An Online Security Playbook for Everyone
A spotlight on Citizen Lab, a Ford-Mozilla Open Web Fellowship host organization
Resolving to better protect your online privacy and security is easy. But acting on that resolution can be a challenge.
Do you need a VPN? If so, which one? What browser settings should you enable or disable? And what’s your password strategy?
The number of tactics for staying safe online can be dizzying. So to help users better navigate the world of digital security, Citizen Lab — the cyberspace R&D department at University of Toronto — built Security Planner.
“If you Google How do I stay safe online, there’s a ton of advice out there. A lot of it’s really conflicting or super technical,” says Christine Schoellhorn, the Product Manager for Security Planner. “We wanted to reduce those barriers by making advice that was personalized, trustworthy, and highly usable.”
Rather than overwhelming users with a lengthy list of tools and literature, Security Planner starts with a simple survey, and then delivers personalized recommendations.
Users answer questions like What do you use to handle your private information?, and also list their top security concerns. Maybe you’re a Windows user keen to lock down your personal data. Or, maybe you’re an Android user struggling with malware.
Once the survey is completed, Security Planner lists and prioritizes recommendations tailored just for you. It might suggest a mechanic like 2-Factor Authentication; share tactics for identifying suspicious websites; or offer a how-to on encrypting data. If you have more gadgets than you can count, expect a few dozen recommendations. If you use a single computer and lone email service, you’ll receive fewer tips.
Security Planner recommendations are a mix of original content and existing guidance from groups like Consumer Reports, EFF, and others. All recommendations pass through a rigorous peer review process led by digital security experts at Citizen Lab, Google, Duo Security, and elsewhere. Additionally, an advisory board provides strategic guidance.
Mozilla’s Open Web Fellows assisted in honing the guide, too, Schoellhorn says.
Security Planner got its start in 2015 as a joint project with Jigsaw (then Google Ideas), the digital security incubator within Alphabet. It was soon adopted fully by Citizen Lab. Security Planner was relatively new territory for the Canadian organization — Citizen Lab usually provides digital security tools to high-risk individuals, like journalists or NGO staffers.
But more and more, Citizen Lab finds itself receiving questions from a general audience. And “[we] didn’t feel that there was a single, comprehensive site for good advice on how to start your online journey toward safety,” Schoellhorn explains.
“We didn’t feel that there was a single, comprehensive site for good advice on how to start your online journey toward safety.”
Since Security Planner launched in December 2017, the reception has been positive. “We’ve gotten feedback from all over the world,” Schoellhorn says. Security Planner has been featured in Lifehacker, Fast Company, and Süddeutsche Zeitung.
One particular bragging right? Plaudits from Edward Snowden. During a recent Reddit AMA, a user asked how to best stay safe online.
His answer: “There’s a new guide that just went up, done by one of the best infosec research groups in the world, the Citizen Lab.”
