How to become a responsible user in the current technology driven world.
The last year was filled with hacks, privacy scandals and more. This blog (series) will help you step by step to improve your digital civil responsibilities.
What you share is your personal choice
Privacy is about what you want to share with others. Security is having control on what you share with others. The privacy news items of the last years prove that it is part of being a responsible user to determine what your privacy is and defend it with setting up security. This blog will help you with the first basic steps.
Do know that in the end it boils down to the matter of trust you personally have in others, and this is a very personal topic. These are pointers and you can go as far and detailed as it fits to your personal view.
For example: I personally do trust google more then other companies and more than myself. Thus I personally have given Google all the insight in my life. Other companies I do not trust for example Snapchat and will not add them to my phone. The Facebook company I do not trust to much but since I like keeping in touch with people I use Facebook via the website and I love the Instagram app. So I give the Facebook company a lot of insight via my social profile on Facebook and my behavior in Instagram. This is my personal choice.
Other people tend to make other choices. A friend of mine is a journalist and it can be life threatening for some people if it was know that they talk to her, An other friend of mine is a Doctor (general practitioner) and he thinks it is not OK if other people and companies can see the medical data of his patients.
This blog (series) is about helping you to setup the basics on being responsible with your digital information, and in the end can help other people to make informed personal choices what to share.
Great Book on the impact of context on Privacy
Privacy can mean different things in different contexts and is very personal. My definition of privacy in the context of my phone can be something totally different then your definition of privacy on a phone. Perhaps we share the same privacy views when it comes to privacy in a hospital.
A great read on this topic is the following book by Hele Nissenbaum.
Privacy in Context by Helen Nissenbaum
Privacy is one of the most urgent issues associated with information technology and digital media. This book claims that what people really care about when they complain and protest that privacy has been violated is not the act of sharing information itself — most people understand that this is crucial to social life — but the inappropriate, improper sharing of information. Arguing that privacy concerns should not be limited solely to concern about control over personal information, Helen Nissenbaum counters that information ought to be distributed and protected according to norms governing distinct social contexts — whether it be workplace, health care, schools, or among family and friends. She warns that basic distinctions between public and private, informing many current privacy policies, in fact obscure more than they clarify. In truth, contemporary information systems should alarm us only when they function without regard for social norms and values, and thereby weaken the fabric of social life. — Amazon.de
Lets make things easy again!
To make an informed choice it is important to inform yourself and enforce the choices you made.Privacy can be chunked in two topics:
- I do not want people to get access to my photos email etc
- I do not want companies know what kind of person I am and where I am
I do not want people to get access to my photos email etc
Topic 1 that other people get access to your email, data etc can not only lead to other people reading what you have send to your friends. It enables others to steal your identity and give sensitive information to a company/government.
The main defense against this is based on preventing access via a good password hygiene and making sure that your communication is secure. Because shouting your password loud over twitter or in a room, is like having no password :)
I do not want companies know what kind of person I am and where I am
Topic 2 that companies do know stuff about is is a bit more difficult. This is a topic where trust is the real rationale of you are going to do something or not. For example. I trust that google will protect my email from hackers and government. This is somewhat naive. Because Google is a company that needs to do what the law states. There are companies that are more thorough in this and for example only store emails in encrypted form. This way they can give data to government or an hacker, but they have no way of reading the emails. For further reference: this is called end-to-end-encryption.
This blog covers improving how to keep things private
We start with that most people would like to keep their photos, email and chat messages private. So their neighbor or stranger may not see them.
How to achieve this? Just follow these simple three steps.
- Rule 1 - Never use a password on more than one place.
- Rule 2 - Make use of a password manager.
- Rule 3 - Make use of VPN when outside of your house
Rule 1: Never use a password on more than one place.
Making use of unique and strong password for every app on your phone, or website is a very good starting point. When somehow passwords from an app is discovered this will not immediately result in giving someone access to all your other logins. For example I share with my wife our Netflix familie login credentials. She know the password for Netflix but this is not the same password as my Facebook password.
Since we have many many logins because almost every app and every website has its own login credentials. This results in a very big list of passwords. So how to remember them?
To be honest: You can not remember them all, unless you have a photographic memory :) So this leads us to rule 2.
Rule 2: Make use of a password manager.
A password manager helps you to remember the passwords on all the different websites and apps. It also can help you to make passwords more difficult to guess. I like to use a password of 32 characters long and containing a combination of lowercase and capital letters, numbers and strange character. Why? just because I think it is fun, and I can because my password managers remembers it. Most password managers work on android and iPhone. And also most have an extension for your browser. so that also on your laptop or tablet it is easy to use.
Remember: the password manager is your most important vault with all your data. That is why it is very important to choose a master password that you can remember and that is unique. And remember to make this a strong password. And also do not check the stay logged in option. Because this enforces you to enter the password when you are using your super fault and it makes sure that when you lose your phone, someone can not look into your fault immediately.
Personally I am using Lastpass for years and the mobile app is 12 USD per year. That is very cheap.
Rule 3: Make use of VPN when outside of your house
This is a more complex rule to explain, but after the password rules the most important one.
Reason 1 — your laptop is shouting around all your emails
Internet en WiFi are not designed with security as main focus.
When you are using your laptop or phone with wifi or a data-plan, the digital communication of your device can be compared to really hard shouting of your device. Everything near your device can listen word for word what your laptop is exchanging with the website on the internet.
One of the ways to reduce the shouting into whispering when you visit a website is the usage of secure communications (httpS). When you visit Facebook or when you go to a webshop, you can see a green lock next to the website address. This green lock means that communication between your laptop and the site is secured. Unless .. when you are on a public wifi network. Then it is very easy for a hacker to sit in between your laptop and website and listen to everything you are doing. This is reason 1 for making use of VPN. To make sure that when you are out of the house, you make it impossible for a hacker to sit between you and the websites you are visiting.
Reason 2 — stop impostors reading your email
There is a second reason to add VPN Security.
When you are using the internet of your phone or the internet of your house, then it is very easy to pin-point everything you have been doing online to you personally. Your home internet has an unique fingerprint (ip address et al) and this is being stored everywhere you are browsing. When you visit a webshop, when you send an email, when you are using whatsapp etc, you will leave a personal fingerprint trail.
When you do not want people to know that you are ordering on Coolblue, Zalando or on a Chinese webshop, or when you do not want companies to know that you are working from the internet cafe instead of from home this fingerprint trail can be an issue. Companies use your fingerprint to build up their dossier on you even when you did not create an account on their website.
Reason 3 — Laws change over time
Before 214 it was legal in the Netherlands to download movies via bit-torrents or watch movies via a streaming website. In 2014 the dutch law was changed and downloading / watching streamed movies for free was not legal anymore. The scary part is that your digital fingerprint of your internet connection will be in the logs for a very long time that you did watch the movies. And you can imagine that when the law became the law, there was some period that people did not know of the changed law and kept doing what they thought was legal.
It is Easy to make use of VPN
To protect yourself from the above, you should use a VPN client on your laptop and phone. There are various options available. Be cautious:
When a VPN app is free then usually it is from an evil company.
When something is free there should be an other business model that makes money. When the core business is VPN and it is free, than changes are very high that your data is being collected and sold. That is beating the purpose of having a VPN app. :)
Option 1 — NordVPN
I personally make use of NordVPN. The costs are around 70 USD per year. NordVPN as a company is really serious about privacy and security and their app can be used 24/7 without you noticing any significant battery drain.
Option 2 — F-Secure Freedom VPN
The other great option is the F-Secure Freedom VPN app. This app has received many praise from experts on how good it is. The F-Secure company is a very cool and experience company on the subject of internet security. F-Secure rocks!
VPN Costs — ~60/120 USD per year
The F-Secure has a few different plans. The F-Secure and NordVPN plans that are comparable costs roughly the same.
F-Secure = 60 per year + 60 Once = 120 USD for the first year
NordVPN = 70 per year = 60 USD for the first year.
Long term usage experience
For more than a month now, I have been using non stop VPN on my android phone (OnePlus 3T) and I must say. I notice no big performance or battery issues. Because I switch really often between open wifi networks I did notice that the switching is not seamless, but I think that the average user will not notice any difference.
NordVPN and F-Secure offer a test period, just ask them.
The basics are covered time to level up
When you have completed the three tips in this blog, it is time for the next level. It is time to zoom in on what you do on the internet and do this a bit more private and secure. In the following blog post I will provide some tips on how to do secure chatting and how not to do it. :) The blog post after that will be taling about save surfing and privacy settings on websites.
Have a nice day!
Below I have collected some articles, lists and tweets that provided input for this blog.
F-Secure 10 tips
10 Commandments for a safer Internet
The following list can be found a a very well documented article by the security experts of F-Secure.
- Thou shalt not use public WiFi without a VPN. (You can try our Freedome VPN for free.)
- Thou shalt not click “Enable Macros.”
- Thou shalt not open attachments which were unexpected or from a stranger.
- Thou shalt not share personal, identifiable information on social media platforms.
- Thou shalt use a unique, uncrackable password for all important accounts and — ideally — store them in a password manager.
- Honor your privacy settings by checking them regularly.
- Thou shalt not keep the default password on anything, especially routers.
- Thou shalt not do online banking without security software that includes anti-phishing and banking protection features.
- Remember two-step verification and use it whenever possible.
- Thou shalt not leave your devices unlocked.
Top 8 steps according to Yle.fi
The following list is explained in the article titled: Over 200 Finnish bank accounts emptied — 8 ways to keep your data safe
- Use a two-step verification process
- Use a password manager
- Update your security questions
- Keep your email accounts to a minimum
- Organise your emails
- Come up with a secure password or phrase
- Create a new impersonal email to manage your computer and phone accounts
- Create a lock code on your mobile phone that is based on a longer word