How safe are you online?
The notion of staying safe and secure has always bothered homo-sapiens ever since they left their caves and started their journey towards becoming what we call today 'the modern humans'. But how safe are we? Follow this 15 step guide to stay secure.
Posted by Simar Mann Singh on 04 Jun, 2020
The notion of staying safe and secure has always bothered homo-sapiens ever since they left their caves and started their journey towards becoming what we call today 'the modern humans'. As humans evolved, their modus operandi of attacking and defending evolved extensively. Today, humans have to learn tactics as they grow, to attack and defend on so many frontiers that it often leaves many people perplexed.
Back in the 1990s when the internet was born, everyone started to believe it is a safe haven and opened doors to boundless opportunities. However, soon enough they realized that it was not a safe haven and could surely not be trusted with if certain defense mechanisms were not put in place. Today, in 2020, our technology has evolved so much that many defense mechanisms are automatically being deployed to protect us from the online world. But there is so much more to be safe and secure that the more we know, the better we appreciate these things. The issues like privacy, safety, etc. are used so often in the context of the online world yet only a handful of people know how to stay secure.
Love for Privacy
We, humans, value our privacy. The blinds on the windows or doors on the bathrooms serve the same purpose. They demonstrate that we value our privacy inherently. But these days, terms like Internet Proxies, VPNs, cookie tracking make it so much more difficult for a noobie to understand all these tech jargons that they often give up than try hard to eventually understand it. It seems as if we've developed Stockholm Syndrome with the cookie trackers
We need to stay vigilant, and when I say it 'need to', I mean it. It is not a wish anymore, it's not that we merely 'want to', because if not, then survival is at stake
The reason for maintaining good online hygiene is very simple. We don't want to be used as a product. How can we be a product, you may ask? Well, it turns out that human instincts are not impulsive or random at all, but can be accurately predicted with the help of large datasets. Not only that, but the behavior can also be manipulated. So, humans are just another slightly over complexed machines and their behavior can be analyzed, recorded, and replicated whenever wanted.
“Mammals, in particulars respond poorly to surveillance. We consider it a threat because animals in the wild are tracked by predators. Philosophers and Sociologists have warned surveillance foster manipulation, conformity, and submission.”
- Paul Carugati, Information Security Professional
The reason why you should read this post completely is because you will surely learn at least one new thing today which you didn't know before or perhaps you never noticed it proprely before- things like why airplane mode is even important or why VPN companies are not what they say they are. Read to find out.
Steps For Protection
We can protect ourselves if we follow these steps in our daily lives:
- Use strong and lengthy passwords. The lengthy your passwords are, the more time it would take to crack them using brute force attacks. Adding special characters to the password increases the number of permutations a password could have, thereby increasing its safety. This point is so cliche that you probably know it and hence I do not want to explain it further.
- Don’t reuse passwords. We all reuse our passwords often, so believe me you are not alone. But reusing a password only weakens our security. If one website gets hacked, the hackers could have all your accounts wherever you have reused the passwords. So its better to start using a password manager.
- Always enable two-step authentication whenever possible. In case of two-step authentication, to login to your account, it asks you to enter a combination of your password, the one that you chose and a code that is sent to you over a different mode of communication channel say on your phone (which uses GSM network) or a code generated from a mobile application (which uses mobile internet) that only you can possess. So even cracking a website's password for your account would be useless for a hacker.
- Don’t connect to open networks when you see one. An open network is one that does not ask for any password to connect to allowing anyone to connect. So even hackers can connect to that network. And once they are on the network, they can see all the data flowing through that open network. Even if you have to connect to some open network say at airports, use some VPN or a Proxy (if you even know what it means) to encrypt all your internet traffic that passes through that open network.
- Make sure to remove the saved open-networks from your devices afterward when you do not need them. Go to your device settings and in wireless networks, delete all the network which you do not use often. Most cases of data breach happen when users forget to delete the open-networks and hackers set up a fake network having a common SSID name. So devices automatically connect to those saved open networks and hackers can easily access all your data.
- Don't keep you system connected to internet always. There is a reason why options are given to you to disable the internet and other communicating modules like Bluetooth, IR(if your system even has one). Turn on your Wifi or connect to the internet only when you NEED it. You are also saving a lot of battery(power) when you are not using the Wifi/bluetooth modules. An easy way to do that is simply turn on the Airplane mode. If disables all communicating modules on the device. So, you are saving your battery while protecting your device which doesn't even require a lot of hassle. It can't get any easier that this. I personally use Airplane mode all the time when I am not surfing the internet. I disable the Airplane mode, connect to VPN and then only step into an online world.
- Use disposable emails more often when asked to give emails to access some content or to try out some applications. They delete automatically. They can be used for dating apps/intimacy apps/to order stuff discreetly. Yahoo has a tab in email settings which can be used to generate 500 disposable emails for the same purpose. I guess Google might follow this soon but has not offered any such service so far.
- Use private browsing (incognito mode) more often. Especially when ordering anything online. Stored Cookies are not used in incognito, and because of this websites treat your request as a new user request.
- Try using extensions like 'TrackMeNot'. Big giants track your search queries to analyze your behavior, to see what exactly you are interested in. You can use this extension which sends random search queries to mess up the algorithms of search engines trying to analyze you. So, they would never get exactly what you are interested in.
- Many websites have an ad-click functionality. When a user clicks on the ads, a request is made to URLs without your permission that you do not want to click. Many companies place different types of ads on different types of websites. Again, a strategy to analyze you. Because for them, you are a product. You can use an extension ‘AdNauseam’ which clicks randomly on ads without showing/rendering the page. All this happens in the background and messes the algorithms of those companies.
- Use TOR. It is LEGAL in most countries (except for CHINA, NORTH KOREA, and a few more countries where the government chooses to track their citizen’s every move). TOR in itself is legal and so is the Deep web. Just a part of the deep web, commonly known as the Dark web lies in the grey area and the reason is pretty straight forward. Various illegal things/services are sold/purchased on it. And hence only those websites are illegal which offer such products and services. It is actually considered to be a safer option for journalists and those who believe people might be tracking their every move (even online).
- Use F12 key more often. Most of the time, people surf the web and come across different media like text/images containing hyperlinks. In simple English, a hand pointer appears instead of a normal cursor indicating that it is a web link. People click links way too frankly. Most browsers reveal the contained hyperlinks somewhere in the lower bottom corners of the browser. One should always check the link before clicking on it. If there is no mention of what exactly the link would lead you to, then click F12 and inspect the complete path of the URL. Pressing F12 would open up a separate side-window in your web-browser (which web-developers use most of the time), which you can use to inspect different elements of the page. What you can also do is search the domain using any search engine suffixed by the word ‘scam’. For example, if there is a link to 'http://example.com/first-tag/second-tag' then search on google 'example.com scam’. Some results might pop up where someone has shared his experience or expressed concern corresponding to this URL. Also, another thing to check is if the URL itself is served over HTTP or HTTPS. The ‘S’ in the HTTPS stands for secure which means everything is served encrypted to your browser leaving no chance for anyone to snoop around. Most big companies offer content over HTTPS while on the other hand HTTP is now considered vulnerable.
- Check the links in your Emails. Yes, normally emails contain just text. However, these days, you receive more designer emails than simple text emails. Those designer emails are actually HTML templates which many companies send as newsletters. As a matter of fact, there is a huge community on twitter for those HTML emails (also called transactional emails) enthusiasts. I also happen to have designed an HTML template that I have planned to send to people when they forget to click on the confirmation link for a subscription (Yes, you need to click on the link received in your email as well to subscribe successfully). While most newsletters you receive are from genuine/authentic companies and suspicious emails are automatically scanned out by your email provider’s spam identifying algorithms. But in certain cases, the hackers (or let's say bad people) could send you an HTML email personally which contains links that would redirect you to malicious websites. So, trust your instincts and again most browsers show the links when you hover your cursor over the hyperlink text. Inspect the URL before clicking on it. Your one small teeny-tiny click could jeopardize all your security measures instantly.
- Check the sender of the email as well. Whenever you receive an email, a name is shown most often instead of the email address in your inbox. But on careful inspection, you can see the complete email address as well. It's not rocket science at all. Understand it like this, if you are walking on a road and some stranger comes to you and gives you a chocolate, what would your instinct be? Would you simply start eating the chocolate or would you first try to understand who the person giving you the chocolate is, and why is that person offering you this chocolate? What does your mom tell you? “Never take anything from strangers”. Coming back to the email domain, inspect the part after the ‘@’ symbol. So, if you received an email from ‘[email protected]’, check whether ‘malicious.com’ is an authentic domain or is it a scamming domain. How exactly can you check it? I’ve just told you in the last point, search the domain name on Google (or another search engine) followed by the word ‘scam’. So, in this fictitious case, search on google ‘malicious.com scam’. Chances are, Google will list pages where people have expressed their concern over this domain with a possible confirmation
- Use a VPN whenever possible. No VPN company is as honest as they claim to be. On the contrary, Most of the companies lie to their customers blatantly and make false promises. It could be difficult to identify a good VPN company. But I stumbled upon this website which maps all the VPN companies based on a lot of criteria. I can totally understand why companies lie to their customers. Its because their business runs entirely on trust. And to get your attention, they make false claims and promises frequently. However some companies have actually earned their trust. Its a pity I did not know them myself as they don't invest a lost in advertisements or make false promises/claims. But what I found interesting on this mentioned website was the fact that you can get a detailed comparison between different VPN companies and frankly I didn't know many of the VPN companies are actually based in countries which are part of 14 eyes. The mentioned website gives a really good perspective about VPN companies.
We've got to try a holistic approach to educate ourselves and our loved ones. One famous misconception is that “Cybersecurity is ONLY for IT people.” So here I'll clarify this, Cybersecurity is NOT ONLY for IT people. It's for everyone holding a piece of the well-packaged tiny silicon chip in their hand.
Watchout where you click in an online world. It's not that scary but it's not that innocent either. Don't be an online goat. You security is in your hands if you take precautions. Stay safe, online and Offline.