Online Security

USEFUL TIPS FOR USING THE INTERNET MORE SECURELY

Web surveillance has become a huge and advanced industry. From governments and intelligence services, through companies and advertisers, to criminals and hackers, more people than your think are interested in the data you exchange over the internet. Below are some tips to help you protect yourself as much as possible.

1. Whenever possible, use a secure connection to connect to websites (i.e. web addresses (URLs) that start with HTTPS rather than HTTP).

Why? Using an encrypted connection is a good way to protect your the data you are sending to and receiving from a server from being spied on by others, especially if you are not using a virtual private network (VPN) or are connecting to the internet using unsecure wi-fi (which is not a great idea!). You may have noticed that all financial transactions, such as buying a train ticket online or accessing you bank account online, are always done over a secure connection, which you will recognize from the S at the end of HTTP or a lock sign at the beginning of the web address bar.

2. Always double-check the web address you are using to connect to a website is the correct (official) one.

Why? Just in case you had been directed to a fake page through a dodgy link, especially in emails. For example, you may enter your username and password thinking you are doing so as usual on your real email provider’s website. But for all you know (or don’t) someone had set up a fake page that looks like your email log in page and now knows your name, password and other details. This is called ‘phishing’.

3. Configure your web browser (Internet Explorer, Firefox, Chrome, Safari, etc.) to not save any passwords, forms or browsing history, or at least configure it to clear such data upon closing the browser.

Why? Almost every click you make when you connect to the internet is recorded by someone somewhere, and connecting to a website gives away important information about your location, your computer and operating system, your browsing habits and so on. This is often done through small text files, called ‘cookies’, that your browser sends to the website you are connecting to, but there are other ways of tracking too.

How? In your browser’s Preferences (or Tools or Options, depending on your browser and your operating system), you will find various settings under Privacy and/or Security that deal with Cookies, Tracking, History, Saving Passwords, saving data you enter in Forms (user names, email addresses, etc.) and so on. Disable them all or select ‘clear on exit’.

There are also some privacy-enhancing extensions that you can install to make your browser more secure, such ‘adblock plus’ (for Firefox and Chrome), ‘share me not’ and ‘google sharing’ (for Firefox), ‘click & clean’ (for Chrome) and so on.

4. Use anonymous browsing.

Why? Even with the privacy precautions mentioned above, it is still possible for governments, internet service providers and websites to know where and who you are from your IP address (which is basically like your computer’s phone number). This is often one of the main bases for tracking and blocking users from certain sites.

How? To get round this, you can use ‘anonymous browsing’ or dynamic IP addresses. The most common software used for this purpose is Tor, which is basically an ‘onion routing’ project that directs your connection to a website through a web of other computers that use Tor across the world so as to conceal the original computer’s identity and location. Tor has become much easier to install and use with various web browsers on various operating systems.

Other projects use ‘proxy servers’ or ‘virtual private networks’ (VPNs) to securely route your traffic through their servers in order to anonymous your location and prevent others from spying on your internet traffic. Examples of the latter include Riseup’s VPN.

In addition, most popular browsers now have options for ‘private browsing’, which means they would not store your browsing information for that session. In Firefox, this is called ‘private browsing’; in Chrome, it’s called ‘incognito’. You can access it by going to the main or ‘File’ menu and selecting ‘New private window’ in Firefox and ‘New incognito window’ in Chrome.

5. Don’t use a mail client.

Why? Because email clients save all your emails on your computer, so if it is seized or stolen one day, your emails can be easily accessed. It’s better to use webmail instead.

6. Use encrypted email when sending important, sensitive information to people you are working with.

Why? Because everything you send by email can be potentially read by your email provider, your internet service provider and anyone else utilizing eavesdropping software – which has become quite common and advanced in recent years.

How? To send and receive encrypted emails, you often need to use a mail client (like Thunderbird, Microsoft Outlook, etc.) and an encryption software, then exchange your (public) encryption key with your trusted friends. There is a good tutorial on using Thunderbird and GPG4Win here (https://help.riseup.net/en/howto-gpg-keys#windows). The same logic more or less applies to other email clients and encryption software on other operating systems.

IMPORTANT: Using encrypted email would still reveal who is contacting who, how often and when, so important information about the group or network can still be gathered by intelligence services and other curious people. This is known as ‘transactional information’ or ‘social network mapping’.

IMPORTANT: Note also the emails’ subject lines are usually not encrypted, unlike the body of encrypted emails, so don’t use obvious or revealing subject lines!

7. If you can’t or can’t be bothered to use encrypted email, or if you don’t want others to know who is contacting who within your group, then simply don’t send anything real important over the internet. If you can’t meet face to face, use a ‘dead letter box’ instead.

How? A dead letter box is simply a Drafts folder in an anonymous email account that members of the group have access to. Members would write draft emails but not send them to anyone; they would just save them as drafts, where others could log in (using a common, secure password) and read them, then delete the text when done. The main idea is that there is no internet traffic involved, except when connecting to the email provider’s website. In other words, nothing is sent or received over the internet.

Real-life dead letter boxes, or dead drops, were a common method used in the old days by spies and dissidents to exchange letters and other things using a secret location, where one person would leave something and another would pick it up later, thus not requiring the two to meet directly.

8. Keep things separate.

If you are using a fake name and a fake email or Facebook account for your activism, don’t ever use it for personal things, like contacting your normal friends and family. Not even once!

Why? Because that’s how you get caught!