Everyone wants your data online these days. Be it an email address for newsletters, a survey for some product/charity/social thing, or even your local shop so they can send you your receipt via SMS, you are asked to provide data about yourself on a daily basis. Unfortunately in giving out this data, there is always a risk that this data may end up in a data breach and suddenly you are the target of spam email, phishing email and other malicious and fraudulent activity.
I’ve been on the Internet since the world wide web became more generally available in Australia in the mid 1990s and interact in public forums online so please don’t think in writing this post I am suggesting I am anonymous online. However in recent years (and thanks to data breaches), these are some of the things I am doing to better protect my data online.
Disclaimer: Any products listed below are as examples only and not an endorsement of any particular product or service.
Protecting Email
Protecting your email is much easier and affordable these days compared to a decade ago where it was very much a niche offering. They are all based around the concept of obfuscation:
- Email Aliases
- Disposable Email Address
- Alternate Email Account
An email alias is an email address that typically forwards to another email address. Usually these are used for one-way communications like signing up for a newsletter online. Email aliases additional advantages of being able to be enabled/disabled on demand and allow easy identification of services that may have been breached or sold your email address to marketers should unsolicited email start appearing.
Disposable email addresses are very closely related to email aliases, though differ in the sense they have a short, finite lifespan. This can be a double-edged sword depending on where you use this email address but can be useful when you believe you will have only a single interaction with product/service.
With many free online email services like Gmail, Outlook etc. you may have a preference to have secondary email mailboxes for communications where you do not wish to give out your primary email address.
You may even wish to run a combination of these things like having email aliases going to an alternate email account.
Protecting Postal Address
While arguably it is not hard to find out my address, I am not a fan of just giving it to anyone who asks, and that includes websites. I take a particularly dim view of websites who seem to make it mandatory to provide a physical “billing/shipping” address for a digital asset, like a license activation. There are limited options:
- Auspost PO Box
- Auspost Parcel Locker
- “Alternate Identity”
A PO Box should be self explanatory, they have been around for decades. Pay money to local post office, get a letterbox on the PostOffice wall that items can be addressed to. However if like me you don’t get a lot of mail, they are becoming ridiculously expensive. I had my first PO Box when they were $50/year. as of Jan 2024 they are $154/year.
Auspost Parcel Lockers are the new kid on the block that are free to sign up for and can be used to have parcels delivered to for you to drive to and pick up when something is there. This is not a PO Box – Anything not a parcel may be redirected to your address or returned to sender depending on the mood of the postperson. However for a digital product you are likely never to receive any physical anything for, using a Parcel Locker might work as a viable alternate address for overly demanding websites.
More recently, online protection products such as VPN providers and anti-virus products have recently been spruiking the idea of “Alternate Identities” (Alt IDs). The limited experience I have had with one such service is that it will generate a random name, using a random real address and an email alias to associate with the Alt ID.
In my opinion there are some ethical considerations here that make this problematic – one of which being given the real street address, use of these Alt IDs for malicious purposes may result in an innocent person living at that address being the recipient of inappropriate material, or worse. However there is nothing saying people do not do this already – it is certainly not a new concept – There’s nothing stopping me from adding a random name to the first address I find at the top of the page of a phone directory and using that.
I think the area of Alt IDs will end up being a “watch this space” issue for at least a couple of years.
Protecting Credit Cards
For as long as there has been online shopping there has been credit card fraud. Anti-fraud protection is much better these days, but the best protection is to not enter your physical credit card details into a website at all. There are ways to do this:
- Payment Services (e.g. Paypal)
- Pre-Paid Credit Cards
- Virtual Credit Card Services
Again, I am not going to explain services like PayPal, they have been around too long. I do however urge anyone using a service like PayPal to treat it like bank details, which means using a strong password and multi factor authentication.
Pre-paid credit cards are a great way to protect yourself online. You can load them with a limited amount of funds, they are not linked to any bank accounts (by default), and they are disposable in the event they are compromised. Note that some of these card have a significant recharge/first charge fee (the one I recently bought cost $7.95 to charge/activate).
- Mastercard Prepaid
- Australia Post Prepaid (by Mastercard)
- Activ Gift Cards
Virtual Credit Cards work on the same premise as pre-paid cards, except you can easy make many cards attached to your service account, along with single-use cards which as the name suggests self-destruct after a single use. This kind of service is super handy if you want to set up different cards for different things – e.g. Amazon, Ebay and AliExpress. Again, treat your account like any other bank account.
(*) Note Zip.co and Klarna are primarily split payment services that happen to offer one-time cards. Revolut is a standalone service.
Protecting Passwords
I would hope if you have gotten this far that you already know that having one password used for everything is an extremely bad idea. Remembering multiple passwords maybe after 2-3 can get hard though, especially if they are strong passwords, so a password manager is in order.
While there are plenty of free password managers around, some commercial, subscription based services provide additional features including password breach notification, synchronisation across devices, MFA storage, browser extensions for autofilling and much more. Some of my preferred password managers include:
Protecting Phone Numbers
For many people, your phone number is as much a part of your identity as your social media username. If you have a mobile phone you may have never had to change your mobile number. However having your mobile number appear in a breach list is an annoyance at least (in the form of spam/scam messages and calls) or devastating at worst (harassment and identity theft).
VOIP Providers are a way to obtain a “disposable” phone number that can be used with an application on your mobile phone that you can then provide to websites and people you do not wish to give your actual number to. If it ends up in a data breach, you then request a new number.
It is far to say that many of these services can be a little complicated to set up if you are not familiar with SIP services, however once configured it is set and forget. Many services can cost as little as $5-10/year (yes, year) with the ability to forward any inbound calls to an email address as a voicemail.
For the privacy conscious Australian, this is perhaps one of the best value “bang for buck” things you do to improve your privacy.
Wrapping Up
With more products are services going online, it is increasingly important to consider what information you want to share with these services, particularly where you required to share information that does not make sense to share, such as a mail address to receive a digital asset.
This article hopefully helps by provides some information on the concepts and tool for protection of:
- Passwords
- Identities
- Postal/Home Address
- Payment Information
- Phone Numbers
If you have any particular tools you like to use for Australians, please feel free to share in the comment section, except for VPNs – they are a whole different thing in the context of this article 🙂