Wearing a digital condom: Staying safe online
Web browsers. One of the fastest ways to spread viruses is through a web browser, and to prevent this from happening, make sure your browser is as secure as possible. Mozilla Firefox is recommended by many people because it has the most security options, but Google Chrome lovers, fear not – Chrome and Opera both have similar options in their Settings page (And if you’re still on Internet Explorer, well, it’s really time to move on). So once you’ve decided on your browser – or switched to a different one – you can find plug-ins (also called add-ons or extensions, depending on the browser you are using), which are basically features that will work with your browser. Some useful plug-ins to have for your Firefox browser are Ad-Block Plus, No Script, and Better Privacy (these all have Chrome equivalents).
You can also go into the Settings page of your web browser and make sure things like password storing, for example, are turned off. If you want to check whether a website is safe or not, you can run it through scanners on www.phishtank.com, www.onlinelinkscan.com or www.virustotal.com. If you want to check the reputation of a website, use http://safeweb.norton.com or www.urlvoid.com.
Finally, visit this secure browsing hands-on guide from Security in a Box for more information and help on securing your web browser, a list of plug-ins, and the safest Settings options for you.
https. Did you know that the ‘s’ in ‘https’ stands for ‘secure’? When email travels from your computer to the intended recipient, it is in plain text, and the Internet is an open network. So in theory, anyone could read it, if they had the right software. What ‘https’ does is encrypt your data through a code that no one else can read. This works for more than just email, and when you see ‘https’ before a url, it signifies that your computer has opened a secure connection to the website you are accessing. If you go back to your plug-ins and extensions page, you can install one called Https Everywhere, which means that wherever possible, your browser will automatically open a secure connection.
Webmail. Have you thought much about the security features on the email you use? Gmail, one of the most popular email providers, is also owned by Google – a huge company making lots of money, by using your information and selling it on to advertisers of other companies. They also don’t place a lot of emphasis on security measures around their email systems. First off, this is not a cause to panic, or immediately leave Gmail, but just something to keep in mind, particularly if you have a lot of sensitive data in your email. For example, if you work with vulnerable people or on politically contentious topics, Gmail may not necessarily be the best place to have these conversations.
An alternative webmail provider designed by activists is https://mail.riseup.net, which provides free email to activists across the world. They take great care to protect the information stored on their servers, and unlike Google, have no commercial interests that might someday conflict with their policies. One setback is that given that they are a small, independent group, their storage space is rather limited. But since most people have more than one email account, you could consider using Riseup for your more sensitive data. To learn more about Riseup and whether it’s a good option for you, visit the Riseup page on the Security in a Box website.
Folder/Document Encryption. What sensitive data do you keep about you or your community, and what would people have access to if your computer, laptop or mobile phone was stolen? Notes from casework? Contact numbers? Is there some stuff in there that absolutely must be protected at any cost? You can do this easily by encrypting the documents or folders that have information you want hide. Like we saw in the case of passwords (http://pointofview.org/blog/general/passwords-your-first-line-of-defence), encrypting something means that it is protected by a puzzle that can be solved only if you know all the clues. TrueCrypt is a software programme that hides your sensitive data and makes it look like an ordinary file. It’s like having a cupboard in your house that doesn’t look like one. So an entire folder (or more) can be turned into a file that looks like an image, document or video file that can’t be opened unless you have the password. If anyone tries to open the file, they’ll get an error message – for example, it may say the file is corrupted. But when you run it through the TrueCrypt programme (to which only you have the password), it will turn into the volume of things it actually contains – only for your eyes. For help installing and using TrueCrypt, check out the Security in a Box guide.
Read also the I need to keep my passwords safe section in APC Digital Security First-Aid Kit for Human Rights Defenders .