- Chuck Gray
Maintaining your privacy online is a tricky matter, as I’m sure you know. And though you’re using a firewall as well as anti-spyware software, and you’ve password-protected your computer, that does almost nothing to keep your information secure online. Here are some ideas to help keep you to yourself when surfing the Web. I’ve divided the information into basic and advanced sections for your convenience.
Private Browsing Mode
If you’re concerned with making sure people can’t follow where you’ve been on the Internet by looking at your browser history, you’re probably familiar with the procedure to clear said history. Performing this task repeatedly becomes tiresome quickly, and it’s easy to forget. Fortunately, most of the modern browsers, including Internet Explorer 8, Firefox 3.5, Safari 4, and Chrome 3 all have “private browsing.” When this mode is enabled, the browser will record nothing about your activities. If you’re especially cautious, as I am, then you can enable Firefox to start the private browsing by default (follow these directions: http://www.thepicky.com/internet/how-to-enabledisable-firefox-private-browsing/) and in Chrome as well (http://www.makeuseof.com/tag/how-to-start-google-chrome-in-incognito-mode-by-default/). This doesn’t hide you from the sites you visit, but it does hide the sites you visit from others.
You know those forms you fill out when signing up for a new email account? There’s usually a section which asks you to choose or write a security question that can be asked in the event that you forget your username or password. Believe it or not, those can be serious security risks if not implemented correctly. Why? Because the majority of users will pick something easy from their life, like their mother’s maiden name or the name of their elementary school.
Here’s an idea: pick one of the questions, or write your own, it really doesn’t matter, but then pick a nonsense answer, something that nobody could guess because the associations are all messed up. At the risk of sounding silly, let me give you an example. Say for instance I choose to be asked what my mother’s maiden name is. I’ll provide the answer Duke Ellington. It makes absolutely no sense, but thanks to that, I’ve got one extra layer of security against people breaking into my email or other online accounts. Just make sure you remember your nonsense answer – this strategy can backfire if you don’t (and don’t write it down anywhere, either).
Social Network Security
Likely one of the largest concerns for Internet privacy advocates are social networks. Facebook, MySpace, Twitter, etc. are all magnificent tools for keeping in touch with friends and family. They are also a data-miner’s dream-come-true, as we post deeply intimate photos and details from our lives with little regard to who sees what. My first piece of advice is to join as few as necessary to avoid spreading yourself all over the web. Second, do not share anything that might conceivably come back to haunt you later in life. Finally, take advantage of every single privacy safeguard these networks provide. Go to the site settings and lock your profile down as much as possible. You literally never know who’s reading up on you.
Securely Erase Files
You know all those files you deleted off your computer? They’re not really gone. Yes, even if you emptied the Recycle Bin. I’ve “recycled” numerous files I didn’t mean to and was able to use a data-recovery program to bring those files back. Convenient though that was, I was also a little spooked by just how easily it was accomplished. When you “delete” or “recycle” files, they’re not actually removed from the hard drive. Rather, the hard drive is told that the space where the files used to live is available to be overwritten for use by other files. Until that space is overwritten (and Windows provides no native control for this) the files are still technically there and all-too-easy to retrieve. To make sure those files are gone for good, install a permanent file erasing program, such as Eraser (http://download.cnet.com/Eraser/3000-2092_4-10231814.html?tag=mncol). It can be used to securely delete selected files, over-write what you previously thought were “empty” chunks of hard drive space, or to completely erase the entire contents of a hard drive before disposing of or selling it.
Encrypt Your Wifi
I think this is probably something most people with home wifi are familiar with, but please, please, password-protect your home wifi connection. If you don’t know what I’m referring to, check the owner’s manual for your wireless router or call your Internet service provider. Without wireless encryption, anyone with a wifi-enabled laptop can detect and access your home wifi network, potentially giving them full access to your computer files and the ability to perform illicit activities under the cloak of your IP address. To be moderately protected, you should be using at least WPA (wifi protected access) or the stronger WPA2 encryption. Again, check your wireless router’s manual or call your ISP if you’re not sure how to do this.
Passwords are tricky beasts. On one hand, you want them to be as secure as possible. On the other, you want them to be simple to remember. Most people use one password for every Web site and service they sign up for. This will make life easier in the short term, but if that password is ever compromised, well, that’s an easy key to turn and unlock your whole digital life. To be secure as possible, you really do need a unique password for all your different sites or at least for sites with sensitive information. See the Advanced section for more ideas on how to handle your myriad passwords.
Many of us keep very important documents on our computers, including bank statements, tax records, wills, checkbooks, journals and more. To protect those files, consider using an encryption program such as TrueCrypt (http://www.truecrypt.org/). TrueCrypt creates a password protected file of a user-specific size that, when unlocked with the TrueCrypt software, acts like an additional hard drive, allowing users to store any files they like within it. When the TrueCrypt software is disabled, the encrypted file goes back to being locked. In the event your files or computer are stolen, you can feel safe in the knowledge that your encrypted files will be completely inaccessible to anyone but you. For a step-by-step guide for beginners, refer to http://lifehacker.com/178005/geek-to-live--encrypt-your-data.
My password management system has two parts First, use a random password generator (like this one: http://www.pctools.com/guides/password/) to create completely random passwords that are at least 8 characters long for each of the important sites you visit, such as the bank or your email. Then, download a program like Keepass (http://keepass.info/) to keep a protected database of all your passwords. This way no one can access all your passwords without both the database file and the database password, which, since it’s the only one you’ll have to remember, can be extra long and confusing if you like.
To add another layer of security, when creating your password database, you can opt to utilize a key file that works in tandem with the password to protect your database. Without the key file, the password is no good and vice-versa. If you work primarily from home or one computer, I would recommend keeping the key file on a flash drive so that remote intruders cannot have the password to your database and the key file at the same time. If you are a mobile user or someone who hops from computer to computer, you may consider installing the wonderful Portable Apps utility (http://portableapps.com/download) on a blank flash drive and running KeePass from that. For more instructions on how to use KeePass successfully, go to http://keepass.info/help/base/firststeps.html.
Some may say that email is dying as more instantaneous forms of communication continue to grow in popularity, such as texting, IM, Facebook, and Twitter. All the more reason, I say, to keep email alive and secure. That means using a technology called Secure Sockets Layer or SSL. In a nutshell, SSL can be used to secure the connection between your computer and your email service. Hence, anyone who may intercept your traffic will have a very difficult time of breaking through to read your messages. Many email services offer SSL login pages, but once your identity has been verified, they default back to unsecured connections. The only webmail service I am aware of that not only offers SSL connections the entire time you are signed in, but also offers this service by default, is Google’s Gmail.
That’s only the first step and for most communications, it’s enough. However, it is important to understand that SSL only secures the connection and does NOT encrypt the actual content of the message. If you really want to beef up your email security, consider using Gmail with GPG Encryption (http://www.instructables.com/id/Send-and-Receive-Encrypted-E-mail-in-Gmail/). Following this guide, you will be able encrypt the contents of your email messages. However, this is laborious and probably unnecessary for most communications. Consider using it in cases where you are transmitting seriously private information.
One of the largest privacy concerns with the Web is that sites log the IP addresses of computers that make connections to them. An IP address alone is not enough to identify a computer, let alone the user--at least not without the help of the Internet Service Providers. ISPs don’t give the information out to just anybody, but they are under mounting pressure from governments, the entertainment and software industries, and Internet decency groups, and others to make IP addresses more personally identifiable.
The answer? The Tor Onion Router. Let me say this from the start: this is probably far more security than the average user needs or would ever want to enlist. Tor is a program meant to defend against computer surveillance and traffic analysis. In the simplest terms, Tor routes your Internet traffic through several other computers also on the Tor network so that by the time you connect to whatever Web site or server you meant to, it is nearly impossible to tell your traffic originated from you. It is used by governments, the military, private businesses, parents, journalists, whistleblowers and so many more (http://www.torproject.org/torusers.html.en).
Tor is easy enough to install, but it takes extra steps to configure your Internet-enabled programs (such as your Web browser or IM service) to work with it. Also, it doesn’t automatically drop your online identity behind a cloak of anonymity. Read more about this topic here (https://www.torproject.org/download.html.en#Warning). Finally, using Tor will slow down your connection and disable plugins like Flash due to security concerns.
With all of that said, if you’re still interested in trying Tor, you can find the installation guide on their site’s documentation page (https://www.torproject.org/documentation.html.en).
These are just a few of the suggestions I can make. If you’re interested in more tips and tricks for protecting yourself online, pay attention to sites like the FTC’s OnGuard Online site (http://www.onguardonline.gov/), lifehacker.com, Ars Technica’s security news (http://arstechnica.com/security/), and cnet.com’s security news (http://news.cnet.com/security/).