While I’m not sure when it was exactly, ever since I can remember I’ve read and learnt virtually all I can about technology and especially computers. From MS DOS to Windows to Ubuntu to Android to building PC’s and everything in between I’ve most likely tried, broken and fixed it all.
So for me, doing certain tasks on computers feels about as routine as putting on socks. It’s automatic and I do it daily. But I also acknowledge that not everyone is like me. Some people use technology very infrequently or make the even bigger mistake of refusing to learn new skills because they don’t like change.
As such when it comes to protecting their privacy they’re often greatly unprepared. They’ll use products, give out information or otherwise do things that puts them at risk now or in the future without even knowing about it simply because sometimes technology is too technical and complicated.
So today I’m going to try and take you through a brief crash course in Internet privacy and security. You might not learn anything. Maybe you’ll learn a lot. It’ll depend on how tech savvy you already are. But hopefully you’ll learn at least one interesting or useful feature and we can all experience the awesome fun of technology more privately.
The 3 Layers Of Protection
At the heart of remaining more secure and private online is what I like to call the 3 Layers Of Protection. These stem from the very first step in Threat Modelling which is to identify who might want to target you or your information and why. The 3 layers are:
- Protection Against Hackers
- Protection Against Companies
- Protection Against Governments
While in the past it’s mostly been just about protecting yourself against hackers (or scammers, virus’ etc) lately things have been ratcheting up and layers 2 and even 3 are now arguably required. Looking at each layer with more details we get the following.
Layer 1: This layer is mostly about securing your data as it’s being transported over the Internet. It is the bare minimum to do when using the Internet and includes things like ensuring websites use HTTPS, Wi-Fi networks use WPA2 or higher encryption and that you minimise or don’t use unencrypted forms of communication like SMS, email or phone calls. It also includes protecting your computer itself from virus’, malware and other evolving threats.
Layer 2: Moving up from data encryption we have full end-to-end encryption ensuring that only you and the other person can see your sent data. This ensures that even the companies running the service (eg Google or Facebook) cannot see your data.
Layer 3: In the final layer we are concerned with either encrypting or otherwise concealing all the other information made while communicating that’s not your data. Often called meta-data it’s things like your originating location, type of communication (eg. Skype or web browsing) and even what type of OS, screen size, browser etc you’re using.
A Special Note
Many people seem to think that using “Incognito Mode” or “Private Mode” in modern web browsers some how masks your traffic which is completely wrong. To be clear, if you’re at work please assume your company can see and will record everything you type, look at and do on your work computer. Because they most likely can and do.
It doesn’t matter if you’re using Incognito Mode. This will not protect you.
The best way to think about Incognito Mode is like it’s a new browser you just installed that will be uninstalled once you close it. It still sends and receives any data you tell it to just like a normal web browser while you use it. Also your work or anyone else tapped into your connection can see and analyse that data.
The only thing that Incognito Mode does is to delete your browsing history and settings from your local machine once you close it down. That’s it.
While this can be great if you’re wanting to lookup some strange item and don’t want to see ads on it for the next week it’s not going to stop your work from knowing you went to seek.com…. or worse.
Layer 1: The Bare Minimum
To best protect yourself against the biggest set of threats there are a couple of relatively simple steps you can take. Like with most security related things the answer is in having simple procedures and never deviating from them.
Primarily you should ensure your passwords for each site are different and are all at least 15 characters or longer (anything under about 12 characters can be brute forced within days) and aren’t easily guessable. If you need to use a password manager to achieve this then Keeper, Dashlane or LastPass might be best for you. Next ensure you:
- Always update your OS with the latest security updates
- Have as few installed apps / programs as possible
- Use Brave Browser or Chrome with HTTPS Everywhere + Privacy Badger
- Don’t use websites that don’t have “https“
- Enable DNS over TLS if you run Android 9
If you regularly do most or all of these things you shouldn’t be the lowest hanging fruit. Hopefully that’ll mean you’ll avoid the majority of scams, identity thefts, virus’ and ransomware that’s out there. You’ll also stop the vast majority of websites and companies from tracking you, saving your data or building detailed profiles of you. With Brave you’ll also never see most ads again as a bonus.
Layer 2: Company vs You
Next up we have the actual companies themselves. Now while you might actually trust whatever companies product you’re using (eg Gmail, Slack, a hotel website) quite often they get hacked and leak your data all over the place. As such the only real end game solution is for them to not have your data at all to begin with.
This is where end-to-end encryption comes in and while it cannot protect everything – as sometimes the company does need to know your information to provide its services – most communications like chatting don’t need to be recorded by them.
As such in those cases you can use any end-to-end encrypted messenger app to go that extra step. Things like Signal Messenger or Telegram use these protocols and so cannot ever read your messages or have that information stolen from them.
Beyond chatting applications where you have a good number of E2E encrypted options, there’s unfortunately not too much more you can do besides just not using those services. Which of course isn’t always an option.
For example if you’re booking a Hotel you obviously have to give them your name, details of your credit card so they can take payment for the room etc. There’s no way for this data to be E2E encrypted as otherwise the hotel wouldn’t be able to see it and thus wouldn’t be able to take your booking. As such, your only course of action is to simply chose your hotel providers carefully and potentially request they remove your data once your stay is over.
It’s also a good idea to wipe clean as many old or unused social media, email or any other accounts you have out there. This way when those companies do eventually get hacked or start to sell their databases to advertising companies yours is no longer a part of it.
Layer 3: Sticking It To The Man
Finally we have hiding virtually all your information while browsing online. This involves hiding not just the data you’re sending (eg. you username, password or chats) but also who you’re sending it to (eg. www.website.com) and where you’re based.
While most people don’t strictly need to worry about this there are numerous reasons as to why you might. Maybe you’re a political journalist in a repressive country. Maybe you don’t want the Australian government recording all your browsing history and storing it for two years or more. Yes, they currently do this by law as your ISP (eg Telstra, Optus etc) are required to store the following info on you:
- Your name, address, and billing information
- Your phone number or email, and the phone number or email of the person you’re communicating with
- The time, date and duration of a communication
- Your IP address
- The location of the communication equipment you use; for example, the closest cell tower
- The type of communication; phone call, text, or email
- Bandwidth usage such as the amount of data uploaded and downloaded
That’s a lot of very private information that they’re storing on you for years and years. Some truly absurd agencies have access to it too such as Bankstown City Council, Greyhound Racing Victoria, the Western Australian Department of Fisheries, and the RSPCA. It’s also a huge potential hacking target and probably has already been hacked numerous times if history is anything to go by.
Whatever the case is for wanting to hide ones metadata, fully hiding everything isn’t too hard to do. The quickest, easiest way to hide all your browsing information from your ISP (and thus government requests) is to just purchase and use a VPN. I won’t suggest any here as they are always changing but if you do use one make sure it’s a paid service as the “free” ones simply sell all your data to advertises anyway.
Another way is to use the fantastic TOR Browser. You can learn about how TOR and HTTS mask your data and from who in this great interactive diagram here. But basically TOR takes your request to view a website, encrypts it 3 times then sends it through 3 other random nodes in the network. At the third node the request is unencrypted and sent to the website.
This way the website has no idea where you’re from and your ISP has no idea what site you visited, who you communicated with or even what type of communication was happening (email, chat, data download etc).
Down The Rabbit Hole
As stated at the beginning this a very brief crash course in privacy. The rabbit hole goes incredibly deep and I’d highly recommend reading up on it as it’s not as complex or hard as you might think and is fantastic to have in the back of your mind day to day.
One of the best sites out there for Internet privacy and security is Electronic Frontier Foundations Surveillance Self-Defence website. They are an independent non-profit working to protect online privacy.
They provide extensive tools, guides and support to everyone from regular internet surfers all the way up to people trying to hide from repressive government regimes.
If you take anything away from this crash course though please just focus on 4 things:
- Ensure your computer/phones OS is up to date with minimal apps
- Ensure your passwords are unique on every site and strong
- Use Brave Browser on your PC’s and Android or iPhone
- Communicate as much as possible over E2E chat apps like Signal
These 4 steps will dramatically increase your privacy and security allowing you to use all this amazing technology we have in a safe way that won’t expose your information to hundreds of 3rd parties and allow other hackers to steal your identity or otherwise make your life a PITA.
If you have any other good security or privacy tips let us know in the comments below!
The benefits include: 1) How to get those silky smooth videos that everyone loves to watch, even if you're new 2) How to fly your drone, from taking off to the most advanced flight modes 3) Clear outlines of how to fly with step-by-step instructional demonstrations and more 4) Why flying indoors often results in new pilots crashing their drone 5) What other great 3rd party apps are out there to get the most out of your drone 6) A huge mistake many pilots make when storing their drone in the car and how to avoid it 7) How to do all of these things whilst flying safely and within your countries laws.