How to Stay Safe/Secure in Digital Life V.2

This is the privacy practice(PP) guide for your online activities…

Credit : Unplash

In the first part of this series ( Link ), I talked about Privacy/Security general, kind of both on Mobile as well as Computer machines to give you kind of overview and listed few tools to help you(in getting start).

But from this series, I’ll be specific about the technology that I am talking about i.e mobile devices, Computer machines, or your online activities.

There can be very different kinds of arguments when it comes to online privacy/safety and here is mine. For that take this example — “You are a kind of person who isn’t very open about their sexual orientation to anyone but you can go online, do what you need, watch what you want.. and these activities can reflect in your ads that are popping in your mail or website ( How! — advertising agencies creates your profile based on your online activity and serve you ads based on that) but no one will ever know about your online activity if you follow PP.”

And the question that comes every time in mind is Why one should care/worry about their online activities. And the answer is that it can lead to many terrible incidents i.e email hacking, identity theft, virus, credit card fraud and many more this is possible because of —

1. Your weak password management ( i.e. using the same password on different website) and having single-factor authentication(SFA)
2. Your bad online surfing habits.
3. Using public wi-fi ( of course, you can use but with some measures )

Time to go practical…

…

→ Having weak password management can lead you to get your account compromised— How?

1. You are using the same password for every website(Facebook, Gmail, banking, dating web portals and may more…) and somehow one day your password appeared in the data breach and because you are using the same password for every website it will be easy for anyone (anyone can purchase the data for few bucks on the dark web) to test that on a random website and now you are compromised and it can cause you harm depending on the activity that you do and data stored on the cloud(ex. Google Drive).
2. Let’s assume your data(email, password) didn’t appear in breach but your friend knows what kind of password combinations you can have or he/she tends to know exact password for one of your web portals and as usual, you have the habit of using the same password and maybe he/she can misuse it in any manner or maybe just for fun. MAYBE!

So what you can do is use a password manager for different complex password and you don’t need to worry about memorizing the password and the best one is Bitwarden (and it’s open-source), you just need to remember the master password to unlock your manager. [ Tip: Always have master password approx 20 char with some space like “I have black bucket but it is small”, can have any phrase that you easily remember.]

Always enable Multi-factor authentication(or 2FA) if your website is providing that. What it does that it creates an additional layer of authentication that helps you to secure your account in case your credentials got leaked and the bad actors won’t be able to login successfully( How! So whenever you enter your details to log-in, it asks for an additional code that you can get in Authentication app or sms on your mobile device, without that code).

→ 40% of the actions that people perform each day aren’t actual decisions but habits and habits determine what you are more than what you say.

Having good habits when it comes to use the internet puts you ahead of others and here are some of them…

1. Never open an email attachment that is from an unknown sender, always look carefully at the email header (who send that email, timing and subject, is it matching with what are expecting to get) and you have to be more careful if it’s your corporate mail and using on a corporate computer machine, in some case people lost their jobs because they clicked on the malicious attachment and their company got breached. Check this PDF to know more about Email red-flag from Cyber Security company Knowbe4.
2. Before posting anything(picture, tweet, Facebook post) online always look twice what you are posting because once its on the internet, it’s gonna stay there forever. In case of an image it can expose a lot, a picture posted by you online contains ( date/time, make & model of phone/camera, coordinates of geolocation where a picture is taken) and anyone can get this by extracting metadata of image.
3. Always prefer Tor over any traditional browser for normal web surfing i.e news, watching porn, or just normal surfing except opening private mails, banking, and other services where you need to give confidential info.
4. Google vs Duckduckgo, I know its big debate so I’m going short and simple. Google serves you ads based on your profile (that is developed based on your online activity), on other side duckduckgo serves you ads based on the keywords that you type in search engine, not by creating a profile.
5. Always go for a websites that has https over http(Why! because a site with https encrypt your credentials and then send over the network), or you can do this by adding httpseverywhere extension, it will force the website to redirect to their https version.
6. Turn the browser history option to — clear cookie, cache history whenever you close the browser and always restart the browser between login on multiple websites. Let’s say you were on Facebook doing activities and suddenly you remembered that you need to buy something from amazon, just don’t login in the next tab, switch to another browser or restart(close and open it again) then go for amazon( Why! By doing this you will be clearing session/cookie every time you closing browser and saving your self from Big B snooping in).

I will be hard in the start but it’s just a matter of time until you get in the loop of habit and you will be fine…

• Panopticlick :- An analyzer for your browser (checks for trackers, leaks).
• Privacybadger :- Tool to block invisible trackers.
• haveibeenpwned :- To check if your email-id/password is/not exposed in data breaches.

→ Using public WiFi (while waiting for your next metro, in the hotel room or just your hostel WiFi) can be dangerous if any malicious actor is taking a look on your network traffic and checking your requests that you are making to the server( basically what you are browsing) and you can avoid all this just by using two tools, Tor and a VPN ( whichever you can afford) and surf the internet fearlessly.

The risks can vary from people to people depending on threat level, and you need to define your security plan for yourself based on your threat level.

If you’re following these privacy practices(PP) these- ISP, corporate network admin and government or any individual actor have very few chances to hack you, collect your browsing data, track you based on online activities and sell that data to advertising agencies. In case of Government, they can monitor your political ideologies and can influence you for their benefits.

“Arguing that you don’t care about the right to privacy because you have nothing to hide, is no different than saying you don’t care about free speech because you have nothing to say.”

— Edward Snowden

You have to put this in the habit because just using Incognito mode isn’t going to do anything.

Thank you for your time. Happy Hacking :)

If you have any query, you can reach out to me on: 59r@protonmail.com