Sensible Security and Privacy
Busy? Cool. Here’s the tl;dr:
- Password protect your devices.
- Use unique and long passwords.
- Use an ad blocker.
- Be careful with Internet of Things.
- Use a VPN.
Welcome to the Internet
We are essentially all connected to the internet 24 hours a day, between our smart phone, watch, computer, television, Alexa or Google Home. Facebook, Twitter, and Instagram allow us to share even the most mundane details about ourselves as though they are something special. The positive response and conversation in comments gives us the feedback and validation that we want to put more of ourselves online.
Not only do a significant number of our social interactions happen online, but we buy a lot of stuff on the internet. How many websites have our credit card information? 1 in 6 people in the United States were Amazon Prime customers in 2017; Google and Apple sell a lot of phones and media.
In addition to purchasing things online, electronic medical records were mandated by the U.S. government as of January 1, 2014. Epic and Cerner are responsible for a majority of our medical records. If either of these tech giants were breached, millions of people’s lives could be put at risk.
Keeping ourselves safe online is just as important as keeping ourselves safe physically. We can generally trust that our data is safe in many cases, but we should not be complacent. There have been massive data breaches in each of the above sectors, and major mistakes have been made with personally identifiable data by almost every major company.
We would not leave pictures of ourselves with our home address printed on the back scattered around in public places. Nor would we post our medical history or credit card numbers on our social media accounts. This is data that we want to keep private because we want to keep ourselves safe.
I recommend five things that every person can do to improve their internet safety.
1. Password Protect Your Devices
Our phones and computers have a massive amount of personal information on them. Pictures, text messages, emails, and access to many of our online accounts. If you lose your phone or laptop, or it gets stolen, then that person could have access to everything that you do right now.
Credit cards, logged in websites, maybe a document with all of your other passwords, browsing history and access to your social media. Any one of those things would be a major loss, but combined it could be devastating.
Many devices have made this easier with biometric passwords such as face ID or thumbprint. Both of those are great options. If your device does not have those options, definitely choose a secure passphrase.
2. Use Unique and Long Passwords
A password does not have to be impossible to remember to be safe. A common misconception is that a password needs to include special characters and not be something a person would think. This is somewhat of a paradox. Generally when a password is cracked, it was done by a computer and not by a human. People aren’t sitting down to try to guess your specific personal Facebook password.
There are easily accessible databases of usernames and passwords from previous data breaches that hackers are able to use to perform “credential stuffing”. Hackers write scripts that are able to run through thousands of combinations in a second, trying to brute force their way into many many accounts. If they get into one, then that account and system gets added to their stash.
So when we try to make a complex password that a human won’t think of, that is ironically shooting ourselves in the foot as the humans that are trying to log into our own account.
There is some really good math behind why a passphrase is good, but for all intents and purposes a computer is going to take longer and therefore have a harder time cracking “correcthorsebatterystaple” than “Tr0ub4dor&3”.
If you really want to do things right, use a password manager. These generate and securely store strong passwords for you, so you just need to remember one single password to unlock it.
1Password or Dashlane are two great choices for this service.
3. Use an Ad Blocker
Not only do ad blockers make browsing the internet viable by doing this:
But they also protect you from some forms of malware. Forbes unintentionally proved this by forcing users to turn off their ad blocker, which resulted in many computers getting infected.
I recommend uBlock; it is free and available for every major browser.
4. Be Careful with IoT
The internet of things is extremely exciting because it is what we have always imagined the future to be. Voice commands and home automation triggered from anywhere; machine learning predicts what we like; security cameras in our house give us peace of mind. All of this is exciting and beneficial.
It also opens up our homes in ways that were previously impossible. In addition to ensuring that we lock our doors, we need to make sure that we secure our networks. IoT devices are susceptible to credential stuffing just like any other online account.
In-home cameras are a popular target for credential stuffing hackers to break into your house and watch your family.
5. Use a VPN
I included this one last on the list because although it is very important and I recommend everyone use a VPN, it does require a little bit of work and an adjustment of how you fundamentally use the internet, and it costs money.
If you know what a VPN is, get one and use it.
If you don’t know and are curious or you want to explain it to your parents, here is how it works. When you connect to the internet, you are given an IP address which is a unique address that tells websites where to send back the data that you request.
When you go to Amazon, your browser finds the Amazon content by going to one of Amazon’s IP addresses. Just identifying an actual location in the physical world. So your computer says “Amazon, show me your page at my IP address”. The content that is on Amazon’s servers for their website’s home page is then sent back to your IP address and you arrive at amazon.com.
Your internet service provider knows which IP address that you have at any given time, so your browsing of the web can be traced back to your personal computer (and you). A VPN gives you a different IP address which allows you to browse the web anonymously.
Many people think that this is unnecessary because they are not doing anything illegal when they go on the web, which is a fair thought to have. I think of it differently.
When you go to a store, they ask you for your email address and other personal information and offer a reward in the form of coupons or some discount. Why do they offer you tangible money in exchange for your email address? Because now they can contact you whenever they want to.
When you go to the mall, you probably do not wear a shirt that has your name, phone number, and home address printed on it. That is private information. You aren’t doing anything illegal, but you don’t necessarily need everyone to know you are there.
There are a lot of ways that we can be law abiding and still need privacy. If someone knows your IP address, they know your physical location. That’s how Google knows what “restaurants nearby” means.
I am working on a separate post to dive deeper into the more tinfoil hat portion of internet privacy along with big data, but hopefully this post was simple and helpful for most folks.