Do you take your privacy online seriously?
Most people do not. They have an ideal scenario of how private their online activities should be, but they rarely do anything to achieve it.
The problem is that the bad actors know and trust this fact, and that is why there has been a steady increase in cases of identity theft from 2013 to 2017. The victims of these cases often suffer a loss of reputation or problems financial
If you take your privacy online seriously, follow this 10-step guide to protect it.
1. Beware of Internet service providers
You may not know it, but your ISP may already know everything about your online searches.
Every time you search for something online, your browser sends a query to a DNS server. However, before the query reaches a DNS server, it must first go through your ISP. It goes without saying that your ISP can easily read and monitor these queries, which gives you a window to your online activity.
Not all ISPs monitor their browser's queries, but those that are not are the exception and not the rule. Most ISPs will keep records of your web browsing for a period of a few months to a year. Most ISPs do not record your text messages, but they keep records of who sent you a text message.
There are two ways to protect your privacy if you do not want your ISP to monitor your browser's queries: 1) If possible, switch to an ISP that does not monitor your data online. or 2) Obtain a VPN to protect your data (more on this later).
2. Strengthen and protect your login credentials
One thing that most people take for granted are the login credentials they use to access their many online accounts. Your username and password are the only things that prevent your information and privileges from reaching the wrong hands. That is why it is important that they be as strong as possible.
Choose a solid username that is simple and easy to remember, but can not be easily linked to your identity. This is to prevent hackers guessing correctly your username according to your name, age or date of birth. You'd be surprised how cleverly hackers can find this information. Also, never use your Social Security Number as your username.
Next, choose a secure password. There are many ways to do this, but we can reduce them to two options: 1) Learn how to create strong passwords; or 2) Use a password manager application.
Learning to make a secure password takes time and imagination. Do you want to know what are the most common passwords? They are "1234", "12345", "0000", "password" and "qwerty", without imagination. A password that combines your name and date of birth will not cut it. Neither will a password that uses any word found in the dictionary.
You must use a combination of uppercase and lowercase letters, numbers and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to discover. In fact, you can test your password if you want to see how long it will take to decrypt.
If you do not have the time and imagination to formulate a secure and complex password, you can use one of the six best password managers. These applications not only save you the trouble of memorizing your complex passwords, they also automatically complete the online login forms and formulate strong passwords for you.
It is up to you if you want to learn how to create strong passwords or choose to install a password manager application. However, what you should never neglect is 2FA (2 factor authentication). 2FA adds an extra layer of protection for your passwords in case someone learns what they are. In fact, you may have already tried it when you signed into an account on a new device.
The application or service requires you to enter the access code sent to another of your devices (usually your phone) before you are granted access to your account. Failure to provide this access code blocks it from your account. This means that even if the hackers get their login credentials in some way, they can not log in to your account without the access code.
Never use the same user names or passwords for different accounts. This prevents hackers from accessing multiple accounts with only one or more of their login credentials. Also, never share your login credentials with anyone, even your partner.
3. Check the WiFi you are using
Have you ever heard of a KRACK attack? It is a cybernetic attack proof of concept that is done by infiltrating your WiFi connection. The hacker can steal information, such as browsing data, personal information and even the content of text messages.
The problem is that not even WPA2 encryption can stop it. This is the reason why the WiFi Alliance started the development of WPA3, which was officially presented this summer.
Do you need WPA3 to defend against KRACK attacks? No. You only need to install security updates when they are available. This is because security updates ensure that a key is installed only once, which prevents KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and using a VPN.
You can also use a VPN to protect your device each time you connect to a public network. Prevent hackers from stealing your information through a MitM attack (Man in the Middle), or if the network you have connected to is actually a malicious network.
4. Look at your browser
If you read the Terms of Use and the Privacy Policy of your browser's company, they may actually track your online activities. They then sell this information to advertising companies that use methods such as analysis to create a profile for each user. This information is used to create those annoying segmented ads.
For the most part, web cookies are harmless. They are used to remember your preferences online, such as web form entries and shopping cart content. However, some cookies (third-party cookies) are created specifically to remain active even on websites from which they did not originate. They also track their behavior online through the sites they visit and monitor what they click on.
That's why it's a good idea to erase cookies from the Web from time to time. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an inconvenient browsing experience in general.
Another way to approach the monitoring problem is to use the incognito mode of your browser. Your browser will not save visited sites, cookies or online forms while you are in this mode, but your activities may be visible on the websites you visit, your employer or school and your ISP.
The best way I've found so far is to replace your browser with an anonymous browser.
An example is TOR (The Onion Browser). TOR is a browser made specifically to protect the user's privacy. It does this by wrapping your data online in several layers of encryption and then "bouncing" them for the same number of times before finally reaching the correct DNS server.
Another example is the epic browser. Although this browser does not run on an onion network such as TOR, it eliminates the usual privacy threats, such as browsing history, DNS pre-search, third-party cookies, web or DNS caches, and auto-complete functions . Automatically deletes all session data once you close the browser.
SRWare Iron will be familiar to Google Chrome users, as it is based on the Chromium open source project. However, unlike Chrome, it gets rid of data privacy issues, such as the use of a unique user ID and personalized search suggestions.
These three are the best I've found, but there are other alternatives out there. Regardless of the privacy browser you choose, make sure it is compatible with your VPN, since not all privacy browsers support VPN, and vice versa.
5. Use a private search engine
Presenting similar risks to popular browsers are the search engines that many people use. Most browser companies also produce their own search engine, which, like the browser, also tracks their searches online. These searches can be traced back to your personal identity by linking them to your computer, account or IP address.
Apart from that, the search engines keep information about their location and use for several days. What most people do not know is that people in the legal field can use the information collected by the search engines.
If this worries you, you can switch to a private search engine. These private search engines often work in the same way: they get search results from various sources and do not use personalized search results.
Some of the most popular private search engines include DuckDuckGo, Fireball and Search Encrypt.
6. Install a VPN
What is a VPN and why do I highly recommend it?
A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your data online and hiding your real IP address.
As you know how online searches are done, you already know that the ISP or anyone else can easily read browser queries. This is because your online data, by default, is not encrypted. It consists of plain text contained in data packets.
He also knows that not even the built-in WPA2 encryption is good enough to protect against certain attacks.
This is where a VPN comes in. The VPN processes your data online through secure tunnels until it reaches your desired DNS server. Anyone who intercepts your browsing data will find an illegible jargon in their place.
You may hear advice against trusting VPNs with your security. Actually I am inclined to accept partially, not all VPNs are secure. However, that does not mean that all VPNs are not secure.
The unsafe VPNs I refer to are the types of "free lunch" that promise to be free forever, but actually use or sell your data to advertising companies. Use only the most secure VPN services you can find.
A VPN is primarily a security tool. While you can enjoy the privacy of its functions, you'll want to link it with a privacy browser and a search engine to get the full privacy experience.
A VPN can not protect your computer or device from malware that is already present. That's why I always recommend using a VPN along with a good antivirus program and firewall.
Some popular browsers run the WebRTC protocols by default. You have to deactivate this protocol. This protocol compromises the security of a VPN by allowing its true IP address to be read.
7. Beware of phishing
You may have the best VPN, anonymous browser and private search engine in the market, but they will not do you any good if you're hooked on a phishing scam.
Phishing employs psychological analysis and social engineering to trick users into clicking on a malicious link. This malicious link can contain anything from viruses to cryptojackers.
While phishing attacks are usually sent to many people, there is a more personalized way called "spearfishing". In that case, hackers try to defraud a specific person (usually a senior official in a company) using information that is available only to a few selected people that the target knows.
So, how to prevent phishing attacks from being affected?
The first option is to learn to identify phishing attempts. Be careful with messages from people you do not know. Roll over a link before clicking to make sure you navigate to the site it represents. Most importantly, remember that if it is too good to be true, it most likely is.
The second option is to install an anti-phishing toolbar. This software prevents phishing by checking the links where you click on a list of sites known to harbor malware or those that cheat you to reveal financial or personal information.
Then, it will tell you, once you determine the link to connect to one of those sites, and it will provide a way back to safety.
The best examples I have found are OpenDNS, Windows Defender Browser Protection and Avira Browser Safety.
8. Encrypt your communications
If you've been following the tech news in recent months, you may have found an article about the FBI wanting to break Facebook Messenger encryption. Say what you want about the social networking giant, but this news reveals one thing: even the FBI can not decipher encrypted messages without help.
That is why you should always use the "encryption mode" in your messaging applications. Applications like Signal, Telegram and Threema come with end-to-end encryption and support for text, calls and even video calls.
If you require constant use of emails, ProtonMail, Tutanota, Mailinator and MailFence are excellent alternatives to popular email services that actually control your email content.
9. Look what you share on social networks
Social networks have become one of the best ways to keep in touch with important people in our lives. Catching up with everyone we care about is just a few clicks away. That said, we're not the only ones who look at their profiles.
Hackers actually frequent social networking sites while searching for any personal information they can steal. They can even circumvent your "just friends" information by adding you as a friend using a fake account. I do not think I should mention the problems that hackers can cause once they have stolen their identity.
That's why you should be careful with what you share on social networks. You never know if the hackers are using the photos you share to attack you in your next attack. You may want to skip completing your profile completely. Avoid giving your phone number or home, and maybe use a private email to register.
10. Update early and often
You may have heard this before, but it's worth repeating now: do not ignore system updates. You may not know it, but the updates correct many vulnerabilities that could compromise your privacy online.
Most people postpone the installation of updates, as they always appear at inopportune times. Sometimes we just can not stand the drop in performance or Internet speed while the updates are installed.
In general, it is better to suffer the minor inconveniences caused in time, instead of risking being caught in the whirlwind of problems that hackers can cause if you should be directed. Most programs and applications now come with an automatic update feature, so you will not have to search for them and download them manually.
In conclusion
Privacy is a human right, and our online privacy must be taken seriously. Do not stop taking the necessary steps to protect yours.
Beware of your Internet service provider and always protect your login credentials, no matter how strong they are. Remember to check the network you are connecting to before logging in.
Observe what your browser and search engine do, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an anti-phishing toolbar.
Always use encrypted messages and observe what you share on social networks. Finally, never ignore system updates when they are available.
Follow these steps and you will soon be on your way to a more private browsing experience.
Most people do not. They have an ideal scenario of how private their online activities should be, but they rarely do anything to achieve it.
The problem is that the bad actors know and trust this fact, and that is why there has been a steady increase in cases of identity theft from 2013 to 2017. The victims of these cases often suffer a loss of reputation or problems financial
If you take your privacy online seriously, follow this 10-step guide to protect it.
1. Beware of Internet service providers
You may not know it, but your ISP may already know everything about your online searches.
Every time you search for something online, your browser sends a query to a DNS server. However, before the query reaches a DNS server, it must first go through your ISP. It goes without saying that your ISP can easily read and monitor these queries, which gives you a window to your online activity.
Not all ISPs monitor their browser's queries, but those that are not are the exception and not the rule. Most ISPs will keep records of your web browsing for a period of a few months to a year. Most ISPs do not record your text messages, but they keep records of who sent you a text message.
There are two ways to protect your privacy if you do not want your ISP to monitor your browser's queries: 1) If possible, switch to an ISP that does not monitor your data online. or 2) Obtain a VPN to protect your data (more on this later).
2. Strengthen and protect your login credentials
One thing that most people take for granted are the login credentials they use to access their many online accounts. Your username and password are the only things that prevent your information and privileges from reaching the wrong hands. That is why it is important that they be as strong as possible.
Choose a solid username that is simple and easy to remember, but can not be easily linked to your identity. This is to prevent hackers guessing correctly your username according to your name, age or date of birth. You'd be surprised how cleverly hackers can find this information. Also, never use your Social Security Number as your username.
Next, choose a secure password. There are many ways to do this, but we can reduce them to two options: 1) Learn how to create strong passwords; or 2) Use a password manager application.
Learning to make a secure password takes time and imagination. Do you want to know what are the most common passwords? They are "1234", "12345", "0000", "password" and "qwerty", without imagination. A password that combines your name and date of birth will not cut it. Neither will a password that uses any word found in the dictionary.
You must use a combination of uppercase and lowercase letters, numbers and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to discover. In fact, you can test your password if you want to see how long it will take to decrypt.
If you do not have the time and imagination to formulate a secure and complex password, you can use one of the six best password managers. These applications not only save you the trouble of memorizing your complex passwords, they also automatically complete the online login forms and formulate strong passwords for you.
It is up to you if you want to learn how to create strong passwords or choose to install a password manager application. However, what you should never neglect is 2FA (2 factor authentication). 2FA adds an extra layer of protection for your passwords in case someone learns what they are. In fact, you may have already tried it when you signed into an account on a new device.
The application or service requires you to enter the access code sent to another of your devices (usually your phone) before you are granted access to your account. Failure to provide this access code blocks it from your account. This means that even if the hackers get their login credentials in some way, they can not log in to your account without the access code.
Never use the same user names or passwords for different accounts. This prevents hackers from accessing multiple accounts with only one or more of their login credentials. Also, never share your login credentials with anyone, even your partner.
3. Check the WiFi you are using
Have you ever heard of a KRACK attack? It is a cybernetic attack proof of concept that is done by infiltrating your WiFi connection. The hacker can steal information, such as browsing data, personal information and even the content of text messages.
The problem is that not even WPA2 encryption can stop it. This is the reason why the WiFi Alliance started the development of WPA3, which was officially presented this summer.
Do you need WPA3 to defend against KRACK attacks? No. You only need to install security updates when they are available. This is because security updates ensure that a key is installed only once, which prevents KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and using a VPN.
You can also use a VPN to protect your device each time you connect to a public network. Prevent hackers from stealing your information through a MitM attack (Man in the Middle), or if the network you have connected to is actually a malicious network.
4. Look at your browser
If you read the Terms of Use and the Privacy Policy of your browser's company, they may actually track your online activities. They then sell this information to advertising companies that use methods such as analysis to create a profile for each user. This information is used to create those annoying segmented ads.
- How do they do that?
- Answer: Web cookies.
For the most part, web cookies are harmless. They are used to remember your preferences online, such as web form entries and shopping cart content. However, some cookies (third-party cookies) are created specifically to remain active even on websites from which they did not originate. They also track their behavior online through the sites they visit and monitor what they click on.
That's why it's a good idea to erase cookies from the Web from time to time. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an inconvenient browsing experience in general.
Another way to approach the monitoring problem is to use the incognito mode of your browser. Your browser will not save visited sites, cookies or online forms while you are in this mode, but your activities may be visible on the websites you visit, your employer or school and your ISP.
The best way I've found so far is to replace your browser with an anonymous browser.
An example is TOR (The Onion Browser). TOR is a browser made specifically to protect the user's privacy. It does this by wrapping your data online in several layers of encryption and then "bouncing" them for the same number of times before finally reaching the correct DNS server.
Another example is the epic browser. Although this browser does not run on an onion network such as TOR, it eliminates the usual privacy threats, such as browsing history, DNS pre-search, third-party cookies, web or DNS caches, and auto-complete functions . Automatically deletes all session data once you close the browser.
SRWare Iron will be familiar to Google Chrome users, as it is based on the Chromium open source project. However, unlike Chrome, it gets rid of data privacy issues, such as the use of a unique user ID and personalized search suggestions.
These three are the best I've found, but there are other alternatives out there. Regardless of the privacy browser you choose, make sure it is compatible with your VPN, since not all privacy browsers support VPN, and vice versa.
5. Use a private search engine
Presenting similar risks to popular browsers are the search engines that many people use. Most browser companies also produce their own search engine, which, like the browser, also tracks their searches online. These searches can be traced back to your personal identity by linking them to your computer, account or IP address.
Apart from that, the search engines keep information about their location and use for several days. What most people do not know is that people in the legal field can use the information collected by the search engines.
If this worries you, you can switch to a private search engine. These private search engines often work in the same way: they get search results from various sources and do not use personalized search results.
Some of the most popular private search engines include DuckDuckGo, Fireball and Search Encrypt.
6. Install a VPN
What is a VPN and why do I highly recommend it?
A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your data online and hiding your real IP address.
As you know how online searches are done, you already know that the ISP or anyone else can easily read browser queries. This is because your online data, by default, is not encrypted. It consists of plain text contained in data packets.
He also knows that not even the built-in WPA2 encryption is good enough to protect against certain attacks.
This is where a VPN comes in. The VPN processes your data online through secure tunnels until it reaches your desired DNS server. Anyone who intercepts your browsing data will find an illegible jargon in their place.
You may hear advice against trusting VPNs with your security. Actually I am inclined to accept partially, not all VPNs are secure. However, that does not mean that all VPNs are not secure.
The unsafe VPNs I refer to are the types of "free lunch" that promise to be free forever, but actually use or sell your data to advertising companies. Use only the most secure VPN services you can find.
A VPN is primarily a security tool. While you can enjoy the privacy of its functions, you'll want to link it with a privacy browser and a search engine to get the full privacy experience.
A VPN can not protect your computer or device from malware that is already present. That's why I always recommend using a VPN along with a good antivirus program and firewall.
Some popular browsers run the WebRTC protocols by default. You have to deactivate this protocol. This protocol compromises the security of a VPN by allowing its true IP address to be read.
7. Beware of phishing
You may have the best VPN, anonymous browser and private search engine in the market, but they will not do you any good if you're hooked on a phishing scam.
Phishing employs psychological analysis and social engineering to trick users into clicking on a malicious link. This malicious link can contain anything from viruses to cryptojackers.
While phishing attacks are usually sent to many people, there is a more personalized way called "spearfishing". In that case, hackers try to defraud a specific person (usually a senior official in a company) using information that is available only to a few selected people that the target knows.
So, how to prevent phishing attacks from being affected?
The first option is to learn to identify phishing attempts. Be careful with messages from people you do not know. Roll over a link before clicking to make sure you navigate to the site it represents. Most importantly, remember that if it is too good to be true, it most likely is.
The second option is to install an anti-phishing toolbar. This software prevents phishing by checking the links where you click on a list of sites known to harbor malware or those that cheat you to reveal financial or personal information.
Then, it will tell you, once you determine the link to connect to one of those sites, and it will provide a way back to safety.
The best examples I have found are OpenDNS, Windows Defender Browser Protection and Avira Browser Safety.
8. Encrypt your communications
If you've been following the tech news in recent months, you may have found an article about the FBI wanting to break Facebook Messenger encryption. Say what you want about the social networking giant, but this news reveals one thing: even the FBI can not decipher encrypted messages without help.
That is why you should always use the "encryption mode" in your messaging applications. Applications like Signal, Telegram and Threema come with end-to-end encryption and support for text, calls and even video calls.
If you require constant use of emails, ProtonMail, Tutanota, Mailinator and MailFence are excellent alternatives to popular email services that actually control your email content.
9. Look what you share on social networks
Social networks have become one of the best ways to keep in touch with important people in our lives. Catching up with everyone we care about is just a few clicks away. That said, we're not the only ones who look at their profiles.
Hackers actually frequent social networking sites while searching for any personal information they can steal. They can even circumvent your "just friends" information by adding you as a friend using a fake account. I do not think I should mention the problems that hackers can cause once they have stolen their identity.
That's why you should be careful with what you share on social networks. You never know if the hackers are using the photos you share to attack you in your next attack. You may want to skip completing your profile completely. Avoid giving your phone number or home, and maybe use a private email to register.
10. Update early and often
You may have heard this before, but it's worth repeating now: do not ignore system updates. You may not know it, but the updates correct many vulnerabilities that could compromise your privacy online.
Most people postpone the installation of updates, as they always appear at inopportune times. Sometimes we just can not stand the drop in performance or Internet speed while the updates are installed.
In general, it is better to suffer the minor inconveniences caused in time, instead of risking being caught in the whirlwind of problems that hackers can cause if you should be directed. Most programs and applications now come with an automatic update feature, so you will not have to search for them and download them manually.
In conclusion
Privacy is a human right, and our online privacy must be taken seriously. Do not stop taking the necessary steps to protect yours.
Beware of your Internet service provider and always protect your login credentials, no matter how strong they are. Remember to check the network you are connecting to before logging in.
Observe what your browser and search engine do, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an anti-phishing toolbar.
Always use encrypted messages and observe what you share on social networks. Finally, never ignore system updates when they are available.
Follow these steps and you will soon be on your way to a more private browsing experience.
0 Comments