Ife Ogunfuwa
Your social security number, credit card information, and medical history can fall into the wrong hands if you are not careful about how and where you share your data online.
If you really care about your data, there are tools and techniques you can utilise to protect yourself from cyberstalkers, advertisers, and hackers in a time when digital lives are a high commodity, according to www.null-byte.wonderhowto.com.
Why privacy and security matters
While you may not have anything to hide, there are still many things in your digital and personal life you should want to protect. Your phone number, your computer, your smartphone, your online accounts, your bank accounts, your email address, your home security system, even your home — these are all items you’d probably want to secure with passwords, biometrics, and other tools made available to you.
In 2018, there were a number of significant data breaches. Collectively, they affected hundreds of millions of people worldwide, and you may have been one of them. Listed below are some of the biggest hacks of 2018, which includes compromised phone companies, e-commerce websites, and social media giants — all of which may have had access to your personal data.
- T-Mobile: Hackers stole personal data belonging to T-Mobile customers in which two million users were affected.
- Cathay Pacific Airways: A data breach containing passport information, credit card numbers, and email addresses affected 9.4 million users.
- Ticketfly: A hacker exploited a vulnerability in the website which led to a leak containing names, home addresses, email addresses, and phone numbers. 27 million users affected.
- Facebook: Attackers gained access to millions of highly sensitive data and about 29 million users were affected.
- Google+: A bug in Google’s software exposed customer data to the internet. Fortunately, there were no reports of hackers discovering this vulnerability but 52.5 million users were affected.
- Quora. A data breach that led to leaks containing names, email addresses, encrypted passwords, and data from user accounts. 100 million users affected.
Website databases aren’t the only way hackers may try to compromise your digital privacy and security. It may not always appear as if your digital identity holds much value, but hackers and criminals may find ways of targeting your friends and family via your online profiles. They could also find other ways of abusing information you have shared online in recent years.
- Cyberstalking: This type of harassment is a real possibility for anyone with an online presence. In more extreme cases, hackers may find themselves in a position to blackmail the victim, upload their information to prostitution websites, or even locate them at their place of work and home. Worse still, children are often targetted by cyberstalkers.
- Doxxing: Another form of internet harassment, where hackers will publicly disclose personally identifiable information belonging to a victim on public websites. Data found in doxes usually include full names, social security numbers, spouse and children personal information, home addresses, phone numbers, email address, passwords, and much more. This information is shared with the intent of other hackers abusing the data and further harassing the victims.
- Identity theft: The recent Equifax hack put millions of people at risk of identity theft. And that’s just one example of a massive data breach. Every single day, hackers target individuals in an effort to steal identities. Becoming the victim of such a hack can cause catastrophic or permanent damage to a person’s life.
- Internet service providers: ISPs have become increasingly aggressive about abusing customer data. It’s not uncommon for ISPs to sell customer data, embed supercookies into web traffic, inject code into websites without consent, as well as use spyware and crypto miners.
- Government agencies: Governments around the world have worked independently and cooperatively to create spying programs designed to harvest and analyse data on a global scale such as ECHELON, XKeyscore, FASCIA, and PRISM. Disclosed by Edward Snowden over five years ago, PRISM is still in full effect. Journalist Glenn Greenwald highlights some of the risks of government spying and combats the “I’ve got nothing to hide” argument in a TedTalk.
‘Private Browser’ mode isn’t protecting you
In a recent study held by DuckDuckGo, the company asked 87 volunteers in the US to make identical Google Search terms while in private browser mode and logged out of their Google accounts. Now, according to Google claims, without the help of browser cookies, all (if not most) of the volunteers should have produced the same search results. However, DuckDuckGo researchers found that:
- Most volunteers received results unique to them.
- Entire websites were omitted from search results for certain volunteers.
- Results within the news, video, answers, shopping, snippets, and knowledge graph info-boxes also varied significantly.
The findings of this research are significant because it shows that Google utilises more than browser cookies to target its users and create filter bubbles. The Google Search algorithm also takes into consideration our IP address, web browser type, operating system, and more. No one should feel protected or anonymous while in private browser mode or when using Google Search.
Getting started with privacy and anonymity
You can easily terminate all of your personal accounts and use the internet as little as possible. That would create a small (if not non-existent) digital fingerprint — but that’s not the intention of this article. Instead, you should be able to enjoy the internet without completely sacrificing your digital freedom or forfeiting your digital identity to profit-driven companies like Google and Facebook.
Simply switching to a Linux distribution is not the solution either. Even open-source and privacy-respecting organisations find themselves on the front page of the news. In times like this, it’s important to proactively protect yourself from hackers, cyberstalkers, advertisers, and data-hungry organisations alike.
When talking about security, adding defensive measures almost always creates an inconvenience for the attacker but also the user.
Best security practices to adopt online
The security recommendations in this category can and should be implemented by everyone. These tips will not inconvenience most of you but will likely thwart basic hackers.
In later Hard and Extreme categories, readers will learn to utilise free and open-source software, as well as anonymity tools and techniques. Those sections are geared toward those of you who don’t mind being inconvenienced to dramatically improve your privacy, security, and anonymity.
Use two-factor authentication
Two-factor authentication adds an additional layer of security to online accounts. It allows you to generate a one-time-use security code for account logins. The security codes are generated locally on your phone, which means a hacker who has successfully acquired your login credentials will also need physical access to the 2FA app or SMS texts on your phone before they can do any damage.
Two-factor authentication should be enabled on as many websites and apps as possible. TwoFactorAuth.org has a comprehensive list of sites currently supporting 2FA, including Apple, Binance, IFTTT, Instagram, and Snapchat are just a few. However, don’t use SMS-based 2FA codes. It’s an unsafe practice. Both Gmail and Bitcoin accounts have been compromised even when secured by SMS-based 2FA.
Don’t give away your info on social media
Hackers can easily gather bits of personal information about you collected across all of your social media accounts. While posting your date of birth on one website and your phone number on another may seem harmless, hackers can gather and use that information to social engineer their way into other accounts you own.
- Phone numbers: A hacker with your phone number(s) can social engineer your cell phone provider into forwarding text messages to an anonymous number they own. This would allow them to bypass SMS-based two-factor authentication protections.
- Addresses: Your home, work, family, and friends addresses should never be shared online. Likewise, diners, parks, and public places you frequent should never be advertised or linked to a photo. Address sharing is often marketed as a convenience tool — and it is. It allows your friends and family to easily find you during a meetup, but it also allows hackers to easily locate your geographic location with terrifying accuracy.
- Names: In 2019, it’s bad security practice to use your real name when signing up for websites. Hackers may use this information for social engineering attacks, identify theft, and other illegal activities.
- Photos: Catfishing is a serious problem on the internet. A hacker may decide to use your selfies in a catfishing scheme which can result in legal issues or public embarrassment for you and your family.
Generally speaking, submit as little personal data to social media websites as possible. If a particular website doesn’t absolutely require your real information to sign up, don’t include it. A general rule of thumb here, ask yourself: “Does this website absolutely need my real name and real information?” If it’s not vital to how the website operates (e.g., bank accounts), then don’t submit personal information.
Avoid strangers online. Try to avoid communicating or sharing any kind of information about yourself — regardless of how harmless the information may seem. A conversation with someone about your grade school teacher’s name might be all a hacker needs to bypass a login security question. Patient hackers and cyberstalkers will gradually be able to collect small pieces of personal information about you to compromise accounts or discover your home address. Remember, people can be easily social engineered and tricked into divulging their passwords and security question answers.
Get rid of unnecessary friends on social media
Some people keep too many “friends” on Facebook. We’re talking about friends of friends and people we’ve never met in real life that serendipitously happened into a public Facebook conversation you were a part of and later friended you. These interactions could easily be engineered by a hacker attempting to infiltrate your private accounts.
Cyberstalkers on social media may follow you to track your whereabouts and activities. However, you may not always be the primary target. Hackers may use you to pivot to one of your children, friends, or relatives. Similarly, catfishers may follow you on online to steal your photos for fraudulent activities which could result in criminal charges again you.
As a best practice, take an afternoon to go through all of your social media accounts. Unfollow people you don’t actually know in real life and minimize the number of photos you upload to websites.
Copyright PUNCH.
All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.
Contact: the[email protected]
DOWNLOAD THE PUNCH NEWS APP NOW ON
How to secure your identity online - The Punch
0 Comments: