Make no mistake – your data is being snooped on online. You don’t have to be an international spy to worry about online privacy. Breaches to it could be as mundane as internet providers storing metadata and selling it to third parties, or social networks monitoring your habits in order to offer you targeted advertising. The good news is that you won’t have to burn your smartphone and go live in the woods in order to reclaim online privacy.
There are many things you can do to ensure your private information remains private. It all basically comes down to approaching communication with the right mindset. The Internet wasn’t designed to be safe and private. Using it without proper protection is like going out on the street naked. We believe you don’t do that. And here’s how not to go naked online as well.
1. Use strong passwords
That has to be the most obvious tip. It is not just about avoiding absurdly simple ones like “12345”. Tests show that contemporary password crackers easily break passwords such as “Sh1a-labe0uf” – despite the use of capitalized letters, numbers and punctuation. If you use common phrases and just substitute letters, your password is breakable.
Online security expert Bruce Schneier proposes a way to create really unique passwords by turning sentences into passwords. Think of something which only you can relate to – like “my daughter turned seven last week” for example – take the first letters of the words and substitute the ones you can with other characters in a way that makes sense to you only. The above can be the basis for “mDt7!w” which is much harder to crack.
2. Manage those passwords
It doesn’t end there with passwords, though. The one you use could be strong as hell and still leak if the application you use it for isn’t well protected – or if someone on the other side deliberately makes such a leak possible. For this reason, you should never use a single password for various purposes. If you do, getting the password of some site you used years ago – hey, remember MySpace? – would be enough for anyone to break your Gmail, Facebook, and whatnot.
Memorizing various, strong, random-looking passwords is not easy – although not impossible. However, you don’t really need to do that. There are password managers available for this job. The basic concept is that they let you store a password database in one place, which could be accessed with only one key. Make sure the app you are using doesn’t store your passwords in the cloud, though.
3. Use two-factor authentication
If you understand why you shouldn’t have just one password for every service, this should be a no-brainer too. Like explained above, you don’t want all your information to be compromised because of a single crack in security. Two-factor authentication is when you don’t rely just on a password, but on another authentication channel as well.
An example of that is having the service provider send you a text message with a code on your phone, which you will need to fill in online, so they know it’s really you. This way, even if someone knows your password, they will have to get a hold of your phone as well to pretend they are you. Another example would be using a chat client that uses both encryption, and mutual authentication via a shared secret between the two paries.
4. Block online tracking
In quite the Orwellian fashion, when you are looking at a website, it is actually looking back at you from your device. This is something every place you can go online does: from media outlets to online retailers – even completely legit and safe ones. They each employ a number of trackers, often dozens of them, to monitor your behavior online. The idea of this is to gather data so they could cater to your tastes with targeted advertising.
As I have already made the parallel with 1984, I don’t think you need much more convincing that being subjected to this is not harmless. However, there are ways to block it. Most popular browsers – Chrome, Firefox, Opera, etc. allow you this option. This isn’t fully sufficient, but you can reinforce it with a specialized app, as well as an add blocker. And then what you browse becomes your own business again.
5. Use encryption for your communications
None of the above, however, matters unless you use encryption for your communications. This is the 101 of protecting your privacy online. Email, in particular, is using a protocol that is as old as the Internet, which makes it vulnerable to a lot of attacks that weren’t envisioned at the time it was conceived. For one, it passes through a lot of points where it could be intercepted before it reaches its destination. Encryption is the necessary precaution you should take to ensure only your intended recipient can read your message.
You have to encrypt chats for similar reasons. Different messaging clients operate differently – in that some store copies of the messages on a server or in the cloud, where they are at risk, and some don’t. The latter are still subject to man-in-the-middle (MITM) attacks. So, using encryption is strongly advised. The good news is that the way chat works allows for perfect forward secrecy – using different keys for each session. Which, in turn, makes communication unsusceptible to frequency analysis – which is the way encryption is broken when that happens.