Introduction
The Internet age has given new meaning to the old saying, "Just because you're paranoid, it doesn't mean they aren't out to get you."
Corporations large and small are eagerly sucking up data regarding browsing habits and purchasing preferences, the Internal Revenue Service is paying special attention to political groups, the Justice Department is logging journalists' phone calls and the National Security Agency is, according to some reports, reading citizens' emails.
Credit: CREATISTA/Shutterstock.com
However, if privacy and security are more important to you than convenience, here are a few tips from the pros about how to keep the snoopers at bay.
Best of all, none of these solutions requires you to wear a tinfoil hat.
1. Turn off Java and Flash in your Web browsers
Credit: Audrey M Vasey/Shutterstock.com
Java and Adobe Flash Player plug-ins are common points of vulnerability for many browsers. The two software platforms are useful and power a lot of interactive content on the Internet, but Justin Cappos, a professor of computer science at the Polytechnic Institute of New York University, says each platform is just too much of a risk.
"Those are the main [plug-ins] to be concerned about," Cappos said, because hackers often build Java- or Flash-based exploits.
2. Cover your computer's webcam and microphone
Webcams can capture footage and stream it online.
Cappos noted that it's very easy to take control of a computer or its webcam. He uses the simple, low-tech expedient of a piece of black tape to cover the camera lens on his laptop.
It's harder to do that with a microphone, Cappos said, though something to muffle sound wouldn't be a bad idea.
(Cappos said the problem is that on Apple laptops, the case for the laptop is such that it is hard to install a switch.)
Doing so will stop webcam Peeping Toms, blackmailers and other sleazeballs.
3. Watch what websites do behind the scenes when you visit them
Credit: Slavoljub Pantelic/Shutterstock.com
Many websites silently send and receive a lot of information about you to and from other websites that you'd never directly visit.
Fortunately, there are a number of software tools, such as the free browser add-on Collusion, that visualize this hidden two-way flow of information.
"I used to use Dictionary.com a lot," Cappos said. "But then I saw it making requests to something like 30 websites for information."
4. Kill your Facebook account
Facebook unfriending is easiest to do through the mobile app.
Almost any piece of information you post on a social-networking site could later be used hurt you.
Cappos avoids all social networks except for the professional-networking site LinkedIn, and even there, he doesn't post much information that an identity thief might use.
If you have to have a social network account, use two-factor authentication, said David Kennedy, CEO of TrustedSec in Strongsville, Ohio, and founder of the annual Louisville, Kentucky, security conference DerbyCon.
A password by itself, Kennedy said, is just not secure enough anymore.
5. Cover one hand with the other while using automated teller machines
The latest ATM-fraud devices use a tiny, almost invisible camera to record your keystrokes as you enter your PIN. At the same time, there's a "skimmer" in the card slot that reads the card information.
Crooks combine the video feed with the skimmer data to match PINs to cards. Bingo! They've got access to your bank account - unless you covered one hand with the other while entering the PIN so the hidden camera couldn't see it.
6. Get an iPhone
The open nature of the Android platform, and the minimal vetting of apps in the Google Play app store, means it's much easier to end up with an infected Android phone than an infected iPhone. (Six years after its debut, the iOS platform remains malware-free.)
Furthermore, the permissions that Google grants Android apps are greater than what Apple gives iOS apps. Android apps are more likely to read your personal data than iOS apps are, because Apple won't let its app developers access the guts of iOS.
7. Run Internet services in a virtual machine
Credit: Arjuna Kodisinghe/Shutterstock.com
Using a virtual machine to run Web browsers and email clients is sound practice. To an extent, it will protect your real machine from Internet-based malware, and will mitigate the damage if attacks do get through.
8. Run all Internet connections through Tor
Credit: EM Arts/Shutterstock.com
The Tor network is a sophisticated proxy system that bounces your network traffic from one hidden server to another. You Internet traffic, or at the least the traffic that passes through Tor, will be untraceable.
Websites and email recipients won't be able to see your true network location or network activity, which can be pretty important features for residents of some countries.
9. When traveling abroad, leave the cell phone at home
Credit: gosphotodesign/Shutterstock.com
Western travellers have had cell phones confiscated by local authorities in repressive countries such as in Burma or China. More commonly, travellers to China have found spyware installed on their laptops and smartphones.
Nathan Sportsman, CEO of Praetorian, an information-security provider in Austin, Texas, recommends that you simply leave your own phone behind when travelling overseas. The laws in many countries are very different, and being a foreigner doesn't protect you.
If you must have a cell phone while abroad, Sportsman said, use a locally purchased pay-as-you-go phone.
10. Isolate sensitive information
It might be best to use an "isolated" computer, Sportsman said, when doing anything financially or personally sensitive, such as online banking.
In other words, that computer shouldn't be used for anything other than online banking. That means no Web surfing, emailing or social networking.
Such practices minimize the isolated machine's exposure to malware, such as banking Trojans, which are designed to break into online bank accounts and often install with a single click on a corrupted website.
If you don’t have a computer you can set aside for a single purpose, then isolate your Web browsers instead. Chris Weber, co-founder of Casaba Security in Redmond, Washington, recommends using separate browsers for different purposes.
For example, one browser can be for banking, another for social media (a prime target for identity thieves) and a third for general Web surfing.
Isolating browsers may be inconvenient, but it limits the damage any single browser attack (such as from a keylogger) can do.
11. Don't click on unsolicited links
Much of the malware lurking on the Internet infects computers when users click on links emailed by people they don't know.
Don't do it. You don’t know where the link really leads. Does it go to a regular website, or to one rigged to attack your Web browser?
This counts doubly for Twitter, where the common practice of URL shortening only hides a link's true address.
12. Use cash whenever possible
Credit: Dmitry Tereshchenko/Shutterstock.com
Some establishments, such as bars or fast-food restaurants, carry out most of their transactions in cash.
Make this a practice of your own. It's better to use the ATM more often and carry a lot of cash than to use credit cards for meals and casual purchases, Cappos said. Save the plastic for big-ticket items.
Cappos recommends this because promiscuous use of credit cards only creates more opportunity for thieves.
Remember, whenever your credit card is out of your sight - for example, when the smiling waiter takes it to the back room, or when the surly cashier dips it below the checkout counter for a brief moment - it is vulnerable to skimmers and other forms of information theft.
13. Encrypt everything
Credit: Cousin_Avi/Shutterstock.com
Weber said that whole-disk encryption of computers isn't a bad idea. If your laptop is lost or stolen, it's nearly impossible for anyone else to get into your data without your password.
Encryption doesn't have to end with your computer. The latest versions of Apple's iOS automatically encrypt the entire smartphone or tablet if a passcode is enabled. On Android devices, it's an easy option in the Settings menu.
"Have a key-recovery plan for all master keys (e.g. splitting keys up and sharing among trusted family members or friends)" Weber said in an email.
You can also encrypt your communications. Pretty Good Privacy, or PGP, is an open encryption standard for email, with both free and paid applications.
PGP's developers went on to create Silent Circle, a smartphone app for iOS and Android that encrypts all voice and video calls, text messages and, soon, emails.
It's pricey at US$20/month, but there are cheaper alternatives, such as the free Android apps RedPhone and TextSecure.
Related Posts:
1. 7 Easy Ways to Get Your Identity Stolen
2. 10 Most Notorious Hacker Groups Ever
3. Infographic: Are You An Easy Hacker Target?
4. Infographic: 10 of the Spookiest Cyberattacks in 2012
5. Solving the Password Problem
6. The Terrible Truth About Facebook
7. The Terrible Truth About Twitter
8. 5 Social-Media Stories You Shouldn't Believe
1. 7 Easy Ways to Get Your Identity Stolen
2. 10 Most Notorious Hacker Groups Ever
3. Infographic: Are You An Easy Hacker Target?
4. Infographic: 10 of the Spookiest Cyberattacks in 2012
5. Solving the Password Problem
6. The Terrible Truth About Facebook
7. The Terrible Truth About Twitter
8. 5 Social-Media Stories You Shouldn't Believe
No comments:
Post a Comment
Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.