use This Data”
It won’t always be worded exactly this way, but any variations will be pretty similar.
These are the privacy policy sections you need to start with, for obvious reasons. They’ll tell you exactly what type of data is being collected and how the company is using it.
Some data collection is inevitable.
For example, if you need to sign-up to use a service, the provider is going to need some contact information (typically an email address) and a way to identify you for the account creation (this could be a username, though sometime it might be your real name).
Diagnostic data is also inevitable – things like tracking which pages you visit. This should absolutely be limited only to the pages on the company’s own website, though.
Google Analytics is almost unavoidable too.
We prefer not to have Google involved whatsoever, so we use a browser plugin called Google Analytics Opt-Out. Be sure to read the privacy policy before deciding whether you want to use it too.
Additionally, pay attention to how the privacy policy says the company is going to use the data collected. Are they using terms like “marketing purposes?” Mentioning third-parties they sell or otherwise share your data with?
You might also want to scroll down and read the privacy policy’s section on third-parties for a better idea of how your data is actually used.
How Long Is Your Data Kept For?
If the website or online service you’re using is collecting user data, they should be telling you how long that data is kept.
Sometimes, a VPN provider seems great on the outset. But then you read their privacy policy and discover they’re not only logging connection times, they’re also keeping that data for a week, a month, a year…
In the case of a VPN especially, no data is the best kind of data.
For other services, use your best judgment. If it seems like they’re keeping any of your data for longer than you think is actually necessary, start looking for an alternative provider.
What Cookies Are They Using – And How Long Do They Last?
This is a big one, because cookies are often used to track you across websites. Session cookies won’t do so, and are deleted immediately after you close the tab, but other cookies are generally a big no-no.
It’s almost inevitable that session cookies aren’t going to be the only ones used.
In fact, this is practically unavoidable. But it’s always worth seeing exactly what the website or service provider is trying to do with their cookies, including how long those cookies are meant to stay on your device.
What we like to do is let Privacy Badger handle the invisible tracking cookies while we’re still on the website. After leaving the site, Cookie Auto-Delete makes sure all cookies are treated like session cookies by being permanently deleted.
What Security Measures Are Mentioned?
A privacy policy should always include the security measures put in place by the company to protect your online privacy.
Are they using encryption? (If not, run for the hills.) What kind of encryption are they using? Do they use two-factor authentication for login attempts?
The better the security, the more you can trust the company in question.
Can You Opt-Out?
Right near the top of the privacy policy (or at the very least in any of the sections mentioned here), there should be a couple of sentences assuring you have the option of limiting the data they collect. If not, there should be an option for you to request the company deletes all your data.
The same goes for things like cookies and emails.
Conclusion
At the end of the day, even limiting your privacy policy perusal activities to skimming the websites and services you use most often can become time-consuming. But if you’re concerned about your online privacy (and you should be), it’s a necessary evil.
Terms of Service; Didn’t Read is a great browser extension that can give you quick summaries for the privacy policies of the most popular websites.
Even so, remember your online privacy is still your responsibility so make sure you compare VPNs and choose one that will keep your privacy safe.