readme.md |
Contents
Intro
What is being collected?
Chances are that on a daily basis you use apps, services or maybe even an Operating System owned by a large company such as Google, Microsoft, Apple. They collect and maintain comprehensive records or everything you do with your device, from the sites you visit, to the physical locations you’ve been. They store the photos and videos you take, and all device information, as well as of course the information that you manually input such as calendar events, emails, personal details etc (ref: Privacy.google.com, 2018, Privacy.microsoft.com, 2018, Apple UK, 2018)).
Social Media
Over 2 billion people regularly use social media. Facebook and Twitter both monitor and record current location, websites visited, browsing and shopping behavior and the interactions you have with other users. They also have a fairly strong idea of your political engagements and income level based on how you use their services.
Web Browsers
Your web browser also allows for data to be recorded about you, without your immediate knowledge. Most browsers store cookies from sites and also record IP addresses, information about your devices, web beacons, HTTP, and Pixel tags.
Internet Service Providers
Your ISP (the company providing you with your internet connection) monitor all your online activity. From the things you search for and the sites, you visit your current location and also shopping habits. They do this through deep packet inspection and work closely with the government.
The Government
The government works with private companies to collect large amounts of data on you. This includes all emails and messages sent and received, GPS location data, video calls, debit/ credit card transactions, legal documents, health documents, travel documents and all media content uploaded.
Why we should care
Data is enormously valuable, it can help us build new tools, find new insights that can help technology and the economy advance. However, there’s a balance, if everything about us is being stored and tracked, we lose our privacy and become vulnerable to exploits. We should have a say in how our personal information is collected, stored and used.
Privacy is a human right. And it’s a right that has been fought for, by the generations before us. In the UK, the Data Protection Act 1998 controls how your personal information is used by organizations, businesses or the government (Legislation.gov.uk, 2018).
Information in the wrong hands is dangerous. You might be okay with companies collecting your data, to improve the services they offer you, or the government collecting your data to keep people safe. But what happens when these organizations suffer a data breach, and your information is sold onto people with less good intentions? This has happened numerous times before, such as the 2015 Yahoo hack, and the Ashley Madison Hack.
You don’t know what will happen in the future. Right now you may not be worried by the risk of your personal information being leaked, but 5 or 10 years down the line it could have a serious impact.
How to maximize your security
Passwords
Ideally, you should use a different, and secure password to access each service you use. To securely manage all of these, a password manager is usually the best option.
Done | Security | Details and Hints |
---|---|---|
[] | Use a strong password | Check how strong your password is at: HowSecureIsMyPassword.net |
[] | Use different passwords for each account you have | In order to manage to have hundreds of different passwords, use a password manager. Have a look at LastPass, DashLane, KeePass or Robo Forms 8. |
[] | Never answer online security questions truly | Instead, create a password inside your password manager to store your fictitious answer. This will stop people guessing your place of birth or mothers maiden name. |
[] | Don’t use a 4-digit pin to access your phone | Don’t use a short pin to access your smartphone or computer. Instead, use a text password. |
[] | If possible, try to avoid bio-metric and hardware-based authentication | Fingerprint sensors, face-detection and voice-recognition are all easily hackable. Where possible replace these with traditional passwords. |
[] | Password protect your BIOS and drives | A BIOS or UEFI password will make a hackers life much harder if they get hold of your PC or hard drive, here is a guide on how to do it. |
2-Factor Authentication
This is a secure method of logging in, where you supply not just your password, but also an additional code usually from a device that only you’d have access to.
Done | Security | Details and Hints |
---|---|---|
[] | Use an authenticator. | Use Google Authenticator where sites offer 2-FA. Alternative authenticators include: Authy, FreeOTP, LastPassAuthenticator and AuthenticatorPlus. SMS codes are ubiquitous, but easy to break so although better than nothing, not ideal. Another option is a hardware-based 2FA, such as Yubico, although with limited compatibility and of course a physical cost. |
Browser and Search
Most modern web browsers allow for add-ons and extensions, these can access anything that you do online, avoid installing anything that may not be legitimate and check permissions first.
Done | Security | Details and Hints |
---|---|---|
[] | Only use trusted browser add-ons and extensions | Both Firefox and Chrome webstore allow you to check what permissions access rights an extension requires before you install it. Check the reviews. Only install extensions you really need. |
[] | Use a private search engine | Take a look at DuckDuckGo or StartPage. Neither store cookies or cache anything. |
[] | Consider a privacy browser | Google openly collects usage data in Chrome. There are several privacy browsers out there which minimize the amount of data collected. Have a look at Brave Browser, Yandex, or Comodo. As a more extreme choice, consider Tor. |
[] | Block scripts from bad origin | Use an extension such as uBlock Origin, to block anything being loaded from an external or unverified origin. |
[] | Block Trackers | Use an extension such as Privacy Badger to disallow adds from secretly tracking where you go, and which sites you visit. |
[] | Force HTTPS only traffic | Use an extension such as HTTPS Everywhere, to force all sites to load securely. |
[] | Disable Flash | Adobe Flash has been around since the dawn of the internet, however, it has been falling in popularity for a while. It brings with it many unpatched vulnerabilities (a few of which you can read about here). See this guide, on how to disable Flash player. |
VPN
A Virtual Private Network (VPN) allows you to securely connect to the internet when you visit a site, your visiting it through the secure VPN connection and not broadcasting your own IP address. A VPN will hide your identity on the websites you visit, to your internet service provider, and to anyone else trying to track you, they can also encrypt your traffic so you can browse more securely on public networks. They’re really easy to set up.
Done | Security | Details and Hints |
---|---|---|
[] | Use a VPN | Ideally use a paid-for VPN, as they’re considerably better quality so won’t affect your speeds, nor show adds. Take a look at VyprVPN, NordVPN, IPVanish and TunnelBear. |
Social Media
Done | Security | Details and Hints |
---|---|---|
[] | Check your privacy settings | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who you are in your friend's list, and you know personally. |
[] | Only put info on social media that you wouldn’t mind being public | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on the security of the social network. |
[] | Don’t give social networking apps permissions they don’t need | By default many of the popular social networking apps, will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access- don’t grant it. |
[] | Remove metadata before uploading media | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph., This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See this guide for more info. |
Your Devices
Done | Security | Details and Hints |
---|---|---|
[] | Turn of connectivity features that aren't being used | When your not using WiFi, Bluetooth, NFC or anything else- turn those features off. These are commonly used to easily hack individuals. |
[] | Uninstall apps that you don’t need | Don’t have apps that your not using on your phone, as they can be collecting data in the background. Don’t install apps from non-legitimate sources, or apps with few reviews. |
[] | Don’t grant apps permissions that they don’t need. | If an app doesn’t need access to your camera- don’t grant it access. Same with any features of your phone, be wary of what each app has access to. |
Phone Number
Done | Security | Details and Hints |
---|---|---|
[] | Avoid using your real phone number | Where possible, avoid giving out your real phone number while creating accounts online. You can create phone numbers using services such as Google Voice or Skype. For temporary usage, you can use a service like iNumbr that generates a phone number that forwards messages and calls to your main number. |
Communication
SMS texting is not secure.
Done | Security | Details and Hints |
---|---|---|
[ ] | Don’t use SMS - Use E2E encrypted messaging apps | iMessage is secure. For non-Apple users Signal is the most secure option. As of late 2016 WhatsApp is also end-to-end-encrypted using the Signal protocol. Signal can also protect your phone calls. |
[ ] | Use a secure email provider | Most email providers completely invade your privacy intercepting both messages sent and received. ProtonMail is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as CounterMail, HushMail and MailFence)- but ProtonMail has both a clear interface and strong security record |
Your Router
Done | Security | Details and Hints |
---|---|---|
[] | Don’t use a default password | Change your router password- here is a guide as to how. |
[] | Ideally hide your SSID | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, see here for more details. |
Operating Systems
Although Windows and OS X are easy and convenient, they both are far from secure. The ideal option would be to install a security-based OS. Where this often isn’t possible, using a VM or dual-booting with a consumer-focused Linux distro is still preferable to primarily using a either of Microsoft’s, Apple’s or Google’s services.
Done | Security | Details and Hints |
---|---|---|
[] | Consider Switching to Linux | Linux is considerably more secure than both OSX and Windows. Some distros are still more secure than others, so it’s worth choosing the right one to get a balance between security and convenience. |
[] | Consider running a custom ROM on your Android device | Your default OS tracks information about your usage, and app data, constantly. Consider a security-focused custom ROM, such as Lineage or CopperheadOS. |
Shopping
Done | Security | Details and Hints |
---|---|---|
[] | Consider using a pre-paid debit card, topped up with cash | There are a lot of options out there, some are free, some are only available in certain locations, some do require identity checks, whereas others don’t- so it’s worth shopping round to find the one that’s right for you. |
[] | Consider paying with a Cryptocurrency | This is the most secure method of payment, although unfortunately not currently widely supported. |
[] | Consider not getting goods delivered to your home address | Use a pickup service, such as Doddle, Amazon Click + Collect, eBay Argos collect etc. |
References
Privacy.google.com. (2018). Google Privacy | Why data protection matters. [online] Available at: https://privacy.google.com/your-data.html [Accessed 17 Mar. 2018].
Privacy.microsoft.com. (2018). Privacy – Microsoft privacy. [online] Available at: https://privacy.microsoft.com/en-GB/ [Accessed 17 Mar. 2018].
Apple (United Kingdom). (2018). Privacy. [online] Available at: https://www.apple.com/uk/privacy/ [Accessed 17 Mar. 2018].
Burn-Murdoch, J. (2018). Data security and privacy: can we have both?. [online] the Guardian. Available at: https://www.theguardian.com/news/datablog/2013/jul/31/data-security-privacy-can-we-have-both [Accessed 18 Mar. 2018].
Ico.org.uk. (2018). Home. [online] Available at: https://ico.org.uk [Accessed 18 Mar. 2018].
Legislation.gov.uk. (2018). Data Protection Act 1998. [online] Available at: http://www.legislation.gov.uk/ukpga/1998/29/contents [Accessed 18 Mar. 2018].