Control Your Digital Life
It's time to be intentional about your digital footprint. Learn practical steps to control your privacy and create a more secure online experience.
- Ram Iyer
- 9 min read
Table of contents
- Secure your digital identity
- Be vigilant about app permissions
- Understand and control data on social media
- Use privacy-respecting browsers and search engines
- Limit Aadhaar sharing
- Be cautious on public Wi-Fi
- Review Privacy Policies
- Check online accounts for suspicious activity
- Be wary of phishing and social engineering
- Educate yourself on data breaches
The debate is over. Privacy isn’t a luxury; it’s a necessity. Having debunked the “nothing to hide” argument, it’s time for concrete action. This guide cuts through the noise and delivers ten essential steps you can implement immediately to take back control of your online privacy and safeguard your digital self.
Secure your digital identity
Think of your digital identity as your passport. Would you share it willy-nilly with anyone who asks for it? Digital identity (like your password) is fundamental to online security. Having a strong password reduces the risk of takeovers, which is one of the most dangerous forms of breaches.
Use a password manager to ensure you have different passwords for different accounts/services. Change these passwords as needed. A password manager helps you do this without fear of forgetting or losing the passwords.
While at it, enable two-factor authentication. As discussed in a previous article, try and use something other than SMS. This adds another layer of security to your accounts. And unless an attack is specifically targeted towards you, this will protect you in most situations.
Be vigilant about app permissions
Especially location permissions and contacts. Yes, contacts are only other people’s numbers, but you’ll be surprised how they can be used to target you. Your digital life is not isolated. The saying about ‘Show me your friends …’ fits perfectly here. When Instagram, based on whom you interact with and follow, can tell what you like, your entire contact list can reveal a lot about you.
Also, think about how the predatory loan apps went about recovery a few years back. Contacts. Remember how many suicides were reported? This was just one type of use. None of those who installed the apps and hit “Allow” predicted this. Think about the number of apps you have given this permission to.
Review these permissions in the “Privacy” section of your phone’s “Settings”. Revoke access where it’s not needed.
Understand and control data on social media
Mark Zuckerberg once said:
… so if you ever need info about anyone at Harvard, just ask. I have over 4000 emails, pictures, addresses … People just submitted it. I don’t know why. They trust me. Dumb f***s.
—Mark Zuckerberg (reformatted)
I was one of these dumb f***s. I was shocked when I went into the “Data from other apps and websites” on my Facebook profile, back when it still was a thing. It had details about how I used apps such as even BigBasket. Through invisible tracking “pixels” set on various apps that I used on the same browser or phone where I had signed in to Facebook, Facebook had recorded my actions. Including how much I’d purchased for.
Social media seems innocuous. But even if Facebook were not evil, it is a target for data breaches. And Facebook, for what information it holds about billions of people, has been lousy with security. There is a long list of data breaches on Facebook (and other Meta companies). Other social media companies are not too different.
Not all information you give to social media is of use to you. In other words, always start with giving just the mandatory information. Provide more information based on how your app experience is. For instance, what benefit do you get by giving Facebook your location? What if there is a breach tomorrow; would you be okay with this information being leaked?
Ask this question for every non-mandatory information you fill in on social media.
And if you have already entered this information, go back into the personal details section of your profile and see what all you can remove. Take back control.
Use privacy-respecting browsers and search engines
Browsers are your gateway to the Web. And browsers see everything you do online. They collect traces of where you’ve been and what you’ve done. It’s important that you use browsers who do not have fingers deep in dealing with data. (Looking at you, Google Chrome.)
Some browsers (like Google Chrome) not only see what you do, but also tell the sites you visit about the other sites you visit. And this is demonstrable. Ever searched for something on the phone and suddenly, while reading a news article, see an ad for the same product or something else in the same category? This is the most basic form of such data tracking and sharing.
The engine behind Google Chrome is absolutely great—fast and modern. But Google Chrome isn’t the only browser using that engine; the engine is open source. The Brave Browser uses the same engine, but has a lot of better privacy features. If you use Linux, you can install Chromium, which is essentially Google Chrome, without the Google elements. Firefox and Mullvad Browser (which is based on Firefox) are great alternatives as well.
Search engines are another aspect. If you use Google, you are sharing a lot of data about your interests, habits, etc. Using this information, Google “personalizes” your search results. And every search you make influences the subsequent searches. This is a problem, to avoid which, you could use DuckDuckGo, Leta (by Mullvad) or Brave Search.
Limit Aadhaar sharing
Aadhaar is advertised as the one document that’ll meet all your documentation needs. Aadhaar is so ubiquitous now, that every KYC gives it the first preference. But what it also does is make us think Aadhaar can be freely shared everywhere. That is untrue. Aadhaar has a lot of critical information, which, in the wrong hands, can get you into a lot of trouble.
When my landlord asked me for my Aadhaar, I gave him the masked Aadhaar. He asked for the whole number. I explained to him that the combination of my name along with the last four numbers of Aadhaar are very unlikely to be duplicated, and the last four digits of my Aadhaar should do for the rental agreement. I also suggested that he use only the last four digits of his Aadhaar number on the agreement as well.
You should do the same.
- Nobody should insist on the full Aadhaar number unless absolutely necessary. Chances are, the person asking for your Aadhaar does not know better. Try and explain to them, and tell them that they could use the mAadhaar app on their phone to scan the QR code and establish authenticity.
- For online KYC, use the VID. You can generate this virtual ID on the UIDAI (Aadhaar) website.
- Keep your Aadhaar biometrics locked.
Given Aadhaar’s marketing, we could end up loosening our guards and oversharing it. We should know that the Aadhaar is a powerful document, and should be safeguarded like our passport.
Oversharing Aadhaar is one of the ways the scammers of today have information about you. This is how they call you up, ask for you by your name and state your full Aadhaar number. They establish their authority with your Aadhaar because you overshared.
Be cautious on public Wi-Fi
Any Wi-Fi that lets you connect to it is an open Wi-Fi. The password that you enter before connecting to the Wi-Fi is the encryption key. This key encrypts the traffic between your device and the Wi-Fi router, which is plain text-like otherwise. If you enter confidential information (like your password) on such open Wi-Fi (such as that at the airports), anyone snooping on the network can intercept it, read it and use it against you.
Some open Wi-Fi networks, such as those at Café Coffee Day outlets, let you connect first, and then open a browser window asking for a password. These are still open networks, which are establishing authorization using the password; they are not encrypting your connection.
When you have no other go but to connect to such networks, always use a VPN. VPNs will do the job of encrypting your connection so that bad actors on the network cannot intercept your communication. But again, use a trusted VPN, not any random “free” VPN. My recommendation is Proton VPN, Mullvad VPN or NordVPN. Even in these cases, remember that you are entrusting these parties with your data. Can they be trusted enough?
And try to never perform financial transactions (such as logging into internet banking) when connected to such public Wi-Fi networks.
Review Privacy Policies
Which brings me to the privacy policy. Every service is required to have a privacy policy by regulation. These policies tell you how the service uses your data and safeguards your privacy.
Make it a practice to read these privacy policies. At least cursorily. Or use an AI service to interpret it for you; you can even ask questions for better clarity, when using GenAI.
When installing apps, check their privacy labels. This feature is available on both the Apple App Store and the Google Play Store.
Make it a practice to also review these privacy policies and labels at periodic intervals. You should know these before you give your data. And if you feel you have too much to read, this is the time to consider digital minimalism. For more information on that, check out this book (we will also talk about the core principles in a later article):
Digital Minimalism
Choosing a Focused Life in a Noisy World
Check online accounts for suspicious activity
Early detection of unauthorized access can limit the damage caused by breaches or account takeovers. Set up security notifications for accounts such as email mailbox, bank accounts, social media and so on. Review these notifications seriously.
Periodically, review login history, look for devices that are signed in, but don’t recognize. (There are chances you took someone else’s phone, logged into a service, but did not log out. They may not be malicious actors, but their phones can be stolen, and you would not know.) Check for recent transactions on your cards and bank accounts periodically.
Be wary of phishing and social engineering
WhatsApp, email, SMS, these are all channels for the most common phishing attacks. Read more about such attacks in a previous article, Your Challan Could Be a Trap. Anything that is unsolicited, but has a sense of urgency, slow down. I have gone into why in the linked article.
Educate yourself on data breaches
Knowing about data breaches and the data breach trends, along with knowing your rights as a citizen, can help you make better choices. Follow cybersecurity news sources or generally reputable tech news sources can help you remain informed. As a general rule of hygiene, at least change the password for the service whose data has been breached.
Implementing these ten tips is a significant step towards reclaiming your privacy. You might also find that these practices lead to a less cluttered and more focused digital life overall. This intentional approach to technology, where we prioritize value and minimize distractions, is at the heart of digital minimalism. As you take control of your data, consider exploring how a more minimalist approach to your digital tools can further enhance your well-being and focus—a topic we’ll delve into in a future discussion.