If you haven’t already, do yourself a favor and take a look at any of our VPN reviews. It doesn’t matter which (though if you’re thinking about signing up with a particular VPN provider, or are already using one, it’ll be more beneficial to take a look at that review in particular).
Hey, we’re not judging!
A 2012 study showed it would take the average internet user 76 working days every year to read the privacy policies of every website and online service they encounter or use. Who has that kind of time on their hands?
So we take the stress off you by dealing with VPN providers’ privacy policies and giving you the important bits.
But what about other websites and online services you use?
Well, we’re not suggesting you take 15 weeks off from work every year to read them all. But you should at least start skimming through them. Or even use the “find” option to search for keywords.
Here are our best tips on how to do so and why.
Prioritize the Websites and Services You Use Most (Or Are Contemplating Using)
It’s going to be impossible for you to sit and read through all of the privacy policies relevant to your life online. But take a few moments to think about the websites and online services you use the most.
This is a good starting point and helps to narrow your focus.
You might find yourself unsure of which ones to include. There are even some that might seem so obvious you don’t think to include them on your shortlist (this is called having a blind spot).
Kick Start Cheat List
To help you out, here are a few too-obvious-to-think-of places to start:
- Your device’s manufacturer. This is another one very easy to overlook, but just as important as your operating system. Especially as the government is known to force manufacturers to add security flaws allowing them to access your data (or intercept shipments to add those flaws themselves). Intel, for example.
- Your ISP. There’s really no way to get around using your ISP, but it might be worth the time it takes to find out whether yours is one of those selling your data without your consent.
- Your browser’s developers. Some browsers, like Mozilla Firefox, are better for online privacy than others (especially Google Chrome). Whatever browser you’re using, take the time to find out exactly what data they’re collecting and how they’re using it.
- Your search engine. This is another one that’s so obvious you don’t even think about it. But, as is the case with browsers, some search engines (like DuckDuckGo) are great for online privacy, while others (again, Google especially) aren’t.
- Your email service provider. If you weren’t already aware, some email providers (like Google’s Gmail) give the government access to your emails, while others (like ProtonMail) use end-to-end encryption so only you can access your private messages.
Pay Very Close Attention to Anything Free
By now, everyone knows the saying “there’s no such thing as a free lunch.”
If you’re using an online service without having to pay for it with money, you’re almost certainly paying with your private data.
This is the biggest reason we strongly recommend avoiding free VPNs, for example. Never mind the fact they often don’t bother with important security features – they’re almost always actively hoarding your personal data and selling it to the highest bidder.
But this is also true for any free service.
You’d need to be living under a rock not to have heard about the Facebook-Cambridge Analytica data leak scandal.
And besides, similar to Gmail, Facebook is part of the NSA’s PRISM program for government surveillance.
Facebook (and its many subsidiaries, including WhatsApp and Instagram) and everything Google owns aren’t the only examples, of course. But they are among the most commonly used services you should be scrutinizing.
When Skimming, Look for “Data We Collect” and “How We Use This Data”
It won’t always be worded exactly this way, but any variations will be pretty similar.
Some data collection is inevitable.
For example, if you need to sign-up to use a service, the provider is going to need some contact information (typically an email address) and a way to identify you for the account creation (this could be a username, though sometime it might be your real name).
Diagnostic data is also inevitable – things like tracking which pages you visit. This should absolutely be limited only to the pages on the company’s own website, though.
Google Analytics is almost unavoidable too.
How Long Is Your Data Kept For?
If the website or online service you’re using is collecting user data, they should be telling you how long that data is kept.
In the case of a VPN especially, no data is the best kind of data.
For other services, use your best judgment. If it seems like they’re keeping any of your data for longer than you think is actually necessary, start looking for an alternative provider.
What Cookies Are They Using – And How Long Do They Last?
It’s almost inevitable that session cookies aren’t going to be the only ones used.
In fact, this is practically unavoidable. But it’s always worth seeing exactly what the website or service provider is trying to do with their cookies, including how long those cookies are meant to stay on your device.
What we like to do is let Privacy Badger handle the invisible tracking cookies while we’re still on the website. After leaving the site, Cookie Auto-Delete makes sure all cookies are treated like session cookies by being permanently deleted.
What Security Measures Are Mentioned?
Are they using encryption? (If not, run for the hills.) What kind of encryption are they using? Do they use two-factor authentication for login attempts?
The better the security, the more you can trust the company in question.
Can You Opt-Out?
The same goes for things like cookies and emails.
Terms of Service; Didn’t Read is a great browser extension that can give you quick summaries for the privacy policies of the most popular websites.
Even so, remember your online privacy is still your responsibility!