Many people are upset about the roll back of internet privacy laws, and they should be. Access to your browsing history and content of your communications is not just a risk to your privacy, but also to your security.

In much of the same way that identity thieves use commercial background check services to gain information on their victims, criminals will love access to information about what sites your use and when you use them.

But I think this all misses the point.

The roll back shows that we should have never trusted the law alone to give us security and protect our privacy. We should use software that ensures our privacy and security by design. Today, the majority of the software we use is NOT built this way, and is not secure with its default settings. But, if you make reasonable choices and turn on security in the tools you use, you can greatly reduce your need to trust intermediaries such as your ISP.

The best advice is the same advice for securing your communications: use encryption for all activities.

  • Make sure the web sites you use are HTTPS only.
  • If you use POP or IMAP for email, be sure to configure them for SSL/TLS.
  • When using chat apps, make sure they are end-to-end encrypted like Signal or WhatsApp for messaging, or our product Semaphor for team/business group chat.

You will probably be most exposed when using the web as much of it is still unencrypted HTTP by default. (It is worth looking at the browser extension HTTPS Everywhere to help you use secure web connections.) There is good news here though – the web is becoming more encrypted. This will be driven by the move to http2 which in practice will not support unencrypted traffic as well as initiatives by Google to push sites to use encryption. Large media organizations such as The Guardian and The New York Times are leading the way and have switched to HTTPS only. The benefits of encryption are more privacy for your visitors, as well as preventing the increasingly common practice of content injection.

If you take these steps, not only will you protect your privacy but you will also be more secure and be less likely to fall victim to hacking.


One often-pitched tool for privacy that you should be very careful when selecting, is a VPN. Most VPN providers will reduce your privacy and security rather than enhance it.

@SwiftonSecurity on VPNs – Twitter, April 17

They are often not configured in a secure manner and just move the privacy risk from your ISP to your VPN provider – who usually has even less accountability than an ISP. Similarly, if you choose to use TOR, where it will hide the address you are communicating from, it is unsafe to use for any unencrypted traffic.

What was your reaction to the news the past few weeks about ISPs and privacy laws? Let us know on Twitter.