In our always-on society we generate a lot of data, with some estimates suggesting 28,875 GB per second. With this massive trove of data we divulge a huge amount of personal information. From our cloud-based photo collection, to what websites we visit, it’s getting easier for malicious attackers to do the digital equivalent of rummaging through our garbage.
Whether it’s Facebook selling your data to advertisers, overreaching government surveillance, or cyber criminals looking to make some fast money — there are a lot of people out there who want your data. Sadly, this invasion of your privacy doesn’t benefit you at all. If you want to build up your defenses and protect yourself online, let us guide you through how to improve your security and safeguard your privacy.
Web browsers act as our window into the great wonderland of the internet. Nearly everything we do online, from a quick Google search to online banking, happens through the browser. This ease of use makes it incredibly convenient for us, but also means our browser knows a lot about what we get up to online. In fact, your browser’s history may be one of the most invasive databases ever created.
There once was a time that your history would only be available locally on your computer. Most modern browsers now allow you to sign in to enable settings to sync to the cloud and between devices. This is especially true of Chrome, where all the information is stored in your Google account. History syncing is turned on by default when signed into Chrome, but you can head into Settings to turn it off.
The Ever-Present Threat of Tracking
Most of us are aware that our online activity is monitored and stored by the browser. What you may not know is just how much information about you is given away to every website you visit. We compared your browser to a leaky tap as it will often give away a large stream of information to any website that wants it. Websites like What Every Browser Knows About You (WEBKAY) can give you a window into this world of background data sharing.
Your location, hardware and software setup, internet connection, and social media accounts are all up for grabs. Some of this data allows for the smooth operation of the internet, while other parts — like your social media accounts — are there to
scrape data for advertisers provide you with personalized content. Your smartphone browser can even access your phone’s gyroscope to decide if your phone is in your hand or on the table.
A Focus on Privacy
Microsoft was one of the first to popularize Private Browsing mode after adding the feature to an Internet Explorer 8 beta. The main advantage to the Private Browsing mode is that anything you do is only stored just for that session. As soon as you close the window, all traces of it are removed from your computer. It allows you to quickly and easily browse the web without everything being stored in the history and log into multiple accounts simultaneously. It is widely considered one of the easiest ways to protect yourself when browsing on a shared computer. As it turns out though, Private Browsing isn’t always private.
Google’s entire business is based on selling your information to advertisers. So it shouldn’t be a surprise that their popular Chrome web browser is often seen as a means to that end. Supposing that you want to switch from Chrome, the open source Firefox is an excellent choice. Mozilla even developed an entirely privacy focused version for mobile called Firefox Focus. If that isn’t quite private enough for you, then there are choices that offer even greater anonymity. Remember though that total anonymity on the internet is almost impossible — no matter what the developers claim.
- Firefox — Mozilla’s Firefox rose from the ashes of the once-beloved Netscape Navigator and now ranks as the second most popular web browser. Firefox offers opportunities for customization, while also standing by its commitment to privacy.
- Opera — Opera is based on the same open source Chromium browser as Google Chrome, but makes privacy a priority. Only a single click is needed to erase all browsing data, and security badge details every sites credentials. Opera even offers a free, built-in VPN.
- Tor Browser — Short for The Onion Router, the Tor browser (based on Firefox) connects you to a chain of Tor nodes. Your traffic is encrypted and sent through the chain before ending up at its destination. This is done in an attempt to obscure where it came from. Tor is also your gateway to the Deep Web.
Chrome and Firefox have become the dominant browsers in part because of their ability to customize and improve the default experience with Extensions. The Chrome Web Store and Mozilla Add-Ons collection allow developers to submit extensions that you can easily download and add to your browser. Firefox even lets you take your extensions on-the-go with their smartphone apps.
As Chrome is the world’s most used browser, it has a large collection of security extensions. Firefox also has a healthy range, as the open source movement is naturally disposed towards privacy and security. Extensions like Disconnect, HTTPS Everywhere, Ghostery, and Privacy Badger are even cross-platform. One advantage that extensions have over native applications is that they aren’t usually blocked by workplace management systems. This means you are able to freely install security and privacy focused extensions — letting you browse safely and privately wherever you are.
- HTTPS Everywhere (Chrome, Firefox, Opera) — If HTTPS is in the address bar, then the data sent between you and the website is encrypted. HTTPS Everywhere adds this protection to all websites.
- Privacy Badger (Chrome, Firefox, Opera) — Developed by privacy campaigners the Electronic Frontier Foundation (EFF), Privacy Badger blocks spying ads and invisible trackers.
- Web of Trust — The Web of Trust extension adds a small symbol next to any website that ranks its trustworthiness. They were found to be abusing their position, but have since taken steps to remedy this.
We think of email as a relatively recent innovation, but the seeds were first sown over 50 years ago. As computers became more commonplace throughout the 1980s, email turned into an essential part of our work and personal lives. Some estimates even say that we collectively send 205 billion emails every day. With so much information being sent around the world, it’s no wonder that criminals and governments are only too eager to peer inside our global mailbox.
Recently, concerns over government surveillance have become increasingly commonplace. Encryption is your best line of defence against unwanted eavesdropping. By scrambling your emails, only parties with the encryption key can decrypt your messages. The end-to-end encryption (E2EE) is generally considered the most secure method. Only you and the recipient hold the encryption key, so neither the server or any third party can decrypt your messages. Unfortunately, a mix of technical and commercial reasons mean that most mainstream email providers do not offer E2EE.
Fortunately there are at least a few that do have your privacy in mind, like ProtonMail. Developed by researchers at CERN, the service uses E2EE, and disables IP logging by default. Their servers are based in Switzerland under strict privacy laws, and the software is even open source. At present ProtonMail can only be accessed through their website or mobile apps. Despite its privacy-enhancing advantages, the E2EE prevents you adding ProtonMail to Outlook or other desktop clients. If finding a secure email provider sounds like too much hassle then it may be worth considering just getting rid of email altogether.
- ProtonMail (Android, iOS, Web) — Based in Switzerland and developed by CERN researchers, ProtonMail puts privacy and security front and centre. They cemented this reputation by recently launching a free VPN.
- TutaNota (Android, iOS, Web) — TutaNota offers a similar service to ProtonMail, except their servers are based in Germany. Their platform is open source, and offers E2EE.
- MailFence (Web) — MailFence distinguishes itself from the competition by offering a full suite of productivity tools alongside its secure mail service. They demonstrate their commitment to privacy by donating 15 percent of their income to the EEF and EDRi.
Privacy-Conscious Search Engines
First there was Yahoo, AltaVista, and Ask Jeeves. Then along came Google and they proceeded to dominate the market. Search became synonymous with Google — so much so that their name became a verb. Google now handles upwards of 3.5 billion searches per day. In return for providing you with almost instantaneous answers to your questions, they take your data and sell it to advertisers. If you would rather Google — or Yahoo and Bing — not sell on your search data to the highest bidder, then you should consider moving to a more secure alternative.
- DuckDuckGo — DuckDuckGo strikes the perfect balance between privacy and search quality. Ease of use is clearly important to them, and the developers incorporate a lot of additional features and search tools.
- StartPage — StartPage cared about your privacy before it was cool — they have been operational since 1998. It is a meta-search engine, combining site from multiple sources to bring you a well-rounded set of results.
- SearX — A more recent addition to the privacy-focused market, SearX is another meta-search engine similar to StartPage. The source code is available on GitHub if you fancy hosting your own instance.
Virtual Private Networks
A Virtual Private Network (VPN) creates a connection between your computer and a remote server. When connected, whenever you request information all your ISP can see is a connection to the VPN server. As well as protecting your data from ISPs, you will appear to be located at the IP address of the VPN server. You may have heard the myth that only those with something to hide need a VPN. However, VPNs have a lot of uses — not least allowing you to unblock geo-restricted content – and are one of the most effective ways to protect your privacy and security online.
While free products are viewed with well deserved scepticism, there are a few free VPNs which don’t compromise your privacy. Handing all of your data to a third party can seem risky, so you need to be certain if you can trust your VPN provider. Despite all the benefits, it’s important not to fall into the trap of believing your VPN is entirely private. Our regularly updated guide to the best VPN services should give you somewhere to start.
- ExpressVPN — ExpressVPN gives you access to 1,000 physical servers in 136 geographical locations across 87 countries. For complete anonymity, they maintain no logs, and accept payment in Bitcoin.
- Private Internet Access — Private Internet Access’ VPN can be run on pretty much every device, has servers in 25 countries, and uses AES encryption to secure your data. It allows you to connect up to five devices simultaneously, and stores no traffic logs.
- TunnelBear — Canada’s TunnelBear is the perfect VPN for casual internet users. Using either a standalone app or Chrome extension you can connect to servers in 20 countries. It is a subscription service, but offers a free account with 500 MB per month.
Are you among the 17 percent of people who use “123456” as their password? Passwords like this are terrible — but they are short, easily remembered, and convenient. An increasingly popular way to improve your security, without having to remember complex passwords, is to use a password manager. At their most simplistic, password managers create a more secure version of your browser’s password storage. Most will extend this to a suite of management tools, including generating random and secure passwords. The benefit becomes apparent when you visit your favorite website and the password manager auto-fills your login details.
Aside from storing and generating passwords, most managers have a feature that lets you audit your passwords. You can quickly see which sites have weak, duplicate, or old passwords, and even change them with a single click. Despite the name, you can use your password manager like a secure digital vault. Securely storing important information like credit card numbers and bank account details can be handy.
You could even store Wi-Fi credentials for conveniently logging onto different networks. Sharing your passwords is usually an incredibly insecure experience. Not so with a password manager. Simply enter the recipient’s email address and you can securely share your password without even having to reveal it.
Words like “eggs” and “one basket” may be drifting to the front of your mind. Many password managers will have security features like two factor authentication, and preventing logins from unknown locations — but you have to make sure you use them. It’s true that password managers aren’t perfect — yet they do offer extra protection over your browser’s password storage, and save you leaving sticky notes with your password stuck to your screen.
- LastPass — LastPass is the most popular password manager. Cross-platform support means that you can use it no matter what device you are on. Despite its many benefits, after being acquired by LogMeIn privacy advocates view it with suspicion.
- KeePass — If you’d rather use an open source password manager then KeePass is the one for you. Although it lacks the attractive UI of the competition, it is functionally similar to LastPass.
- Pass — A little different to the others, Pass is a command-line tool for password management and stores your passwords inside a GPG encrypted file. It is open source and runs on Linux, Mac, and Windows.
Windows has always been something of a privacy minefield. The release of Windows 10 brought with it some invasive data collection practices and only made the situation worse. While Microsoft has gone some way to calm these fears, it’s clear that Windows is not the most privacy-conscious OS. Fortunately, you do have options. Out of the major tech companies, Apple is one of the most vigorous in defending your right to privacy. They even famously battled the FBI in court when they requested Apple break iPhone encryption. This commitment to privacy makes macOS a compelling mainstream alternative to Windows. It is worth noting though that while macOS is generally seen as very secure, it isn’t bulletproof.
As we’ve seen before, open-source software is often more privacy friendly as anyone can view the code behind it. The same is true with open source operating systems, the most popular of which is Linux. If you haven’t heard of Linux before, you may have unknowingly seen it in shows like the excellent Mr Robot. Linux’s market share currently sits around 2 percent, however, that accounts for approximately 40 million devices worldwide. Linux isn’t just one operating system but a collection of free distributions (“distros”) that use similar underlying code. If you decide to make the move to Linux then you have a wide range of choice. Distros like Qubes are even specialized toward security. A vibrant and committed community means that Linux also has some outstanding tools to aid your security.
- macOS — The proprietary operating system developed by Apple. As Apple operates a full-package approach to hardware design, it can only be found on their devices — unless you want to try your hand at a Hackintosh.
- Qubes OS — Security-focused Linux distro. Uses an approach called security by compartmentalization. This allows you to keep different parts of your digital life isolated from the others. Edward Snowden approved.
- Tails — The Amnesic Incognito Live System, better known as Tails, is a portable live operating system that you can start on any computer from a DVD, USB stick, or SD card. Tails main objective is to protect your privacy and anonymity, with all data routed through Tor.
With so much information easily accessible on our mobile devices, it’s critical that we take steps to protect them too. iOS is generally considered the most secure mobile OS thanks to Apple’s walled garden approach. Despite its more open nature, Google’s Android OS is also relatively secure. You just have to be willing to keep close watch on which apps you install and what permissions they ask for. Google is reigning in Android’s fragmentation problem, but getting timely security updates can still be an issue on some handsets.
Your choice of OS is part of the mobile security puzzle — the apps you choose to use are the other. Despite the protections Apple and Google put in place, there is still a risk of viruses and malware on your mobile devices. If you are worried about the risk of infections, then you might be well served using an antivirus app on your smartphone.
Google Play has an incredibly diverse collection of apps that suit every need and interest. Among the 2.8 million apps, there are some that abuse their privileged position on your phone. As Apple vets every submission before it reaches the App Store, your chances of downloading rogue apps are more remote. Instead, you should focus on managing your app permissions and disabling tracking. Android’s permissions are not as intuitive, but they are potentially more invasive. Android’s inherent openness does mean that there are more options for protecting your privacy and security.
- Find My Phone (Android, iOS) — Apple and Google offer built-in phone tracking features on their respective mobile platforms. Both services are free and let you track your device’s location and remotely wipe your data.
- DuckDuckGo (Android, iOS) — Although DuckDuckGo has a mobile website, they also provide mobile apps that combine their privacy-focused search engine and web browser.
- Avast Antivirus & Security (Android, iOS) — Avast has long been a recommended choice for free antivirus software on Windows. Their smartphone apps make their antivirus protection mobile, as well as offering a range of features like a call blocker, and applocker.
Cell phones changed our relationship to communication with the introduction of SMS. We began to rely on text-based chats to exchange often confidential information. The introduction of smartphones and messaging apps increased the popularity of text chats. However, sharing private information through an app requires you to trust the developer, and to be confident that no one is listening in. Since we know that the government eavesdrops on our communications, E2EE is the best solution to secure your private messages. The Snowden leaks also exposed the PRISM program which forcibly compelled tech companies to hand your data to the government.
If you want a truly private conversation, then you need to choose a messaging app that not only offers E2EE but also values your privacy. In a fairly surprising turn of events, the Facebook-owned WhatsApp has become one of the leaders in secure, E2EE messaging. The Snowden leaks kickstarted a movement for encrypted apps, including the likes of Signal, Telegram, and Wickr. They all offer very similar features, so your choice of platform will likely come down to which your friends are willing to use.
- WhatsApp (Android, iOS, Web) — WhatsApp is comfortably the most popular cross-platform messaging app globally. Feature-packed and completely free, it is a favorite with international travellers. It sits slightly awkwardly in Facebook’s portfolio due to its lack of advertising and (debatable) focus on user privacy.
- Signal (Android, iOS) — Developed by Open Whisper Systems whose encryption software is baked into WhatsApp. If you like the E2E security of WhatsApp, but don’t trust Facebook then Signal is the way to go.
- Messages (iOS, macOS) — Formerly known as iMessage, Apple’s messaging app allows you to chat to other Messages users for free. Messages are E2EE and can be accessed on iOS and macOS.
Just as with email, none of the mainstream providers offer E2EE to make their service more secure. This is often because it adds an additional step or inconvenience which may limit the mass-appeal of their offering. If you want to fortify the defences on your cloud storage then you should consider using a provider like Tresorit. All data is E2E encrypted, they offer desktop and mobile apps, and integrate with Windows Explorer. Storing your data online will always come with some risk. However, by dropping E2EE into the mix, you add more hurdles in the way for any malicious attacker hoping to access your data.
If you decide that cloud storage isn’t for you, then a home-brewed solution might be more appropriate. You can use Network Attached Storage (NAS) devices to locally backup all your data. As NAS devices typically allow you to connect multiple hard drives, you can backup your data to multiple drives for improved redundancy. Using software like Seafile or Nextcloud it’s possible to create your own self-hosted cloud server for ultimate peace of mind.
- Tresorit — Switzerland’s Tresorit is a cloud storage service that is functionally similar to Dropbox, but with E2EE. Full desktop, web, and mobile support make it easy to access. Individual accounts start at $10.42 for 1TB of storage.
- Nextcloud — Another Dropbox competitor but with a difference – it is entirely free, encrypted, and open source. The software allows you to either setup using their cloud servers, or host your own private server.
- Seafile — Similar to Nextcloud as it allows you to host your own cloud storage, while offering a Dropbox-style service.
Traditionally, when you want to send a message but you don’t want the contents read you would write in code. The recipient would then use a set of rules to securely decode the message. As the cost of high performance computing has decreased in line with Moore’s Law, it has become easier to perform complex mathematical calculations in a relatively short amount of time. This has led to the rise of encryption as a secure method of scrambling data.
Unauthorized access to your data is a growing risk. By encrypting your data before it reaches someone else’s hands, you prevent them from being able to access your confidential information. Depending on your needs, there are tools that will encrypt single files, all the way to entire hard drives. Single file encryption is not a taxing task, but entire hard disk encryption can make it inconvenient to access your data. Before undertaking full disk encryption, make sure you’ve considered the entire risk to reward ratio.
- VeraCrypt — Open source successor to the now-defunct, cross-platform TrueCrypt. Performs real-time encryption with a choice of five algorithms.
- PGP — Pretty Good Privacy (PGP) is one of the most popular and long standing pieces of encryption software. Commonly used to encrypt communications and emails, it can also perform whole disk encryption following the OpenPGP standard.
- AESCrypt — AESCrypt is a free, open source, cross-platform tool for encrypting your files. Choose a file, enter a password, and your file is secured with 256-bit AES encryption.
Defenders of Data
Protecting your data against the constant onslaught of attacks can feel like an uphill battle. However, there are companies and software out there that do genuinely care about your privacy and security. If you value your privacy then going open source where possible is probably the best decision you can make. Escaping the clutches of Microsoft and Apple makes the transition to Linux worthwhile too.
Striking a balance between convenience and security can be tough. For most people convenience outweighs security concerns, and so they choose the mainstream options from Google and the like. However, the effort is worth it to protect yourself from the increasingly common hacks, leaks, and surveillance.
Are you worried about your privacy? Which tools will you try first? Do you think we missed anything? Let us know in the comments below!