Note: This post is a compilation of a three-part series published over the past week.
My recent post, "A Hacker's Story: Let me tell you just how easily I can steal your personal data," is pretty popular. It really showed people how easy it is for even a young journalist with almost no hacking experience to get their personal data. Now that people are aware of this, what can you do? Is there a way to stop this kind of thing?
Yes—but it's not easy.
I've compiled a list of tips, software and hacks that will help you keep your private data to yourself while browsing the web. You don't have to use all of these, and some of them will admittedly slow down your web experience. But just remember, the more you use, the safer your data is.
1. WPA2 with AES encryption.
The major piece of advice I gave people in my original article was to use WPA encryption on their router instead of WEP. This was close, still a bit off. Your best bet is to use WPA2 with AE>S encryption and use a strong password (information on how to make a strong password is coming in a later article).
I wont go into the nitty-gritty details of setting that up, but if you don't know what you're doing, just call your router's supplier (or your Internet service provider) and ask them to walk you through the process. It's not as complex as it sounds. It only takes a few mouse clicks and once set up never has to be touched again.
This will stop anyone from doing what I did in my original article.
You can't always use your own home network. Sometimes you have to use a public network (such as at school or work), and there's no way to guarantee privacy on these networks. For example, at a university even if the network is secure, it's very easy for a student who legitimately has the password to use the same methods I used in my first article to get your information.
So how do you make sure no one can see your online banking transactions or important emails you're sending?
The answer is HTTPS encryption. What this does is make it so even if someone is sniffing your web browsing, they have no idea what you're doing. Most banking sites and some email providers (such as Gmail) already offer this by default.
You can see if the site you're browsing offers this protection in your current browser. Google Chrome for example puts HTTPS in green lettering. Check the help files of your current browser to see how it shows it.
Many sites offer an HTTPS version but don't use it by default (such as Facebook). The easiest way to make sure you are always browsing the safest way possible is to use a browser add-on such as HTTPS Everywhere. This add-on automatically uses the HTTPS version of the site you're browsing. You can turn it on and know you'll always be as safe as possible.
Warning: Even with HTTPS Everywhere some sites DO NOT OFFER an HTTPS version. Sites such as Windows Live Hotmail will not encrypt your data in any way. Meaning people can read your e-mails as you send them.
3. Adblock and Noscript.
While we are talking about browser add-ons, I may as well mention some very useful ones. Make sure to install Adblock and Noscript. Adblock does exactly what the title implies. All ads are blocked unless you tell the add-on to ignore a site. This helps stop advertisers from getting your information (such as GeoID and IP).
4. Use strong passwords.
Most of the time when you get “hacked,” you think that it was some super computer genius that figured out a way around your 'secure' password. When in reality, it was usually a simple program that did a "dictionary" attack. This kind of attack simply tries a million passwords in a very short period of time until it gets it right. The simpler your password, the sooner it gets through.
If your password (for Facebook, your email, etc.) is an English word, it can be "hacked" in a matter of seconds with a powerful enough machine.
The only way to protect yourself from this form of attack is simple: use a strong password. A strong passwords consists of a string of random letters, numbers and special characters. The longer and more random it is, the better. For example, the length of time it takes to break the word "privacy" versus the word "pr1vac^" is massive.
The best kind of password looks like this: An&!923dsml;n#@#(^kja). Remember the golden rule: the longer the better.
5. Don't use the same username and password for multiple accounts.
One of the scariest things I see my family doing on a regular basis is using the same username and password for multiple accounts. The password they use for Facebook is the same they use for online banking.
This makes memorizing easier, but it also means if someone gets access to your Facebook account they can easily get access to your bank account.
And yes, people DO test passwords on other sites. If a password works on one, they'll try it on a bunch of others.
While Facebook and your bank may be pretty secure, that cat forum you like to post on probably isn't. If you do this, please go to as many sites as possible and change the password. If you have trouble memorizing so many usernames and passwords you can use an add-on such as LastPass so you only need to memorize one and it automatically fills in the rest for you.
6. Don't enter contests.
We all know the "Win a FREE iPod" ads you see scattered around the web are scams, but for some reason, once we get out into the real world, we don't have our defenses up.
I live in downtown Toronto and there are always tents set up by various companies that offer prizes or free stuff. Once you get there you have to fill out a "short survey" before you get anything. A lot of people don't seem to realize that the information gathered during the survey is used for advertising. Meaning if you put your phone number down you'll start getting phone calls. And the small text in the survey lets them sell your information to anyone.
You simply have to stop entering these contests. The chances of you winning are minimal and the information you give out is very valuable.
7. Check Facebook privacy settings.
The best thing you can do is quit Facebook, but if you absolutely need to stay on the service, you really should check out the privacy settings. If you haven't changed them in any way a lot of your information is being broadcasted out to the world, making it easy for anyone to learn everything they need to know about you.
Simply go through the settings and decide what you want the world to see, what you want only friends to see and what you want no one to see. Make sure to do this every couple of months as Facebook likes to change the settings on a regular basis.
8. Keep an eye out for phishing.
Phishing is the practice of making a fake website in the hopes of getting your log in information. A person will make a website that looks exactly like the Facebook log-in page then send you an e-mail saying you need to sign in to change some security settings. The site will look legit but It wont let you sign in (usually giving you a fake error.)
If you get an e-mail from a service asking you to log-in, NEVER click the link in the e-mail. Instead go to the web browser and type the address of the site in normally.
This is how most MSN viruses are spread these days. Instead of putting a piece of software on your computers like they did in the olden days, they instead farm usernames and passwords then sign into them all and spam everyone.
9. Browse with Tor.
As you browse the web you may have noticed those dumb ads that yell “YOU'RE BROADCASTING YOUR IP!!” And though the ads are stupid, they have a point. You are actually broadcasting your IP address and a lot of information (including your current location) can be taken from that.
This also means that when you post something (such as on a forum) that information is posted with it. If someone doesn't like what you posted it is possible (though rare) that they can find you. Though to be honest the only people with the ability to do this are usually part of the government (FBI or Police.) Which is one way they find child pornography rings.
To protect your whereabouts and keep your IP private, you can use a service called 'TOR' or 'The Onion Routing Network.' It basically sends your connection through three different computers all over the world. Meaning if someone traces your IP they will find a computer in Japan, for example, instead of yours. This system is used by journalist in unfriendly areas that need to send information or to keep their sources anonymous. It can also be used for general privacy.
Tor is relatively easy to set up but must be done a different way depending on your operating system and browser. Simply go to TorProject.org for information on how to set it up with your current system.
Warning: You probably don't want to use Tor at all times. Many websites don't work well with Tor and the network has been banned on many services. It will also slow down your browsing considerably. You can set up a 'Tor Button' that will turn it on with a click of a button so that you only use it when you need to and turn it off for regular browsing.
10. Encrypt your harddrive.
The past few tips have been what to do to defend yourself online, but what about offline? What's to stop someone from stealing your computer and getting all the information they need. This is where harddrive encryption comes in to play.
Encryption turns your data into random numbers and letters, it is then reorganized using a key-phrase you create. This can be done on each file if need be but can also be done on your entire hard drive, making it near impossible for thieves to get your data.
There are many ways to do this but the simplest by far is to use Trucrypt. Truecrypt works on all operating systems and is very easy to install and use. For starters head over to Truecrypt.org and download the installer for your operating system. From there follow the instructions available on the website.
Remember to use a strong password to thwart a dictionary attack.
11. Install Spybot search and destroy or similar.
It is possible that while browsing the web a company was able to install 'spyware' on to your computer. This software tracks everything about you. Your location, the sites you visit, everything. You have to get rid of this stuff.
One of the best programs for just this use is called Spybot: Seach and Destroy. It will seek out and obliterate the offending software, keeping your private information safe. The best part is that the program is completely free to use. There are other programs that do this, just do some research and you'll find plenty. Many of these programs charge for their services.
12. Keep windows up to date
My final bit of advice is to keep your operating system up to date. There are almost always security holes popping up in Windows and the other systems that are later closed with security updates. A lot of people choose to skip these updates which leaves their computer open for people to steal their information.
The bonus – Internet abstinence: Don't go online.
The only 100% affective way to keep your data to yourself is to never go online. Turn your laptop's wireless off and keep it disconnected from all networks.
No matter how secure any of the myriad tips I give may sound, there is always a way around it. Even if there isn't one now, some clever hacker will find a way in. So be cautious about what you post online—there is a way for someone to find out it's you.