fbpx

Before I became a reporter at NPR, I worked for a few years at tech companies.

One of the companies was in the marketing technology business — the industry that's devoted in part to tracking people and merging their information, so they can be advertised to more effectively.

That tracking happens in multiple senses: physical tracking, because we carry our phones everywhere we go. And virtual tracking, of all the places we go online.

The more I understood how my information was being collected, shared and sold, the more I wanted to protect my privacy. But it's still hard to know which of my efforts is actually effective and which is a waste of time.

So I reached out to experts in digital security and privacy to find out what they do to protect their stuff – and what they recommend most to us regular folks.

Here's what they told me.

1. To protect your accounts, practice good security hygiene.

There are some steps that make sense for almost all of us, says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. Those include using strong passwords, two-factor authentication, and downloading the latest security updates.

She and other experts make a distinction between privacy and security when it comes to your data. Security generally refers to protecting against someone trying to access your stuff — such as stealing your credit card number or hacking your accounts. Privacy is more often used to talk about keeping your movements from being tracked for purposes of advertising or surveillance.

It turns out that the steps to protect your security are more clear-cut than those for privacy — but we'll come back to that.

Use strong passwords or passphrases for your accounts. Longer than a password, passphrases should be strong and unique for each site. Don't use 1234. Bring some randomness and special characters into it. And don't use the same password for different websites: You don't want all your accounts to be compromised just because one gets hacked.

Use a password manager to keep track of your passwords, Galperin says — then all you have to do is remember the passphrase for your password manager.

Turn on two-factor authentication for your important accounts. You've seen this: Usually you're asked to put in your mobile number so that you can receive a text with an additional number you input before you can log in.

That's the most common type of two-factor authentication — but it's not the strongest, Galperin says, because SMS messages can be intercepted by your Internet provider, law enforcement or the government.

If you want to go a step further, Galperin recommends using an application that sends the second factor to an app on your phone, such as Authy or Google Authenticator, as these are harder to intercept. (Full disclosure here: NPR receives funding from Google and Facebook.) You can also use a physical key you carry with you that plugs into your computer's USB port and serves as the second factor.

Download the latest security updates.

Those nudges you get from your computer or phone to install the latest security update? You should download those.

"Most applications, when they're compromised, are not compromised by scary zero-day bugs that nobody knows about," Galperin says. "They are compromised by problems that everybody knows exist that have been publicly reported, and that the company has fixed and they have issued a patch in their security update. But if you do not take the security update, you do not get the benefit of the work of the security engineers at that company."

2. Beware of phishing.

Not all attacks on our security come through malware or hackers invisibly breaking into your account. It's common that we're tricked into handing over our passwords or personal information to bad actors.

These attempts can happen via email, text message or a phone call. And generally they're trying to get your username and password, or perhaps your Social Security number. But there are often signs that these messages aren't legit – spelling or grammar errors, links to websites other than the one it should be linking to, or the email is coming from a weird domain.

If it feels fishy, it might be phishing.

3. Protect what matters most.

Depending on your situation, you might want to take additional precautions to safeguard your privacy and security.

To figure out what steps people should take to safeguard their stuff, Galperin suggests you make a security plan. The Electronic Frontier Foundation has a guide to doing this, which starts by asking yourself these questions:

  • What do I want to protect?
  • Whom do I want to protect it from?
  • How bad are the consequences if I don't?
  • How likely is it to need protecting?
  • And how much trouble am I willing to go through to try to protect it?

You can use the answers to those questions to focus your efforts on securing the things that matter most to you.

4. Delete some apps from your phone. Use a browser instead.

Matt Mitchell is a tech fellow at the Ford Foundation, and the founder of CryptoHarlem, an organization that teaches people to protect their privacy, including from surveillance.

Apps can learn a lot about you due to all the different types of data they can access via your phone. Seemingly harmless apps – like say, a flashlight app — could be selling the data they gather from you.

That's why Mitchell recommends "Marie Kondo-ing" your apps: Take a look at your smartphone and delete all the apps you don't really need. For many tasks, you can use a browser on your phone instead of an app.

Privacy-wise, browsers are preferable, because they can't access as much of your information as an app can.

I mentioned to Mitchell that even though I use Facebook and Twitter, I don't have those apps on my phone — partly so that I'll use them less, and partly for privacy reasons. I wanted to know — did I accomplish anything by not having those apps on my phone?

"You've accomplished a lot," he says. He compares it to oil companies turning crude into petrol: Your data can be turned into profit for these companies. "Every time you don't use an app, you're giving them less data, which is less money."

Mitchell says that's true even if you've been on Facebook a long time, and it feels like the company already knows everything about you. He compares it to smoking: It's never too late to cut back or quit — you'll still benefit by giving it less data to harvest.

5. To protect your chats, use an encrypted app for messaging.

If you want the contents of your messages to be secure, it's best to use an app that has end-to-end encryption, such as Signal or WhatsApp. That means you and the recipient can read the message you send — but no one in the middle.

But even though the contents of your messages are protected by encryption in apps such as Signal and WhatsApp, your metadata isn't — and someone could learn a lot about you from your metadata, Galperin warns. She compares it to what you can learn just by looking at the outside of an envelope in the mail: who sent it to whom, when and where it was sent from.

And WhatsApp is owned by Facebook — so when you share your contacts with WhatsApp, Facebook is getting that info, though it can't read the contents of your messages.

If you're on an iPhone, iMessages are encrypted when you're messaging another iOS device — but not when you're messaging an Android phone. Signal offers encrypted messaging on both Android and iPhone.

What about Facebook Messenger? Jen King, director of privacy at Stanford Law School's Center for Internet and Society, advises against using the Messenger app.

The app "has access to far more info on your phone than using Facebook through a browser," she says, recommending something such as WhatsApp or regular SMS texting instead.

And if encryption matters to you, be careful about backing up your chats to the cloud. If you back up your WhatsApp messages to iCloud or Google Drive, for example, they're no longer encrypted.

"That backup is just a database. And that database is easy for someone to open and read," Mitchell says, if they were able to access your cloud account. To keep your messages from prying eyes, turn off cloud backups and delete existing WhatsApp backups from iCloud or Google Drive.

6. Turn off ad personalization.

Whenever possible, Mitchell recommends going into your settings and turning off ad personalization, which often gives companies permission to do invasive tracking.

Opting Out Of Ad Personalization On Some Major Platforms

Google and Android

Here's a link to limit ad personalization on Google and Android.

Apple

This page shows you how to opt out of ad personalization on Apple. As of this writing, it hasn't been updated for iOS 14. If you have updated to iOS 14, go to Settings > Privacy > Apple Advertising > turn off Personalized Ads.

Facebook

  • On this page, you can go to the ad settings tab and toggle the settings to not allowed.
  • This page has steps to disconnect your activity off Facebook that is shared with Facebook, and clear that history.
  • On the Off-Facebook activity page, under What You Can Do, you can click on More Options > Manage Future Activity > and toggle it to off. (This page has those steps.)

Twitter

This page explains how to opt out of ad personalization.

He also recommends going to myactivity.google.com and deleting everything you can. On the left, there's a tab that says "Delete activity by." Select "All time." On your My Google Activity page, you can turn off Web & App Activity, Location History and YouTube History.

"It will show you every search term and everything you've ever done, every YouTube video you've ever looked at, all that stuff," he says. "It'll say, are you sure you want to delete this? 'Cause if you delete this, it might affect some stuff." Mitchell says: Delete it.

7. It's difficult to protect your privacy online if there aren't laws to protect your privacy online.

Tighter privacy settings only get you so far without laws that protect your privacy, says Ashkan Soltani, the former chief technologist for the Federal Trade Commission and one of the architects of the 2018 California Consumer Privacy Act.

There are laws around health information and credit and financial information, he explains, and some states have Internet privacy-related laws.

But nationally, the U.S. doesn't have a universal data privacy law safeguarding everyday online privacy.

Soltani says he rarely recommends steps such as using ad blockers or VPNs for most people. They require too much attention and persistence to deliver on privacy, and even then they are limited in their effectiveness.

"The incentives are so high on the other side," Soltani says, "to uniquely identify people and track them that [users] will never have enough motivation and incentive to do it to the degree of this multibillion dollar ad tech industry."

So how do you protect your privacy? Get involved and call your congressperson, he says — tell the policymakers that you care about online privacy.

8. Start small and take it one step at a time.

Faced with this landscape, getting a tighter hold on your digital privacy and security can feel daunting. But Galperin has this sound advice: Just do a little bit at a time.

You don't need to make a list of all of your accounts to integrate into a password manager — you can just do each account as you log into it.

Even just doing the basics — strengthening your passwords, turning on two-factor authentication and watching out for scammers — can make your accounts a lot more secure. Then keep going: There are a lot of other steps you might want to take, depending on your needs.

We're going to be on the Internet for a long time. The more each of us understands how our data are collected and used — and how to keep private what we want to keep private — the better, safer and healthier our digital lives will be.

 [Source: This article was published in npr.org By LAUREL WAMSLEY - Uploaded by the Association Member: Barbara larson]

Categorized in Internet Privacy

Everywhere you look, it seems some company is either spying on their users or failing to protect their users' data. Protecting yourself might seem like a hopeless task, but these top privacy apps can really make a difference.

It's easy to feel that personal privacy is a dead issue. Once you go online, your every action is exposed, either through data lost in a breach or misuse by advertisers and online merchants. But don't give up hope. You don't have to go totally off-grid to retain or regain control of your privacy. Smart people around the world have come up with a variety of programs to attack the problem from different directions—creating apps that range from VPNs to email providers that don't spy on you or share your data. You may have to lay out a little cash, but the alternative is using free services that pay themselves by monetizing your private data.

The Email Nightmare, Part 1

Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it. Read someone else's mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming.

One type of privacy app aims to protect the content of your email conversations from snooping and tampering. Preveil, Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography. All but Preveil use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private. To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key. Simple!  

Using Preveil is even simpler, though. A high-tech system involving what they call wrapped keys means you never deal with a key, public or private. It does also mean you can't connect with users of other PGP-based services, but few consumers know how to set that up.

This public key technology also lets me send you a message that's digitally signed, guaranteeing it came from me, with no tampering. I simply encrypt the message with my private key. The fact that you can decrypt it using my public key means it's totally legit. ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself. With any of these, you can exchange secure messages with anybody who provides a public key.

Of course, not everyone has embraced public key cryptography for their email. With StartMail and ProtonMail, you can send encrypted messages to non-users, though you don't get the same level of open-source security. The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app.

Virtru offers email encryption for free, but only if you use Gmail, and only in Chrome. Like Preveil, it handles key management internally, though it doesn't use public-key cryptography. You send an encrypted message and the recipient clicks a button to read it, without either of you entering a password.

The Email Nightmare, Part 2

With the contents of your email conversations encrypted, no hacker can sniff out just what you're saying. However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service. That might not sound problematic, but your email address is typically your user ID for many sites. A hacker who finds your email and guesses your weak password now owns the account. And, of course, having your email address floating promiscuously around the web just invites spam.

But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA. The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox, and that your replies seem to come from the DEA. If you're done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it.

Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management. ManyMe is unusual in a couple of ways. First, it's free, which is uncommon. Second, unlike most such services it doesn't make you register a new FlyBy email (as it calls them) before using it. Say someone at a cocktail party asks for your email. You can make up a FlyBy address on the spot, without giving your actual email away.

Abine Blur takes the concept of masking your actual identity online to the next level. Besides masking your email address, it offers masked credit card numbers, different for each transaction. You load the masked card with exactly the amount of the transaction, so a sleazy merchant can't overcharge you or use the card again. It even lets you chat on the phone without giving your actual number.

It's worth noting that Private-Mail and StartMail also offer a modicum of DEA management. StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less. Private-Mail offers five alternate email identities, without full DEA management.

Throw the Trackers Off the Scent

As they say, if you're not paying, then you are the product. You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits. Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie. Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for.

Some years ago, the Internet's Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser. This DNT system never became a standard, but all the top browsers adopted it anyway. It had no effect, because websites were and are free to ignore the header.

In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers. You'll find this feature as a bonus in many security suites and some privacy-specific products. Abine Blur, Ghostery Midnight, and ShieldApps Cyber Privacy Suite offer active DNT. Unlike most such implementations, Midnight deters tracker requests in any internet-aware application.

The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser. This ranges from your IP address and browser version down to minutiae like the fonts installed on your system. There's so much information that trackers can create a fingerprint that's almost sure to identify you, and only you.

So, what can you do? Make a liar out of your browser, that's what. TrackOff mixes up the data sent from your browser so it's different for each website. Cyber Privacy Suite also scrambles your fingerprint. Important info still reaches the site, but not in a consistent way that could be fingerprinted. Steganos Privacy Suite once included a component to foil fingerprinting, but the latest edition has dropped that feature, along with its active Do Not Track component.

Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters. Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy. In addition to their other privacy components, Ghostery Midnight and Cyber Privacy Suite include VPN protection.

Passwords Protect Privacy

Passwords are terrible, but we don't yet have a universal replacement. For security, you must use a different non-guessable strong password for every secure site. The only way anybody can accomplish that feat is by relying on a password manager. Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts.

In a perfect world, you already have an effective password manager in place, and you've taken the opportunity to fix any weak or duplicate passwords. On the chance you aren't already equipped, some privacy products have taken to including password management as a bonus feature. Abine Blur, for one, offers a complete, if basic, password manager. It even rates your passwords, giving extra credit for those logins that also use a masked email address.

You can get Steganos Password Manager as a separate program or as part of Steganos Privacy Suite. Either way, it's not a standout. You're probably better off with a top-notch free password manager. Cyber Privacy Suite seeks passwords stored insecurely in your browsers and moves them to encrypted storage, but doesn't do any password management beyond that protective step.

Icloak Stik is a tiny, bootable USB device that provides you with an entire private operating system; more about that below. Within that private OS, it offers the One Ring password manager built into the Tor Browser. That's important, because your existing password manager won't work in the Icloak environment.

Many Other Modes

Just as your private data can be exposed in many ways, software companies find a variety of ways to protect it. One unusual service comes from Abine DeleteMe. Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data. It searches dozens of websites that legally aggregate public information. Wherever it finds you, it sends an opt-out request to remove your data. This process can't be fully automated, so DeleteMe is relatively expensive.

Icloak Stik takes privacy to an extreme. You plug this tiny USB device into any PC, Mac, or Linux box and reboot. The Linux-based operating system that comes up resides entirely on the USB device. If you don't need to copy any files to the device, you can pocket it after booting up. And you can hide your IP address by going online with the Tor Browser. Once you shut down the host device, all traces of your session vanish.

If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe, provided you've encrypted it. We've covered numerous products solely devoted to encrypting files, folders, or whole drives. Some privacy products broaden their protection by including encryption. Steganos Privacy Suite, for example, includes the Steganos Safe encryption tool, also available as a standalone product.

Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files. You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others.

With Preveil, storing essential files in your encrypted cloud is a snap. You just treat that cloud like any other folder. Sharing with other Preveil users is also easy. 

Virtru doesn't offer cloud storage, but it gives you unusual control over your messages and attachments. You can set messages to expire, disable secure forwarding, and add a watermark to some kinds of attachments. You can also convert attachments into a protected form that only the recipient can view, just like a Virtru message.

Protect the Protectors

When you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness. If you use an easily-guessed password, or if a stranger shoulder-surfs your login, you could lose control of your privacy protection. That's where two-factor authentication comes in.

The concept is simple. With two-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint). Quite a few of the privacy tools examined here offer a two-factor option, specifically Abine Blur, Burner Mail, Private-Mail, StartMail, and Steganos Privacy Suite.

All these products rely on Google Authenticator or another Time-based One-Time Password generator. To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program. Enter the code generated by the app and you're done. Now, your password alone doesn't grant access to the privacy program. A password thief won't be able to enter the code from your authenticator app, and hence won't get in.

Preveil also provides a degree of two-factor authentication by the very nature of its encryption. Connecting to your encrypted mail is easy and automatic provided that you have access both to the email account and to a trusted device. An evildoer who cracks your email account still won't gain access to your encrypted mail and files. And if you lose a trusted device, you can cancel your trust.

As for Virtru, it doesn't require a password and doesn't offer two-factor authentication. You prove your identity by logging into your Gmail account. That being the case, you'd do well to protect that Gmail account using two-factor authentication.

These aren't the only programs for protecting your privacy, and this isn't an exhaustive list of privacy-cloaking techniques. However, all these programs do their best to keep you safe from advertisers, spies, and creeps online.

Abine Blur

39.00 Per Year at Abine, Inc.
CHECK PRICE

Your subscription to Abine Blur Premium brings a veritable smorgasbord of privacy-enhancing features and services. Its masked emails feature automates the process of using a different disposable email address for every transaction. If one of those masked emails starts getting spam, you can just delete it, and you know which merchant sold you out.

What's the use in masking your email when you're giving the merchant something even more sensitive—your credit card number? Blur masks card numbers, too, and each masked card only has enough value to pay the particular transaction. No shady merchant can charge you extra, or fake another transaction on your card.

You can have all the masked emails you want, but masked cards require a small payment, because Abine expends resources processing the payment. Masked phone numbers are still more limited; you get just one. But when you use that masked phone number, you can be sure your contact won't benefit by selling it to robocallers or text spammers.

It's a small step from tracking your disposable email addresses to tracking your logins for all those websites. Blur includes a complete, if basic, password manager. Most password managers praise you for using a different password at each website; Blur gives you extra credit if you also use a masked email address for each.

Blur securely syncs your password and payment data across all your PCs, Macs, and mobile devices. Its browser extensions offer full access to program features and include an active Do Not Track component that foils advertisers and other trackers. On top of all that, Blur spells out how it handles your data in clear, simple detail. It's a cornucopia of privacy protection.

Abine Blur Premium Review

PreVeil

Visit Site at PreVeil
SEE IT

Preveil lets you exchange encrypted email without having to switch to a special, new email account. You just keep using your existing email with Gmail, Outlook, Apple Mail, or the Mail apps built into Android and iOS. Using it with another email client requires a little work, but it's possible. You don't have to memorize or exchange passwords. The combination of access to your email account and use of a trusted device authenticates you.

With almost any encryption system, losing your master key or password means you lose access to your files. Some even make you accept a disclaimer to that effect. Preveil offers an unusual system from the deep reaches of crypto technology. Called Shamir's Secret Sharing, it lets you set up a pool of fellow Preveil users who can help you regain a lost key. They don't get any access to your key, but several of them working together can rebuild it for you.

Preveil brings top-tier enterprise-grade encryption technology to the consumer, yet presents it in a user-friendly way. This free solution is our Editors' Choice for email encryption.

PreVeil Review

ProtonMail

Visit Site at ProtonMail
SEE IT

You use ProtonMail the same way you'd use any web-based email service. The difference is that email conversations with other ProtonMail users are automatically protected using public key encryption. The same is true for any correspondent whose public key you've imported. You can also send encrypted mail to outsiders using a simpler form of encryption.

If you don't need more than 150 messages per day and 500MB of storage for email, you can use ProtonMail for free. Even a paid subscription isn't expensive, at $5 per month or $48 per year. The paid edition gets you 1,000 messages per day, along with the ability to create up to four protected email addresses, full tech support, and 5GB of email storage. This is a simple, solid email encryption solution.

ProtonMail Review

TrackOFF Basic

TrackOFF Basic

Advertisers really care what you do online. The better they can profile you, the more they can target ads. A nice juicy personal profile is also a commodity they can sell. With the proliferation of active Do Not Track systems, some trackers have switched to a technique called browser fingerprinting. And TrackOFF Basic stands square in their way, ensuring that your browser does its job without painting a target on your back.

Every time you visit a website, your browser sends a ton of information. It has to send your IP address, to receive the requested pages. But it also sends the browser version, OS details, even the fonts installed on your PC. Nominally, this information helps the website fine-tune your browsing experience. But there's so much data spewing from the browser that trackers can easily create a unique fingerprint, and thereby recognize you when you visit a different site.

TrackOFF doesn't suppress the info coming from your browser, as that could cause problems with some sites. It just mixes things up a little, presenting a slightly different fingerprint to each website. It does cost $34.95 per year, but that's fine for some tracking-sensitive souls.

TrackOFF Basic Review

Virtru Email Protection for Gmail

Virtru

Visit Site at Virtru
SEE IT

Like Preveil, Virtru is a consumer product that takes advantage of technology developed for the corporate world. Also like Preveil, it's free, and doesn't require that you change your email address. However, it only works with Gmail accounts, and only if you access them using Chrome.

Corporations can set up in-house handling of encryption keys. With the consumer edition, Virtru takes on that role. You never enter a password or share a key. By logging in to your Gmail account, you get full access to your encrypted email. If that seems unsafe in any way, consider enabling two-factor authentication for Gmail itself.

Virtru offers unusual control over your encrypted email messages. You can set them to expire after a fixed time, and change that time (or revoke access) even after sending the message. You can control the recipient's ability to forward secure messages. And you can watermark certain attachment types, to prove they came from you.

Yes, only those who access their Gmail on Chrome can make use of this tool. But the pools of Gmail users and of Chrome users are large enough to guaranteed quite a few potential users.

Virtru Email Protection for Gmail Review

Abine DeleteMe

129.00 20% Discount on any DeleteMe subscription with code PCMAG at DeleteMe
SEE IT

Some DEA services require you to create a new, pristine email account to receive the mail from your disposable addresses, while others feed directly into your existing inbox. The latter approach is more convenient, but it comes with a problem. Your email address, along with other personal information, is already scattered across the interwebs. Completely wiping that information from the web is impossible, but Abine DeleteMe does everything that is possible to minimize your exposure.

DeleteMe scans websites for dozens of information aggregating websites. These sites legally collect public information and make it easy to find. They also legally must remove your info if you so request. DeleteMe automates the opt-out process as much as possible. However, automation isn't possible in some cases, so Abine retains a staff of human operators to handle those. Every six months, you get a report of what DeleteMe found, and what was removed.

Unlike automated opt-out algorithms, those human operators must be paid. That's why DeleteMe costs more than most privacy services, $129 per year. You can often find discounts, or deals to add a family member.

Read More...

[Source: This article was published in pcmag.com By Neil J. Rubenking - Uploaded by the Association Member: Issac Avila]

Categorized in Internet Privacy

The internet is a vast system of an interconnected network that provides information and communication anytime, anywhere. This 19th-century invention took the world by storm. However, it is still surprising to date how much information can get accessed on the internet without any hassle. With the ease of access, privacy is also a valuable commodity that gets easily accessible on the internet. It is the privacy that sets humans apart from animals. Meanwhile, this privacy is nowhere safe on the internet. Your personal information like emails, income, business details, and the location are all exposed on the internet.
One of the main reasons for that is your information is worth much money for different businesses. They can use your information for marketing campaigns and attract customers towards their products.

However, this information is valid for usage to some extent. But if this information gets revealed to others, it can lead to severe problems. By information leakage, most of the ransomware attacks and malicious phishing scams. It is causing great harm to users on the internet. In this case, the protection of online privacy is extremely crucial to keep a safe side from these attacks. With that said, let’s discuss six steps that you should take to protect your online privacy.

LIMIT PERSONAL INFORMATION ON SOCIAL MEDIA

Almost everyone uses social media services like Facebook, Twitter, and Instagram. Social media allows you to share pictures, videos, and other kinds of information to help your friends find you. Now, this information gets exposed to your friends, but dangerous hackers can also use it against you. Cybercriminals use this information for identity theft and phishing, which can lead to severe problems.

Different universities like the University of Nevada Reno, produce professionals in cybersecurity. According to these cybersecurity professionals, one way to avoid this situation is by avoiding oversharing the information. Always avoid sharing your actual location on social media and limit its usage. For instance, if you share pictures of your pet, then never share its name on the internet. The cybercriminals can dig through your social media to find essential information like pet names. Some financial services ask security questions like maiden names or pet names while changing passwords. In this case, it is always advisable never to share personal information briefly.

KEEP EMAILS AND PHONE NUMBERS PRIVATE

 Sharing your emails and phone numbers everywhere on the internet is not a good idea. It is because emails and phone numbers can get used against you for phishing and ransomware attacks. Moreover, your inbox and mails will be overwhelmed with tons of spam emails and robotic calls for winning the lottery. Indeed, you can not just avoid sharing the emails on the internet. But it is advised never to give this information randomly. You can create a separate email account and SIM registration for shopping and business to secure your emails. This way, you can keep your emails separated from the random emails and phone calls from strangers and block them whenever you want.

 TURN ON PRIVATE BROWSING

No matter how vigilant you are on the internet, you will always leave a trail back to your activity. The internet continually tracks your movements and offers content based on this activity. If you are also concerned about this system behavior, then you can opt for private browsing. Private browsing is one of the safest ways to use the internet without recording your activity online. Most of the websites use cookies and software to identify the interests and search data. However, private browsing deletes any installed cookies and internet cache as soon as you log out of the internet.

USE A VPN

Apart from private browsing, a VPN or Virtual Proxy Network can also protect your online privacy. This network software works by creating a private network with the public internet. This private network creates a secure tunnel to mask your IP, thus hiding your online activities. Primarily VPNs must always be used while using public wifi. The wifi services in the library, restaurants, and train stations are unmasked to the hackers and cybercriminals. In this case, the VPN software can ensure security for incoming and outgoing traffic. Thus, all of your information stays private.

USING TWO-FACTOR AUTHENTICATION

 Two-factor authentication is another buzzword in the technological world. But it is immensely useful to secure your privacy. Since you protect all of your accounts with a most strong password, it is not always enough for their security. Hackers and cybercriminals always seek new approaches to find your password and disclose your confidential information. You can still secure your accounts by adding a two-factor authentication on all of your accounts. With this two-factor authentication, you will receive a secret code on your phone. This secret code is valid for 60 seconds only, giving a shorter frame to the hacker to decrypt your password.

UPDATE APPS & SOFTWARE

 Avoiding apps and software updates is never a good idea. The developers of these apps are continually improving and strengthening security to protect user privacy on the internet. On the other side, hackers always look for anomalies and leaks in the most used apps to get hands-on personal information. All you need to do is enable automatic updates for apps, and the computer and system will do the job itself. FINAL WORDS No matter how heedful you are, hackers will always find new ways to attack. However, incorporating these steps into daily life can significantly improve privacy protection and save the day. Still watch out for wrong links and websites and install an antivirus to keep a safe side from the potential threats.

[Source: This article was published in latesthackingnews.com By LHN Server - Uploaded by the Association Member: Deborah Tannen]

Categorized in Internet Privacy

[Source: This article was Published in pcmag.com By Max Eddy - Uploaded by the Association Member: Logan Hochstetler]

Once Incognito Mode is engaged in Maps, 'you can search and navigate without linking this activity with your Google account,' says CEO Sundar Pichai

Google first introduced Incognito Mode years ago with the release of the Chrome browser. Now, as part of a larger push to enhance consumer privacy, the search giant is adding Incognito Mode to both Google Search and Google Maps.

When Incognito Mode is engaged in Chrome, your activities aren't stored in your browser history. It also disables cookies, which are used to identify and sometimes track individuals around the web, and turns off browser extensions. It doesn't hide your online activity, as a VPN would.

Google Maps

Google first introduced Incognito Mode years ago with the release of the Chrome browser. Now, as part of a larger push to enhance consumer privacy, the search giant is adding Incognito Mode to both Google Search and Google Maps.

When Incognito Mode is engaged in Chrome, your activities aren't stored in your browser history. It also disables cookies, which are used to identify and sometimes track individuals around the web, and turns off browser extensions. It doesn't hide your online activity, as a VPN would.

Incognito mode for Google Maps will be similar, Google CEO Sundar Pichai explained in a blog post. Once Incognito Mode is engaged in Maps, "you can search and navigate without linking this activity with your Google account," he wrote.

Google Maps Incognito Mode

You may have noticed that when you search in Google, meanwhile, your old searches sometimes pop up again. Google uses your activity to tailor the results for you, but not so with Incognito Mode for Search.

Incognito for Google Maps and Search are coming later this year. Google has already rolled out an Incognito Mode for YouTube. "We strongly believe that privacy and security is for everyone, not just a few," said Pichai.

While this is an important move for Google, it's not yet clear what information will be saved when these new Incognito modes are engaged, and what the limitations will be. We have to assume that, like Incognito for Chrome, you won't be totally invisible.

Categorized in Search Engine

[This article is originally published in techradar.com - Uploaded by AIRS Member: Clara Johnson]

Top tips to stay secure online and maintain your privacy

Staying safe online represents a significant challenge, and for families, this is even more difficult with younger internet users too often unaware of the dangers that can lurk on the web. Well, just like any sane parent would not let their child wander around Times Square on their own, neither should these same children be let loose on the internet to roam free.

It can be difficult to maintain privacy online, with more of our data flowing onto the internet, including family photos and finances, to name a couple of potentially sensitive areas. Many folks are seemingly facing challenges in this respect, as last year in the US, there were a staggering 16.7 million incidents of identity fraud, with a total of $16.8 billion (around £12.7 billion) stolen, according to the Insurance Information Institute.

While these are alarming statistics, there is plenty that can be done to keep you and your family from becoming victims. Here are six essential ways to maintain your privacy online.

1. Avoid public Wi-Fi

Public Wi-Fi in airports, libraries, hotels and coffee shops is an attractive resource in terms of staying in touch when away from home. These are open Wi-Fi spots, and many stores have them available these days, but the problem is that they are not encrypted like your home router’s wireless connection.

When using these wireless hotspots, you should be very cautious, particularly in situations where sensitive data is transmitted, such as account credentials or financial details. This is because a process known as Wi-Fi sniffing can be carried out, and the unencrypted packets of data can be grabbed by anyone within wireless reach of the signal – this is a form of wireless eavesdropping if you will.

An additional danger is that malicious types can set up their own rogue Wi-Fi network masquerading as a legitimate free Wi-Fi spot, with the attacker being able to steal you and your family’s data.

In short, it is best to avoid using public Wi-Fi completely if possible, but potential workarounds including surfing with a VPN, or tethering to a smartphone, and encrypting the Wi-Fi signal so no unencrypted data gets transmitted. Also, don’t log into financial accounts while away from home.

2. No phishing here

Phishing scams are an attempt to extract sensitive information from an individual via a fraudulent email. Most folks know not to respond to the ‘Nigerian prince’ scam, requesting you to wire them money so you can subsequently inherit millions.

However, phishing scams are getting craftier, and now include authentic details, official logos, and originate from email addresses that seem legitimate at first glance as they include the company’s name in them.

Children using email should be warned never to respond to these emails. Also, banks and the IRS do not ask for your financial information via unsolicited emails. Good practice is for the emails in question to be forwarded to the fraud department of the respective organization which can be easily found via a web search – for Apple it is ‘This email address is being protected from spambots. You need JavaScript enabled to view it.’ for example – and then delete the email.

Finally, if the message includes an attachment, don’t be curious and be sure to never open it, as this will inevitably infect your PC with malicious code, opening your system up to an attack.

3. VPN

VPN is an excellent tool to keep your privacy online. Rather than your data leaving the home network and going onto the internet all out in the open, instead it goes to a distant server via an encrypted tunnel that creates a high level of privacy.

This is especially useful, as mentioned above, to make using a public Wi-Fi connection more secure. This is also handy on your home connection to ensure privacy, and that includes avoiding any potential snooping from your Internet Service Provider. In the past, ISPs have been called out for tracking users and selling their data (as if they did not make enough money already).

To celebrate National Cyber Security Awareness Month, IPVanish is giving a 69% discount on two year plans throughout October 2018, making its top-tier protection effectively $3.74 (£2.83) per month.

4. Batten down the passwords

Strong security starts with a strong password. You should have a Wi-Fi password of at least 12 characters or longer, with a combination of uppercase letters, lowercase letters, special characters, and numbers. Then apply this same principle to all of your online accounts, so they are safe from ‘brute force attacks’ that randomly try dictionary words.

While the above may sound obvious to more veteran users, research has found the most common passwords are ‘123456’ and ‘password’. Clearly too many folks are taking the lazy route, and the entire family needs to educated on this best practice for creating strong passwords to protect accounts. Another fundamental tip: never reuse the same passwords over different accounts.

5. Take two

While stronger passwords are vital to keeping accounts secure, another important point is that you shouldn’t rely on them completely. A complex password may afford protection from a brute force attack, but it can still be obtained if, for example, a hacker breaks into the online database of passwords. This has become such a regular occurrence these days that there are even websites entirely devoted to letting users enter their credentials to check if their account is known to have been hacked.

Rather than relying totally on one password, there is an alternative and better approach known as ‘two-factor authentication’ (abbreviated to 2FA). The idea is that two pieces of information are better than one, and to log into the account, you need something that you know – namely the password, which should still be a strong one as per the recommendations above – and also something that you have.

The something that you have – and presumably the hacker won’t – is most commonly a mobile phone, which can be employed for 2FA in several ways. The service you are logging into might text you a special code which you then enter as well as the password. However, this particular method can be vulnerable to being defeated via SIM card cloning (although that’s not exactly common).

The more secure, and therefore preferred option, is an authenticator app, which is installed on the smartphone, and performs the function of a security token, as it provides a number code that is only valid for a brief minute or less.

Another option for 2FA is a physical security key, the so-called USB 2FA.

In short, you should make sure that 2FA is enabled on all accounts that support it, and if you have a choice, use the authenticator app method. Teach the rest of the family how to use 2FA, as well.

6. Look before you leap

No discussion of online privacy would be complete without mentioning those pesky app permissions that pop up when installing a new application. While folks tend to just want to get their app working, they really should make sure that what the app is asking to access makes sense.

For example, it would follow for a reputable photo editing app to need access to your library of images, or else it wouldn’t be of any use. However, when you download that free calculator app, you might start to wonder why such an app would need access to your microphone, GPS or your contacts, as the intended use of the application should not involve any of those smartphone functions.

For those who aren’t careful, going along with such excessive permissions might be a serious threat to privacy, and could lead to you being tracked or eavesdropped upon. Does that seem paranoid? Well, there are already examples of smartphone apps using the device’s microphone to track TV viewing habits.

Categorized in Internet Privacy

Source: This article was Published productwatch.co By Kevin Meyer - Contributed by Member: David J. Redcliff

I don’t think I’m blowing your mind when I say most sites are trying to collect your data. If you don’t have to pay for the product, you are the product — it’s the reason Movie Pass doesn’t mind taking a loss if you see more than one movie a month, though who knows how long that experiment will last.

So, if you want to protect your privacy, you will have to put in some effort. Thankfully, there are services you can use to make your job easier. And we’ll show you both which ones are efficient, and how to use them.

uBlock Origin

The very first extension you should get when you get a new device is a good ad-blocker. Not many are better than uBlock Origin. Essentially, this service will filter the content you see in your browser. Also, unlike other ad-blockers, uBlock doesn’t slow your browser down.

Furthermore, using it is a breeze. All you need to do is install the extension and let it run. The default settings are such that the standard filters for ads, privacy, and malware are active. You just need to let the extension run.

In the meantime, if you want to change the settings, you can easily do so by clicking the shield icon next to your URL bar.

BitDefender

BitDefender is one of the biggest companies that offer device protection services. In fact, if you choose to use their products, you will be one of over 500 million users they have. They offer multiple tools that can protect your computer from harm. And, more importantly for this article, they also offer online privacy tools. For example, their BitDefender VPN tool is possibly the best VPN tool you can get.

The interface is rather simple, and once you start using the tool, you will see how easy it can be to protect yourself.

Unshorten.It

Short URLs were very popular when they first came out. After all, they are a lot tidier than the usual bunch of symbols you might get. However, not long after, they became one of the serious threats to your computer’s safety. Namely, even though the link says it is going to take you to a funny site, it might just take you to a site that will mug you instead.

Naturally, you might want to get a tool that will let you analyze the said short URLs. That is where unshorten. It comes into play. This service lets you see exactly what page you will visit if you follow the link. It will give you the description, the safety ratings, and even screenshots of web pages you might unwittingly visit.

HTTPS Everywhere

Do you want to have Internet privacy, but you are not ready to go as far as using Tor? Well, in that case, it seems like HTTPS is the right extension for you. This Chrome, Firefox, and Opera extension will let you encrypt your communications on almost all major websites. Thankfully, a lot of websites already support encryption over HTTPS. But, they tend to make it difficult to use properly. On the other hand, using HTTPS Everywhere is easy and intuitive. Overall, it is a great way to make your surfing a lot safer.

No Coin

Another danger of using unknown websites lies in the fact that many of them will use your resources to mine cryptocurrencies. In essence, these websites will hack your device and use its processing power for themselves.

Now, you might think it’s not that bad. You are only on the website for a couple of minutes at a time. But, the issue doesn’t stop there. Namely, once they do hack your device, they can keep using it for a long time after you visit their website. Thankfully, you can use No Coin to stop the websites from doing this to you. With this service, you should see noticeable improvements in your computer’s performance.

Punycode Alert

Punycode Alert is an extension that will give you a notification if you venture onto a phishing website that uses Unicode to trick you. For those who don’t know what phishing is, in layman’s terms, it is a practice of stealing someone’s information by setting up an imitation of a successful website.

Unfortunately, it is not uncommon for phishing websites to trick people out of thousands of dollars. The reason these traps are incredibly effective is that their URLs look exactly like you would expect them to. So, you might very well follow a URL that reads as “apple.com” and ends up on a completely different website. We definitely recommend using Punycode Alert to protect yourself from such websites.

LastPass

Coming up with good passwords is not easy. You might think that your birthday is as good a password as any, but that couldn’t be further away from the truth. Fact is, a lot of people use passwords that are too weak to protect their data. And the reason for that is simple – they don’t want to bother with remembering complex passwords.

That is where LastPass comes in. This tool will let you store all of your passwords and use them without having to type them out. In essence, this password manager will let you use unbeatable passwords without having to worry about forgetting them.

ProtonVPN

Using VPN services is of utmost importance if you want your data to remain safe. And ProtonVPN is one of the best providers you can find. The company behind this service created ProtonVPN to give protection to activists and journalists around the world. And, not only that, but it will also let you avoid Internet censorship and visit websites that are trying to lock you and other people from your country out.

1.1.1.1

If you don’t feel like you want to go to extremes to protect your data, but you still don’t want your DNS resolver to sell your data to advertisers, you might want to consider using 1.1.1.1. This service, in essence, is a public DNS resolver that respects your privacy and offers you a fast way to browse the web.

DuckDuckGo

The first thought that might pop into your mind when you want to search for something online is probably: “I’ll just Google it.” However, you should be aware by now that Google is not only guilty of storing your data, but it also doesn’t offer the same results to everyone. In fact, it is almost impossible to find unbiased results by using Google. However, DuckDuckGo will help you protect your privacy and give you objective search results. And, you don’t have to do a lot to make this change. Simply switch to DuckDuckGo as your primary search engine, and you are good to go.

Categorized in Internet Privacy

Source: This article was published entrepreneur.com By Brian Byer - Contributed by Member: Clara Johnson

Consumers do enjoy the convenience of the apps they use but are individually overwhelmed when it comes to defending their privacy.

When it comes to our collective sense of internet privacy, 2018 is definitely the year of awareness. It’s funny that it took Facebook’s unholy partnership with a little-known data-mining consulting firm named Cambridge Analytica to raise the alarm. After all, there were already abundant examples of how our information was being used by unidentified forces on the web. It really took nothing more than writing the words "Cabo San Lucas" as part of a throwaway line in some personal email to a friend to initiate a slew of Cabo resort ads and Sammy Hagar’s face plastering the perimeters of our social media feeds.

In 2018, it’s never been more clear that when we embrace technological developments, all of which make our lives easier, we are truly taking hold of a double-edged sword. But has our awakening come a little too late? As a society, are we already so hooked on the conveniences internet-enabled technologies provide us that we’re hard-pressed making the claim that we want the control of our personal data back?

It’s an interesting question. Our digital marketing firm recently conducted a survey to better understand how people feel about internet privacy issues and the new movement to re-establish control over what app providers and social networks do with our personal information.

Given the current media environment and scary headlines regarding online security breaches, the poll results, at least on the surface, were fairly predictable. According to our study, web users overwhelmingly object to how our information is being shared with and used by third-party vendors. No surprise here, a whopping 90 percent of those polled were very concerned about internet privacy. In a classic example of "Oh, how the mighty have fallen," Facebook and Google have suddenly landed in the ranks of the companies we trust the least, with only 3 percent and 4 percent of us, respectively, claiming to have any faith in how they handled our information.

Despite consumers’ apparent concern about online security, the survey results also revealed participants do very little to safeguard their information online, especially if doing so comes at the cost of convenience and time. In fact, 60 percent of them download apps without reading terms and conditions and close to one in five (17 percent) report that they’ll keep an app they like, even if it does breach their privacy by tracking their whereabouts.

While the survey reveals only 18 percent say they are “very confident” when it comes to trusting retails sites with their personal information, the sector is still on track to exceed a $410 billion e-commerce spend this year. This, despite more than half (54 percent) reporting they feel less secure purchasing from online retailers after reading about online breach after online breach.

What's become apparent from our survey is that while people are clearly dissatisfied with the state of internet privacy, they feel uninspired or simply ill-equipped to do anything about it. It appears many are hooked on the conveniences online living affords them and resigned to the loss of privacy if that’s what it costs to play.

The findings are not unique to our survey. In a recent Harvard Business School study, people who were told the ads appearing in their social media timelines had been selected specifically based on their internet search histories showed far less engagement with the ads, compared to a control group who didn't know how they'd been targeted. The study revealed that the actual act of company transparency, coming clean about the marketing tactics employed, dissuaded user response in the end.

As is the case with innocent schoolchildren, the world is a far better place when we believe there is an omniscient Santa Claus who magically knows our secret desires, instead of it being a crafty gift exchange rigged by the parents who clearly know the contents of our wish list. We say we want safeguards and privacy. We say we want transparency. But when it comes to a World Wide Web, where all the cookies have been deleted and our social media timeline knows nothing about us, the user experience becomes less fluid.

The irony is, almost two-thirds (63 percent) of those polled in our survey don’t believe that companies having access to our personal information leads to a better, more personalized, online experience at all, which is the chief reason companies like Facebook state for wanting our personal information in the first place. And yet, when an app we've installed doesn't let us tag our location to a post or inform us when a friend has tagged us in a photo or alerted us that the widget we were searching for is on sale this week, we feel slighted by our brave new world.

With the introduction of GDPR regulations this summer, the European Union has taken, collectively, the important first steps toward regaining some of the online privacy that we, as individuals, have been unable to take. GDPR casts the first stone at the Goliath that’s had free rein leveraging our personal information against us. By doling out harsh penalties and fines for those who abuse our private stats -- or at least those who aren’t abundantly transparent as to how they intend to use those stats -- the EU, and by extension, those countries conducting online business with them, has finally initiated a movement to curtail the hitherto laissez-faire practices of commercial internet enterprises. For this cyberspace Wild West, there’s finally a new sheriff in town.

I imagine that our survey takers applaud this action, although only about 25 percent were even aware of GDPR. At least on paper, the legislation has given us back some control over the privacy rights we’ve been letting slip away since we first signed up for a MySpace account. Will this new regulation affect our user experience on the internet? More than half of our respondents don’t think so, and perhaps, for now, we are on the way toward a balancing point between the information that makes us easier to market to and the information that’s been being used for any purpose under the sun. It’s time to leverage this important first step, and stay vigilant of its effectiveness with a goal of gaining back even more privacy while online.

Categorized in Internet Privacy

The Internet is massive. Millions of web pages, databases and servers all run 24 hours a day, seven days a week. But the so-called "visible" Internet—sites that can be found using search engines like Google and Yahoo—is just the tip of the iceberg. Below the surface is the Deep Web, which accounts for approximately 90 percent of all websites. As noted by ZDNet, in fact, this hidden Web is so large that it's impossible to discover exactly how many pages or sites are active at any one time. This Web was once the province of hackers, law enforcement officers and criminals. However, new technology like encryption and the anonymization browser software, Tor, now makes it possible for anyone to dive deep if they're interested.

 

Defining the Deep/Dark Web

There are a number of terms surrounding the non-visible Web, but it's worth knowing how they differ if you're planning to browse off the beaten path. According to PC Advisor, the term "Deep Web" refers to all Web pages that that are unidentifiable by search engines. The "Dark Web," meanwhile, refers to sites with criminal intent or illegal content, and "trading" sites where users can purchase illicit goods or services. In other words, the Deep covers everything under the surface that's still accessible with the right software, including the Dark Web. There's also a third term, "Dark Internet" that refers to sites and databases that are not available over public Internet connections, even if you're using Tor. Often, Dark Internet sites are used by companies or researchers to keep sensitive information private.

While many news outlets use "Deep Web" and "Dark Web" interchangeably, it's worth noting that much of the Deep is actually benign. Everything from blog posts in review to Web page redesigns still in testing to the pages you access when you bank online are part of the Deep and pose no threat to your computer or safety at large. As CNN Moneyillustrates, big search engines are like fishing boats that can only "catch" websites close to the surface. Everything else, from academic journals to private databases and more illicit content, is out of reach.

Access

Most people who wish to access the Deep Web use Tor, a service originally developed by the United States Naval Research Laboratory. Think of Tor as a Web browser like Google Chrome or Firefox. The main difference is that, instead of taking the most direct route between your computer and the deep parts of the Web, the Tor browser uses a random path of encrypted servers, also known as "nodes." This allows users to connect to the Deep Web without fear of their actions being tracked or their browser history being exposed. Sites on the Deep also use Tor (or similar software such as I2P) to remain anonymous, meaning you won't be able to find out who's running them or where they're being hosted.

Many users now leverage Tor to browse both the public Internet and the Deep. Some simply don't want government agencies or even Internet Service Providers (ISPs) to know what they're looking at online, while others have little choice—users in countries with strict access and use laws are often prevented from accessing even public sites unless they use Tor clients and virtual private networks (VPNs). The same is true for government critics and other outspoken advocates who fear backlash if their real identities were discovered. Of course, anonymity comes with a dark side since criminals and malicious hackers also prefer to operate in the shadows.

Use and Misuse

For some users, the Deep Web offers the opportunity to bypass local restrictions and access TV or movie services that may not be available in their local areas. Others go deep to download pirated music or grab movies that aren't yet in theaters. At the dark end of the Web, meanwhile, things can get scary, salacious and just plain...strange. As noted by The Guardian, for example, credit card data is available on the Dark Web for just a few dollars per record, while ZDNet notes that anything from fake citizenship documents to passports and even the services of professional hit men is available if you know where to look. Interested parties can also grab personal details and leverage them to blackmail ordinary Internet users. Consider the recent Ashley Madison hack—vast amounts of account data, including real names, addresses and phone numbers—ended up on the Dark Web for sale. This proves that, even if you don't surf the murky waters of the Dark Web, you could be at risk of blackmail (or worse) if sites you regularly use are hacked.

Illegal drugs are also a popular draw on the Dark Web. As noted by Motherboard, drug marketplace the Silk Road—which has been shut down, replaced, shut down again and then rebranded—offers any type of substance in any amount to interested parties. Business Insider, meanwhile, details some of the strange things you can track down in the Deep, including a DIY vasectomy kit and a virtual scavenger hunts that culminated in the "hunter" answering a NYC payphone at 3 a.m.

Real Risks

Thanks to the use of encryption and anonymization tools by both users and websites, there's virtually no law enforcement presence down in the Dark. This means anything—even material well outside the bounds of good taste and common decency—can be found online. This includes offensive, illegal "adult" content that would likely scar the viewer for life. A recent Wired article, for example, reports that 80 percent of Dark Web hits are connected to pedophilia and child pornography. Here, the notion of the Dark as a haven for privacy wears thin and shores up the notion that if you do choose to go Deep, always restrict access to your Tor-enabled device so children or other family members aren't at risk of stumbling across something no one should ever see. Visit the Deep Web if you're interested, but do yourself a favor: don't let kids anywhere near it and tread carefully—it's a long way down.

 Source: This article was published usa.kaspersky.com

Categorized in Deep Web

The Merriam-Webster dictionary defines security as measures taken to guard against espionage or sabotage, crime, attack, or escape. Those descriptive words also apply to the protections you must take when you're online to safeguard your security and privacy. We all realize by now that the Internet is full of hackers looking to steal anything of value, but worse yet, the government that has pledged to be ‘by the people, for the people’ often intrudes on our privacy in the name of national security.

This guide, however, is not for those engaged in covert activities that need would shielding from the prying eyes of the NSA. It is intended to be a basic guide for people who use the Internet on a daily basis for:

  • Work
  • Social Media Activity
  • E-commerce

Whether your online activity is largely confined to a desktop, or you're a mobile warrior on the go, implementing the proper security and privacy protocols can protect you from hackers and also prevent your ISP provider from knowing every single website you’ve ever accessed.

What follows is a basic guide that anyone can use to beef up online security and ensure as much privacy as possible, while being mindful that total anonymity on the Web is nearly impossible.

ONLINE SECURITY FOR DESKTOPS, LAPTOPS, AND MOBILE DEVICES

Install Software Updates

At the minimum, you need to make sure that you install the most recent software updates on all your desktop and mobile devices. We know that updates can be a pain, but they can ensure that your software is as secure as possible.

In fact, you will often notice that many update messages are related to some type of security glitch that could make it easier for someone to gain access to your information through the most common browsers such as Firefox, Safari and Chrome.

If you take your sweet time installing an update, it gives hackers that much more time to gain access to your system through the security flaw that the update was designed to fix.

Most of the major brands such as Apple and Samsung will send users messages on their desktops, laptops and mobile devices the moment they release a security update.

For example, Apple recently released new security updates for its iPhones, iPads and Macs for a computer chip flaw known as Spectre. This flaw affected billions of devices across all the major systems, including iOS.

Apple immediately sent a message to all its mobile users to install an update, which included security patches to block hackers from exploiting the flaw in the chip. The company also sent emails to desktop users to install Mac OS High Sierra 10.13.2, which included fixes to Safari for laptops and desktops.

The point is that you don’t need to worry that you won’t get these update prompts, because it’s in the best interests of the major brands to keep a massive hack from occurring. But if you want to ensure that you never miss an important update, there are several tools that can help you achieve this goal...

Update Tools for Mac Users

MacUpdate/MacUpdate Desktop – These two companion apps scan your desktop or mobile devices to locate software that needs updating. The desktop version has a menu bar that informs you when a software update is complete. The basic updating function is free to all users, but there are premium tiers that are ad-free, and include a credit system that rewards you for every new software you buy.

Software Update – This is a built-in app that you access through the Apple menu that opens the Mac App Store app and lets you click on the Updates tab. Software Update analyzes all the apps you’ve downloaded from the Mac App store to see if they’re updated. It does the same thing for your operating system software, which is a nice bonus.

Update Tools for PC Users

Patch My PC – If you choose the auto-update feature on this free tool, it automatically installs software patches on any application that has a security update. If you run the manual version, the program quickly scrolls through updated and non-updated applications and lets you check the ones you want to update and patch. One other useful aspect of this program is that you can run it using a flash drive.

TAKE ADVANTAGE OF ENCRYPTION

Encryption is a fancy word for a code that protects information from being accessed. There are various levels of encryption, and at the highest levels, encryption offers you the strongest protection when you are online. Encryption scrambles your online activity into what looks like a garbled, unidentifiable mess to anyone who doesn’t have the code to translate that mess back to its real content.

The reason this is important is that protecting your devices with only a password won’t do much to protect your data if a thief steals the device, accesses the drive and copies the data onto an external drive. If that device is encrypted, the data that the thief accesses and ports to another drive will still remain encrypted, and depend on the level of encryption, it will either take that thief a long time to break the code, or the thief will not be able to crack it.

Before we dive into some of the basics of encrypting desktops and mobile devices, remember that encryption has some drawbacks.

  • The main one is that if you lose the encryption key, it can be very difficult to access your data again. 
  • Second, encryption will affect the speed of your device because it saps the capacity of your processor.

This is a small price to pay, however, for all the benefits encryption offers in terms of security from intrusion and privacy from prying eyes that want to know exactly what you’re up to on the Internet.

Basic Encryption for Apple Devices

If you own an Apple mobile device such as an iPhone or iPad, these devices are sold with encryption as a standard feature, so all you need is a good passcode.

If you own a Mac desktop or laptop device, you can encrypt your device by using the FileVault disk encryption program that you access through the System Preferences menu under the ‘Security’ pull-down. Just follow the easy-to-understand directions to obtain your encryption key.

Basic Encryption for PCs and Android Devices

If you own a PC, you will need to manually encrypt your device. You can encrypt the newer PC models using BitLocker, a tool that’s built into Windows. BitLocker is only available if you buy the Professional or Enterprise versions of Windows 8 and 10, or the Ultimate version of Windows 7.

If you choose not to use BitLocker, Windows 8.1 Home and Pro versions include a device encryption feature that functions very much like BitLocker.

Newer Android phones including the Nexus 6 and Nexus 9, have default encryption. But for phones that are not encryption enabled, the process is not difficult.

For phones and tablets that run on Android 5.0 or higher, you can access the Security menu under Settings and select ‘Encrypt phone’ or ‘Encrypt tablet.’ You will have to enter your lock screen password, which is the same password necessary to access your files after encryption.

For phones and tablets that run on Android 4.4 or lower, you must create a lock screen password prior to initiating the encryption process.

PROTECT YOUR TEXT MESSAGING

Even before Edward Snowden became a household name with his explosive revelations about the extent of NSA’s wiretapping of Americans, it was obvious that text messages were vulnerable to interception by outside parties.

What’s even more insidious is that the information generated from your text messages, which is known as metadata, is extremely valuable. Metadata includes information about whom you communicate with, where that communication takes place and at what time.

Hackers and government agencies can learn a great deal about you through metadata, which is why it’s so important for you to protect the privacy of your text messages.

Fortunately, there are applications you can install to encrypt your text messages after they are sent to another person, and many don’t collect metadata.

Tools to Encrypt Your Text Messages

The signal is a free app that provides end-to-end encryption for Android and iOS, which means that only the people who are communicating on the text message can read the messages.

Any other party would need the encryption key to decrypt the conversation, and that includes the company that owns the messaging service. One of the big advantages of using Signal is that it collects very little metadata.

Another popular encrypted messaging service is WhatsApp, owned by Facebook, which works mostly on mobile devices. Remember to turn off all backups on your WhatsApp account by accessing Chats, then Chat Backup and setting Auto Backup to Off. This turns off backups on the app and the cloud.

If you don’t disable the Auto Backup feature, government and law enforcement agencies can access the backup with a search warrant. Why is that so risky? Because end-to-end encryption only covers the transmission of your messages and doesn’t protect messages that are in storage. In other words, law enforcement or government agencies could read the text messages stored in a cloud backup.

One other thing to remember is that although WhatsApp is considered one of the more secure apps for encrypting text messages, it does collect metadata.

And if a government or law enforcement agency obtained a search warrant, it could force Facebook to turn over that metadata, which would reveal things you might want kept private such as IP addresses and location data.

PROTECT YOUR BROWSING HISTORY

Whenever you’re on the Internet, there are people trying to see what you’re doing, when you’re doing it and how often you’re doing it. Not all these prying eyes have ill intent, and in many cases, they are marketers who are trying to track your online movements so they can target you for ads and offers. But enterprising hackers are also monitoring your activities, looking for weaknesses they can target to obtain your personal information. And your Internet Service Provider (ISP) gathers a ton of information based on your browsing history.

In the face of all these threats to privacy, how do you protect yourself when you’re online?

You can use a virtual private network (VPN), which acts exactly the way a standard browser does, but lets you do it anonymously. When you use a VPN, you connect to the Internet using the VPN provider’s service. All transmissions that occur when you get online with your mobile phone, tablet, desktop or laptop are encrypted. This protects all your online activity from the government as well as from your ISP, lets you access sites that would normally be restricted by your geographical location, and shields you from intrusion when you are at a public hotspot.

If someone tries to track your activity, your IP address will appear as that of the VPN server, which makes it nearly impossible for anyone to know your exact location, or your actual IP address. However, VPNs don’t provide you with total anonymity, because the VPN provider knows your real IP address as well as the sites you’ve been accessing. Some VPN providers offer a ‘no-logs’ policy, which means that they don’t keep any logs of your online activities.

This can be hugely important if you are up to something that the government takes an interest in, such as leading a protest group, and you want to make sure none of your online activities can be tracked.

But VPN providers are vulnerable to government search warrants and demands for information and must measure the possibility of going to jail by keeping your activity private, versus giving up your information and staying in business.

That’s why if you choose to go with a VPN, it’s important to do the research on a provider’s history and reputation. For example, there are 14 countries in the world that have shared agreements about spying on their citizens and sharing the information they unearth with each other. It may not surprise you to learn that the U.S,  Canada, United Kingdom, France, Germany, and Italy are all part of that alliance.

What may surprise you is that it’s best to avoid any VPNs that are based in one of these 14 countries, because of their data retention laws and gag orders which prevent VPN providers from telling their customers when a government agency has requested information on their online activities.

If you’re serious about VPNs and want to know which are trustworthy and which aren’t worth your time, we’ve done a pretty extensive review of VPN services that you can access here. Used correctly, VPNs can provide you with a high degree of privacy when you’re online, but in an era in which billions have joined social media platforms such as Facebook, and services such as Google, what are the privacy risks related to how these companies use your personal information?

HOW THE HEAVY HITTERS USE YOUR PERSONAL INFORMATION

Facebook

There isn’t much privacy when you join Facebook, especially since the company’s privacy policy blatantly states that it monitors how you use the platform, the type of content you view or interact with, the number of times you’re on the site, how long you spend on the site, and all the other sites that you browse when you’re not on Facebook.

How does Facebook know that little nugget? By tracking the number of times you click ‘Like’ on any site that includes a Facebook button.

Unfortunately, there isn’t much you can do to make Facebook more private. You can access the ‘Download Your Information’ tool to know exactly what the site has on you, and you can check your activity log to track your actions since you joined Facebook, but that’s about it.

Deleting your account will remove your personal information, but any information about you that your followers have shared in a post will remain on the site.

Google

Google stores personal information such as your name, email contact, telephone number, how you use the service, how you use sites with Ad Words, your search inquiries, and location tracking. More importantly, your name, email address, and photo are publically available unless you opt out.

To protect some of your privacy, you can edit a number of preferences, turn off location tracking, change your public profile and read what information Google has collected on you through the company’s data board.

Apple

Apple’s privacy policy states that it collects information such as your name, contacts and music library content, and relays them to its own servers using encryption. Apple’s News app analyzes your reading preferences to match them to ads targeted toward what you like.

Targeted advertising is one of Apple’s biggest con jobs, and that’s said with respect for the company’s ability to print money like no other business on earth. Apple has created ad-blocking technology in its iOS software to prevent outside companies from reaching its customers.

But it makes no bones about using personal information and personal preferences culled from its customers to supply them with an endless stream of targeted and intrusive ads.

You can opt out of what Apple calls ‘interest-based ads’, but the company pretty much lets you figure this out on your own.

Amazon

Amazon collects a ton of person information, including name, address, phone number, email, credit card information, list of items bought, Wish List items, browsing history, names, addresses and phone numbers of every person who has ever received an Amazon product or service from you, reviews you’ve posted, and requests for product availability alerts.

It isn’t much you can do to keep Amazon from being intrusive unless you’re not planning on using the site for purchases. For example, Amazon uses ‘cookies,’ which are snippets of data that attach to your browser when you visit the site.

Cookies activate convenient features such as 1-Click purchasing and generate recommendations when you revisit Amazon, but they also allow Amazon to send you ads when you’re on another website, which can feel like an invasion of privacy and are also annoying.

The problem is if you opt to turn off cookies on your Amazon account, you won’t be able to add items to your shopping cart or do anything that requires a sign-in, which pretty much eliminates all your buying options.

That gives you a general overview of how some of the big brands use your data so you’re aware of the implications of providing your personal information. Let’s wrap things up with some frequently asked questions about security and privacy.

FAQ'S ABOUT SECURITY AND PRIVACY

1. Can people really hack me at a coffee shop?

Most coffee shops offer public WiFi that has varying levels of security. In many instances, these free networks are not very secure, and even a low-level hacker could gain access to the transmissions occurring at the coffee shop by setting up a fake hotspot. If you want to get online at a coffee shop, do so through a VPN. If you don’t have a VPN, make sure you’re signing in under the name of the WiFi hotspot, and limit your activity to browsing instead of conducting financial transactions.

2. Is the NSA really watching me via my computer camera?

The NSA definitely has the technology to spy on you through your webcam. Edward Snowden revealed that the NSA has plug-in that can hack cameras and take pictures, record video and turn on the mic on a webcam to act as a listening device. One easy way to thwart this hack is to place a sticker on your webcam lens that prevents a hacker from seeing anything in your home.

3. Can Facebook see my messenger chats and change my feed based on those conversations?

Facebook’s Messenger feature uses security that it says is similar to what banks use to protect their clients’ financial information. Two years ago, Facebook added end-to-end encryption to its messenger feature, but users must activate it because it’s not a default. However, Facebook does use your profile, public photos, and public posts to better customize things such as the content of the News feed it sends to you.

4. When can - or can’t - the government get personal data from companies?

Under the Electronic Communications Privacy Act passed in 1986, government agencies can obtain subpoenas and search warrants to force technology companies like Google or Apple to provide information about a user or a group of users. Companies can refuse based on the Fourth Amendment ban against unreasonable search and seizure, but they face an uphill battle if the request is for a legitimate reason. Recently, Amazon refused an order by the state of Massachusetts to turn over data about third-party sellers. But the company relented after it was served with court order to provide the data or face legal consequences.

THE ONLY CONSTANT IS CHANGE

Privacy and security are two sides of the same coin, and while there is no way to guarantee total privacy or complete security in the digital world, the first step is to understand the tools available to you, and the ways in which your personal data is being used by big companies that want your business.

While this isn’t a comprehensive guide to every aspect of online security and privacy, it provides you with some best practices and important concepts that can help you better understand this complex and ever-changing issue. 

 Written By Alex Grant

Categorized in Internet Privacy

Written By Bram Jansen

A lot more people are concerned about privacy today than used to be the case a few years ago. The efforts of whistleblowers like Edward Snowden have a lot to do with this. Things have changed now that people realize just how vulnerable they are when browsing the web. When we say things have changed we mean people are starting to take their online privacy more seriously. It does not mean that the threats that you face while browsing has reduced. If anything, they have increased in number. If you still don’t look after your online privacy, there’s no time to think about it anymore. You have to take action now.

5 reasons to protect online privacy

1- Hide from government surveillance

Almost all countries of the world monitor the online activity of their citizens to some degree. It doesn’t matter how big or developed the country is. If you think that your government doesn’t look into your online privacy at all, you’re deluding yourself. The only thing that varies is the extent to which your internet activity is monitored and the information that is recorded.

2- Bypass government censorship

There are large parts of the world where internet is not a free place. Governments censor the internet and control what their citizens can and cannot access and do on the internet. While most people know about The Great Firewall of China and the way middle-eastern countries block access to social networking and news websites, the problem is there are a lot more countries.

3- Protect your personal data

You use the internet to share a lot of personal data. This includes your private conversations, pictures, bank details, social security numbers, etc. If you are sharing this without hiding it, then it is visible to everyone. Malicious users can intercept this data and make you a victim of identity theft quite easily. While HTTPS might protect you against them, not all websites use it.

4- Hiding P2P activity is important

P2P or torrenting is a huge part of everyone’s internet usage today. You can download all sorts of files from P2P websites. However, many of this content is copyrighted and protected by copyright laws. While downloading copyrighted content for personal usage is legal, sharing it is illegal. The way P2P works you are constantly sharing the files as you download them. If someone notices you downloading copyrighted content, you might be in trouble. There is a lot of vagueness when it comes to copyright laws, so it’s best to hide your torrent activity. Even those in Canada have to use P2P carefully. The country provides some of the fastest connections but is strengthening its stronghold on P2P users.

5- Stream content peacefully without ISP throttling

When you stream or download content, your ISP might throttle your bandwidth to balance the network load. This is only possible because your ISP can see your activity. You are robbed of a quality streaming experience because of this. The solution is to hide your online activity.

Online privacy is fast becoming a myth, and users have to make efforts to have some privacy on the internet. The best way to do this is to use a VPN, for they encrypt your connection and hide your true IP address. But be careful when you choose a VPN. If you don’t know how to choose the best VPN, visit VPNAlert for the detailed solution. Or choose a VPN that does not record activity logs and does not hand over data to the authorities, otherwise all your efforts will be for naught.  

Categorized in Internet Privacy
Page 1 of 3

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.