Last year I implemented a few personal online security features which I am going to go over in this post. I hope it comes in handy for other security-less rebels out there who want to turn over a new leaf.

Password manager over brain

This has been something I had been meaning to do for a long time and if you are only going to implement one thing in this post, make it this. I have been managing my passwords in my head since my first sign up, which was Yahoo! in the 90s. I would usually meet a password prompt and think “how secure does this website feel”, and if I felt like they would require a more secure password then I entered my “secure password”. If that failed then I would try my “less secure password”, and so on. If my memorised list of passwords failed, then I would reset the password back to a recently used password. This is inefficient and also not very secure. Using the same password across multiple sites means that if one of those sites is hacked, that combination could be used to gain access to multiple sites across the internet.

Password Managers remember your passwords so you don’t have to. When you sign up to a password manager it saves all of your logins for you, and once they are saved you can start upgrading your passwords to auto generated secure passwords that are saved in the manager itself. Most managers have browser extensions, so when you visit those sites the manager steps in and auto signs you in, so you don’t have to worry about copy pasting. If you don’t use a password manager your passwords are probably weak and repeated across multiple sites, whereas with each new site you should have a new secure password.

After some research into Password Managers, I went with TrueKey. It was supposed to be the new kid on the block packed with features, made by Intel, and had a free version to trial. Unfortunately, their Mac App, which was supposed to offer facial recognition, did not work for me and their Chrome extension just constantly logged me out. Also, their McAfee based support was terrible. I have since moved to Dashlane, which is a free password manager that has really good reviews and so far it is great.

Secure passwords are a good step but using Two Factor Authentication is also a really good idea. I have this setup on my Google account so when a new device tries to access my account, they also need to enter a 6 digit code from the Google Authenticator app on my phone too, which expires every 30 seconds.

VPN tunnelling for privacy

A VPN server is used for your connection to “tunnel” through before making a connection to anything online. That way your IP address is anonymised and your information is kept private. Also when you visit certain sites that tell you “this content is not available in your country” a VPN can get around this with its ability to choose a location that you want your connection to be rerouted through.

After researching various VPN services and reading multiple reviews, I settled on Private Internet Access. It was well rated and had one of the cheapest prices at $US39.95 for a yearly subscription (about $3.30 per month). After installing their Mac desktop application and entering my login details, the app started up and it connected to the closest VPN server. It was that easy. I also downloaded the iOS app and got the VPN running on my iPhone too but the iOS version is a bit annoying because unlike the Mac tool, you have to remember to turn it on.

I had always been wary of VPN services, thinking that they would just slow my connection down, but when connected to WIFI with a download/upload speed of 36.5mbps/8.8mbps, switching the VPN on gave me a 34.2mbps/8.3mbps, which is hardly a noticeable hit.

Saying no to browser tracking

I am pretty sick of searching sites like Gumtree for a couch, or Amazon for a drink bottle, and then for the next couple of weeks, seeing ads on unrelated websites suggesting me couches and drink bottles that might tickle my fancy. Why would a news site be trying to sell me drink bottles? The answer is your browser’s cookies. The sites you visit and things you do on certain websites are saved into cookies and then ads on other sites can read back those cookies and use them to target their ads to you more accurately.

You can tell your browser to send a “Do Not Track” request with all your browsing traffic to try and stop this happening from your privacy settings, but not all websites listen to this request. You can read more about DNT requests here. It is a good idea to keep an eye on which sites ignore this request but continue to track you anyway, and I have been using a good browser extension for this called Ghostery.

It is also not secure to be visiting sites that are unencrypted these days. You should probably stay away from sites that begin with HTTP instead of HTTPS, but if you must visit such sites, there is a great browser extension called HTTPS Everywhere which encrypts all your communications, even with insecure sites.

A lot of browser tracking comes from Google, which most people use as a basis of doing anything on the internet. I know my parents use Google searching instead of the actual address bar to “surf the web”. Google track your every move on the internet — you and another person could sit right next to each other and do the exact same search at the exact same time and Google will show you both different results based on what they know about you. They also use your search data to tailor ads to you specifically. I have been using a search engine recently called DuckDuckGo, which doesn’t track its users and has been proven to be a surprisingly great alternative to Google.

Securing hardware

Mid last year, Instagram posted a photo of Mark Zuckerburg at his desk holding an Instagram frame to celebrate 500 million active monthly users and the internet exploded regarding his laptop in the background. His MacBook had tape over its webcam and microphone. He is obviously a highly visible, powerful and wealthy figure (worth over $50 billion dollars), and is probably saying and doing things near his laptop on a daily basis that need to stay secret. It just goes to show that someone in the know is wary about the possibility of laptop takeovers. I had been meaning to find an alternative solution for my webcam (rather than an ugly bit of tape) and recently installed a stick-on switchable cover that works really well. It cost me £5 for two here.

Also, due to laziness, I didn’t have my MacBook login password activated for when my laptop is opened or resumes from sleep. Which means that if someone were to get their hands on my laptop they could open it up, start my browser, start visiting websites, auto logging in, and start taking over my life. So after many years of having this feature off for my laptop, I now have it activated and it isn’t actually the hassle I used to think it would be.

So, what are you trying to hide?

A lot of my friends are not very “tech” and when you talk to them about online privacy they generally reply with “I don’t do anything dodgy so I don’t really care about my privacy”. The fact of the matter is that today in the modern world, people are online most of the day. A lot of activities that used to be done in the real world are now being done online, and more real world tasks are replaced by online solutions every day. If everyone has this blasé attitude towards their privacy then that plays right into the hands of governments and organisations (and so inevitably hackers) that will essentially have access to information about anything that we do, and that is a scary thought.

I can see why online privacy may not be a massive factor for non-techs but I bet the overwhelming majority of people still use a terrible password on all sites that don’t force a better one. A massive eye opener was the passwords list that was leaked after LinkedIn was hacked in 2012, shown in an infographic here. Are you wondering how secure that password consisting of your dog’s name is? Check out this site, which tells you how long it would take a hacker’s attack to crack your password and I bet that password that you thought was super secure, was, in fact, an open door.

Secure your online world people, before it is too late.