February 06, 2020 by Kostas Vrouvas

Privacy for beginners: Changing your basic internet habits

Privacy is a huge concern in our days. Online and offline. In this article you’ll find some useful steps in order to be more a little more cautious.

Even if you are doing nothing wrong, every website you visit or sign up, tracks you and knows things about you.


Enable 2-factor authentication

“Everybody Should 2FA”

2-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors:

  1. something they know
  2. something they have, or
  3. something they are.

For many of the websites out there who support 2FA, you can connect it with use Google Authenticator, or even better Authy to enable two-factor authentication.

If possible, do not use SMS for 2FA. SMS has been shown to be vulnerable to social engineering attacks and has even been removed from US government security recommendations.


Passwords

Generate strong passwords

I won’t stop telling this to people.

Weak passwords are the main reason people get “hacked”.

Use strong long passwords (16+ chars) made up of random letters, numbers and symbols. Bitwarden can generate these. Always use a separate password for each service. This reduces the chance of wider compromises in the event your password is discovered.

Password managers (so you don’t have to remember those long passwords)

A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.

Trusted password managers are Bitwarden (which you can self-host or get the free plan, but the premium plan costs $10, a real bargain) and 1Password. You can expense your password manager. Never write your passwords down outside of your password manager.


Browsing

Choose the right browser

Firefox is arguably the best browser available right now that combines strong privacy protection features, good security, active development, and regular updates. With their latest update, Quantum, there are tremendous improvements in speed. Together with Enhanced Tracking Protection makes it one of the most privacy-driven browsers at the moment.

Another runner up is Brave.

Update: 6/9/2020: Brave announced they ‘mistakenly’ adding affiliate links to crypto URLs. Although it seems they corrected this behavior.

Use a VPN (Virtual Private Network), especially on public WiFi

NordVPN

VPNs are a secure tunnel between your device and the internet. VPNs are used to protect your online traffic from snooping, interference, and censorship. They can also act as a proxy, allowing you to mask or change your location and surf the web anonymously from wherever you want.

Public WiFi networks, are not really safe. Hackers are able to track your browsing habits and can try to steal your login information just by sniffing the network. Using your 4G connection instead is considered much safer, or at least create a password protected hotspot on your phone.

You need to be very careful when choosing a VPN provider, because a lot of VPN providers are doing a lot of shady things, like tracking logs. Some great choices are NordVPN, ProtonVPN or ExpressVPN.

Use DuckDuckGo, instead of Google Search.

DuckDuckGo (DDG) is an Internet search engine that emphasizes protecting searchers’ privacy and avoiding the filter bubble of personalized search results.

DDG’s main selling point is they don’t track you. From their website:

We don’t store your personal info

We don’t follow you around with ads

We don’t track you. Ever.

Google on the other hand tracks you a lot. Considering they own Gmail, YouTube and many other big platforms they can collate a lot of information about you by your browsing habits.

The DuckDuckGo homepage.

Install the DDG extension on Firefox

There is an extension from DDG which:

[It] provides the privacy essentials you need to seamlessly take control of your personal information, no matter where the Internet takes you:

Escape Advertising Tracker Networks — Our Privacy Protection will block all the hidden third-party trackers we can find, exposing the major advertising networks tracking you over time, so that you can track who’s trying to track you.

Increase Encryption Protection — We force sites to use an encrypted connection where available, protecting your data from prying eyes, like ISPs.

Search Privately — You share your most personal information with your search engine, like your financial, medical, and political questions. What you search for is your own business, which is why DuckDuckGo search doesn’t track you. Ever.

Decode Privacy Policies — We’ve partnered with Terms of Service Didn’t Read to include their scores and labels of website terms of service and privacy policies, where available.

Install HTTPS Everywhere

HTTPS Everywhere (from the Electronic Frontier Foundation) is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. If a hacker attempts to intercept your connection to try and send you to a website with an unsecure connection, HTTPS Everywhere will block the attempt.

Always check the HTTPS green padlock

Although don’t blindly trust it.

The green padlock represents that traffic to and from the website is encrypted. Encryption means no one else but that website can read any credit card details and/or any passwords you enter there.

The key point, which is not obvious to average users, is that there is nothing to say that this is not a dummy site specifically set up to gather credit cards and/or passwords.

Many phishing websites designed to steal your login information use the lock to try and gain your trust. Check whether the address is correct or not.


That’s all for now. Stay safe!

© 2020 Kostas Vrouvas, Built with Gatsby