“Of all the things I've lost, I miss my privacy the most.”

It was a slippery slope. When I ventured online in the late 90s as a teenager, my digital presence was heavily quarantined—an alias username and avatar comprised the perfect incognito identity behind the anonymity of my keyboard. After all, in those days you’d never dream of putting your full name on the internet, let alone sharing your most awkward photos and the intimate details of your teenage angst.

Flash forward to 2003 when Myspace was a thing; we carefully began to curate photos and blogs, feverishly updating our ‘Top 8’ friends (apologies, Tom), and infinitely customising our profile pages to reflect our tastes and personalities. We listened to unsigned yet internet-famous newcomers like ‘Panic at the Disco’ and the ‘Arctic Monkeys’, while spending hours taking the perfect side-fringed selfie. If this all seems familiar, you've probably got a few candles on your cake too, my friend.

More than a decade later, our online privacy has become a slippery little sucker, slowly leaking out as the years pass us by. We’re out there now—full names and all—immortalised across social media from Facebook to LinkedIn. And as much as we love to point accusatory fingers at our Samsung TV, Bose headphones, and Uber app for dripping our personal info—the truth is that we’re partly the leakers (and have always been).

We’re quick to brand our kids as over-sharers, furiously documenting every minute detail of their increasingly transparent lives over social media. But recent research has found that teenagers are savvier than we give them credit for; the innovators of a new public form of privacy in fact. It seems our kids have collectively decided to broadcast a ‘light’ version of their lives, under the belief that “sharing at least a little bit affords more privacy than sharing nothing at all.” To teenagers ‘public’ and ‘private’ are no longer binary terms.

The logic behind this move? Their apparent “exhibitionism” dripping just enough titbits into the spotlight, while leaving plenty of room for people to not focus in on the things that are truly intimate in their lives. All that remains is a carefully tailored online facade, easy digestible by the most disconcerted of parents. Here’s looking at you, kid.

Withholding personal information is only one part of the puzzle for our teens, though. The most carefully crafted social media posts don’t amount to much if the corresponding security settings aren’t water tight. Nor will a clever Insta-post stand up to viruses, phishing attempts, location-based tracking, and the safeguarding of their digital footprint.

But never fear! I’m here to help you (and the fam’) with nbn’s top ten tips for keeping teens safer online.

The release of this list coincides with Privacy Awareness Week 2017, which runs from 15–19 May, aptly themed ‘Handle with Care.’  It’s a timely step-by-step guide designed to make teens think about the more technical controls governing how they share their personal information, and how to stop their leaks from becoming an online flood.

1) Share the bare minimum

Encourage your teens to have a think about how much personal information they reveal on social media and how much of that is public.

Setting up an online account? Teach your teens not to volunteer anything more than necessary (such as their name, contact number, and the address for delivery).

They should not need to answer personal questions or disclose information about income or education during a purchase. If a company asks the question, see if there’s an option to check-out as a “guest” instead.

2) Avoid single sign on

When your teen uses their Facebook or Gmail account to sign into other apps or accounts, they are giving permission for the new account to access the information they have shared on Facebook or with Google.

While single sign on offers the convenience of not having to create an entirely new account, it does allow data to cross-pollinate and aggregate across different platforms.

Here is a simple thing you can get your teens to do to improve their online privacy: log in to Facebook and head to Settings -> App Settings.

Click on expand to see all the apps that they have given permission to access their Facebook data. Click ‘Remove’ to prune the list to apps they actually use, ditching the rest.

When in doubt, delete. They can always add an app back if they decide to use it again down the track. Similarly, prune the apps they may have linked to their Gmail account.

3) Limit the information you provide to your apps

While your teen is there (Facebook -> Settings -> App Settings), looking at their newly pruned list, get them to select ‘Edit Settings’ for each remaining app via the pencil icon. Un-tick every option not specifically marked as ‘Required’.

It’s common for apps to cheekily request access to everything on offer—your date of birth, friends list, photos, emails, and more!

It’s also common for users to blithely click accept during installation without reading the Privacy Policy. Patch the leak now and if not needed, say no next time.  

4) Check your smartphone settings

Get your teen to delete any apps that they no longer use. Then head to ‘Settings’ and toggle which apps can track their location, access the camera and microphone, or view their photos.

Bear in mind that some apps may need certain types of information to function properly (think Siri using your microphone, or UberEats requesting your delivery location), but some apps don’t require as much access as your teen might have allowed them during installation.  

5) Say no to cookies

Your web browser knows all your secrets and will busily track and share that information behind the scenes. Taking advantage of private or incognito mode will mean your browser won’t save cookies, searches, or history.

Install a browser add-on like EFF’s Privacy Badger to stop advertisers and other third-parties from secretly tracking where they go and what pages they look at on the web.

If an advertiser seems to be tracking them across multiple websites without permission, Privacy Badger is designed to automatically block that advertiser from loading any more content in the browser. To the third party, it's like you’ve suddenly disappeared.

6) Avoid public wi-fi (or team with a VPN)

Lots of teens take advantage of public wi-fi, but what they may not realise is many of these public wireless hot spots are not secure, making it possible for others to snoop on their activity and track what they’re doing.

Encourage your teens to avoid hotspots that are run by people or organisations they don’t know and, if they’re prompted to select a network type, select ‘Public’ for added peace of mind. If they’re overseas or simply have to use public wi-fi, team it with a relatively inexpensive personal Virtual Public Network (VPN).

There are plenty on the market and by using a VPN, it will scramble (or encrypt) all of their traffic, helping to keep it safe from prying eyes.

7) Use great passwords

It’s important for everyone to keep a lid on their personal data, but this is pointless if your teenager is one of the millions of users still using ‘password’ as the key to unlock their accounts. Get them to shift their thinking from 'passwords' to 'passphrases'.

For a much harder to crack password, they could start with a phrase (or song lyric) they can remember, which can be spruced up with some capital letters, spaces, punctuation, and numbers thrown in for good measure.

Use Edward Snowden’s ‘un-hackable’ suggestion of “MargaretThatcheris110%SEXY” as your inspiration, and take it from there.  

8) Don’t reuse passwords

There have been a pile of data breaches in recent years (think Sony, Target, and Yahoo) and statistically your teen is likely to have been caught up in some of them.

Get them to visit ‘Have I been Pwned?’ to check if their personal information has been compromised during any reported breaches. They should change any leaked passwords immediately and retire those passwords permanently.

We’ve all been guilty of re-using usernames and passwords, and after a breach is publicised it’s common practice for hackers to try the stolen credentials from one website on other sites, hoping for a match.

9) Enable Two-Factor Authentication on your accounts

Logging on with a password or PIN is a form of single sign on (i.e. you use a singular method to access your accounts). 2FA provides an extra layer of security by combining something in your teen’s head (like a password) with something in their hand (like a text to their phone).

Only after they enter both parts (password + text code) can they access their account. The usual suspects have 2FA functionality already (think your bank, Apple, Paypal, and Facebook), but you’ll find a more extensive list here.  

10) Avoid scams (they’re getting craftier)

Online scams and malicious software aren’t always obvious, especially when the fraudsters use trusted brands and logos to look like the real deal.

If you’re getting scammed, chances are your teen is too. Encourage them to be savvy and to think carefully before they accept a communication is genuine.

Get them to try using a cut and paste of the exact wording from a dodgy-looking email in Google to suss out whether the email they’ve received has been flagged with Scam Watch.

Teach your teens to always type addresses into their browser manually (and never click on a hyperlink in an email or post) so that they visit the correct page, and not a dodgy one.

By running through our top ten tips with your teen you might find yourself closer to your goal of being waterproof.

Want more tips? The Office of the e-Safety Commissioner has you covered with their interactive iParent guide to staying private at home, at work, and on the run.

As part of PAW 2017, the Australian Information and Privacy Commissioner, Timothy Pilgrim, will have an open discussion with the eSafety Commissioner, Julie Inman-Grant, about digital privacy for teenagers. Sign up here.

Finally, join the Twitter conversation to #askoutloud during Privacy Awareness Week. Industry professionals will be on standby to answer your online privacy questions.

Now, if you’ll excuse me, I’m off to re-join Myspace. 

Check your address to see if you can connect to the nbn™ network.