With global connectivity constantly increasing, the dangers of cyberattacks and identity theft are becoming more real every day — anyone who uses the internet could be vulnerable. So how can you protect yourself — and your data — on the web?
Here are 9 tips for staying more secure and anonymous online:
1. Online hide and seek
Your IP (Internet Protocol) address can be used to determine your physical location and even your actual identity. By using a VPN (Virtual Private Network) or an onion router, you can keep your identity private while browsing online.
A VPN works by encrypting your browsing data and providing you a new anonymised IP address, so your ISP (Internet Service Provider) doesn’t receive information about you or your browsing habits. VPN software is great, but you’ll need to make sure your VPN provider isn’t selling your data to third party services or advertisers. And not all VPNs are created equal when it comes to security, either— some popular VPNs, like NordVPN, have gotten into hot water for mishandling data.
Onion routers use multiple layers of encryption to conceal your online identity. When you use onion routing, your data ‘hops’ from computer to computer through an interconnected network, finding a path to its final destination. None of the computers in the onion routing network network have access to any information that can identify you. But onion routing is the digital equivalent of taking the scenic route home — it can really slow down your internet speeds.
2. No more cookies
3. HTTPS rules — HTTP drools
Hypertext Transfer Protocol (HTTP) is a digital protocol designed to allow communication between web browsers and servers. HTTP communications aren’t encrypted, so it leaves you vulnerable vulnerable to both man in the middle and eavesdropping attacks. These attacks can give attackers access to web accounts, sensitive information, and even allow an attacker to force your browser to download malicious software.
Hypertext Transfer Protocol Secure (HTTPS) is an extension of HTTP, used for secure communication over a computer network. HTTPS secures you against a variety of attacks, including those mentioned above; however, HTTPS is only effective if the website hosts all its pages over HTTPS.
You can use a browser extension to automatically upgrade HTTP websites to HTTPS, to help make sure you’re always secure.
4. De-Google your life
It doesn’t matter if you’re using the Google search engine, Gmail for email, or even just an Android phone; every time you use Google services, Google stores your data — as much data as it possibly can. Google offers a lot of convenience, and giving up the niceties of the Google suite can be a real challenge.
But there are a few simple steps you can take to begin de-Googling your life:
- Don’t use Google’s search engine — try alternatives like DuckDuckGo or Startpage
- Avoid using Gmail when possible, try ProtonMail or Tutanota
- Don’t use the Google Play Store, download your apps as APK files from F-Droid (an alternative app store for free, open-source software).
5. Encrypted messaging applications
Lots of us have grown up using SMS (texting) every day, but SMS is actually shockingly insecure. Attackers could contact your mobile service provider and impersonate you, then port the number from your SIM card to a SIM card they control. This is especially dangerous if you’re using SMS-based 2FA to secure important accounts or information.
Luckily, encrypted messaging apps can help you steer clear of the downfalls of SMS. End-to-end encrypted messengers let you send messages, attachments, and more without exposing your conversations.
Using an encrypted messenger isn’t always enough to keep your identity safe, though. Even if messages are encrypted, requiring identifying information to create an account can potentially leave you vulnerable. A good encrypted messaging app won’t need a phone number or email address to register an account.
The best encrypted messengers also won’t have central servers. Apps with no central server give you the peace of mind that the company behind the app can’t spy on who you’re messaging, or when.
Unfortunately, there are often compromises on some or all of these points when picking a new messenger.
A few options: (underline = benefit, bold italics = security issue)
Signal (encrypted, phone number required, central server), Session (encrypted, no phone numbers, no central server), Wire (encrypted, no phone numbers, central server), Threema (encrypted, no phone numbers, central server)
6. Delete your files — for real
Did you know that when you delete files from your computer, they’re not really gone? Have you ever deleted files from an SD card only to be told the card is still full? The usual Delete functions on computers and phones often leave parts or traces of the file behind.
File shredder software was developed to delete files from a computer — permanently. Typically, deleting a file only hides it from the operating system — meaning that with a little bit of know-how, the file can be recovered.
A file isn’t truly gone until that same storage space has been overwritten with something else, and then deleted. This is where file shredder programs come into play. File shredders overwrite deleted files with random sets of data, making the original deleted file(s) completely unrecoverable.
7. Password variety
Using difficult (and unique) passwords for each of your online accounts is a great way to keep your accounts secure. This way, even if one of your accounts is compromised, the attacker can’t use the same login credentials (email and password) to get into your other accounts.
Curious to know whether any of your accounts have been compromised? Try haveibeenpwned.
Password manager browser extensions do a great job at producing randomised passwords to use when creating a new account, allowing for easy storage and access to your difficult to crack passwords.
8. Two-factor authentication
Two-factor authentication (2FA) requires a user to provide extra evidence they’re who they claim to be when trying to log in. This extra evidence usually comes in the form of a one-time secondary password to enter in addition to the usual account password.
The most common form of 2FA requires you to enter a one time-password that is either generated by an app, or sent to an email or phone number associated with the account; however, hardware-based 2FA is also possible.
9. Lock it up
The simplest tip in this list: Make sure your phone or computer cannot be accessed without entering a passcode or passing a biometric scan. Much like 2FA, a passcode or biometric scan adds an additional layer of protection against attackers.
Not all smartphones feature biometric scanning capabilities, but all smartphones let you enable a passcode lock for your home screen.
Most smartphones also come with an optional setting to wipe all data on the phone after a certain amount of incorrect login attempts. This keeps your phone safe from brute-force attacks, where an attacker tries every possible passcode combination to break into the phone. This kind of security measure is important for making sure your personal data doesn’t fall into the wrong hands.
Staying private online isn’t always easy. You can’t flip a switch and instantly have complete privacy. If it was that simple, everyone would do it. Online privacy and security does take some work, but it’s easy to take the first steps towards protecting yourself online. Each of the things on this list will bring you one step closer to real privacy and security online. Don’t overwhelm yourself — take it one step at a time. Switch to a more private messenger, put a passcode on your phone, or make the move away from Google services — they’re all important steps towards staying safe online.