Tips and Tools

Helpful tips to protect your privacy online.


Using Your Web Browser

It's easy for "cookies" to accumulate in your web browser -- little bits of data left by websites you visit that identify you as someone the company knows. Sometimes they are a convenience, helping you get to your account more quickly or helping you see the kinds of offers you're most likely to be interested in.  But they can be read from your browser for quite a while if you allow it, and you'd be surprised how many you may have.  It's pretty easy to remove them from the "Settings" "Preferences" or "Options" panels of your web browser, and you'll have plenty of opportunities to accept more cookies.

Find out more about cookies on the Federal Trade Commission's website.

Periodically clear search history and accompanying stored data. The steps required vary by browser, but there's always some way to do a spring cleaning. Deleting stored data from websites can also free up storage space or memory on your computer and help it run faster.

Most web browsers have a feature that remembers information you type into forms on the web. This is often a convenience, saving time when you fill in a lot of forms.  But it's also a little risky because the browser might remember private info you type into forms, such as your credit card number, passwords, medical conditions, date of birth, etc. Disabling these "auto-fill" features is usually pretty simple in the "Options" "Preferences" or "Settings" panels of your browser.

Here's how it looks in Firefox

Disable cookies in your internet browser. "Cookies" are data files stored on your electronics that track your internet browsing activity. To minimize the tracking of your internet browsing activity, be sure to limit or disable Cookies in your browser options. The links below show how to do the steps in various browsers:

Firefox  Explorer  Chrome  Edge

 During web browsing, get used to looking for the "lock" icon near the top of your web browser - these "HTTPS" websites provide for secured connections and are safer use when volunteering personal information. Here's a couple of samples of properly secured sites in popular browsers:


Internet Explorer:

Think before you click! Similar to reading email carefully, if someone sends you a link via online messaging or other service, review the link carefully before clicking. Some links may install malware or virus that may compromise your device security.

Be especially careful about links that contain or end in any of the following file formats: .php, .exe, and .xxx.  These can contain what's known as "executable" files that can quickly deposit and install unwanted malware or virus software on your devices which search your computer to mine/extract protected data, including your sensitive information, passwords, computer files/documents and keystrokes, all of which can compromise your privacy and/or allow them to steal your identity. Think of it as "driving defensively" and avoiding accidents.

Use private browsing modes in internet browsers. Many internet browsers have a private browsing mode which does not save cookies or browsing history. Although some connection information is tracked by your internet service provider, using private browsing modes also limits the amount of personal information a user retains and volunteers.

Using your Computer's Basic Tools

Most computer operating systems these days are designed to keep the data of multiple users securely separated, but you don't get that protection if you leave your devices running and unlocked, so always log-off! If you're leaving your computer or phone, make sure it's locked before you leave. Worried about remembering your computer password? Practice makes perfect.

Employers often monitor computers and email accounts that they provide to you. The degree of surveillance permitted is usually in your employment agreement, technology agreement, or office policies. Check what your employer can access and don't use business resources for private matters.

Make sure any device containing private information has an "auto-lock" feature that requires a password to unlock. The theft of a computer, phone, or tablet should not include the theft of access to personal information.

Updating software is a time consuming but critical part of protecting your devices. Outdated software can contain vulnerabilities that are widely known and exploited. Java and Acrobat Reader are common targets, but operating systems, internet browsers, and other applications are also at risk. Automatic updates are highly desirable because they prevent procrastination.

Looking for the automatic update tools on your computer?  Here are a few snapshots:

Windows 10 update status Android automatic updates in settings iOS app updates screenshot
Windows 10 Android MacOS iOS


Devices, Home Automation and the Internet of Things

Most of us these days have a WiFi box in the house and do a lot of our web surfing or movie watching over that home network.  Mostly we just plug the box in to the wall outlet, connect it to our internet provider somehow, and turn it on. But is that network secure? You're probably looking at your bank accounts over that connection - could it be snooped by a guy in a van down the street with a laptop and a can of pringles? Older wifi routers sometimes came with really weak initial passwords and insecure out-of-the-box settings - have you changed yours this year?  For a lot of home WiFi boxes you can see all the settings by browsing the following address while you're at home:  you might be surprised what you find.

Email, Texting and Messages

Beware of phishing attacks and scams. A service that you use will rarely call or email out of the blue for you to confirm information such as your billing address, credit card, social security number or password.

Unless you have a pretty good technology skillset or an IT support organization behind you, it's not easy to be sure who exactly you're getting email from, or to secure messages you send so that they can't be picked up by snoopers. Scam artists love to send emails out to people, pretending to offer a lost inheritance, a really good offer on a white elephant you're selling online, or suggesting you're under threat from some powerful organization.  Sometimes people even write back to such messages with their private information - like bank account numbers. The safe way to avoid hassle is to just keep your private info out of email or messages, and be leary of people who don't do the same.

Just because someone asks for information, doesn't mean they should get it. Confirm that the person is authorized to access that information, and make sure you share it in a secure manner.

Read all emails carefully! Many compromises of personal information are due to inattention and not compromising of security. When you get an email requesting personal information, read it carefully to ensure that message is actually from the sender and not from someone masking as the sender. When in doubt - leave it out.

Spammers - the folks who sent you email or text messages you didn't know you needed - are becoming more and more sophisticated. That "invoice" in broken english from a vendor you don't remember? It could be a virus. Never click a link in an email or download a file without confirming that it was sent from a trusted source and the link or file is (at least mostly) safe.

Do not use personal email accounts to transmit others' private information. There's a big difference in privacy and safety between a "business-class" email service and most people's free web email. Big organizations put a lot of effort into making their email systems safe (or safer) because they know there's a lot of bad email out there. So if someone is going to trust you with their personal stuff - like a phone number, their medications, or even their kids' birthdays - be a professional and use an email service run by humans, where you're a valued customer not just another free account.

Knowing, Sharing and Tracking Your Location

Avoid volunteering personal information over public WIFI connections. Public WIFI allows many users to connection to the internet, and others may have access to your connection information as you browse the internet. Thus, avoid viewing or providing personal information when using public WIFI connections.

Disable location services in your electronics. Many modern electronics contain GPS functionalities and allow applications to track your location, but it's more than just "where you are" - if you know both "where" and "when" you can map a person's habits, highway speed, kids' school, favorite bank branch, etc. Be sure to review the GPS location options in your device to ensure you minimize volunteering your location information.

Never review private information in a public place. Whether on a plane, in a Starbucks, or at the park, you should not have private information up and available for plain view on your computer screen.

Minimizing What the Internet Knows

Delete private information once it is no longer being used-if it's not necessary to keep, don't keep it!

Delete unnecessary files and emails that have your personal information. If your security is compromised, minimize the amount of personal information that may be released.

Minimize the amount of personal information you disclose online. When signing up for online services and apps, fill out the bare minimum of personal information to minimize your digital presence.  Does that fan site really need your home phone number or birthday? Does the pizza shop need your whole Facebook profile?

When you dispose of sensitive documents in garbage or recycling they can be snooped by your neighbors, waste management employees, and strangers walking down the street. You may not want to take advantage of that low-low interest rate pre-approved credit card offer you got in the mail, but somebody else might really like to use it at your expense.

Shred any unnecessary documents that contain your Social Security number, medical insurance numbers, birth date, credit card numbers, or financial institution account numbers.

A paper shredder is much better than tearing documents by hand.

Don't have a paper shredder, or have one that's too weak to handle the mail you get? Many communities offer "shredding day" events when you can bring your old-but-sensitive papers to a credit union, bank or community center and have them shredded and recycled for free by an industrial-strength machine.  Here's a calendar of upcoming shred days in Washington state.

Making Passwords Work Well

Not everybody is fluent in tech or comfortable with fancy new programs, but passwords have been kept on paper for centuries and it's actually ok if you can keep them safe.  Here are some thoughts on how:

- write your passwords in a notebook or on index cards; a password that is hard to guess is also hard to remember

- don't leave passwords on stickies by your keyboard; your desk probably already has a locking drawer, so use it!

Words and phrases are fairly simple for an attacker’s program to guess. Interspersing numbers and symbols helps, but seemingly random passwords are best. For example, you can use the phrase “Privacy is very interesting and important to me,” take the first letter from each word, and change the ‘to’ into a ‘2.’ The end result is “piviai2m.” Passwords made this way are extremely difficult to guess, yet the user only needs to remember the original phrase.

Use a password manager that will enable you to remember only one password without needing to use it across all your services. Using the same password for different services can increase the harm caused if one service or the password itself is compromised.

These days the major internet companies offer you the option of using "multi-factor" or "two-factor authentication as an option you can turn on.  It's a good idea.  Here's how it works: to log in to a website that uses multi-factor authentication, you have to know your password, plus you also have to have some kind of extra validation step.  For example, some sites will send a text mesage to the mobile phone on your account, checking to see if it's really you. Others use a dedicated keyfob that fits on your keyring and feeds you long random numbers to use with your password.  The extra validation changes frequently, so it's like changing your password every 2 minutes - but much easier.

So You've Been Hacked - How to Recover?

When you've received a letter saying your personal data has been lost, stolen or breached, you may want to look for an independent assessment of what's been lost and what you can do about it. Here are a few starting points.

The Federal Trade Commission has a good, simple web wizard that lays out the issues and options pretty well:

The Washington State Attorney General has a page listing all the breach notifications they have received, along with some tips and reading material.

We're working on developing guides and policy to address this kind of thing -- if you find a resource that helps you, let us know with this contact form.

Equifax, one of the big 3 credit reporting agencies got hacked earlier this year and the hackers got away with the personal information of about 143 million people - probably enough info to open new credit cards in the names of the people affected.

Not sure what to do or how to do it?  Study your options:

  • The step most experts are recommending seems to be "freezing" your credit report with each of the big three credit bureaus.  The Washington State Attorney General has a good page of info explaining how to get the credit rating agencies to freeze your file, or just to be on the lookout for fraud. It's not as new or flashy as some others, but it's simple, clear and local.
  • The Federal Trade Commission has posted a "what-to-do" page on its website that offers a good layman's step-by-step guide to your options. They allow people to comment, and a lot of people have expressed understandable frustration.
  • The New York Times has been building a real-world FAQ on specifics of Equifax, their data breach, and the concerns people raise while navigating the recommended safeguarding steps.

Try using an Identity Theft protection and monitoring service.  There are lots of options out there; pick one endorsed by an outfit you trust, like your bank, credit union or professional association. With all the hacking stories in the news these days, you may well already have a service looking out for changes in your credit history, accounts etc. -- it's one of the usual things companies do when they get hacked to try to reduce the danger to their customers.  If you have such a service available to you - use the heck out of it! Read the emails they send you; call the company if you don't understand something.

Controls on Social Media and Advertising

LinkedIn has a large amount of information about its users professional lives, and has a recent, readable privacy policy:

Privacy Policy -- what they know about you and what they do with that info

Summary of changes -- recent changes in layman's terms

User Agreement -- what you need to know about them, what they allow, etc.

Blog describing changes in order to comply with Europe's GDPR


Slack, the work/chat tool beloved by small and distributed technology teams, has updated its privacy policy to comply with European privacy law

Privacy policy  covers what they collect and share about you

User Terms   covers what you should know about them, like what kinds of uses are acceptable on the site

Yahoo, one of the giants of the early internet, has a prominent privacy policy
They have been bought out by Verizon, and acquisitions sometimes change privacy policies.

Here's a quick list of privacy links and tools for Facebook

Website Page Link
Facebook Explanations
Facebook Ad Controls


Apple has a few privacy pages:

A general explanation of how they do privacy
The privacy policy for their website

Microsoft has a few privacy-related pages and programs

General description of privacy at the company:
Privacy Statement for their website          

In a recent article in the Wall Street Journal, reporter Joanna Stern sketched out a simple and prudent step to protect your privacy online.

You might not be aware that your web searches might “follow” you across other sites, such as Facebook, which can use your search history to target advertising.

In the Facebook iOS or Android app, tap the three lines in the bottom-right corner, select Settings > Account Settings > Ads.

Tap “Can you see online interest-based ads from Facebook?” and then “Off.”

This will turn off the setting across your Facebook account—on all your devices.



To reduce the value of your contact information among advertisers, add your name to the 'Do Not Call/Email' lists.  Even though it may take a little while for advertisers to pick up the change, it's a good and easy step.  There may still be hackers or less careful advartisers out there who don't pay attention to 'Do Not Call/Email' lists, but when your name's on a list it's not worth as much on the black market.

Smartphones and tablets don't come with an expiration date - but perhaps they should. Most people's smartphones get updates to the operating system only when the carrier gets around to it. Eventually the carrier and the original manufacturer consider them out-of-date and stop the updates.

But wifi hotspots, desktop computers and even commercial networks don't block these old devices from connecting. An old phone or tablet with security issues can still have lots of your files, passwords, pictures and data on it, and it's far easier to break into than a newer device.

What to do:

  • Often (but not always) your carrier will let you trade in your old device - ask if they dispose of data securely
  • Best Buy, Staples and RadioShack stores will recycle cellphones too - ask how they dispose of data
  • Resale marketplaces like Gazelle promise to remove your personal data before selling on
  • Here's a how-to about "wiping" your old phone's data.
  • Washington's department of Ecology has an e-cycle program that disassembles devices into parts for recycling


Ever picked up a forgotten phone and seen something really awkward?

Yes, even highly intelligent, tech-savvy people sometimes neglect to protect their phones, computers or disks with a password.

Don't leave your personal life open on the table for your kids' friends or your in-laws to stumble over.

Use a Password.


© Copyright 2018 Washington State Office of Privacy & Data Protection   |   Request Records  |   Accessibility