The paranoid’s guide to the Internet: 13 easy ways to make sure you’re not hacked or tracked

hackers computer laptop working

Patrick Lux/Getty Images

It might seem inevitable that companies will track your movements online and that hackers will someday steal your information. 

Not true.

While it’s hard to protect your personal information on the internet with 100% effectiveness, there are a few easy steps you can take that will make you a lot safer. And you don’t have to be a tech expert at all.

Here are 13 easy ways you can stop companies like Facebook and Google from tracking you, and protect your data from opportunistic hackers.

Additional reporting by Steven Tweedie, Cale Guthrie Weissman, Max Slater-Robins, and Jim Edwards.

 

1. Use a VPN to hide your IP address.

A VPN (virtual private network) protects you against hacking by encrypting all information traveling to and from your computer through the Internet. This means that any data you enter while using a VPN is generally protected from outsiders being able to intercept and understand it.

VPNs can also mask your IP address, which makes it difficult for people — like the government — to track where your computer is located. This can also give you access to sites that might be blocked in your country.

VPNs are great for surfing the web on public Wi-Fi networks, because they ensure end-to-end encryption for all traffic.

VPNs generally use a groups of computers that are connected together to make a secure sub-network within a larger network (the Internet). You can gain access to one of these networks by using services like Hotspot Shield.

2. Think twice about the cloud.

This may sound counterintuitive, as even big companies are trusting a lot of their business data to the cloud — that is, to internet services hosted by other parties.

But a lot of consumer cloud services have been hacked, or accessed when people misunderstood the security settings and accidentally shared things they wanted to keep private. Cloud services are mostly safe, most of the time, for most data. But for maximum security, the best bet is to back up sensitive files to an extrenal hard drive that is never connected to the internet.

3. Don’t link your digital accounts together.

While linking accounts is a great way to streamline all of your digital information, it also gives hackers a way to connect the dots.

For example, if someone gets your Twitter password and you have your company’s Twitter account also linked, then your company could also get hacked.

Linking may make your life easier, but it also makes a hacker’s life easier.

4. Treat those “security questions” like passwords, and never choose ones where the answers can be found through Google.

Security questions were invented as ways to prove that someone logging in to a service is who they say they are. But many of them are too easy to find out in our age of endless digital records. 

For instance, a simple Google search may be able to show where you used to live or your mother’s maiden name. So when it comes to security questions, it’s probably best to treat this like another sort of password. Perhaps instead of putting “Fido” for your first dog’s name, put in a random answer like “The Wizard of Oz.”

5. When you enter your credit card or other sensitive info, make sure the site is secure.

If you are sharing critical data like you credit card number online, make sure the page is encrypted.

It’s very easy to tell. If you don’t see a “locked” symbol on your browser, it isn’t encrypted, and you shouldn’t make any transactions. The site’s URL should also start with “https://” instead of the usual “http://”. If a site is unencypted, it’s extremely easy for any external entity to intercept the traffic — and your personal details with it. 

6. When logging into sites like Gmail, use “two-factor authentication,” which can stop hackers even if they have your password.

Two-factor authentication requires people to use something else (usually a mobile phone) to confirm who they are when logging into an account.

In a simple example, when you enter your username and password, you won’t get in right away. Instead, a code will be sent to your mobile phone, amd you’ll have to enter this code before you get access. This means that if hackers get your password, they won’t be able to get access to a two-factored account unless they also have access to whatever device the second factor is coming from.

7. Choose a clever password that’s hard to guess.

You might think your passwords are original, but most of us use the same ones because they’re easy to remember.

For example, the most common password in 2014 was “123456″ followed by “password.”

Instead, use capital and lowercase letters, out-of-order numbers, punctuation marks, and word combinations that are tough to guess. 

8. Use PGP to send secure messages like Edward Snowden.

PGP stands for “pretty good privacy,” and it’s an easy way to encrypt your messages. It usually centers on the use of two things: a public key and a private key.

A public key is the information that is needed to encrypt a message. People wishing to receive encrypted messages make their public key readily available, as it’s the only way for sources to begin the process of sending secure messages.

Private keys, however, are not readily available. They are the password to any secret message you receive — and they are necessary to decrypt a message.

Think of encryption as a safe deposit box with two keys: A person writes a message and uses the public key to open the box and put it in. When the message is in the box it is completely safe. But the only way to get the message out of the box is through another key, which only the recipient has. 

The next few slides will show you how to set up and use PGP…

Here’s how you generate a public key.

There are ways to do this using a web browser, but it’s safest to use a tool that is well-regarded by the privacy community. GPGTools is trusted by many and creates an easy way to set up your own public key.

To create an encryption key using its app GPG Keychain, click “File” and then “New Key.”

Next, enter your credentials.

Put in your name and email address.

Then choose a passphrase.

This passphrase is one of the most crucial steps. It creates and unlocks the “private key” we’ve been talking about this whole time. Never share it with anyone, and never share it digitally. It should be long, random, contain numbers, caps, and symbols. In short, it must be insanely difficult to crack, so make it as complicated as possible.

And just like that, you’ve created your very own public key.

You’ll see a shortened sequence of bytes called the “Fingerprint” in the GPG Keychain program. But if you copy a key and paste it in a textbox, you can see the entire public key (it will be longer).

Now anyone can send you messages using your public key, and you can decrypt them using your private key. Simple.

For a more detailed walkthrough of GPG Keychain, go here.

9. Use Tor to browse the internet anonymously.

The easiest way to hide your IP address is a tool known as a Tor browser.

The browser looks similar to any other normal web browser, but it works by sending any online request (i.e. what website you want to browse) to another person’s network, which is then sent to another person’s network, which is then finally sent to the intended recipient. This means that it’s difficult to track precisely who is viewing what website.

Tor is theoretically safer than a VPN for masking your IP address, as law enforcement could theoretically get a subpoena and order a VPN service to hand over its logs. But Tor also makes your web surfing run a lot slower.

To download Tor you go to the Tor Project’s website and follow the instructions. There are also a bunch of other interesting articles and forums about what the Tor project does and online anonymity in general.

The following slides have instructions on how to get started with Tor…

This will pop up when you first download the Tor browser.

For most people trying to use Tor, you need to click “Connect.” However, if you are on an existing network that requires a proxy to access the Tor network, you may need to set up some personal configurations.

For most people this will not be a problem, but if it is, you can easily find forums online to help you through.

And now you’re on Tor.

Once you’re connected to Tor, you can also access “deep web” websites, which are websites from the dark corners of the web, inaccessible by normal browsers.

If you want to learn more about the Deep Web, go here.

10. Think before you download them, but ‘ad blockers’ can stop companies from tracking you on the web.

Ad blockers are controversial tools that, as the name suggests, block ads on your phone or desktop. There are many issues surrounding how ad blockers will affect sites, like Business Insider, that rely on advertisements to keep financially viable. And if you do use them, make sure to “white list” sites that you want to support.

But ad blockers are certainly a good tool for increasing your privacy on the web.

An added benefit of using an ad blocker is that many include tools to stop companies from tracking you.

The popular “Adblock Plus” can disable most tracking by ad agencies on the web. 

11. If you use Gmail and Chrome, install this “Ugly Email” extension to learn when someone is tracking your email.

You might not realize it, but there are now email-tracking tools that make it easy for people to see when you open an email, what you click, and where you’re located.

But handy tool called Ugly Email can show you when your emails in Gmail are being tracked. And it starts working even before you click the email itself.

When Ugly Email is installed, a tiny little eye symbol appears next to any email in an inbox that is being tracked by tools like Bananatag, Streak, or Yesware.

And installing Ugly email is dead simple if you are using Google Chrome as your web browser.

Just click this link to take you to Ugly Email on the Chrome Web Store, click the “Add to Chrome” button, and you’re all set.

12. Opt out of ad-tracking on Facebook by just clicking a few buttons.

When you log into Facebook, you are allowing it to mine your personal information to serve you up better advertisements. But there is a simple way to opt out of ad-tracking. Just follow a few steps….

 

First, click the down arrow at the top right of your Facebook page.

Then go down to the “settings” option.

Click on the “Ads” button on the bottom left of your screen.

In each section of Ads, you select the “edit” button.

Then change the “pair my social actions with ads for” to “no one” and then hit “save changes.” Repeat this action for all the “edit” sections, and you’ll have completely opted out of ad-tracking.

13. Turn off most of Google’s tracking with a few simple sliders.

Google collects a ton of information on your digital habits, the sources of which can be viewed on your Activity Controls page.  

Here are some of the sources: your search and browsing history, places you’ve been, and information from your phone (like calendar, contacts, and various apps). 

But the good thing is that these sources of information come with a slider that can be used to switch the tracking on and off. 

And while you’re at it, download Google’s “opt-out cookie.”

Google lets you download a plugin that permanently opts you out of the DoubleClick tracking cookie, which is the main way Google tracks you.

The cookie works on Chrome, Internet Explorer and Firefox leaving Safari and Microsoft’s new Edge browser out in the cold. 

The post The paranoid’s guide to the Internet: 13 easy ways to make sure you’re not hacked or tracked appeared first on Business Insider.