New Year Resolutions list

New Year's resolutions are notoriously difficult to maintain. Whether you're planning to eat better, quit smoking, exercise more or call your mother more frequently, it's easy enough at the start, but very few people maintain their resolutions past the 1st of February.

So we've put together this list of easy resolutions for you. Most require a little bit of work at the start but you'll still have all your New Year's momentum for that, and they'll help to protect your Digital Rights for years to come with barely any effort required past 1st February.

And, of course, there's no better time to sort out your online presence than the summer holidays...

1. Install a Password Manager

Most people know they should create strong and unique passwords for every system they use. In practice, this is of course all but impossible for most humans without assistance, which is why Password Managers (Password safes) were invented.

Installing a Password Manager is one of the most important steps you can take to protect your identity, finances and privacy. Password Managers make it simple to use strong and unique passwords for all your systems, and can be synched across multiple devices.

They're not totally infallible though - you'll have to remember the master password of course (make sure it's a strong one!), and if someone manages to get in to your Password Manager, they'll have full access to everything. So it's critical that you also maintain proper protection from malware, viruses, keyloggers etc, and avoid basic security mistakes like writing your master password on a Post-It note stuck on your monitor (this practice is sadly far too common)!

There is a wide range of password managers available. Here are some recent reviews to help you choose the right one for your needs:

Enable Two-Factor Authentication

Where available, you should also use 'Two-Factor Authentication', which usually involves entering a time-sensitive code generated by an app or sent via SMS, in addition to your password. Again, this is not infallible - if someone gets access to your phone, for example, this probably won't stop them accessing your accounts - but it is an extra layer of security. Check the settings, help or support sections of your various systems to see if they offer two-factor authentication. If they don't, you may want to contact the vendor to ask them when they will.

2. Protect your web surfing


Santeri Viinamäki: CC-BY-SA

You should of course never provide personal information, particularly including payment details, over an unencrypted link. You can tell whether your connection to a website is encrypted by looking at the URL - if it starts with just http then it's not encrypted. If it starts with https, then it is encrypted (the 's' of course stands for 'secure').

Using an https connection means that the data sent and received between your browser and the webserver is encrypted and your data is therefore protected should anyone intercept it while it's making the journey between them. Many of the most popular platforms now force https by default (including Facebook, Twitter and Gmail) and its use is becoming increasingly common across the web (you'll note that this website also forces an https connection).

HTTPS Everywhere

The simplest way to ensure that you're using a secure connection wherever one is available is to install HTTPS Everywhere. This browser add-on was developed by our friends at the Electronic Frontier Foundation (EFF) in the US and is currently available for the Chrome, Firefox and Opera browsers.

Avoiding Tracking

As you travel around the web, there are many systems that are trying to track your movements. You may have noticed that you'll sometimes be served advertisements that are directly related to searches or browsing you've recently done on other websites. This of course is no coincidence.

There are many browser add-ons you can install that enhance your privacy by preventing most or all of this tracking activity, including:

3. Encrypt your communications


Yuri Samoilov: CC-BY

Mobile phone-based communications, particularly text (SMS) messages, are inherently insecure. There are however a number of services that provide encryption for text messages and voice calls, most of which are very simple to install and configure.

Email is also inherently insecure and while it's a bit more work, it is relatively easy to implement encryption, depending on the email client you use.

Note: for all of these tools, the communication will only be encrypted end-to-end (ie from sender to receiver) if both sender and receiver have the relevant tool installed. So, once you're setup, make sure you encourage your contacts to do the same.


Signal is an increasingly popular messaging service that provides end-to-end encryption. It is endorsed by Edward Snowden and Bruce Schneier (one of the world's most respected security technologists) and is very easy to setup. It uses phone numbers for addressing, but uses your device's data connection, rather than its phone connection, to send and receive.


WhatsApp is another popular messaging service, which uses the same encryption technology as Signal.

It has however been the subject of ongoing controversy, primarily about whether or not it is possible to match WhatsApp and Facebook accounts (WhatsApp was acquired by Facebook in 2014).

It is used by Prime Minister Malcolm Turnbull and many other politicians, but you should read this warning first if you use, or are considering using WhatsApp.

Off-the-record (OTR)

OTR is a protocol that provides end-to-end encryption for multiple messaging platforms, including Google Hangouts, Yahoo! Messenger, Facebook Chat, Windows Live Messenger and ICQ.

Encryption for email

Encrypting email has been for a long time a relatively complex process that has prevented its widespread adoption, however there are now much more user-friendly options available.

ProtonMail - is a new email service that provides end-to-end encryption through web, Android and iOS clients. It is based in Switzerland, which has strict privacy laws. For more information, visit the ProtonMail website.

StartMail - is another new email service providing end-to-end encryption, from the people that run StartPage, which claims to be 'the world's most private search engine'. It's based in the Netherlands, which also has strict privacy laws. For more information, visit the StartMail website.

Tutanota - is a German-based provider that takes a different approach to most others and is able to provide encryption for subject lines and attachments as well as email content. For more information, visit the Tutanota website.

Gmail -  although Google announced in 2014 that it was working on an extension for their Chrome browser that would provide easy end-to-end encryption for Gmail, they have not as yet released a production version. There are however a number of third-party Chrome browser extensions that claim to provide end-to-end encryption for Gmail.

PGP - our friends at EFF have published guides for implementing encrypted email using the PGP (Pretty Good Privacy) standard and the Mozilla Thunderbird email client. This is what EFA uses for encrypted email (details on how to contact us are here):

4. Upgrade your social media privacy

There are a number of simple steps you can take to ensure you have greater control over how easy you are to find, and who gets to see your content on social media.

Privacy Settings

Obviously, you should first check your privacy settings. Facebook and Google, among others, have greatly simplified the process of managing your privacy settings on their platforms over the last few years, so you should start the new year with a thorough review.

Control how easy you are to identify

Just as using a unique password for every system gives you an extra level of protection, so does using a unique email address for each social media site. Doing this will create a disconnect between your various social media profiles and make it at least one step harder for people you don't want to find you to do so.

It's simple to do in Gmail - ie you can use [email protected] for Facebook and [email protected] for Twitter - but your best option is to register your own domain name and create a separate alias for each platform.

You can get your own domain name for $10 a year or less, and a good email service will cost you at least a few dollars a month. Over a year, it will be equivalent to the cost of having a Post Office box - roughly $10 a month and worth every cent. For specific advice on this (there are literally thousands of providers) please email socialmedia[AT] and we'll happily give you some good options to consider.

A couple of must-dos are:

  • don't publish your full date of birth - this is key information used by all sorts of organisations to authenticate your identity. Facebook will let you suppress either your full date of birth (in which case you won't get any love on your birthday except from people that independently know your birthday) or just the year (in which case you will still get all that love). If you choose the latter option, it won't be hard to work out your DoB, but there's no reason to make it easy.
  • use a nickname or pseudonym - this will make you just that much harder to find on social media. Note that Facebook has a 'real names' policy, so you'll need to consider this carefully, but they will accept nicknames, maiden names etc.
  • 5. Get involved with groups that work to protect your rights

    There are many ways to do this, such as:

More resources


1 comment

  1. Increasing one's privacy is surely a great newyears resolution and probably easier than some others like stop smoking ;-)

    I love your list. Notice that one new encrypted email provider is not mentioned in your list. Mailfence support openPGP and is interoperable with any other openPGP email service.

    In addition they support EFF and EDRI in the fight for electronic rights and digital privacy

    Comment by patrick stahle on 3 February 2017 at 20:27