Privacy is more important than ever. The Internet may be the best thing since sliced bread, but as we come to rely on it more and more in our daily life we risk exposing our data to attackers. Here at Cloudwards.net we figured we would help out our readers with a thorough online privacy guide that will keep you safe while your browse the world wide web.
We’ll look at the steps you can take to ensure your privacy, whether you’re just browsing or downloading torrents. However, we’re not here to help you hide from three-letter agencies that are actively searching for you: if you’re the next Edward Snowden, you’ll have to take extraordinary measures that are well out of the scope of this article.
With that said, let’s first take a look at the threats the average user will face while on the Internet.
Privacy Under Attack
According to the Pew Research Center, half the U.S. population do not trust the government or social media to protect their data and 64 percent have experienced a major security breach of some description.
It’s not just hackers and scammers that we have to worry about. Governments around the world seem to want to get their hands on citizens’ data, too. Claiming a desire to thwart future terrorist attacks, some politicians want to require corporations to backdoor their software and purposefully weaken or break encryption so that law enforcement can more easily eavesdrop on users.
For example, the FBI wanted Apple to provide them with a backdoor to access encrypted iPhones, a request which Apple, thankfully, declined. As encryption becomes easier to deploy and use, cases like this will continue to crop up in the news until lawmakers learn that all back doors are simply another vector for criminals to attack innocent users — or for ISPs to sell customer data.
The upshot is that your privacy is at risk, whether from politicians or hackers, and it’s futile to rely on corporations or lawmakers to safeguard your private data. Your privacy is your responsibility and you need to grab this bull by the horns yourself if you want your data to stay yours.
A threat model is used to establish what steps to take to keep something secure. Software developers and security researchers use threat modeling when writing software or designing security systems, deploying servers or other hardware. It’s useful for users as well, since security and privacy can seem like a fuzzy gray area for home users.
You need a threat model because there is no single tool to keep your data safe online or to protect your privacy. To begin, ask yourself two basic questions:
- What do I want to protect?
- Who am I protecting it from?
Security is situational, meaning someone backing up cat pictures faces very different threats than someone backing up sensitive documents for a business. Do you need to protect those cat pictures? Are they a likely target for attackers? Not really, so you wouldn’t want to expend too much effort on the task.
Documents, on the other hand, are definitely a target for attack. Hackers love to go after them as they contain a wealth of information, so sensitive documents are worth the extra effort it might take to make sure they remain private and secure.
By asking those two questions — what am I protecting, and from whom — we establish a threat model. Ask yourself what the consequences are if you fail to protect something and decide if it’s worth the risk. Even if it might seem like extra work, the tools and tips we provide here will make it easier to keep your data safe and help maintain your privacy.
Common Online Threats
Now that we know what a threat model is and how to establish one that meets your needs, let’s take a look at some of the most common threats online.
Ads and Tracking
Many users find ads to be annoying at the very least and PageFair released a report that shows the use of adblock software to be increasing rapidly. Ad blocking is a good thing as you’re not just making browsing more pleasant, you’re also preventing those ads from tracking you.
Some people don’t mind this, since such data is often used to create targeted advertisements for users. If the idea of your Internet activity being tracked doesn’t bother you then you don’t have to include this in your threat model.
For those who don’t want to be tracked, it’s important to understand how it works. A web browser creates a “fingerprint” that can be used to identify a user with great accuracy. Websites can request specific information from your browser, such as screen resolution, language or installed add-ons.
You can get an idea of how unique your browser fingerprint is at Panopticlick and Am I Unique?. Fingerprinting is hard to prevent, since installing more add-ons or tweaking your browser simply results in a more singular setup than you started with.
There is a way to minimize fingerprinting: use at least two separate browsers.
Let’s say you’re logged into Facebook on Chrome. You leave Facebook, and browse the web for a while. Any page that has a Facebook “like” button automatically reports back to Facebook and you’re still logged in so any pages you visit with a “like” button are tied to your account. You’ll see content and advertisements based on all the tracking data Facebook has accumulated.
By using two browsers — one for Facebook, say, and another for everything else — you keep your activities separate. That way, Facebook and google will have trouble linking your party pics to your WebMD searches. We’ll touch on this more in depth later on in the article, but for now simply decide whether tracking and advertisements are on your threat model.
WiFi is available almost everywhere these days and many people connect their mobile phone or laptop to the first hotspot that pops up, often without a second thought. However, fake hotspots are easy to set up and often hard for users to distinguish from legitimate ones.
We’ve written in-depth about the dangers of public WiFi and it’s worth reading if you want to stay safe when using it. If you work in public spaces or use public wireless often, you should include it in your threat model; a few simple precautions will cut down the danger of hijacked connections considerably.
A virtual private network is your best bet here, so if you’re not sure what that is we’ll help you get up to speed and understand what a VPN is good for. Using a VPN goes a long way toward protecting you on wireless hotspots.
General Privacy and Security Tips
Maintaining your privacy online requires a continuous effort. You can’t click a button and never worry about it again. By learning a few basic concepts and employing them every day, though, you’ll increase your security and privacy online and eventually it’ll become second nature.
Let’s start with what you can do on your own devices: encryption.
One way to put your privacy at risk is when your computer is lost or stolen. Even if you have password protected it, there are ways to access the data on your hard drive. Stolen or lost devices, in fact, are estimated to contribute to 45 percent of healthcare and 25 percent of bank data breaches, and it’s usually due to unencrypted hard drives.
The major operating systems all include support for full-disk encryption, making it easy to encrypt your entire hard drive. This protects your device in the event it goes missing, but since you simply decrypt it when you login, it makes no real difference in the way you use your device.
Another way of keeping data safe is to not keep it on your hard drive at all, but in the cloud, instead. You can then rely on your cloud provider to handle the encryption of your data and have them keep it safe.
We briefly mentioned VPNs earlier when covering public WiFi, but such tools do more than provide protection against digital eavesdropping: VPNs also protect you from marketers and anybody else who might want make use of your browsing data.
We already mentioned ISPs’ Congress-sponsored snooping, but also concerning is that service providers like Verizon and AT&T have been inserting perma-cookies to track users and injecting advertisements into web pages, invading the privacy of users and putting them at risk. Ad networks are often abused by malicious parties, and it’s easy to load malware into an advertisement.
By using a VPN, you can prevent ISP traffic logging and shady practices like those employed by Verizon and AT&T. VPN services can spoof your IP address with one of their own, effectively shielding your device identity and location. The tunnel created by a VPN encrypts traffic coming from your device, too.