Online privacy technique No. 4: Encrypted messages
While Tor will hide your IP address and SSL will protect your bits from the prying eyes of network bots, only encrypted mail can protect your message until it arrives. The encryption algorithm scrambles the message, and it's bundled as a string of what looks like random characters. This package travels directly to the recipient, who should be the only one who has the password for decrypting it.
Encryption software is more complicated to use and far less straightforward than SSL. Both sides must be running compatible software, and both must be ready to create the right keys and share them. The technology is not too complicated, but it requires much more active work.
There's also a wide range in quality of encryption packages. Some are simpler to use, which often makes for more weaknesses, and only the best can resist a more determined adversary. Unfortunately, cryptography is a rapidly evolving discipline that requires a deep knowledge of mathematics. Understanding the domain and making a decision about security can require a doctorate and years of experience. Despite the problems and limitations, even the worst programs are often strong enough to resist the average eavesdropper -- like someone abusing the system admin's power to read email.
Online privacy technique No. 5: Translucent databases
The typical website or database is a one-stop target for information thieves because all the information is stored in the clear. The traditional solution is to use strong passwords to create a wall or fortress around this data, but once anyone gets past the wall, the data is easy to access.
Another technique is to only store encrypted data and ensure all the encryption is done at the client before it is shipped across the Internet. Sites like these can often provide most of the same services as traditional websites or databases while offering much better guarantees against information leakage.
A number of techniques for applying this solution are described in my book "Translucent Databases." Many databases offer other encryption tools that can provide some or all of the benefits, and it's easy to add other encryption to the Web clients.
In the best examples, the encryption is used to obscure only the sensitive data, leaving the rest in the clear. This makes it possible to use the nonpersonal information for statistical analysis and data-mining algorithms.
Online privacy technique No. 6: Steganography
One of the most elusive and beguiling techniques is steganography, a term generally applied to the process of hiding a message so that it can't be found. Traditional encryption locks the data in a safe; steganography makes the safe disappear. To be more accurate, it disguises the safe to look like something innocuous, such as a houseplant or a cat.
The most common solutions involve changing some small part of the file in a way it won't be noticed. A single bit of a message, for instance, can be hidden in a single pixel by arranging the parity of the red and green components. If they're both even or both odd, then the pixel carries the message of 0. If one is even and one is odd, then it's a 1. To be more concrete, imagine a pixel with red, green and blue values of 128, 129, and 255. The red value is even, but the green value is odd, meaning the pixel is carrying the message of 1.
A short, one-bit message can be hidden by taking a file, agreeing upon a pixel, and making a small change in either the red or green value so that the pixel carries the right message. A one-bit change will be tiny and almost certainly not visible to the human, but a computer algorithm looking in the right place will be able to find it.