Total online privacy

Protect your privacy and your personal information from advertisers, doxxers and anyone you may feel threatened by

Your privacy is important. In this modern, always-connected world, finding out who you are and where you are is easier than ever. If it’s not advertisers supplying you adverts that are mildly intrusive and slightly creepy, it’s intrepid Internet detectives who’ve decided you have wronged them in some way.

For some, it can be required for an innocent task such as looking for a birthday or Christmas present, while others are driven to mask their personal details by less positive events such as hiding from an abusive spouse or trying to whistleblow without having to fear any repercussions.

Recently there’s been a trend of people speaking their mind about controversial topics that have found their personal information displayed on the Internet for all to see. It’s no joke – especially when you’re threatened publicly and feel like you need to leave your home.

Over this article, we’ll cover some of the basics of keeping your information safe, whether you need to do so every now and again or want to make it an ongoing effort.

Privacy in a hurry

Need to quickly and briefly go anonymous online? Grab the Tails distro for instant, absolute privacy

Tails is the now-legendary Linux distro that acts to keep your identity, location and activity secret and private. Its entire setup helps you make sure that you can perform whatever task you need to do and leave no trace of your activities on the computer you did them on, and to have any browsing you performed completely obfuscated by bouncing it around the Tor network.

To get it, you first need to download the ISO for the distro from Tail’s website.

The ISO can be burned to a disc using something like Brasero, or better yet to a USB stick using UNetbootin. Both of these should be available in your package manager under those names, though if you have trouble finding them then they’re easy to find online.

A Sneakers-esque network path visualisation for this particular instance of Tails
A Sneakers-esque network path visualisation for this particular instance of Tails

Tails does not install to your system – instead, it works by booting live every time. It lives purely in the RAM so that nothing will get saved to the hard drive. When you perform a shutdown, it will completely rewrite the RAM to erase itself completely from your system.

To boot into it, restart the computer with the CD or USB stick plugged in and look out for the boot menu prompt (usually something like F10). Select the CD drive or USB storage to boot from and it will go straight into Tails. From here you can choose the basic options and you will now be able to browse straight away in total anonymity. However, there are some other customisations as well such as a Windows camouflage mode that looks no different to prying eyes than Windows 8.

You can write documents, edit images and generally do all the stuff you’d usually want to on a distro, and then send them securely via PGP encrypted emails or other secure online services if need be.

Private browsing

Incognito mode only keeps you anonymous on your own PC…

Booting into Tails can be a bit of a hassle if you only need to be fully private every now and then. Tor is readily available to anyone though without going through a specialised distro, and there’s a handy Tor browser for your private browsing.

It’s based on Firefox and uses the same technology as the Tor button that used to be available for Mozilla’s browser. Due to the rapid development of the browser, the Tor team decided instead to create their own spin of the browser. This means they have full control over how it works, guaranteeing that users stay safe and private while using it.

You can get the browser from the Tor website and it runs directly from the files in Linux without any need for a proper installation. Just make sure that you put the run command for it in a place that is easily accessible. It’s basically the same browser that’s in Tails already, so it has a secure search engine and all your traffic is routed through Tor, which makes it untraceable. It’s best to not use this as your main browser, due to its limited functionality outside of privacy, although it entirely depends on how you plan to use it.

Long term privacy

Get yourself private and keep personal details private online for the long haul

The methods we’ve talked about so far are great for keeping your browsing habits at any particular time secret. Privacy is not just about not having any cookies or a known IP address or a lack of Internet history, though – it also applies to your own person. Your address, your phone number and even email address can be precious things that you don’t want any random person on the Internet to find out. While you can set up Tor to work permanently on your PC, it won’t necessarily keep those details private if you have them anywhere else online.

This may sound fairly obvious, but there are a few ways people can slip up and have their location leaked to the world. One of the major culprits for this is social media, especially services such as Facebook and Twitter.

The DuckDuckGo search engine does not collect or share personal information
The DuckDuckGo search engine does not collect or share personal information

Privacy settings

Facebook is a big culprit here, with updates causing changes in privacy settings that you’d already turned off. Facebook keeps your email address on file and lets you include it on your profile – you can also add a phone
number and full address if you so wish. The best solution here is to not include any of this on your profile at all, but if you need certain people to have access to it, you can easily create lists of friends on Facebook and have it set so only they can see the information.

This applies to other social networks like Google+ as well. Tweak the privacy settings on your pictures, statuses and anything else you don’t want the entire world to see.

For a quick way to go through your privacy settings, you can try out PrivacyFix.

Location aware

Facebook and Twitter both have location trackers you can use when sending tweets, messages or updating your status. Tweeting publicly that you are at home on Twitter with the location set to on is a good way for someone to track you down.

Other things you should be wary about include tweeting pictures of your house or immediate surroundings – with readily available access to Google Street View and satellite imagery, it’s easier than ever to figure out where the picture was taken.

Real name

Using your real name as little as possible can be good practice. Without your real name, would-be harassers would have very little to go on to start tracking you down. There are some websites that enforce real-name policies (Facebook being a well-known example), but by following our tips on privacy settings this should be less of a concern. Certainly for things like Twitter, you can easily avoid using a real name, along with anywhere else that just requires a username.

Private WHOIS

Due to laws governing website registration, you’re required to supply details for the owner of any web domain. This includes a phone number, address and email contact, all of which will be made public to anyone who knows which websites you’ve registered. Staying private on the Internet doesn’t mean that you don’t exist on it, and foregoing a web domain entirely is hardly a good solution.

Most domain registrars now offer a service to make this private, either through themselves or a third party. The information still exists but it is only accessible through this service by people with a warrant, and not the general public. These services do cost money though, however a few dollars or pounds a year can be more than worth the peace of mind it offers.

WHOIS watching?

Making your WHOIS ICANN details private as we’ve suggested is a good step, but it’s unfortunately not perfect. There are sites that keep an archive of WHOIS records, supposedly for cybercrime detection and other related fields, but anyone with a PayPal account can get a short free trial. They technically shouldn’t do this due to certain Terms of Service, but unfortunately there seems to be no way of removing these old records. It’s an extra step beyond a quick WHOIS search though that not everyone is willing to do or even knows they can do.

Old accounts and apps

We all have a digital footprint that’s years in the making, spanning who knows how many sites that you may have only used once. Luckily some of these may have out-of-date information anyway. Either way, it’s good practice to hunt them down and either delete them or replace any sensitive information with false information. Google searching your old usernames and names might help to track down some of the trickier ones to locate, and checking any email archives can help as well.

For older forums or abandoned websites this can be near essential as they can be hacked easier. Speaking of hacking, apps you’ve approved on Twitter and Facebook and any other social network retain their privileges long after you’ve stopped using them. Old Twitter clients and Facebook chat apps and quizzes may still be allowed to post on your behalf or have access to your personal information and they’re a common target for hackers for this reason.

You should be making periodical checks of your approved apps to make sure any old ones haven’t slipped the net. You should also be wary of allowing some of them, especially the Facebook ones, access in the first place.

Search yourself out

There are various websites that compile data on people from whatever public information exists. Looking for yourself on these sites can be important as even the smallest bit given somewhere can be correlated back to you. Most of them will allow you to remove your details from their website with little hassle.

For security tips regarding your privacy, you can also check out Jon Jones’ privacy breach survival guide for tips on how to secure your accounts, as well as a few more privacy tips.

Private apps

Applications you can use to communicate with others that will maintain your privacy

Instant messaging

CryptoCat is a secure instant messaging service that works on multiple browsers and smartphones to let you chat with people over an encrypted service. Like a lot of instant messaging clients, you need to make sure the people you want to talk to have the client themselves, but due to the low barrier of entry it’s not much of a hassle.

Not only does CryptoCat encrypt your messages, it doesn’t read any of them either
Not only does CryptoCat encrypt your messages, it doesn’t read any of them either

In an article published by ProRepublica, CryptoCat and a few other instant messaging clients scored perfectly on their test. This includes messages being encrypted before transmission, verification of recipients, open source code and security for past conversations or chat logs if something goes wrong. There are a couple other instant messaging clients that scored the top score, so if CryptoCat isn’t for you then there are other open source offerings that will do the trick. SilentText, Text Secure and Signal/RedPhone are just three examples which have all had the same score as CryptoCat in the ProRepublica test.


Two of the most popular email clients, Thunderbird and Claws mail, both support PGP encryption on emails. PGP encryption means that only people who are the intended recipients of the email will be able to read them by supplying a special key.

Claws mail supports it by default, but you’ll need to install Enigmail for Thunderbird (and Seamonkey) to set up PGP support. This lets you send and receive emails with PGP, and as it’s open source it’s known to be secure by the community and vetted by security experts. Find out how to use Thunderbird and PGP in issue 147 of Linux User & Developer.

Worst case scenario

Doxxing is when someone’s private information is leaked onto the internet in a malicious attempt to scare that person. It’s not a nice thing to have done to you, and it can be hard to get the information removed if it’s put up in the right place.

The first thing you need to do is to check what information has been released. Some doxxes end up using old information, meaning your address or phone number will be safe. However, people living at an old address may be mistakenly targeted, so you should make sure to inform them. Whether it’s old or real information, if it’s posted on a third-party website such as Pastebin or Twitter you should immediately report it to be taken down.

It’s worth contacting the police to see what they advise you to do in your specific situation, although they may not be able to help much unless you start to get calls harassing you or begin to suspect that someone is watching your house. Remember to stay as safe as possible, and start to track down any place that may have resulted in the information being leaked so you can plug it for the future.

Look out for our future article on online security to help further clamp down your details