I’m editing this article on a train, with two people beside me, two people across the aisle from me, and at least four behind me, all of whom could easily read what I am writing (and one of whom is actually trying, though I don’t think his English is good enough to know that I’m writing about him. It would be funny if he knew I was!). While nothing about this article is secretive—I’m about to publish it on the World Wide Web, after all—it reminds me of how easily privacy is violated in this world. The good news is that I’ve taken steps to ensure that no one around me can read this article until I publish it—read on to learn what those are!

It seems like every week I receive an email that some company with whom I do business has had a data breach. Just days ago, a hacker accessed the Social Security number of what appears to be every single user American.

With how much of our life is digital and online, and given the sophistication of hackers, it’s really a question of when your data will be compromised, not if. Fortunately, there are effective measures and some simple tools you can use to protect your electronic privacy.¹

Articles on The Prepared Expat may contain affiliate links that help support this site at no cost to you. The Prepared Expat articles do not constitute legal, medical, or financial advice and should not replace consultation with a qualified professional. See full disclosures & disclaimers.

A quick additional note to my standard disclosures: make sure to check & follow your host country’s laws before implementing any privacy protections. The last thing you want to do is to lose your freedom because you tried to protect your privacy! As always, be a law-abiding expat!

Why protecting your privacy matters

Though we face some unique challenges as expats, the reality is that everyone faces similar risks to the loss of digital privacy. Growing up in the US, an individualistic society, I place a greater personal value on privacy than many in the world (though, I hear, less than Germans). I see privacy as an inherent good, an internationally recognized human right which should be protected and respected. You may come from a different culture or have a different understanding of privacy, but let me encourage you to think of the consequences of your electronic privacy being compromised.

First, companies will get hacked. The more data that companies know about you, the more data that will be exposed when their systems are breached. The less private you are, the more easily you can become a victim of identity theft, which can have severe financial and emotional consequences. Criminals—and even governments—buy and trade data from breaches on the dark web. You don’t want yours to be sold and traded to the highest bidder.

Second, criminals will attack you. The more data about you that is exposed, the more is available to criminals who want to use it to blackmail you. Even if you have nothing to hide or have done nothing wrong, I’d wager you wouldn’t want a criminal to expose a record of all your online activity, sites you’ve visited, things you’ve bought, places you’ve researched, people you’ve talked to, etc. Criminals know this and victimize people because of it.

Third, once privacy is lost, you can’t regain it. Once something is “on the internet” or exposed on the dark web, it’s impossible to delete. You may think you don’t need a great deal of privacy at the moment because you’re not a public figure, but if you ever were to become one, all your previously-revealed information can come back to hurt you.

Just think of the dentist who shot Cecil the lion and accidentally went viral. His home was vandalized, his dental clinic was inundated with protesters, and his family received threats. He wasn’t a “high profile” person like a politician or business CEO, but all of this happened because his life wasn’t private and, one fatal hunt later, suddenly he was known all over the internet.

Fourth, employees misuse data. Even companies with good reputations and privacy-respecting policies are subject to inside jobs, where employees misuse data. A quick search of “employee misuse of data” should terrify you.

Fifth, because your device’s permissions aren’t enough to protect you. Devices rightly ask your permission to allow an app to use your mic or camera, for example. If an app is necessary and comes from a reputable company, you’ll probably give it the permissions it needs. But a hack just this last week of Microsoft’s Office Suite demonstrates how even the best software from the best companies can be compromised. These hackers were able to use the privacy permissions already given to Office in order to compromise user’s mics and cameras.

Sixth, because the US government is a data hound. On behalf of Americans everywhere, I apologize for my government’s massive surveillance programs. If you want to see how bad it is, check out Proton’s examination of the US’ warrantless surveillance programs which includes this crazy line “Every public router you’ve ever used could be turned into an NSA listening post.” Unfortunately, I’m sure other governments do the same thing, including, possibly, your host country.

Why your privacy is at risk

Despite increasing government regulations to try to protect digital privacy, the reality is that the more information a company knows about you, the more money they can make by selling you ads or selling your information to a company that will sell you ads. Facebook and Google, in particular, sell ads to companies that want to reach people like you, so the more data they have about you, the more ads and higher-priced ads they can sell. Since Facebook and Google are two of the biggest companies in the world, it’s hard to escape their reach. They have tens of thousands of people trying to come up with creative ways to suck up more information about you—and they’re not the only companies trying to get your data.

And this is just the legal bit. Criminals compromise personal data and then buy and sell it on the dark web in attempts to blackmail, hack, or make money in some other nefarious ways.

As expats, we face an extra risk because our host government may track and collect data on foreign visitors. There are legitimate reasons why governments do this, and nefarious reasons, but foreigners generally have fewer legal protections than citizens, making it easier for governments to violate the privacy of foreigners without consequence.

In addition, as expats we face greater in-person privacy threats because we stand out and may be specifically targeted by thieves or just by curious people with different cultural values. In what is still a bizarre incident to me, I was once at Starbucks and an older man scooted to within 2 feet of me on the bench, leaned over, and stared at my computer screen with no qualms whatsoever. Privacy is different as an expat.

Ten simple measures to protect your electronic privacy

Articles about electronic privacy are typically written by nerds and get into the weeds about technical solutions that most people can’t implement or find incredibly inconvenient to do. That’s not this article. Instead, I’m going to share some incredibly simple steps you can take to protect your privacy. My goal is that even the least tech-minded of you can implement these things even today.

1. Get privacy filters

Privacy filters are special filters that overlay your computer or phone screens and prevent others from viewing your screen. How they do this is by reducing the angle where your screen is visible. A typical screen can be viewed and read even from the side, but with a privacy filter, it can only be viewed nearly straight-on. If you use your device in public for things that you’d like to stay private (e.g., finances), you really should get a privacy screen

The privacy filter for my computer attaches via magnets, so it’s super easy to put on or take off. I keep the screen in my bag and, anytime I don’t want the world to stare at what I’m doing, I pop it on. That’s why, try as he might, the guy behind me on the train can’t read what I’m writing. Chalk up a win for privacy.

Because of how privacy screens work, they make your screen appear slightly dimmer than it would be without one. That’s worth the tradeoff to me, but it is one reason why I like the removable kind of privacy filter so, if I need full brightness, I can have it.

2. Use Mic Locks

Mic Locks are small, super clever devices that you plug into your computer or phone. They tell your device that the Mic Lock is a microphone, so your device won’t use its normal microphone but expects to get audio from the Mic Lock. However, the device doesn’t actually have a microphone, so there’s no audio for a bad actor or app to intercept. The result is that, with a Mic Lock attached, your device’s microphone can’t be used against it.² It’s a brilliant, yet simple, design.

Mic Locks are particularly useful for apps that you don’t trust but which you need to give microphone access to. For example, I’ve given microphone access to WhatsApp, but I don’t particularly trust it since it’s owned by Facebook. Rather than going into the settings and toggling it on every time I want to use the microphone,I can just pop the Mic Lock in and out of my device.

3. Cover your camera

Years ago, the internet took note that Mark Zuckerberg covers his computer’s camera with tape. Of all people in the world, he should have robust security for his devices, yet no device security is as effective as physically blocking the camera.³

3 things about this photo of Zuck:

Camera covered with tape
Mic jack covered with tape
Email client is Thunderbird pic.twitter.com/vdQlF7RjQt

— Chris Olson (@topherolson) June 21, 2016

Unfortunately, compromising a device’s camera is easier than you’d think, but protecting against it is quite simple. All you need to cover your camera is a solid (non-transparent) piece of tape over the lens. This way, even if a hacker compromised your device and accessed your camera, all they would see is the dark inside of the tap.

If putting tape on and pulling it off when you need to use the camera is tedious, then you can buy a camera cover with a built-in slide that makes it convenient to cover and uncover the lens.

4. Protect your location

The unfortunate reality is that our phones are constantly tracking our location; sometimes you want that (e.g. mapping, emergency services, finding a lost device, etc.), but it does expose you to privacy risks. I don’t know about your host country, but an immense amount of location data is public and available for sale in the US.⁴ Here are just some ways that we know location data has been misused:

• Location information from a Muslim prayer app was collected and sold to military contractors..
• US federal agencies were found to be buying location data in order to enforce immigration laws.
• A Catholic news service used location data it purchased in order to discover that one of its priests visited gay bars.
• An advertising firm used location data to identify women who visited abortion clinics while another targeted people who attend church.

Now, the US is apparently (finally) taking steps to stop this practice, and US carriers have pledged to stop selling location data, but no regulation is a substitute for your own protection, especially since your host country may not have the same regulations.

Many folks believe turning on Airplane Mode prevents tracking, but it doesn’t. A phone can be tracked even when turned off. The only way to guarantee a device can’t be tracked is to cut off all signals by using a Faraday bag.

A Faraday cage or Faraday bag is a specially made bag that blocks all signals to and from a phone so that it cannot be tracked. Unfortunately, a Faraday bag also blocks your phone’s cell signal, so you can’t receive a phone call when the phone is in the bag. This makes it a less-than-ideal solution for daily life, but it is a good solution for specific times when you don’t want your location to be tracked.

5. Get USB Condoms

In 2023, the FBI warned that criminals were using public charging stations to inject malware into devices in a process called “juice jacking.” Basically, when you plug your device into a compromised USB charging port, criminals can use your device’s connection to that port to deliver malware that infects your device.

Security researcher Caleb Barlow described using a public USB charge port this way:

Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been.

How do you prevent this? One solution is to never use a USB charging port that you don’t personally own—just carry your own charger and only charge by plugging into an outlet. Unfortunately, there are times when you need to charge but there is no outlet where you can plug in your own charger.

Instead, use protection in the form of a USB condom. It’s a simple device that blocks the data connections in a USB charging port but still allows power to flow through. In other words, a USB condom allows you to charge your device but prevents the USB port from sending any data, including malware, onto your device.

6. Use wired headphones

In 2021, the internet went crazy over the fact that Kamala Harris insists on using wired headphones for her phone, but security researchers were quick to point out that Bluetooth headphones pose a clear security risk. Bluetooth uses an old security protocol which makes it susceptible to data theft (called Bluesnarfing). Incredibly, Bluesnarf attacks can compromise the contents of an entire device from up to 300 feet away. Yes, that far.

BTW, should you think that you aren’t at risk because you use Apple AirPods, don’t. In June of 2024 (just 2 months ago), a bug was found affecting AirPods & Beats headphones which allowed hackers to eavesdrop on the device. It’s fixed now, but that doesn’t mean there are others out there.

Now, you may or may not be a target of a Bluesnarfing attack. The Vice-President of the US definitely is, as nearly every government in the world would like to eavesdrop on her conversations. But if you’d like to ensure that the contents of your phone calls aren’t exposed, stick with wired headphones rather than adopting Bluetooth headphones. I try not to be paranoid about this and will use Bluetooth headphones for calling friends and family, etc., but if I’m calling my bank or going to be dealing with financial information, I’ll plug in my annoying-but-secure wired headphones.

7. Download a privacy-protecting browser

Websites are full of incredibly sophisticated trackers so that companies can sell you ads. Instead of using a browser made by a company that collects data and sells ads (Chrome), choose a browser that was built specifically to protect your privacy: Mozilla Firefox. Alternatively, for people in Apple’s ecosystem, Safari has increasingly made its privacy protections a selling point.⁵

8. Use private chat apps

You definitely have to chat with other people, but many chat apps and services collect data and many have incredibly poor security protocols. Choose an app that is secure and private and get your friends and family to use it as well.

Which apps are secure and private? Look for ones that feature end-to-end encryption (E2EE), as only those chat apps are impossible for anyone else to read. The US National Security Administration in 2020 published a helpful analysis of chat and telework apps, though the list is now a bit dated. A more recent comparison was published by Apple in 2024, though it’s obviously biased towards Apple’s iMessage. Still, the list of chat apps and their relative security is helpful so you can try to use chat apps that are secure and thus private.

Do note that some of the apps mentioned in the above articles may be illegal or blocked in some countries. As always, I encourage you to know and follow all the laws of your host country, whatever they may be.

9. Utilize private email

Although every email provider, including Google, claims that its email is secure and private, not all email is equal when it comes to security and privacy. In fact, in this security researcher’s list of the “Top 14” most secure email providers, Gmail isn’t even on the list.

On the other hand, the number one email service on that list, ProtonMail is designed from the ground-up to be as secure as possible and is subjected to 3rd party audits of its code to back up its security claims. If you search “Protonmail v. Gmail”, you’ll find that experts consistently rate Protonmail as more secure.⁶

If you’re interested in preserving your security, you really can’t do better than ProtonMail.

I’ve heard that Protonmail may be blocked in some countries. As always, I encourage you to know and follow all the laws of your host country, whatever they may be.

10. Don’t trust USBs

USB drives are super convenient for sharing files, but they are a security nightmare for your devices. It’s incredibly easy for malware or a virus to be hidden onto a USB device and infect your computer once you plug it in. Unfortunately, unless a USB is brand-new and has never been plugged into a computer, there’s no way to know if it contains malware until you plug it in.⁷

• The US Department of Defense was breached via a USB left in a parking lot near a military center. A well-meaning employee plugged it in to try to locate the owner of the USB, and it took months to eradicate the virus.
• The Stuxnet virus that crippled Iranian nuclear power plants, too, was delivered via USB.
• USB drives were used to cripple US power plants.

Most people say not to plug in a USB that is unknown and not trusted, but the pernicious reality of USBs is that, once you plug it into a computer that could be infected, you can no longer trust the USB. Plug a trusted USB into your trusted computer and you’re fine, but then take it to the computer at a print shop and plug it in… who knows what kind of malware is on that computer and has transferred itself onto your device.

Karsten Nohl, chief scientist at Security Research Labs, says:

“Every time anybody connects a USB device to your computer, you fully trust them with your computer. It’s the equivalent of [saying] ‘here’s my computer; I’m going to walk away for 10 minutes. Please don’t do anything evil.'”

You really shouldn’t trust any USB that has been plugged into any other device that you cannot trust or that has ever had an untrusted USB in it. Which means that while you can plug a brand new USB into your device, you can’t plug it back into your device after you’ve plugged it into any other device.⁸ Disposable USBs, anyone?

A better option is to use AirDrop (or an Android equivalent) to share files or to use secure cloud file sharing. Fortunately, there are a lot of good sharing options today that you can use instead of USBs.

Conclusion

In a world where digital threats are ever-present, taking steps to protect your electronic privacy is not just advisable—it’s essential. By implementing simple tools like privacy filters, Mic Locks, and secure browsing habits, you can significantly reduce your vulnerability to hackers, malware, and unwanted surveillance.⁹ These measures not only safeguard your personal information but also help maintain your peace of mind in an increasingly connected world.

As an expat, the risks to your digital privacy can be even greater, with additional challenges posed by different legal systems and cultural norms. However, with the right strategies in place, you can effectively shield your digital life from prying eyes and potential threats. By staying vigilant and adopting these straightforward practices, you ensure that your private information remains exactly that—private.

Footnotes

1. There is a distinction between privacy and security that may be important to note. You can be secure but not private. For example, if no one can hack into your email, then it is secure, but if your email provider knows your name, address, credit card, phone number, and every location where you’ve ever logged into your email, then it’s not very private. On the other hand, it’s hard to have privacy if nothing is secure: if your email provider knows nothing about you, but the hacker gains access to your email account because it’s not secure, then tons of your private information (your emails) is exposed. I’m thus not making huge distinction between privacy and security in this article. ↩︎
2. A hacker would have to be able to have administrative control of your device to choose a different audio input source. While that’s possible with a Mic-Lock attached, you should be able to notice if audio input is changed. Also, it’s far harder for a hacker to gain administrative control of a device than it is for them to access a microphone. ↩︎
3. There’s another piece of tape on the side and I haven’t been able to figure out whether it’s covering a microphone (which would make some sense), an audio jack (which wouldn’t in any way I know of), or something else. If you know, let me know!. ↩︎
4. If you want to be deeply disturbed, read about this practice from the Electronic Frontier Foundation or this exposé on the practice. ↩︎
5. There are other, even more private browsers out there that are, shall we say, layered and named after vegetables. But because they’re illegal in many countries and associated with criminal activity, I’m not gonna write about them here. ↩︎
6. See comparisons by Android Authority, HowToGeek, CleanEmail, TechRadar, TechNorms and others. It really is quite clear which is more secure and thus more private. ↩︎
7. Some USBs feature on-device malware and virus scanning, but these are typically quite expensive and still aren’t foolproof. ↩︎
8. Assuming, of course, that you can trust that the manufacturer hasn’t loaded malware on the device and that someone didn’t intercept it and install malware on it before you got it. I say that not because I’m paranoid but because the US has both intercepting hardware and installed backdoors en route and created electronics that look the same as originals. ↩︎
9. Astute readers will know that there’s an 11th practice which you should do but which this article doesn’t mention, a certain kind of software whose relationship to privacy is very pertinent and natural. I’m aware of this lapse, I just don’t talk about that software for reasons that are various, personal, and necessary. The first rule of Fight Club… ↩︎