Домой United States USA — software Cybersecurity 101: Protect your privacy from hackers, spies, and the government

Cybersecurity 101: Protect your privacy from hackers, spies, and the government

233
0
ПОДЕЛИТЬСЯ

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
«I have nothing to hide» was once the standard response to surveillance programs utilizing cameras, border checks, and casual questioning by law enforcement. Privacy used to be considered a concept generally respected in many countries with a few changes to rules and regulations here and there often made only in the name of the common good. Things have changed, and not for the better. China’s Great Firewall, the UK’s Snooper’s Charter, the US’ mass surveillance and bulk data collection — compliments of the National Security Agency (NSA) and Edward Snowden’s whistleblowing — Russia’s insidious election meddling, and countless censorship and communication blackout schemes across the Middle East are all contributing to a global surveillance state in which privacy is a luxury of the few and not a right of the many. As surveillance becomes a common factor of our daily lives, privacy is in danger of no longer being considered an intrinsic right. Everything from our web browsing to mobile devices and the Internet of Things (IoT) products installed in our homes have the potential to erode our privacy and personal security, and you cannot depend on vendors or ever-changing surveillance rules to keep them intact. Having «nothing to hide» doesn’t cut it anymore. We must all do whatever we can to safeguard our personal privacy. Taking the steps outlined below can not only give you some sanctuary from spreading surveillance tactics but also help keep you safe from cyberattackers, scam artists, and a new, emerging issue: misinformation. Also: Cybersecurity: One in three attacks are coronavirus-related| Even cybersecurity companies spill data and passwords Data is a vague concept and can encompass such a wide range of information that it is worth briefly breaking down different collections before examining how each area is relevant to your privacy and security. Known as PII, this can include your name, physical home address, email address, telephone numbers, date of birth, marital status, Social Security numbers (US)/National Insurance numbers (UK), and other information relating to your medical status, family members, employment, and education. Why does it matter? All this data, whether lost in different data breaches or stolen piecemeal through phishing campaigns, can provide attackers with enough information to conduct identity theft, take out loans using your name, and potentially compromise online accounts that rely on security questions being answered correctly. In the wrong hands, this information can also prove to be a gold mine for advertisers lacking a moral backbone. Internet activity is monitored by an Internet Service Provider (ISP) and can be hijacked. While there is little consumers can do about attacks at the ISP level, the web pages you visit can also be tracked by cookies, which are small bits of text that are downloaded and stored by your browser. Browser plugins may also track your activity across multiple websites. Why does it matter? Cookies are used to personalize internet experiences and this can include tailored advertising. However, such tracking can go too far, as shown when the unique identifiers added to a cookie are then used across different services and on various marketing platforms. Such practices are often considered intrusive. Also: ‘Carpet-bombing’ DDoS attack takes down South African ISP for an entire day| Hackers breached A1 Telekom, Austria’s largest ISP| Here’s how to enable DoH in each browser, ISPs be damned Our email accounts are often the pathway that can provide a link to all our other valuable accounts, as well as a record of our communication with friends, families, and colleagues. As central hubs to other online services, hackers may try to obtain our passwords through credential stuffing, social engineering, or phishing scams in order to jump to other services. Why does it matter? If an email account acts as a singular hub for other services, a single compromise can snowball into the hijack of many accounts and services. When you conduct a transaction online, this information may include credentials for financial services such as PayPal, or credit card information including card numbers, expiry dates, and security codes. New attacks known as Magecart campaigns are not possible to avoid by the average consumer as they take place on vulnerable e-commerce websites, with code injected into payment portals to skim and steal card data input by customers. Past victims of Magecart groups include Ticketmaster, Boom! Mobile, and British Airways. Why does it matter? Cybercriminals who steal financial services credentials through phishing and fraudulent websites, who eavesdrop on your transactions through Man-in-The-Middle (MiTM) attacks, or who utilize card-skimming malware, can steal these details when they are not secured. Once this information has been obtained, unauthorized transactions can be made, clone cards may be created, or this data may also be sold on to others in the Dark Web. Another entrant to the mix, hospitals are now transitioning to electronic records and home DNA services store genetic information belonging to their users, submitted in the quest for health-related queries or tracing family histories. Why does it matter? The loss of medical information, which is deeply personal, can be upsetting and result in disastrous consequences for everyone involved. When it comes to DNA, however, the choice is ours whether to release this information — outside of law enforcement demands — and it is often the use of ancestry services that release this data in the first place. Privacy concerns relating to DNA searches have been cited for sales downturns with some popular home ancestry kits. Also: On the dangers of DNA data: Genealogy tests, Elizabeth Warren, and the end of privacy| Before taking that DNA test: Six things you need to know Businesses that handle data belonging to their customers are being scrutinized more and more with the arrival of regulatory changes such as the EU’s General Data Protection Regulation, designed to create a level playing field and stipulate adequate security measures to protect consumer privacy and data. Companies will often encrypt your information as part of the process, which is a way to encode information to make it unreadable by unauthorized parties. One way this is achieved is by using SSL and TLS certificates that support encryption on website domains. While usually a paid service, Let’s Encrypt also offers free SSL/TLS certificates to webmasters who wish to improve their websites’ security. Unfortunately, this has also led to the adoption of SSL by fraudsters. (Let’s Encrypt did, however, have to revoke three million certificates in March 2020 due to a bug in backend code.) Apple, Google, and Mozilla have forced TLS certificate lifespans to reduce to 398 days. End-to-end encryption is also becoming more popular. This form of encryption prevents anyone except those communicating from accessing or reading the content of messages, including vendors themselves. Following Snowden’s disclosure of the NSA’s mass surveillance activities, end-to-end encryption has been widely adopted by many online communication services. With a recent shift to working from home practices prompted by COVID-19, this has expanded to include video conferencing tools including Zoom. See also: Zoom backtracks and plans to offer end-to-end encryption to all users| Google is adding end-to-end encryption to its Android Messages app| Facebook and Google refuse 1 in 5 Australian law enforcement data access requests Privacy advocates may cheer, but governments and law enforcement agencies have not rejoiced at the trend — and a political battlefield has emerged between tech vendors and governments that are attempting to enforce the inclusion of deliberate backdoors into encrypted systems. It is up to us to make use of any privacy-enabling technology we have at hand. Below are some guides with simple steps to get you started. Also: Five years on, Snowden inspired tech giants to change| Tech’s invasion of our privacy made us more paranoid CNET Searching the web is a daily activity for many of us, and as such, it is also a hotbed for tracking and potential cyberattacks. The most commonly-used browsers are Google Chrome, Apple Safari, Microsoft Edge, Opera, and Mozilla Firefox. However, you should consider using Tor if you want to truly keep your browsing private. The Tor Project is an open-source browser that is privacy-focused. The software creates tunnels rather than establishing direct connections to websites, which prevents users from being tracked through traffic analysis or IP addresses. Not to be confused with the Dark Web — although required to access it and.onion domains in general — Tor is legal and is often used by the privacy-conscious, including journalists, activists, civil rights groups, and NGOs. The Tor browser can be slower than traditional browsers, but it is still the best choice for secure browsing. The non-profit recently launched a membership program to secure funding and boost integration in third-party products. Desktop and mobile versions of the Tor browser are also available: desktop, the iOS Onion Browser, and Orbot: Tor for Android. Also: Firefox to add Tor Browser anti-fingerprinting| Why you’re using Tor wrong If you are more comfortable using Chrome, Safari, Firefox, Microsoft Edge, or another browser, there are still ways to improve your security without implementing major changes to your surfing habits. Cookies: Clearing out your cookie caches and browser histories can prevent ad networks from collecting too much information about you. The easiest way to do so is to clear the cache (Firefox, Chrome, Opera, Safari, Edge). You can also set your preferences to prevent websites from storing cookies at all. In order to do so, check out these guides for Firefox, Chrome, Opera, Safari, and Edge. HTTP v. HTTPS: When you visit a website address, you will be met with either Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). The latter option uses a layer of encryption to enable secure communication between a browser and a server. The most important thing to remember is while HTTPS is best used by default in general browsing, when it comes to online purchases, it is crucial to protecting your payment details from eavesdropping and theft. It is still possible for payment details to be stolen on the vendor’s side, but to reduce the risk of theft as much as possible you should not hand over any important information to websites without HTTPS enabled. (It is estimated that shopping cart conversion rates increase by 13 percent with HTTPS enabled, which should encourage webmasters to use the protocol, too.) To find out whether HTTPS is enabled, look in the address bar for «https://.» Many browsers also show a closed padlock. Google’s search engine, alongside other major options such as Yahoo! and Bing, make use of algorithms based on your data to provide «personalized» experiences. However, browsing histories and search queries can be used to create crossover user profiles detailing our histories, clicks, interests, and more, and may become invasive over time. (Ever purchased a toaster and then see ads for toasters frequently? There’s a reason for that.) To prevent such data from being logged, consider using an alternative that does not record your search history and blocks advertising trackers. These options include DuckDuckGo, Qwant, Startpage, and the open source Searx engine. If you wish to stay with your current browser you can also use software that bolts-on to your browser to enhance the privacy and security of your surfing activities. HTTPS Everywhere: Available for Firefox, Chrome, and Opera, HTTPS Everywhere is a plugin created by the Tor Project and Electronic Frontier Foundation (EFF) to expand HTTPS encryption to many websites, improving the security of your communication with them. NoScript Security Suite: Endorsed by Edward Snowden as a means to combat government surveillance, this plugin has been built for Firefox and other Mozilla-based browsers for the purposes of disabling active content including JavaScript, which may be used to track your online activity. Users can also choose which domains to trust and whitelist. Disconnect: Another worthy addition to the list, Disconnect provides a visual guide to websites that are tracking your activity. Invisible trackers that monitor you and may also expose you to malicious content can be blocked. Disconnect is available for Chrome, Firefox, Safari, and Opera. Facebook Container: In a time where Facebook has come under fire for its data collection and sharing practices time after time, Mozilla’s Facebook Container application is a worthwhile plugin to download if you are worried about the social media network tracking your visits to other websites. The plugin isolates your Facebook profile and creates a form of browser-based container to prevent third-party advertisers and Facebook tracking outside of the network. While not bulletproof, this add-on is worth considering if you want to separate Facebook from the rest of your browsing activities. Blur: Blur, available for Firefox and Chrome, is an all-around plugin to protect your privacy and security. While the add-on can be used as a password manager and generator, ad blocking, and encryption, the true value is the use of «masked cards» in the premium version of the software. When data breaches occur, financial information is often the target. With this plugin, however, throwaway virtual cards are used with online vendors in replacement for the direct use of your credit card data, keeping it safe should a cyberattack occur. Privacy Badger: Last but certainly not least, the EFF’s Opera, Firefox, and Chrome-supporting plugin Privacy Badger is focused on preventing ad networks from tracking you. The software monitors third parties that attempt to track users through cookies and digital fingerprinting and will automatically block those which use multiple tracking techniques. The plugin also includes color-coded indicators of domain tracking scripts. Also: Top 10 Google Chrome plugins for 2020 There is no denying that public Wi-Fi hotspots are convenient, especially in a time when many of us are working outside of the office. However, you may be placing your privacy and security at risk if you choose to use one while on the move without the right precautions. The problem with them is simple: As you do not need authentication to access them, neither do cyberattackers — and this gives them the opportunity to perform what is known as Man-in-The-Middle (MiTM) attacks in order to eavesdrop on your activities and potentially steal your information, as well as manipulate traffic in a way to send you to malicious websites. Hackers may be able to access the information you are sending through the Wi-Fi hotspot, including but not limited to emails, financial information, and account credentials. Hackers may also set up their own rogue honeypot Wi-Fi points that appear legitimate whilst only being interested in stealing the data of those who connect to it.

Continue reading...