Here are some top tips and tools to protect your privacy and guard against identity theft, financial fraud and your personal pics and messages getting into the wrong hands.
Before we start, a word of caution. If you’re a journalist or activist, or if you believe you might be personally targeted for electronic surveillance, you need a comprehensive digital security plan. Please consult a digital security expert and do not rely on any one app to protect your information.
- Update your apps, computer and phone
When you receive a notification to update the software on any of your devices, you should almost always do it straight away. Nearly all updates include things called security patches: they close holes in the software that make it easy for someone to hack into your software – and once they do they can often get access to everything on your phone or computer. Software can be very complex and security holes are discovered all the time, so keep an eye on those updates.
The best thing to do is to turn on automatic updates for your apps and operating system. Your can do this in the settings of your app store, phone and computer.
- Use strong and different passwords (and remember them!)
You’ve heard this a million times but can you remember 30 different complicated passwords? Of course not, nobody can. You still need to do it however, as large data breaches happen all the time. If your password is stolen and you use the same one for other services, those other accounts will also be at risk.
So here are a few tips for picking passwords and making sure you don’t forget them:
A simple rule for passwords is that the more complex they are, the harder they are to crack: so mix lower case and upper case characters and include numbers and/or symbols like “!” and “&”.
You can also use a passphrase – so your password could be “pigeons go 2 school every day!!” or whatever else makes sense to you as long as it’s not something too common like “keep calm and carry on”.
A simple rule for passwords is that the more complex they are, the harder they are to crack: so mix lower case and upper case characters and include numbers and/or symbols like “!” and “&”.
Use a password manager: these are programs that generate strong passwords for different websites and store them. Some of them sync across computers and phones so you have them everywhere. This way you don’t have to remember all these complicated passwords.
Choose a very strong password for your primary email and remember it. Your primary email is particularly important as it’s normally used to recover your other accounts if you forget your passwords. It also means it can be used to change the passwords on your other accounts.
Also check haveibeenpwned.com, which can show you if your information was stolen in many of the large data breaches.
- Set up two-factor authentication
Two-factor authentication is an extra step you need to log-in to your account. In most cases, it’s very simple and you only need to do it when you use a new device or once every few weeks. A very common form is a text message with a six-digit code you receive by SMS on your phone after entering your password.
Some websites don’t have https at all; it’s 2016 and one has to wonder why. If one of your favourite sites is one of those, you can write to them and ask what they’re waiting for.
This makes it much harder to access your accounts as, even if someone managed to steal your password, they would also need to have your phone to be able to log in to your account.
Many popular services have two-factor authentication, including Gmail, Outlook, Facebook and Twitter.
- Use HTTPS
The link in the address bar of your browser starts with either “http” or “https”. The first one means that the connection between you and the website is open, i.e. anyone who taps into your internet connection can see everything you’re writing or looking at. This is bad.
Some websites have https as a default, others as an option. You can usually tell that you’re on an https site by a lock icon in the address bar; if there is a lock but it’s crossed it means there is something wrong with the encryption and your connection might not be protected. Some websites still don’t have https at all. If one of your favourite sites is one of those, you can write to them and ask what they’re waiting for.
You can also download HTTPS Everywhere, a browser extension that helps you encrypt your web browsing.
For most people, WhatsApp is a good enough alternative as it has strong end-to-end encryption by default
- Chat on Signal
Signal Private Messenger has been described as the “gold standard” of instant messaging apps and its encryption technology as “best-in-breed”. It’s recommended by Edward Snowden and used by Hillary Clinton’s campaign team. Signal is developed by a non-profit organization and is open source, which means security experts can test it for “backdoors”.
The Signal Protocol, which is the bit of Signal that does the encryption, is so well-regarded that WhatsApp, Facebook Messenger and Google Duo all use it for their end-to-end encryption.
Naturally, people tend to use the platform that most of their friends and family are on. For most people, WhatsApp is a good enough alternative as it has strong end-to-end encryption by default.
- Meet on Jitsi Meet
Jitsti Meet is an easy to use video conferencing service that runs in the browser. It’s end-to-end encrypted as well and you can use it for several person video conferences. It has all the regular features, like screen sharing, chat and a notepad to share notes with everyone in the conference call.