As much as one might wish or hope that buying a set of anti-spam and anti-virus packages will protect your identity online, any serious attempt to secure your online privacy and safety needs a lot more effort and resources. I used to believe, for example, that Apple iOS was more secure. Those days are over. No matter what we say or do, there is no foolproof method to surf online safely and with total security. Not only does every “wall” have holes, but, unless you live as a hermit offline, even the offline world can become a vulnerability. For example, you might be tempted to keep a post-it with your latest password stuck on your laptop.
Safety is on ongoing effort
In reality, keeping a good hygiene online is an evolving science. We have to be “always on” when it comes to what we click on. The malicious tricks to grab our data are constantly changing and getting evermore veiled. Overall, we need to up our game in accordance to the degree with which we take our privacy seriously. {Click to Tweet ♺!}
Having done a lot of research, here are the best guidelines I could find, that include basic up to some more sophisticated practices. Caveat: The issue with many of these options is that they are often inconvenient, can cost money and be a less agreeable experience than one is used to with the generally available free services. It’s important to find a livable equilibrium that matches the risks, constraints and costs to your profile. In addition, there is no turnkey solution. It is more of a journey that will evolve as the technologies and one’s own usages change.
Top 7 tips for safe online surfing
- Sharing information. Let’s start with the obvious: never give out sensitive personal information online and especially not together. This data includes your full name, credit card number (with the expiration and security code), social security number, passwords… If you find that you have to communicate such details to someone else from a distance, there are some good tools. I recommend Wickr (a more secure ‘secret’ messenger, available on Android iOS, Linux…), but note that both parties must have the same app. Using an encrypted end-to-end email service is also a good option. Otherwise, if you are reduced to email (i.e. a free service), it would be advisable to divide up the information across different channels (using other addresses or platforms) and to veil the data as much as possible. The more critically you are feel the need to be secretive, the more intentional the shrouding and caretaking must be.
- Passwords. The key to much security falls on passwords. There is no getting around the risk-reward of easy & fast versus secure & complicated. The single uber password services (e.g. LastPass, 1Password, KeePass) that generate complex passwords every time you sign up for a new account offer a certain upgraded protection, but even they are prone to hacks (to wit: LastPass was hacked a few weeks ago). The best advice I can provide is to create passphrases rather than passwords, containing a string of alternative characters. You need to find a way to “render” the phrase with a few keyboard contortions to ensure that the bots don’t have a chance. But, the bottom line: we all absolutely have to change our routines and spend more effort to secure our passwords. {♺!} Note that I’m a fan of the finger authentication that Apple has on its latest phones (Samsung Galaxy S5 phones and onward also have it). That at least makes the complex mobile password more livable. Caveat: If you use autofill services for your password (through your browser), then you must have a strong password to log in to your laptop.
- Use double authentication for every service where it is available (Google, Facebook, Dropbox, Evernote…). TwoFactorAuth is a useful site that lists the services that provide double authentication.
- Email security. If you are not SURE about the provenance of the email, best to delete it and not touch any of the links or attachments. NB The hackers are, once inside a company network, often able to present themselves as if the mail came from a co-worker. At the stricter end of the scale, there are several good options for end-to-end encryption. I use Tutanota, which provides free end-to-end encryption for the most sensitive mails. If the volume and need is serious enough, you should get a premium service. BTW: there is Chrome extension in beta, being developed by Google (see github)!
- Browsing. There are a few interesting options to improve the confidentiality of your online browsing. The first “easy” action is to make sure that the web address is always via HTTPS (HTTP + SSL or Secure Socket Layer). Firefox, Opera and Chrome have plug-ins based on EFF’s HTTPS EVERYWHERE that do this for you. A second important element is anonymizing your IP. You can either choose a one-time system web proxy (see list here) or a more full-time protection with a VPN service. The most secure VPN options are undoubtedly paying services; but being more expensive doesn’t necessarily mean more secure. I am not in a position to recommend the best, since it really depends on the software company’s own policies and people. OpenVPN is a solid open-source option that works across a large number of platforms, including mobile.
- Browser hygiene. Just as the settings in your smartphone need to be checked regularly, it is worth going into your browser settings regularly to do some spring cleaning (empty cache, clear browsing history, cookies and even your autofill passwords…). Incognito browsing is another useful habit to get into if you use public computers or don’t want the sites you visit to be stored. It will also wipe out tracking cookies at the end of your session.
- Common sense. Lastly, nothing beats good common sense. And, we all need a heightened awareness. If it’s dubious, doubt it. Never click on a link or download a file from an email whose sender you do not recognize. It’s probably not wise to go online after a big night out on the town. Adult, file-sharing and live-streaming sites are often motored by less ethical intentions and are prone to more spyware. And keep on learning!
Safe online surfing – What not to do
Meanwhile, here are a few things not to do:
- Don’t use Adobe’s Flash media player. It seems to have a particularly bad reputation.
- Don’t display any of your passwords. If you keep them electronically somewhere, learn to lock them down or find ways to “encrypt” them.
- Don’t give your real email address when logging in to open wifi hotspots.
- Don’t do any online banking or eCommerce with a computer (or log-in) that your kids use as well.
- Don’t blindly accept all conditions when downloading an app… especially as it comes to connecting with your social media.
- Don’t forget to give your smartphone a more complicated password, i.e. longer than the 4 digits that the iPhone has as a standard (especially easy if you have a finger authentication).
Our privacy is going to be a central theme over the coming years. We all need to advance in our knowledge and habits, including myself. I’d be happy to have other tips and tricks as well as other preferred services and sites you might recommend.
Happy and safe online surfing!
Further reading
For further reading, I can recommend up top the Electronic Freedom Frontier’s site. ADDED Jan 2020: And if you’d like to read up on child safety online, Claire Mitchell has curated this useful page. For example, if you want to know what these worrying acronyms — that your child might well be using — mean: NSFW, PIR, KFY, LMIRL, NIFOC, WTTP, check out her page.