Nothing (because none of these are necessary for the kind of privacy I practice).
I think about what I post to what social network and some things I just don't post at all.
I think I still have privacy. I have private conversations with people via Skype, IM, Facebook, email. Is it possible that at some point those leak? Perhaps. It's just not likely enough that I chose to worry about it.
I value the benefits I get over these interactions over the tiny chance they may come back to eventually haunt me.
I chose to live in the now and not let myself be gripped by paranoia of what might be.
What you might not be considering are the details between the lines.
You might not post private information to Facebook but when and how often you post can tell someone more than you would casually share with a stranger like what your sleeping habits are or if you are at a special event (determined by the lack of generated events during a normally scheduled period of activity for you). After a while, even the non-interactions with the site can tell the site and their advertisers more about you than you might prefer.
Think of twitter bots like the automated RobMeNow tweets. Sure letting people know that you are buying a subway sandwich is mundane and hardly private information but entering that information into an archive that can be analyzed to determine how much you spend on fast food and when you are most likely to purchase fast food is probably not something you want to share with advertisers.
EDIT: People are commenting about how it's not so bad that advertisers know this information about you. I just want to add that you can replace "advertisers" with any noun that is legally or commercially entitled to the data. It could be a government or the company that acquires your social network.
I love that the replies are full of people who, like me, don't mind if advertisers know more about me. Why wouldn't I want to experience more relevant information about purchase opportunities? What's the alternative? Random stuff that doesn't apply to me? Sites who can't bring in enough revenue to operate that I don't get to use because they can't target me specifically?
I'm confident in my ability to say 'no' to an advertiser, just as I appreciate being told about things that might help my lifestyle. I'll research it, I'll look at the pros and cons as well as the costs and will make the final decision.
Although, fair disclosure, I run an ad blocker in my browser, so I don't see most of the ads anyway ;)
PleaseRobMe was a fun little project that those with a heightened concern for privacy love to point to, but I doubt it ever led to anyone having their house robbed. Again, the benefits of me being able to selectively tweet a conference hashtag and see if anyone wants to hang out in person outweighs the fear that someone's going to see if I left any Apple gadgets at home to steal.
One problem is that once information is collected about you, there's no guarantee use of it will be limited to the people or entities who collected it. There's also no guarantee that the information won't be abused.
Corporations get hacked in to and have data stolen from them all the time (the frequent news stories we hear about data breaches are probably just a drop in the bucket compared to those that happen and go unreported).
Unscrupulous employees of these corporations could use the data the corporation collects. This information could also be sold (either legitimately or illegitimately) to others. It could be for stalking, harassment, identity theft, finding out your political sympathies, sexual orientation, etc.
The data collected on you could be used by prospective employers, insurance agencies, or love interests to weed you out based on the impression (accurate or not) that they get of you or your social media "friends".
Once the data is collected, it could stick around virtually forever. And good luck correcting any mistakes in it.
Why not? Honestly, if these services can figure me out based on my data, then provide me with their recommendations based on that, why is that not a good thing?
I flush my cookies on browser restart (though Firefox has a few quirks for that).
I use browser extensions: mainly RequestPolicy in whitelist-only mode (I also use NoScript, but more to block websites that are too CPU-intensive than for privacy reasons, and AdBlock Plus).
I VPN all my traffic through one of my servers. Not for real anonymity (my name is in the whois..), but more because I routinely use public/semi-private wifi networks and I don't really trust them not to snoop. Deciding when the network is secure and when it's not is too much work, so I always leave the VPN on.
I also avoid putting my data in any sort of cloud, except for backup with serious encryption (I'm still undecided between Cyphertite and Tarsnap).
The fun thing is that, apart from RequestPolicy, I don't even realize I have all these things in place, and I certainly don't feel I'm a privacy nut. It just seems more practical (and some were fun to setup).
Social networks.. have changed. It's nowadays used more for branding yourself than anything. There used to be a time, 2-3 years back when I used to see all sorts of personal information. In particular, well thought out opinions and sensitive topics being discussed. But people have understood privacy more and more and they only post 'generic' stuff. I look into my facebook page today, most of them are about cats, dogs, babies, birthday parties, random quotes, jokes. Anything hardly personal or opinionated. It's the reason I quit social networks. Not because of privacy but because there are no real opinions or thoughts in there anymore.
(Like this really close friend of mine who wants to brand himself as hyper-energetic hyper-optimistic chap. I know better).
Other: I use multiple browsers. Broadly, I have one browser logged into Google services, one logged into Facebook, and one in which I do everything else.
I also use Ghostery, AdBlock, HTTPS Everywhere, and a cookie management extension that deletes all non-whitelisted cookies after an hour, as well as make liberal use of Incognito windows.
Avoid posting controversial issues. I mean, not only avoid posting them under your real name facebook/google+ account, but avoid posting them at all, since they'll be linked together automatically anyway.
If you consider a possibility of going into politics at age of 40-50, then you better think what you say even at age of 20.
In practice, anonymous accounts don't work and our generation will have a permanent record as data analysis gets better and cameras like Google Glass will become ubiquitous.
The idea is that you should think through your opinions so that you can sign under them proudly even 20 years afterwards. Don't run your mouth rashly or drunkedly, don't respond to provocations, etc. And if you're ashamed to sign under an opinion, then think twice - either change that opinion or dare to sign under it. I mean, you can't hide under anonymity 24/7, you have to say what you are and be what you say.
I quite happily use social media etc for all the things I want to be public; if there's something that I don't want to be public, I don't put it on the internet at all...
Privacy is not just about what is public. A hidden camera in your bathroom is an invasion of your privacy regardless of whether the videos are made public. Social networking sites are littering the web with web bugs, tracking cookies, and other invasive methods of recording more than you explicitly share with them -- how is that not an invasion of privacy?
Keep in mind that it is possible to infer / derive a lot of meaningful data about you from a relatively small sample size.
From political leanings via social networks (personal associations are very strong data points) to samples of your personal writing style (see http://en.wikipedia.org/wiki/Stylometry )
There's a long and sordid history of people being persecuted and discriminated against because of their political opinions.
Sexual orientation can also often be derived from data such as your movie viewing preferences (ala NetFlix). You are no doubt aware that people have been discriminated against based on their sexual orientation as well.
Other data that is collected on you could be used for harrassment, stalking, and identity theft.
It's bad in that it is difficult for an individual to track exactly what they have revealed about themselves. It is very easy for someone to unintentionally reveal more than they may have intended.
(this is in reference to OP stating that they only use social media for posting things they don't mind being public)
For anyone looking to get cookies under control, which also keeps your browser much faster on low-end systems I've found[1], I can very much recommend the Firefox extension called "Self-destructing cookies"[2]. The first three days or so, you spend about five minutes configuring it (per day), after that it'll cost you no time at all.
Also another poll option: Https Everywhere. That way governments, secret services, carriers, transit networks, local network owners (school, open wifi networks, etc.), and hackers on the wifi networks have a much harder time spying on you.
Nice site! The labels are a bit clumsy, though. Have you considered using alternative visualization, such as treemaps? I use plottit to navigate through reddit threads because it shows comments arranged by karma in a treemap.
I disable javascript. It's the only way to fully prevent fingerprinting[1]. Unfortunately, many web developers don't know how to write websites in plain HTML, or they want to use AJAX without any graceful fallback.
I'm sure almost all of them know how. However, most web developers aren't trying to build websites as much as web applications which necessitate javascript.
I use a VPN - https://www.privateinternetaccess.com/ and I have been meaning to ask folks here if they have experience with the VPN service or is there anyone better out there.
I use them as well, but I find that I have a hard time trusting them. They haven't done anything to lose my trust, but nor have they done anything to gain it; they could just as easily be logging my every move, and I'd never know. But I can't really see a way around it, so I'll continue to do so and use end-to-end encryption when possible.
This is the exact same problem I have with DuckDuckGo.
I still use them, but they could be logging everything, for all I know.
It would be great if they were regularly and frequently audited by a third-party who has earned widespread trust and respect, like the EFF. Not that the EFF is in the audit business. But serious auditing of sites that claim to respect privacy is sorely needed.
I use PrivateInternetAccess as well, they make it pretty easy and I'm able to log multiple boxes on at once (my HTPC, laptop, Mac Pro) without them complaining.
Thanks, I started using the tools you had mentioned and it made things a little better for my paranoid self. I always needed something like Little Snitch.
I just run an OpenVPN server on a VPS that I use for other stuff as well. It works well, but I really only use it to secure public wifi and to keep my ISP out of my traffic since they started ridiculous policies like 6strikes.
I always assumed that a VPN would significantly degrade connection speeds, but it's turned out to only be a change of 20ms or less.
I use btguard because they also claim not to keep logs and a lot of people seem to believe them. But for all I know they could be a front for the FBI. And that's not the worst case scenario.
I use three different browsers: Firefox for real browsing, Safari for activities which require me to log in to a Google account, and Chrome for activities involving Facebook. If I want to move a link from one context to the other I use the clipboard.
I have never logged in to Facebook or Google on my phone. I don't feel confident that I know enough about Android to be sure my information isn't leaking.
We had our computers pretty well locked down but our mobile messages were still plain text so we wrote a whatsapp style mobile messenger over transparent end-to-end encryption. SURESPOT is free to use and open source, check out the source on GitHub, feedback is much appreciated.
www.surespot.me
That list makes me uncomfortable. I can't imagine doing all of it unless I was some criminal. But to each his own I guess because I don't really care what government or add company person is looking at me browsing reddit or programing forums. So nothing to hide, too much trouble and I don't care about my privacy. Now if I really wanted to hide my activities, I would be using tor BTW.
Plus I am a little optimistic about companies like Google/Apple/Microsoft. The risk involved in invading someone's privacy is definitely not nearly the worth of them getting caught and all the bad press. The ad companies and the government however I don't trust. Because they don't have a face to save. Someone gets busted, they shut down/resign and life goes on.
"I can't imagine doing all of it unless I was some criminal."
This is the #1 misconception about why people are concerned with privacy and it needs to stop. Not everyone who wants to protect their privacy is a criminal. Here are a few reasons you'd want to protect your privacy unrelated to criminal activities. I'm sure fellow HNers could add more to the list.
Private life away from work. Political enemies within the state. Private sexual fetish. Public personality who needs anonymity for some sense of a real life.
Another important one is private life away from family. You're probably thinking I'm referring to a cheating spouse but it's not only that. Many gay or atheist children are thrown out of their house when their parents discover that about their children.
There are many reasons law abiding citizens want privacy online. Please don't paint all privacy conscious people as criminals.
As I said in my comment, to each his own and I don't think badly of people who work to protect their privacy. It just so happens that I have nothing to hide, everyone knows about my sexual orientation, hobbies and political opinion (I have none). I happen to be in a state where I can (I believe) afford to not worry about anyone finding something about me that I don't want them to. Prn habits however always go to incognito, I don't have anything worthy of a TOR setup for example.
This also can be because I have never been stalked or harassed. If I were to go through that then maybe I would change my stance.
I think about what I post to what social network and some things I just don't post at all.
I think I still have privacy. I have private conversations with people via Skype, IM, Facebook, email. Is it possible that at some point those leak? Perhaps. It's just not likely enough that I chose to worry about it.
I value the benefits I get over these interactions over the tiny chance they may come back to eventually haunt me.
I chose to live in the now and not let myself be gripped by paranoia of what might be.