When news broke about Cambridge Analytica, the Internet went into a frenzy: “How could Facebook do this!” “Facebook should be made accountable!” Besides the fact that I think the whole Cambridge Analytica issue was blown out of proportion, I believe bigger issue is the fact that very few people are willing to be responsible for their own privacy: the kind of permissions we give to apps and sites like Facebook, freely allowing applications and websites to access our location information, etc, are just some of the ways we jeopardize our own privacy.
If you use the Internet, no matter what you do, you want to make sure you avoid the following common privacy mistakes:
Mistake #1. Assuming an Antivirus Software Will be Enough
The moment your computer is connected to the Internet, there are many threats it will have to deal with. However, it can be very dangerous to wrongly assume that using an antivirus software will be enough.
Research shows that a whopping 70 percent of current security threats go undetected by antivirus software, and this is due to the evolving nature of malware and viruses: 70 percent of malware only exist once and 82 percent of malware disappear after an hour.
Due to the rapidly evolving nature of malware and online threats, there are a few additional steps you can take to complement your antivirus software:
A: Make sure your antivirus software is regularly updated — according to some sources, four new strains of malware are discovered every second. This makes it almost impossible for antivirus software to catch up with new malware. Ensuring your antivirus software is updated as soon as an update is available will give you an edge.
B: Enable your antivirus software anti-malware and anti-phishing functions — if your antivirus software doesn’t have one, install separate antimalware and anti-phishing software.
C: Install a firewall (or enable your antivirus software firewall function).
D: Ensure all your applications are up to date. Researchers have found that most exploits targeting apps are possible only because the apps are out of date. A particular study [PDF] found that a whopping 48 percent of malware attacks targeting Microsoft Office were designed to exploit a bug that had been fixed four years before the study. E: Beyond just updating your antivirus software, you should also regularly update apps on your device.
F: Uninstall apps and software you are no longer using; if you are no longer using them, you are highly unlikely to pay attention to them and they can become outdated and eventually be exploited to access your computer.
G: Use a secure and encrypted password manager to generate and store your passwords — don’t use the same password for more than one site.
H: Enable encryption on all your devices.
I: Enable two-factor authentication (preferably using Google Authenticator or Authy) for an online account that allows it.
J: Make regular backups of your files.
Mistake #2. Not Disabling Web Activity Trackers
As was reported in an article in The Next Web a few months ago, research has shown that information gathered by web activity trackers can be used to manipulate the price of anything ranging from your Apple Music subscription to your airfares to the price of an automobile you are interested in renting, yet a whopping 90 percent of people still allow themselves to be tracked.
Several basic steps can give you an edge and make it next to impossible for you to be tracked:
A: Disable third-party cookie tracking in your browser.
B: Disable location tracking in your browser and in all your devices.
C: Install an app like Ghostery to prevent all forms of tracking — this includes social media trackers, analytics trackers, advertising trackers, and other trackers.
Mistake #3. Not Using a VPN
Several years ago, Call of Duty was put out of action thanks to a DDOS attack. It didn’t take long to locate the attacker: a 17-year-old teenager from Manchester. When law enforcement came knocking at the door, it was just 6 am and the boy was still in bed. How was he caught? He failed to use a VPN and his IP address was traced to his house in Greater Manchester.
This isn’t an isolated incident. There have been countless stories of hackers or criminals who got caught due to not using a VPN, or due to forgetting to turn on their VPN. However, many people tend to wrongly have the notion that they do not need a VPN if “they have nothing to hide.”
Whether you want to bypass government censorship, prevent people from eavesdropping on your data when using the Internet (particularly when on a public WiFi), torrent, access Netflix, or simply prevent Google and other Internet companies from tracking you, not using a VPN is a big privacy mistake.
There is absolutely no excuse for not using a VPN: there are VPNs for Mac, Windows, Android, iOS, router, or pretty much any setup you can imagine. However, you don’t want to use a VPN without considering the essential factors in my previous article. Namely:
A: Consider the jurisdiction of the VPN service provider
B: Pay careful attention to the access and permissions required by the VPN application
C: Ensure the VPN service is not a one-man operation
D: Pay careful attention to the cost of the VPN service (in other words, avoid free VPNs)
E: Ensure your VPN doesn’t leak DNS info — or there is no point using a VPN in the first place.
Mistake #4. Ensure Your Online Communications are Encrypted
About 2.7 million emails are sent every second, WhatsApp has over 1.2 billion users; whether it is email or IM through platforms like WhatsApp, online communication is such a big deal that we can’t do without it, but at what cost?
Know this: when you use free email services like Gmail and Hotmail, your emails are not fully secured. Knowing that Facebook (that willingly gave user data to Chinese companies — including one deemed a national security threat by the US government) owns WhatsApp also doesn’t make WhatsApp seem like a good option for IM.
There are a few things you can do if you want to securely send messages to people online:
A: Encrypt your free email by enabling PGP end-to-end encryption. You don’t have to be technical to do this either. Free browser extensions like FlowCrypt can help you automate the whole process.
B: When trying to ensure that what you say over IM remains private, use secure messaging apps like Signal or Telegram instead of WhatsApp.
Mistake #5. Don’t Ever Enter Personal Data on a Site that Doesn’t Use HTTPS
When sending information over the web, such as when you login to an Internet site or when you fill a form, you should assume that every information you send can be seen by a third-party eavesdropping on your connection — unless the information is encrypted before it is sent from your computer to the site’s server. The only way to ensure that the information you fill online is encrypted is by only filling any kind of information online on a website that uses HTTPS.
To know if a website is using HTTPS is very simple. Anytime you want to fill any kind of information online, pay attention to your browser navigation bar to see if the site starts with “https://” as opposed to “http://” — also watch out for the green padlock next to the site URL. See example screenshot below:
You can also take things to the next level by installing the HTTPS Everywhere browser extension. The extension, offered in collaboration by the Tor Project and the Electronic Frontier Foundation, automatically redirects every website that supports HTTPS to the HTTPS version while rewriting links and images that link to unsecure files that might compromise your security.