We've all been there before: a banner ad is served in your browser promoting products on a site you've visited hours, days or months earlier, as if the ads are following us around from site to site. Most people know that the issue of ad stalking - known in the trade 'remarketing' or 'retargeting' - has something to do with cookies but that's barely the half of it.
The underlying tracking for all this is supplied by the search engine provider or one of a number of programmatic ad platforms most people have never heard of.
The ad system notices which sites people are visiting, choosing an opportune moment to 're-market' products from a site they visited at some point based on how receptive it thinks they will be.
Almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model.
The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties by advertisers and profilers.
Broadband providers, meanwhile, are increasingly required by governments to store the internet usage history of subscribers for reasons justified by national security and policing.
But do not fear, for there are some products out there that can protect your data from prying eyes and keep you safe and anonymous online.
In theory, the traditional way of shielding internet use from ISPs can be achieved using a VPN provider.
A VPN creates an encrypted tunnel from the user's device and the service provider's servers which means that any websites visited after that become invisible to the user's primary ISP. In turn, the user's IP address is also hidden from those websites.
Notice, however, that the VPN provider can still see which sites are being visited and will also know the user's ISP IP.
Some VPNs are free, but they typically subsidise this by serving you pushy ads and putting a time limit on the free plans. Free VPNs also sometimes limit the servers you can connect to or slow down your speeds more than a VPN already does.
Good VPNs don't have to cost the earth. You can pick up a good service for around £5 per month and not have to worry about a bad user experience.
NordVPN's servers operate under the jurisdiction of Panama because, in Panama, internet providers are not obliged to monitor traffic or keep any data logs.
It has servers in over 60 countries and provides double data encryption, and an automatic 'kill switch' to protect sensitive information in one click.
Nord really does offer some solid features and is definitely worthy of your consideration.
IPVanish is a well-regarded US-based service offering an unusually wide range of software clients, including for Windows, Mac and Ubuntu Linux, as well as mobile apps for Android, iOS and Windows Phone. There is also a setup routine for DD-WRT and Tomato for those who use open source router firmware.
Promoted on the back of speed (useful when in a coffee shop) and global reach as well as security. On that topic, it requires no personal data other than for payment and states that it does not collect or log any user traffic.
Another multi-platform VPN, Romania-based Cyberghost goes to some lengths to advertise its security features, its main USP. These include multi-protocol support (OpenVPN, IPSec, L2TP and PPTP), DNS leak prevention, IP sharing (essentially subnetting multiple users on one virtual IP) and IPv6 protection. Provisions around 50 servers for UK users. It also says it doesn't store user data.
PureVPN is based in Hong Kong but will let you connect to over 500 servers across 141 countries via a 256-bit grade encryption. Pretty impressive stuff.
PureVPN is a good choice, offering a 'kill switch' and promising not to log any user activity, along with a simple interface, although, compared to others, this VPN could appear dated and lacking slick customer experiences.
ProtonVPN provides a free VPN service that comes with secure core architecture and DNS leak prevention, strong traffic encryption (AES-256) with 2048-bit RSA for key exchange, and HMAC with SHA256 for message authentication.
It uses OpenVPN standard for security and transparency and is based in Switzerland for its strong data privacy laws. The free plan is limited to one device, but users can upgrade to paid plans that start at €4 (£3.60) per month for two or more devices.
Spyware removal tools
Spyware is a form of malware that plants itself inside your systems and collects information about you without you knowing.
It could come in the form of a 'legitimate' software download or email attachment that will then steal your web browsing data and monitor your keystrokes to find out your passwords.
Here's our pick of the best tools to remove it. See here for a full list of free spyware removal tools.
SUPERAntiSpyware might look dated, but this antispyware tools should be your first port of call if you suspect foul play.
Once installed, you'll be able to run a total or pick what you'd like to be scanned, including ZIP files, websites and downloads. It can also find and remove a whole host of malicious content including spyware, adware and malware, trojans, dialers, worms, keyloggers and rootkits.
Emsisoft Emergency Kit
Emsisoft Emergency Kit (EEK) can run straight from your USB drive and deletes spyware and a variety of other threats.
As it doesn't need to be installed, it won't slow down older PCs and can easily remove malware living in your hard drive and memory. It can also scan emails, archives and ZIP folders, but it doesn't offer protection from future spyware so needs to be twinned with another tool to ensure full protection.
Malwarebytes alongside its extensive range of online security tools provides some excellent antispyware capabilities.
If you opt for this product, you'll be able to scan whole hard drives, as well as individual files and folders. And of course, web protection, including detecting and preventing access to malicious sites, ads and scam networks.
With 1Password you can store a vast amount of information from account details and passwords to bank details and loyalty schemes and what's great is that it will auto-fill web forms for you once these are stored.
1Password also enables Touch ID which uses your fingerprint for entry, which adds an extra, and useful layer of security.
In addition, to make sure all your current passwords are up to code, there is an audit function that will highlight weak passwords and generate stronger ones for you to replace them with.
If you've been on the hunt for a password manager for a while now, you'll have heard of LastPass, and with good reason. It really is one of the best out there.
Although, that's not to say that it's been smooth sailing. In 2015, LastPass was hacked in 2015, with email addresses, master passwords and hints all breached.
Since this, LastPass really has redeemed itself, offering end-to-end encryption at device level, so even LastPass can't see your passwords.
EnPass has a similar interface and set of features to LastPass. The desktop version is free but the mobile app costs $9.99 (£7.80) per platform.
The free version includes browser support with autofill functions for Safari, Chrome, Opera, Firefox, and Edge, but the closed source software has no publicly available security audit.
All browsers claim to function as 'privacy browsers' when the services around them are used in specific ways, for example in incognito or privacy mode. But as wonderful as Google's Chrome or Microsoft's Edge might be their primary purpose isn't security.
The companies that offer them simply have too much to gain from a world in which users are tagged, tracked and profiled no matter what their makers say. To Google's credit, the company doesn't really hide this fact and does a reasonable job of explaining its privacy settings.
Really the main contenders are Firefox and Firefox with Tor. Brave is a relatively new entry to the privacy-oriented browsers game, proposing a quite different (and opt-in) advertising model based on a blockchain platform.
Firefox is by some distance the best of the browser makers for privacy, simply because it does not depend on the user tracking that helps to fund others. But this becomes moot the minute you log into third-party services, which is why most of the privacy action in the browser space now centres around add-ons - such as HTTPS Everywhere, uBlock Origin, NoScript, Stop Fingerprinting and Windscribe.
This Firefox-based browser that runs on the Tor network can be used with Windows, Mac or Linux PCs. This browser is built on an entire infrastructure of ‘hidden' relay servers, which means that you can use the internet with your IP and digital identity hidden. Unlike other browsers, Tor is built for privacy only, so it does lack certain security features such as built-in antivirus and anti-malware software.
Brave is an open source browser with advanced ad-tracking controls that makes it ideal for the privacy-conscious user who wants a lightweight browser. It integrates with HTTPS Everywhere, blocks cookie capture, includes a decent ad-blocker, and is regularly improved by an active developer community.
Privacy search engines
It might seem a bit pointless to worry about a privacy search engine given that this is an inherent quality of the VPN services already discussed but a couple are worth looking out for, as they're free and incredibly simple. Users onlu need to start using a different search engine, and they aren't required to buy or install anything.
The best-known example of this is DuckDuckGo. What we like about DuckDuckGo is it protects searches by stopping 'search leakage' by default. This means visited sites will not know what other terms a user searched for and will not be sent a user's IP address or browser user agent. It also offers an encrypted version that connects to the encrypted versions of major websites, preserving some privacy between the user and the site.
In addition, DuckDuckGo offers a neat password-protected 'cloud save' setting that makes it possible to create search policies and sync these across devices using the search engine.
Oscobo UK search
Launched in late 2015, Oscobo returns UK-specific search results by default (which DuckDuckGo will require a manual setting for). As with DuckDuckGo, the search results are based on Yahoo and Bing although the US outfit also has some of its own spidering. Beyond that, Oscobo does not record IP address or any other user data. According to its founders, no trace of searches made from a computer is left behind. It makes its money from sponsored search returns.
Techworld's sister title Computerworld UK recently covered the issue of alternative DNS nameservers, including Norton ConnecSafe, OpenDNS, Comodo Secure DNS, DNS.Watch, VeriSign and, of course, Google.
However, any DNS nameserver will raise also privacy concerns because the growing number of free services are driven by data gathering. The only way to bypass nameservers completely is to use a VPN provider's infrastructure. The point of even mentioning them is that using an alternative might be faster than the ISP but come at the expense of less privacy.
Available on 126.96.36.199 and 188.8.131.52, DNS.Watch is unique in offering an alternative DNS service without the website logging found on almost every rival. We quote: “We're not interested in shady deals with your data. You own it. We're not a big corporation and don't have to participate in shady deals. We're not running any ad network or anything else where your DNS queries could be of interest for us.”
Now part of Cisco, the primary is 184.108.40.206 with a backup on 220.127.116.11. Home users can simply adjust their DNS to point at one of the above but OpenDNS also offers the service wrapped up in three further tiers of service, Family Shield, Home, and VIP Home. Each comes with varying levels of filtering and security, parental control and anti-phishing protection.
Cloudflare claims its '18.104.22.168' free DNS is the "fastest" consumer DNS service out there. The nameserver supports the transparent, open standards of DNS-over-TLS and DNS-over-HTTPS. CloudFlare has a track record of not tracking users or selling advertising, which should help allay the concerns of the privacy-conscious consumer.
You might also want to look into some privacy apps and software to support other things in the list. You should consider:
Two-factor authentication: Given the amount of data users are storing, using two-factor authentication (2FA) is an absolute must. This can be set up using a mobile app such as Google Authenticator, Authy or FreeOTP.
Backup and Sync: You should sync data across multiple devices in an encrypted state, whether that be with Google or other providers such as Dropbox or Box, for example.