How to stay safe online

Browse safely

Online privacy is something we should all be paying attention to – in particular, what information we're revealing about ourselves without knowing it.

Assuming you're not doing anything you shouldn't be, there's nothing inherently wrong with guarding your personal details and browsing habits. Privacy isn't just an issue for celebrities.

In fact, it's far more likely that your privacy is compromised by advertising agencies than anyone else. From a simple Google search, to pretty much any ad-funded website, your browsing behaviour can be tracked to establish which adverts you're most likely to click on.

Fortunately, there are plenty of ways to prevent this monitoring. We'll show you some of the best options, from simple tricks to more hardcore solutions that can shield you from almost any surveillance.

It recently emerged that someone has claimed to have hacked Twitter, exposing a number of users' passwords. Twitter has maintained that it has not been hacked, and that what's likely to have happened is that people have been careless with their passwords - for example using the same password for multiple different sites.

A Twitter spokesperson told us that "we are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks."

In light of this, we've updated this guide with some first steps in making sure you're protected online, before going into more advanced techniques.

Password protection

The first rule about keeping yourself protected online is to make sure you have difficult-to-guess passwords, which ideally will be unique for every website that you log in to. If you're using the same password for all of your logins, someone could gain access to one of your accounts, and then they would be able to access all of your other ones as well.

Graham Cluley, a security expert, has a useful tip of people who are worried that having multiple complicated passwords will be difficult to remember.

"I recommend that users use dedicated password managers to remember their passwords for them, and those can also be used to create unique, hard-to-crack passwords to boost security."

These password managers - such as LastPass - stores all of your passwords in a digital vault that you can access with one master password. When you return to a website, LastPass can quickly fill out the forms with your username and password, making it convenient as well as secure.

Stay safe online

It also comes with a password generator which can create complex and nigh on uncrackable passwords for your accounts.

Check out our best password managers round up to find out which ones we think are the best for protecting you online.

Use two-step verification

Wherever possible you should use two-step verification to help improve the security of your login details. Two-step verification (also known as two factor authentication) makes it more difficult for someone to gain access to your login credentials by making you have to supply two items of authentication to log in.

The most popular version of this involves you providing your password, along with a verification code that's sent to your smartphone. Other methods include PIN codes generated by a physical device, or providing an answer to a question only you would know.

Not all services and websites support two-step verification, but a growing number do, so you should make sure you turn this feature on when you can.

Check out our guides on how to add extra security to your Apple ID and how to boost your Google account's security for explanations on how to turn on two-step authentication with those popular services.

How to stay even safer online

Unlike Google, DuckDuckGo doesn't keep tabs on your web searches

Anonymous browsing

Online privacy tends to make headlines with stories of governments spying on citizens. But while state surveillance is undeniable, the first invasion of your privacy is more likely to come via a Google search. Although apparently anonymous, Google has a habit of tracking your searches in order to bombard you with personalised adverts.

By contrast, a search engine such as DuckDuckGo generates unbiased search results without the added user profiling or tracking.

Switching to a less commercially driven search engine will certainly help you on the road to anonymity, but visit a few websites and inevitably you'll receive cookies.

These tiny text files are usually perfectly legitimate ways for websites to record things, such as frequently viewed items, so they'll appear on your next visit. But, cookies can easily turn on you…

Tracking cookies are more invasive and compile records of browsing habits and personal details in order for the cookie host to target you with specific adverts.

Since 2011, EU and US law has increased cookie awareness by requiring websites to display homepage notification banners that you can't miss, but it's really just a token nod at respecting privacy.

A more promising attempt at keeping your browsing less trackable is the Do Not Track HTTP header, now integrated into all common web browsers. When activated, websites are requested not to use tracking cookies.

However, the key word there is "requested", as while Do Not Track may be great in theory, the feature can't actually prevent websites and advertisers from tracking you.

There's no law to say they can't completely ignore a DNT request.

Clear the slate

So, the bottom line is, it's up to you to stay anonymous. Simply clearing your browser cache and cookies through your browser's settings is a good start.

Alternatively, you can use clean-up software such as CCleaner to delete cookies, temporary internet fi les and various other web leftovers from multiple browsers in one go.

Private business

Once you've got a clean slate, keep it that way by using private browsing modes to keep your interests under wraps. This could be Microsoft's InPrivate feature, Firefox's Private Browsing mode or Incognito in Chrome.

They all do a pretty good job of preventing nosey tracking cookies from setting up camp on your computer. But even without going into full-on secret browsing mode, the big browsers also allow you to block third-party cookies, and while this doesn't create an impenetrable barrier, it's more eff ective than a Do Not Track request.

Another easy way to regain control of your internet anonymity is by exploiting browser extensions to close privacy loopholes. Active web content such as Java, Flash and Silverlight can be used to obtain system information without your knowledge and piece together various browsing habits.

Automated scripts can also be potential security risks, so controlling exactly what web content can and can't run is a good thing.

Browser extensions such as NoScript for Firefox and ScriptSafe for Chrome allow you to do exactly that, blocking all active web content and asking for your approval before letting it run. At first these extensions can be annoying, but the more you use them, the smarter and less intrusive they get.

How to stay even safer online

With a simple browser extension like Disconnect, you can see who's tracking you

Spot the spies

The problem is, even when web tracking is legitimate, the fact it happens without your knowledge provokes lack of trust.

Wouldn't it be great if you could see exactly who's trying to sneak information about you so you could stop them in their tracks? Well, that's exactly what extensions such as Ghostery and Disconnect do. Both are available for IE, Firefox and Chrome.

With a simple browser button, you can see a list of active advertising, analytics and social media tracking organisations on a current webpage. You're even able to control which ones can collect information about your browsing session. Both extensions are easy to use and far less troublesome than script-blockers.

Plus, unlike private browsing modes, which simply stop tracking organisations from leaving cookies, these extensions can actually prevent them from monitoring you. Far more effective. However, just because your browser is locked down, this doesn't necessarily mean your system is secure.

Any malware already present on your PC may still be snooping on you, and carelessly downloading the wrong zip, executable or even PDF file can transmit your personal details to unintended recipients.

Encrypting email

Email attachments aren't the only way in which your privacy can be compromised. Your actual written email correspondence is also far from anonymous.

Way back when Google launched Gmail with a 1GB storage limit, it wasn't keen to market how this capacity was funded. Google did, and still does, scan email content in order to target you with personalised adverts, and Yahoo is up to the same tricks.

Thankfully, there's no shortage of ways to keep your email correspondence safe and secure. If you're serious about email anonymity, providers such as Hushmail offer built-in PGP email encryption and no advertising.

Email another Hushmail user and your message is automatically encrypted when sent and decrypted when read.

Email a non-Hushmail recipient and you can still use encryption, but require them to answer a secret question before the message can be read. Clever stuff , but you'll need to part with $35 a year for it, or there's a free version if you can stick to a 25MB storage limit and log in frequently.