You think you’re not worth hacking? Think again!

Image Source:

Before I begin, I would like to thank my friend Stefan to help me shape this article and suggest some very important things to add, without his help this article would look very different. So, thank you Stefan!

A couple of my friends were recent victims of Privacy Breach, Data Theft and other cyber-related terms, via Facebook. On both occasions I was also approached by the attacker (maybe to send out their private data or to do the same with me) on Facebook via a Friend request but I did not accept. However, that did not stop those people from trying to sabotage my friends’ lives. In one case, they almost succeeded, but our swift reactions helped minimize the damage. I have always been interested in Cyber Security and I would like to share the knowledge that I have acquired. One thing that you should know is, even if you think that you’re invaluable in the world of billionaires, you’re still hackable. And, I know some tactics that can at least help you create a wall around your personal data.

Believe me! Even if you think you’d be the last person to get hacked, there are many other ways to make you pay. Now, as we go through these steps you’ll learn how much data you’re giving away to everyone and how vulnerable you are. So, let’s begin protecting your identity!

  1. Start by limiting what you share and how you share content on the internet.

YES! Stop posting 10 times a day on Instagram, Snapchat, Facebook, etc. By making dozens of posts a day you’re giving opportunity to stalkers, hackers and internet companies to know more about you which can later be used against you or to honey-trap you. Adding to that, you should limit who can see your data (posts, photos, etc.) and what all those internet companies know about you. Let’s start with your browser. As I noticed, there are broadly two browsers being used by everyone: Firefox and Chrome. We’ll stay on desktop browser for ease of use. And, most settings are anyway similar for Chrome Mobile and Firefox Mobile, so we won’t be covering the same things again.

2. Secure your browsers.

2.1. Firefox

For Firefox browser, click on the button on your top-right of your browser. Now click on “Options”. Then click on “Privacy & Security”, and set your options like this:

For the part of Permissions, click on each “Settings” button and see which websites have got permissions to use your Location, Camera, Microphone and Notifications. Here, you should remove any website that you don’t recognize. And, if you don’t want any website to ask you for permissions, click the check-mark which says “Block new requests asking to…”.

2.2. Chrome

If you’re using Chrome, click on the 3-dot button on top-right of your browser. Then click on “Settings”, go to bottom of the settings page and click on “Advanced”. Then set everything like this:

When you’re caught-up with everything, in the list, click on the “Content settings”, the same which is highlighted in the image above. Then set everything as follows:

You may need to enable pop-ups here depending on the type of work you do. The permissions for location, camera, microphone and notifications would be same for Firefox.

3. Securing your online accounts.

3.1. Google

Now, let’s move-on to your Online Accounts. Lets start with Google. Go to: When you open this page, you may have to sign-in to your Google account. After you sign-in, you land on Welcome screen and you would have plenty of options. From the Welcome screen click on “Personal info and Privacy”. Then scroll down and click on “Google+ settings”. If you’re not using your Google+ account, like the rest of the human beings, you should go ahead and delete your Google+ account by clicking on “Delete your Google+ Profile” under “Account”. But still, if you want to keep your profile, you can refer to the picture below for the tweaks:

Now the next thing that you need to change in your google account is how you data is used for ads. To do that, go to again, log-in if you haven’t, then on the home page, click on “Ad Settings” under “Personal Info and Privacy”. Then click on “Manage Ad Settings” as shown in image below:

When you click there, the next page you’ll see, contains information what Google has estimated about you. It can be accurate or it can be close to who you are, what you own, what do you like, etc. So, go ahead and ‘uncheck’ the checkmark under the toggle. When you do that, you’ll be prompted with ‘Cancel or ‘Exclude’. Hit ‘Exclude’. Then also turn the toggle ‘Off’. It will again show you a prompt, click ‘Turn-off from there. When you do that, your screen should look like this:

3.2. Facebook

3.2.1. Security and Login

It’s now time to start thinking about Facebook too. so let’s head over to Facebook and go to Settings in your Facebook desktop. This one is gonna be long because there is so much to tweak here but let’s begin our Facebook journey. So, the first thing we’re going to tweak in Facebook settings is your login information. When you arrive on this screen, click on “See More” under “Where you’re logged in”. You’ll see a button at the bottom of the list which says “Log-out of all sessions”. When you click that you’ll be prompted, click “log-out” from there. This means that you’re now logged out of everywhere except the current session. No worries, you can log back in. Then click on “Edit” next to “Get alerts about unrecognized devices” under “Setting-up extra security”. It will show you a few radio buttons. select “Get Notifications” for all of them, click “Save”, enter your password and set it there.

3.2.2. Privacy

Next section is “Privacy” settings. Head over there set everything as you can see in the picture below (You would want to set the second sub-section here based on your preference because you would want yourself to still be visible via email ID or google search):

3.2.3. Timeline and Tagging

The next section is not directly related to privacy but you may need to review and change settings here. This section is “Timeline and Tagging”. I’ve limited the visibility of my posts to my friends and whenever someone tags me in their photos or posts, they only appear on my timeline when I approve them. Again, it’s totally up to you how much privacy you want with your posts. But here’s a screenshot of what it looks under my settings. You can match it if you want or you can have your own customized settings:

3.2.4. Location

Now, the next thing is Location settings. Click on “Location” and make sure it is turned off. You need to go to your Facebook app settings on your phone to turn location history off. To get there on Facebook app on phone, tap on the 3-line button, then “Settings & Privacy”, “Settings” and then “Location”. From there, you can turn your location services ‘Off’ and Location History ‘Off’. When it is off, it looks like this, on PC:

3.2.5. Face Recognition

After Location, we move to Face recognition. Ever wondered how Facebook automatically tags you in some photos? Or how sometimes Facebook tags you in a look-alike photos? This is it! Now, go ahead and turn it Off.

3.2.6. Apps and Websites

The next thing we’ll do is to see which apps and websites have got permissions to use our Facebook data and what kind of data they are using. Oftentimes we login via Facebook and just ignore the permission button that a website or an app is getting as part of the login. In order to check that, click on “Apps and Websites”. The screen that opens will show you the list of apps that have got permissions. It looks like this:

Now, click on “View and edit” on any one of them. I clicked on Spotify to show you an example of what kind of data a website or an app can get. You can turn any of them off except the required ones or you can Remove that app/website by clicking “Remove App/Website” at the bottom-center of the pop-up. Ideally, you would want any app/website to get only those permissions that are necessary. For example, I want to see what my friends listen to on Spotify, so I have given Spotify access to my friends list, but I don’t want my friends to find me on a dating website like Tinder, so I turned-off friends list for Tinder. See in the picture below for an example:

3.2.7. Ads setting

So, the last ting we would tweak on Facebook is Ads setting, since this is the way Facebook makes money and they use your profile data to provide you relevant ads. To get there, click on “Ads”, then click on “Ad settings”. There are also other things there that you can find out about yourself such as what Facebook knows about you or what kind of ads you would like to see, but we’re focusing on this section because this is what would stop Facebook from knowing more about you and targeting ads to you. So, here, make sure you don’t allow Facebook to do any of these things, as shown in the picture below:

3.3. LinkedIn

When talking about privacy and security concerns, LinkedIn is often overlooked because of the way it is designed and the way it works. We never feel like our data would be used to make money or target ads in and out of the website. However, this is not the case with LinkedIn, it not only uses our data to make money and target ads on LinkedIn but it captures a bloat load of data from everyone of us to target ads, show jobs, and other things not just on the website but on other websites too! So, let’s change that!

3.3.1. Privacy Settings

To get to Privacy settings on LinkedIn, click on the “Me” drop-down button (the one with your profile picture) and click on “Settings and Privacy”. The good thing here is that devs have provided proper explanation with everything, so it would be very easy to understand what you are changing. The privacy settings can dramatically change how LinkedIn works for you, so you can change these settings as you wish.

3.3.2. Ads Settings

As I said above, LinkedIn collects a ton of data from you. So, lets change that. Make sure you change everything to ‘No’ so that you can’t be targeted for ads on LinkedIn and any other website. See the screenshot below for reference:

3.4. Instagram

Well, Instagram’s story is a bit complicated. They have made it really hard to understand what you are giving away and especially if you’re not sharing anything with them, they will constantly nudge you with pop-ups asking you to share your contacts with them or connect Facebook so that they can import your friends list, and many more things. So, it is really very hard to dodge those annoying pop-ups once you change the settings, you have to be very careful while browsing Instagram after that. To begin changing, click on the sun-like icon next to edit profile button.

It will then show you a pop-up with a few options. We would first go to “Authorized Apps”

3.4.1. Authorized Apps

This screen will show you all the apps/websites you have authorized to use your Instagram data. As usual, look for anything suspicious or check if any app/website has permission to use something that you don’t want it to use. You can also remove any app/website by clicking the “Revoke access” button. See the screenshot below:

3.4.2. Privacy and Security

For this, we’re going to take two routes: PC and Phone. The reason behind this is that that there are only a few settings available on PC so we would have to switch to the phone to change rest of the things. So, why not do everything on the phone itself? Yeah, sure! Totally your preference. After coming so far, hopefully, have got the idea of what would you change some setting to, so instead of explaining every single thing and making this article infinitely long, I’ll only direct you what to change.

If you’re not interested in publicizing what you do everyday, you can make your account private by ‘checking’ the “Private Account”. Then, you can hide your online status by ‘un-checking’ the “Show Activity Status”. You can turn-off most of your ‘Story Controls’ if you don’t want your posts to automatically be shared on Facebook. Under ‘Login Activity’ you can see where else you’re logged-in and you can log-out of any unknown session. You can also disable ‘Contacts Syncing’ so that both you can your contacts won’t be notified that either your or any of your contacts joined Instagram or shared a post. Consult the screenshots below:

3.5. Snapchat

Snapchat is one of those apps where people can easily be tricked to provide their information of scammed by others if someone is not vigilant. To begin tweaking Snapchat, we’ll first see what kind of permissions are granted to Snapchat. When you run Snapchat it always loads in Camera mode, so in order to go to settings, tap your profile photo on top-left corner and then, the cog-like icon on top-right corner. There, you’ll see lots of options. To get to the Permission settings, scroll a bit down where it says “Additions Services” and then tap “Manage”. There you will find “Permissions”, tap on that to see all the permissions you have granted to Snapchat.

3.5.1. Permissions

There are a number of permissions that you can grant Snapchat such as Contacts, Location, Phone, SMS, etc. which aren’t actually required for normal Snapchat features. I just keep them turned-off which you should too! See the screenshot below to see what permissions I’ve granted Snapchat and you can go from there (if you record videos, you should grant Microphone permission to Snapchat):

3.5.2. Ad Preferences

Right under “Permissions” you’ll find “Ad Preferences”, click on that and uncheck both options: ‘Audience-based’ and ‘Activity-based’ under it. See the screenshot below:

3.5.3. Who can…

Now return to main settings. Right under “Additional Services” you’ll find “Who can…”. We’re going to change these options. If you want that only your friends should be able to text you, you should change “Contact Me” to ‘My Friends’. Then, if you want your story to be only visible to your friends, change that also to ‘My Friends’. If you don’t want to share your location, you can turn-on ‘Ghost Mode’ under “See My Location”. See the screenshot below for reference:

3.6. Twitter

Twitter has got plenty of things to tweak when it comes to security. To start changing your security and privacy options you need to click on your profile photo and then click on “Settings and Privacy”. When that page opens, click on “Privacy and Safety”.

3.6.1. Privacy and Safety

On this page, you’ll see a lot of things to tweak. You can start from protecting your tweets so that only people who follow you can see your tweets. In future you’ll get requests to follow and only people you approve will be able to see your tweets. You can remove location tagging in your future posts and delete location history. You can change who can send you direct messages and change sensitive media settings. Consult the screenshot below to see how my twitter looks like:

3.6.2. Apps and Websites

After tweaking privacy settings, let’s see which apps and websites have access to your Twitter data. To check that, click on “Apps and Websites” from the left side menu. This will open up a list of all the websites which have access to your twitter data. From here, you can see what kind of permissions some app/website has. The bad thing is that you cannot change the permissions. What you can do though is to revoke that app/website’s access, and try to login/connect via Twitter on that website/app again.

4. Enable 2-step verification wherever possible.

2-step verification is a method where you provide an app/website some additional information about your login such as One Time Password (OTP) or answer some security questions in order to complete login to a new device or browser. This is a one-time process for every new device or browser you sign-in to, unless you delete cookies when you exit that app/browser. (Don’t worry about this if you don’t know what Cookies mean). When you enable 2-step verification you’ll have to provide your phone number so that you can get a text message or call with the 4-digit or 6-digit code that you’ll have to enter on the website/app in order to login. That code you get is only valid for a few minutes before it expires. That’s why it is very difficult to hack your account via this method but not impossible.

A downside of this method is that if you don’t have a mobile network coverage or don’t have access to your phone, you would not be able to complete your login. But don’t worry, we have a solution for this too!

5. Enable 2-factor authentication wherever possible.

The solution to the downside of 2-step verification is this: 2-factor authentication. They sound similar but are different. 2-factor authentication is also a way of securing your online accounts. Instead of getting text messages or calls with the codes for login, another way of logging-in is to have an app which generates 6-digit codes offline and you can use that code in place of 2-step verification. Usually, most apps give you 30 seconds to enter the code before it expires. It is very helpful when you don’t have network coverage in your phone. It is also more secure (theoretically) than 2-step verification because the codes are generated offline.

You’ll find the steps to enable 2-step verification or 2-factor authentication under “Security Settings” in all your apps and websites. Also remember that not all websites support these methods (Yes, there are still many websites which don’t have these options). Wherever possible, enable both 2-step verification and 2-factor authentication so that if you don’t have access to either one of them, you can use other to login, otherwise you can get locked out and it’ll be a lot of back-and-forth between you and the security team of that website/app.

Wherever possible, enable both 2-step verification and 2-factor authentication.

6. Use a Password Manager

Everyone does this mistake, even me too! Few years ago I was using the same password for most or all of my online accounts or using your name, date of birth, or any other related information as a password. Now think, if you were the hacker, what would be your first guess about someone’s password? Yes! All these things! And, how would that hacker get this information? Google yourself and find out! Now, the question is, how would you NOT use any of that information and make a secure and different password for each website you have an account with? A Password Manager! And, please don’t save passwords in your browser. There are plenty of password managers available but the three most secure are Bitwarden, LastPass and KeePass. For first time users I’d recommend using LastPass because it is very easy to use as compared to the other two. Also, these password managers are cross-platform which means that you can sync your passwords across devices. They can generate secure passwords and all passwords are encrypted and saved securely. They also have browser extensions, so once you import all your passwords into the password manager you’re using, you don’t need to worry about anything! So, go over to any of those websites and follow the steps to start using a Password Manager. And, make sure you have a secure ‘Master Password’ which is stored safely or you won’t be able to access your passwords, if you lose it. If you don’t use a secure password than anyone can easily hack into your password vault.

7. Beware of unknown requests for friendship/followers or potential scammers.

I have got countless requests from beautiful looking women on Facebook who were actually hackers, but just by looking at their profiles I got to know that the person is an imposter. So, I request all of you to first go through every profile who requests you to befriend them. Things that are red flags can be:

a. Someone whom you don’t know sends you a friend request.

b. Someone who created a profile very recently, has uploaded a hundred photos or lots of photos in a very short interval of time and then sends you a friend request.

c. You are talking to someone for a few days and you ask them to meet or have a call (audio/video) but the other person keeps refusing.

d. Someone trying to give you an offer which sounds too good to be true.

e. Someone sent you a job offer without details of the company. And, when you ask for company details, the person doesn’t provide them to you but changes the topic.

f. Someone who is your follower/friend that likes all your posts but never talks.

There may be many other red flag too which I missed but you can mention them in the comments section. In the end, you’re solely responsible for being aware on the internet, identifying threats and taking precautionary measures to protect yourself and your data. So, say safe, stay protected and help others out!

UX Designer at ALSAC — St. Jude Children’s Research Hospital. Interaction design, Photography and lots of experiments.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store