Throughout all of last year, we’ve seen an appalling but unsurprising uptick in data breaches, internet censorship and surveillance technology — all of it being used to erode our privacy and safety.
There is a need more than ever for privacy technology to counteract this. Technology that not only protects our information, conversations and transactions at a fundamental level but is built by organisations who care about their impact on people and their future.
“The Loki Foundation and its privacy projects are part of this wave of change. We believe in respecting your privacy, safeguarding your data and earning your trust by building educational resources and digital privacy tools free and accessible for anyone across the world to use.
However, it’s not just on us.
This year, I want to encourage you to ‘Own Your Privacy’. I’ve always said – digital privacy ultimately remains the responsibility of the individual. Each one of us has the power through our personal awareness and online choices.
Anyone can start with a few simple steps. Learn – there are endless resources out there that will help you get started. Avoid linking anything to your personal information like your phone number. Look into the ethics and transparency of the organisations you’re investing into. If you’re not happy, investigate alternatives. Finally, stop putting it off and start now – it’s worth your time.
While Loki can give you the tools that will help defend your privacy, it’s still up to you to get educated and to act.”Simon Harman, CEO of Loki & Chairman of The Loki Foundation
Today is Data Privacy Day, and the Loki Foundation is proud to be an official partner and 2020 Data Privacy Day #PrivacyAware Champion.
The 2020 Data Privacy Day theme is #OwnYourPrivacy, perfectly in line with the Loki Foundation’s mission to empower individuals, organisations, and groups with tools and education to get them started towards better privacy.
Start your journey to #OwnYourPrivacy now with our 9 tips for staying more secure, private, and anonymous online.
1. VPNs and onion routing: Online hide and seek
Your IP (Internet Protocol) address can be used to determine your physical location and even your actual identity. By using a VPN (Virtual Private Network) or an onion router, you can keep your identity private while browsing online.
A VPN works by encrypting your browsing data and providing you a new anonymised IP address, so your ISP (Internet Service Provider) doesn’t receive information about you or your browsing habits. VPN software is great, but you’ll need to make sure your VPN provider isn’t selling your data to third party services or advertisers. And not all VPNs are created equal when it comes to security, either— some popular VPNs, like NordVPN, have gotten into hot water for mishandling data.
Onion routers use multiple layers of encryption to conceal your online identity. When you use onion routing, your data ‘hops’ from computer to computer through an interconnected network, finding a path to its final destination. None of the computers in the onion routing network network have access to any information that can identify you. But onion routing is the digital equivalent of taking the scenic route home — it can really slow down your internet speeds.
2. No more cookies
3. HTTPS rules — HTTP drools
Hypertext Transfer Protocol (HTTP) is a digital protocol designed to allow communication between web browsers and servers. HTTP communications aren’t encrypted, so it leaves you vulnerable vulnerable to both man in the middle and eavesdropping attacks. These attacks can give attackers access to web accounts, sensitive information, and even allow an attacker to force your browser to download malicious software.
Hypertext Transfer Protocol Secure (HTTPS) is an extension of HTTP, used for secure communication over a computer network. HTTPS secures you against a variety of attacks, including those mentioned above; however, HTTPS is only effective if the website hosts all its pages over HTTPS.
You can use a browser extension to automatically upgrade HTTP websites to HTTPS, to help make sure you’re always secure.
4. De-Google your life
It doesn’t matter if you’re using the Google search engine, Gmail for email, or even just an Android phone; every time you use Google services, Google stores your data — as much data as it possibly can. Google offers a lot of convenience, and giving up the niceties of the Google suite can be a real challenge.
But there are three simple steps you can do to begin de-Googling your life:
- Don’t use Google’s search engine — try alternatives like DuckDuckGo or Startpage
- Avoid using Gmail when possible, try ProtonMail or Tutanota
- Don’t use the Google Play Store, download your apps as APK files from F-Droid (an alternative app store for free, open-source software).
5. Encrypted messaging applications
Lots of us have grown up using SMS (texting) every day, but SMS is actually shockingly insecure. Attackers could contact your mobile service provider and impersonate you, then port the number from your SIM card to a SIM card they control. This is especially dangerous if you’re using SMS-based 2FA to secure important accounts or information.
Luckily, encrypted messaging apps can help you steer clear of the downfalls of SMS. End-to-end encrypted messengers let you send messages, attachments, and more without exposing your conversations.
Using an encrypted messenger isn’t always enough to keep your identity safe, though. Even if messages are encrypted, requiring identifying information to create an account can potentially leave you vulnerable. A good encrypted messaging app won’t need a phone number or email address to register an account.
The best encrypted messengers also won’t have central servers. Apps with no central server give you the peace of mind that the company behind the app can’t spy on who you’re messaging, or when.
Unfortunately, there are often compromises on some or all of these points when picking a new messenger.
Check out: Signal (encrypted, phone number required, central server), Session (encrypted, no phone numbers, no central server), Wire (encrypted, no phone numbers, central server), Threema (encrypted, no phone numbers, central server)
6. Delete your files — for real
Did you know that when you delete files from your computer, they’re not really gone? Have you ever deleted files from an SD card only to be told the card is still full? The usual Delete functions on computers and phones often leave parts or traces of the file behind.
File shredder software was developed to delete files from a computer — permanently. Typically, deleting a file only hides it from the operating system — meaning that with a little bit of knowhow, the file can be recovered.
A file isn’t truly gone until that same storage space has been overwritten with something else, and then deleted. This is where file shredder programs come into play. File shredders overwrite deleted files with random sets of data, making the original deleted file(s) completely unrecoverable.
7. Password variety
Using difficult (and unique) passwords for each of your online accounts is a great way to keep your accounts secure. This way, even if one of your accounts is compromised, the attacker can’t use the same login credentials (email and password) to get into your other accounts.
Curious to know whether any of your accounts have been compromised? Try haveibeenpwned.
Password manager browser extensions do a great job at producing randomised passwords to use when creating a new account, allowing for easy storage and access to your difficult to crack passwords.
8. Two-factor authentication
Two-factor authentication (2FA) requires a user to provide extra evidence they’re who they claim to be when trying to log in. This extra evidence usually comes in the form of a one-time secondary password to enter in addition to the usual account password.
The most common form of 2FA requires you to enter a one time-password that is either generated by an app, or sent to an email or phone number associated with the account; however, hardware-based 2FA is also possible.
9. Passcodes and biometrics: Lock it up
The simplest tip in this list: Make sure your phone or computer cannot be accessed without entering a passcode or passing a biometric scan. Much like 2FA, a passcode or biometric scan adds an additional layer of protection against attackers.
Not all smartphones feature biometric scanning capabilities, but all smartphones let you enable a passcode lock for your home screen.
Most smartphones also come with an optional setting to wipe all data on the phone after a certain amount of incorrect login attempts. This keeps your phone safe from brute-force attacks, where an attacker tries every possible passcode combination to break into the phone. This kind of security measure is important for making sure your personal data doesn’t fall into the wrong hands.
Staying private online isn’t always easy.
You can’t flip a switch and instantly have complete privacy. If it was that simple, everyone would do it. Online privacy and security does take some work, but it’s easy to take the first steps towards protecting yourself online.
Each of the things on this list will bring you one step closer to real privacy and security online. Don’t overwhelm yourself — take it one step at a time. Switch to a more private messenger, put a passcode on your phone, or make the move away from Google services — they’re all important steps towards staying safe online.
Take back your online privacy this Data Privacy Day — it’s time to #OwnYourPrivacy.