How to stay safe online

How to stay even safer online

Our online privacy is something we should all care about – in particular, what information we're revealing about ourselves without knowing it. 

Assuming you're not doing anything illegal, there's nothing inherently wrong with safeguarding your personal details and browsing habits. Privacy isn't just an issue for celebrities.

In fact, it's far more likely that your privacy is compromised by advertising agencies than anyone else. From a simple Google search, to pretty much any ad-funded website, your browsing behaviour can be tracked to establish which adverts you're most likely to click on.

Fortunately, there are plenty of ways to prevent this monitoring. We'll show you some of the best options, from simple tricks to more hardcore solutions that can shield you from almost any surveillance.

Twitter was allegedly hacked in June 2016, with 32 Million login credentials being offered for sale on the dark web. Despite forcing a number of users to reset their passwords, Twitter has maintained that it has not been hacked, and that what's likely to have happened is that people have been careless with their passwords - for example using the same password for multiple different sites.

A Twitter spokesperson told us that "we are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks."

If Twitter was hacked, it certainly wouldn't be alone. A month before the Twitter hack 32 Million user accounts for business networking website LinkedIn were offered for sale online. A hack of Dropbox in August 2016 also resulted in 68 million passwords leaking onto the web.

In light of this, we've updated this guide with some first steps in making sure you're protected online, before going into more advanced techniques.

Password protection

The first rule about keeping yourself protected online is to make sure you have difficult-to-guess passwords, which ideally will be unique for every website that you log in to. If you're using the same password for all of your logins, someone could gain access to one of your accounts, and then they would be able to access all of your other ones as well.

Security Expert Graham Cluley, has a useful tip of people who are worried that having multiple complicated passwords will be difficult to remember.

"I recommend that users use dedicated password managers to remember their passwords for them, and those can also be used to create unique, hard-to-crack passwords to boost security."

These password managers - such as KeePass - store all of your passwords in an encrypted digital vault that you can access with one master password. The vault can be stored on your computer or on a removable drive like a USB stick so you control your data. When you click on an entry you can automatically copy passwords to clipboard and paste them into the password box on the site.

Stay safe online

Keepass also comes with a password generator which can create complex and near nigh uncrackable passwords for your accounts.

Check out our best password managers round up to find out which ones we think are the best for protecting you online.

Use two-step verification

Wherever possible you should use two-step verification to help improve the security of your login details. Two-step verification (also known as two factor authentication) makes it more difficult for someone to gain access to your login credentials by making you have to supply two items of authentication to log in.

The most popular version of this involves you providing your password, along with a verification code that's sent to your smartphone. Other methods include PIN codes generated by a physical device.

Not all services and websites support two-step verification, but a growing number do, so you should make sure you turn this feature on when you can.

Check out our guides on how to add extra security to your Apple ID and how to boost your Google account's security for explanations on how to turn on two-step authentication with those popular services.

How to stay even safer online

Unlike Google, DuckDuckGo doesn't keep tabs on your web searches

Anonymous browsing

Online privacy tends to make headlines with stories of governments spying on citizens. But while state surveillance is undeniable, the first invasion of your privacy is more likely to come via a Google search. Although apparently anonymous, Google has a habit of tracking your searches in order to bombard you with personalised adverts.

By contrast, a search engine such as DuckDuckGo generates unbiased search results without the added user profiling or tracking.

Switching to a less commercially driven search engine will certainly help you on the road to anonymity, but after visiting a few websites you'll inevitably receive some cookies.

These tiny text files are usually perfectly legitimate ways for websites to record things, such as frequently viewed items, so they'll appear on your next visit. But, cookies can easily turn on you…

Tracking cookies are more invasive and compile records of browsing habits and personal details in order for the cookie host to target you with specific adverts.

Since 2011, EU and US law has increased cookie awareness by requiring websites to display homepage notification banners that you can't miss, but it's really just a token nod at respecting privacy.

A more promising attempt at keeping your browsing less trackable is the Do Not Track HTTP header, now integrated into all common web browsers. When activated, websites are requested not to use tracking cookies.

However, the key word there is "requested", as while Do Not Track may be great in theory, the feature can't actually prevent websites and advertisers from tracking you.

There's no law to say they can't completely ignore a DNT request, however all sites registered in the EU must have your consent first before storing any tracking cookies.

Clean the slate

The bottom line is, it's up to you to stay anonymous. Simply clearing your browser cache and cookies through your browser's settings is a good start.

Alternatively, you can use clean-up software such as CCleaner to delete cookies, temporary internet files and various other web leftovers from multiple browsers in one go.

Private business

Once you've got a clean slate, keep it that way by using private browsing modes to keep your interests under wraps. This could be Microsoft's InPrivate feature, Firefox's Private Browsing mode or Incognito in Chrome.

They all do a pretty good job of preventing nosey tracking cookies from setting up camp on your computer. But even without going into full-on secret browsing mode, the big browsers also allow you to block third-party cookies, and while this doesn't create an impenetrable barrier, it's more effective than a Do Not Track request.

Another easy way to regain control of your internet anonymity is by exploiting browser extensions to close privacy loopholes. Active web content such as Java, Flash and Silverlight can be used to obtain system information without your knowledge and piece together various browsing habits.

Automated scripts can also be potential security risks, so controlling exactly what web content can and can't run is a good thing.

Browser extensions such as NoScript for Firefox and ScriptSafe for Chrome allow you to do exactly that, blocking all active web content and asking for your approval before letting it run. At first these extensions can be annoying, but the more you use them, the smarter and less intrusive they get.

How to stay even safer online

With a simple browser extension like Disconnect, you can see who's tracking you and block them. Firefox's Private browsing mode automatically uses Disconnect's list of tracking cookies to protect you.

Spot the spies

Even when web tracking is legitimate, the fact it happens without your knowledge doesn't inspire much trust.

Wouldn't it be great if you could see exactly who's trying to sneak information about you so you could stop them in their tracks? Well, that's exactly what extensions such as Ghostery and Disconnect do. Both are available for Firefox and Chrome. Ghostery is also now available for Microsoft Edge.

With a simple browser button, you can see a list of active advertising, analytics and social media tracking organisations on a current webpage. You're even able to control which ones can collect information about your browsing session. Both extensions are easy to use and far less troublesome than script-blockers.

Unlike private browsing modes, which simply stop tracking organisations from leaving cookies, these extensions can actually prevent them from monitoring you. Far more effective. However, just because your browser is locked down, this doesn't necessarily mean your system is secure.

Any malware already present on your PC may still be snooping on you, and carelessly downloading the wrong zip, executable or even PDF file can transmit your personal details to unintended recipients.

Encrypting email

Email attachments aren't the only way in which your privacy can be compromised. Your actual written email correspondence is also far from anonymous.

When Gmail was launched in 2004 with a 1GB storage limit, Google wasn't keen to market how this capacity was funded. This is because Google was, and still does, scan email content in order to target you with personalised adverts, and Yahoo is up to the same tricks.

Thankfully, there's no shortage of ways to keep your email correspondence safe and secure. If you're serious about email anonymity, providers such as Hushmail offer built-in PGP email encryption and no advertising.

Most companies will claim that e-mailing another person using the same site such as Hushmail will mean your message is automatically encrypted when sent and decrypted when read. They may even claim that not even their own employees can read your e-mails.

Nevertheless if you're storing your private encryption keys on the company's e-mail server, you have to take quite a lot on trust. Firstly that the company is being honest and secondly your keys won't be stolen by hackers or surrendered to law enforcement. Hushmail is an excellent case in point as in 2007 Hushmail complied with a US-Canadian court order to turn over 12 CD's worth of e-mails from three Hushmail accounts to the FBI. 

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.