Why is Online Privacy & Security Important?
A simple definition of privacy is having the right to keep your personal matters and relationships secret. When we go online, we often share a lot of personal informational and data and that's fine if it's our choice to do so and we know what's going to happen to that information. There are three groups who are very interested in what you do online:
- Governments: who like to monitor online traffic in the name of security
- Businesses: who want to see what your interests are so that they can show you relevant adverts and sell you stuff
- Cybercriminals: who want to steal your identity and your financial data
Philosophically and practically there are good reasons for online privacy:
- Why should it be anyone's business what you do online: what sites you visit, what you search for, or what you buy online? Why should any of that be known to anyone other than yourself and who you're dealing with?
- A more mundane reason for keeping your online information private, is that it will can save you money. Online retailers apply something called "dynamic pricing", which uses information gathered about an individual, such as location, device, or search history to “personalise” prices, to the disadvantage of some shoppers. For example, a few years ago, a travel site was found to be showing Apple users more expensive hotel rooms that it showed to PC users.
Here follows some basic things you can do to improve your online privacy and security. There are other, perhaps more complex, things you can do, but these should get you started.
Keep your devices and apps up-to-date
This is the simplest, but also the most important thing that you can do to keep your devices safe and secure. Nothing that you use is perfect; every device and app that you use has vulnerabilities. Updates to your device's operating system and the apps that you use are released when vulnerabilities are discovered and fixed, so it's important to install these when requested.
Delete unused apps
If for whatever reason, you're not using an app, haven't used it in a while and won't be using it again, then delete it from your device.
Use antivirus software
Antivirus software can do a lot more than detect malware ("malicious software": computer viruses and other apps that do bad things). Antivirus software suites can also:
- defend against:
- shred files (delete files permanently)
- optimise the speed of your device
- manage your passwords
- backup your data in the cloud
- provide identity-theft protection.
There are free antivirus options, but paid ones offer more functionality
Use a strong password
Passwords are important. They are the first line of defence against unauthorised access to your device and your personal information. One of the most common ways that hackers break into computers is by guessing passwords and sometimes it's very easy to guess them. There are a couple of ways of generating a strong password. Conventional advice suggests:
- The longer the better - long passwords are more difficult to guess than short passwords because there are more combinations to test. The minimum you should look at is 8 characters in length
- Using capital and small letters, numbers and symbols - the more different kinds of characters are used, the more difficult a password is to guess
- Avoiding names and normal words - these are easier to guess
- Avoiding obvious substitutions - if you're using numbers and special characters, don;t use these to substitute for letters in normal words: for example using "pa55word" (with '55' replacing 'ss') or "passw0rd" (with a '0' replacing the letter 'o') isn't very clever, but it is very obvious to the kind of people who want to guess your password.
An alternative approach is suggested by the great webcomic XKCD
What's being said is that strong passwords are often difficult to remember because of character substitutions and instead, we should use pass phrases consisting of some common words chosen at random. Such pass phrases are easier to remember but very hard to guess.
Don't reuse passwords
Scenario: you use the same password for different services (e.g. Facebook, Gmail, Amazon) and sign up to another online service, which gets hacked. Your details, including your password, are now in the hands of hackers who now have access to every other service that uses the same password. Use a different password for every service that you use. To help with this, use a password manager, software that will store and organise all of your passwords in a secure location - if you use a password manager, then you only need to remember one password - that of the password manager itself.
Use an advertising blocking browser plugin/extension
Advertising blockers - adblockers block adverts from being displayed on the webpages that you visit. There are good reasons to use an adblocker:
- A safer browsing experience - It's not unknown for malware to be hidden in ads. Sometimes you don’t even need to click the ad for the malware to get into your device; just opening up the website may be enough
- A better browsing experience - no ugly popups, autoplay videos or other distractions, only a clean and clear web page
- A faster browsing experience - adverts make up a lot of website data. Blocking them can increase your page loading speed by 40% or more.
Use a Virtual Private Network (VPN)
When you connect to the Internet you do so through a service provider who can see what your doing and what sites you're visiting. When you use a VPN, you're using a private network that has an a connection to the Internet. Your Internet service provider sees you connect to the VPN and nothing else. A VPN can keep a lot of information private:
- Your browsing history - your Internet service provider can only see that you've visited the VPN, it cannot see what sites you visit after that.
- Your IP address - every device has a unique address called an IP address (think of it as like a telephone number) that is visible to your Internet service provider and to the sites that you visit. If you use a VPN, only the IP address of the VPN is visible
- Your location - every IP address is associated with a geographic location. As your IP address is hidden, then so is your location
A VPN is particularly useful when you're using a public Wi-Fi network, which have well-known safety and security risks
Don’t click on suspicious links
Never open suspicious emails in your inbox. If you do open them, do not click on any links or attachments within them. If you think a link is suspicious, you can hover your cursor over the link and the destination should appear at the bottom left of your browser window. If it doesn’t, then right-click on the link and select “Copy link address/location.” Paste this somewhere you can read and examine it (e.g Notepad). The same applies to links in text messages. If you're sent a link, check wth the sender e.g. if a friend sends you a link to a funny video, confirm with your friend that they did actually send it.
Use HTTPS whenever you can
HTTP is the main protocol used for transferring data over the web. It is not secure in that the data can easily read by anyone who knows how to do it. The 'S' in HTTPS stands for 'secure'. Data sent over the web using https is encrypted which means no-one can read what you're doing. If you're buying stuff online, you need to ensure that the payment page is using HTTPS (you'll see a little padlock in the address bar if it is). If you click on the padlock, you'll see something like:
Google Chrome Firefox
Don't pay for anything online if the connection is not secure!
Clear your cookies
Cookies are text files that contain small pieces of data, like a username and password, transferred to your computer when you visit a website. They help identify your computer and can improve your browsing experience on a website, but can also be used to track you across the web. You should clear your cookies on a regular basis. Here's how to do that on several commonly used browsers:
Manage your social media privacy settings
There's an argument to be made that you should delete your social media accounts, but if that's a step too far, think about changing your social media privacy settings - see the links page on how to do this on different social media platforms.
Review the permissions requested by your mobile apps
Every app on your mobile device will request certain permissions before you can use them. Review these and change them if you think they go too far, e.g., location, text messages, phone dialler. Often you can revoke or deny permissions without breaking the app. Think about the permissions an app would need in the first place; would a puzzle game app really need access to your microphone or your location? If an app requires lots of permissions it might be a red flag that something's fishy.
Be careful about the apps you download and run
If you download apps from the web, make sure you download from the app's official site or a site that you know you can trust. If you have anti-virus software (and you should), then scan every app that you download. Only download and run apps that are widely known or are recommended by sites that you trust. It goes without saying, but do not use pirated apps; these are very likely to contain malware.Apps in official app stores usually follow strict development criteria. The stores also vet the applications for bad stuff like malware. This is not to say that store apps are without unwanted features, but they are checked. Installing an app from some random site can land you in a world of trouble.
Think about using a privacy-focused search engine
Google and other popular search engines collect and store your search queries and try to build up as much information about you as they can (they use this information to serve you more relevant adverts). There are some search engines that keep your searching anonymous - they don't track you at all. A couple are:
- DuckDuckGo - doesn't store personal information, ever
- searX - an open source "metasearch engine" - which means it searches a number of different search engines and combines the results together. It does not store your search data (tip: go to preferences == style to change the background colour)
Change Windows 10 privacy settings
Windows 10 is the current version of Windows, the most commonly used operating system throughout the world. Windows 10 has some privacy issues that which you may wish to address. By default it tracks everything you do on the operating system and monitors the websites you browse and the apps you use in order to "personalise your Windows experience" and show you targeted adverts. See the links page for how to change relevant privacy settings.
Think about using a privacy & security focused browser
Google Chrome is the world's most popular browser right now, but it's also a big data collection tool and not a good choice for anyone looking for privacy. You can assume that anything that you do in Chrome is saved to a user profile and used for customised advertising. Microsoft Edge is even worse for privacy, both however are reasonably secure.
There are some browsers that focus on privacy and security, but none are perfect:
- Firefox is perhaps the best browser for both privacy and security, but needs to be manually configured
- Tor is more private and more secure than Firefox, but because of the way it works, it can be dreadfully slow
- Brave is automatically configured to be private and secure, but isn't recommended by some privacy groups.
Hopefully, you won't find any of these ideas complicated. You don't need complex apps or a degree in computer science to carry them out.. They’re relatively simple ways to tweak your devices, and your behaviour, to improve your privacy and security—and everyone can (and should) use them.
Image: Password Strength https://xkcd.com/936/ licenced under a Creative Commons Attribution-NonCommercial 2.5 License.