Online Self Defense - Yellow Belt
Safer Web Browsing
How are you tracked?
There are many ways to track what you are doing on the internet. Most websites use small files called cookies. These store information about you, where you have been and what you have done. These files are not malicious, they are needed because of the way websites work. If you log into a website it needs a way to remember that when you go to another page on the site. The answer is to use these cookies. The problem is that they can be used to learn lot about your online behaviour. This is even worse when sites use what are called third-party cookies. This is where third party advertisers pay sites to tell them what users are doing.For example, if you log into social media site, it sets a cookie with your account information in it. This is fine because it means you don't need to log in every time you click a link. However, that cookie stays around even when you navigate away from then go to an online retailer. If you search for a pair of shoes, the retailer can read the cookie from the social media site and send that site information about the shoes you're looking for. The next time you go onto the social media site, there will be lots of shoe ads waiting for you.
What can you do about it?
There are many privacy enhancing browser plugins that you can install. We talk about those a little later.
We spoke about Malware a lot in the White Belt level. We covered some solutions such as anti-virus programs. This time we'll look at actions that we can take while online to reduce our vulnerability.
Unencrypted Web Connections
These days we often use public wifi. Whether this is at your public library, your favorite coffee shop, or even a fast food resteraunt it is still risky because people may be snooping on your web traffic. This is possible because many web sites do not force a encrypted connection. Ensuring that your connection is encrypted has two benefits. First, it prevents snooping and possibly stealing information (or even worse passwords and logins). Second it allows you to verify that the website that you are connected to is the web site you meant to go to. If the URL in your web browser starts with http://, then you do not have an ecrytped connection. It should start with https:// for it to be encrypted. You can also click on the little lock symbol next to the https to find out information about the encryption used and the identity of the website.
Browsing More Safely
The following actions will make your web browsing much safer and help you to avoid the threats mentioned above.
Always know which website you're on. If you want to download something, always go to the official website of the company that makes the program. For example, if I want to download the free and open source Office Suite called Libre Office, I would go to https://libreoffice.org rather than clicking on any of the other sites claiming to let you download it. They may well have a download link, but that will often download other programs that are at best spam and at worst malware onto your computer.
So how do you know what the official site is?
If you use the search engine Duckduckgo and search for Facebook, they make it easy. This is what you will see:
Although this doesn't work for every site, it is great for those it does work for. Both Duckduckgo and Google will also tag ads now. It is always a good idea to avoid ads when considering privacy and safety online.
Here you can see Ads that take you to sites that aren't affiliated with the post office. After passing these you get to the official post office site. If you didn't pay attention to the ads you may end up on a scammy site that asks you for a lot of personal information so you can "apply for post office jobs".
If you download anything, scan it with your anti-virus program. Many programs have this as an automatic option that can be enabled. This isn't foolproof and won't save you if you insist on downloading items from shady websites, but it helps.
Avoid Questionable Websites
There are lots of scammy websites that are full of traps for internet users. The easiest way to avoid problems is to not be there at all. Make sure if you are buying something online that it is a reputable dealer. If you are downloading anything be EXTREMELY cautious.
Safer Settings for Your Web Browser
Whatever web browser you choose to use, the developers are interested in making it as secure as possible. However, the most secure options aren't necessarily the default options. I will show these settings using Google Chrome, but all major browsers support similiar features. All of these settings are in Chrome's settings menu.
Turn off Third Party Cookies
We talked about third party cookies earlier. Most browsers have an option to not accept these cookies. These help to prevent unwanted tracking across websites.
Set Browser Plugins to "Click to Play"
Plugins are mini programs that allow web browsers to do extra things like reading PDF's or displaying Flash content. They are potential a security problem, and you should only let trusted content run plugins. To ensure this, set your plugins so that you choose when they play.
Disable Unused Extensions
Removing unused extensions helps to remove ways that your computer can be exploited. Even the best software has security bugs. By removing unused extensions, you are preventing these bugs from making you more vulnerable for no reason.
Do not have your browser remember passwords
Web browsers are exposed to all of the nasty things that the internet can throw at them. Modern web browsers operate in a "Sandbox" seperating them from the rest of the operating system for better security. With everything out on the internet, it is not a good idea to ask the same browser to remember your passwords. There are much better options as discussed in the last section. This has the added problem of making all of your accounts available to anyone using your computer. It is also possible to view these passwords in cleartext in the settings menu unless you have set up a master password.
These are called different things in different browsers. Chrome calls them extensions, Firefox calls them add-ons, etc. Regardless of what they are called, they add functionality to your web browser. As was already covered, you should uninstall any unused extensions, but that doesn't mean that extensions are bad. They can protect your privacy, limit your exposure to malware, and even lower the amount of bandwidth you use (http://www.techweekeurope.co.uk/e-marketing/adblock-plus-adblocking-netw...). Here are a few that help.
Https Everywhere is an extension created by the Electronic Frontier Foundation. It forces a site to use an encrypted connection if one is available. This does not gaurantee a encrypted connection, because some sites do not offer the option. However, it does ensure that if such a connection is available, you will use it. You can get it here for Firefox, Chrome, and Opera.
Also put out by the EFF, Privacy Badger goes a long way towards defeating tracking online. You can see exactly what third-party websites are trying to load things when you visit a new website and you have total control over how much you share. Download it here for Chrome or Firefox.