Any user who connects to the network could be the victim of an attack on the confidentiality of personal data. The number of crimes related to the unauthorized use of personal data on the Internet is increasing every year. Many users do not take any action to protect privacy and confidentiality. Even if they are aware of the ways to ensure security. One of the main reasons is the unsubstantiated confidence that a negative scenario is possible only with respect to people who visit sites with a dubious reputation. Or else the people who are not well versed in modern technologies. A radical solution to the problem is the abandonment of the Internet. We do not consider it because of its impossibility. But there are more reasonable ways to protect against theft of private information.
The virtual part of the network (VPN) is not a universal way to rescue from all threats. But an extremely useful tool for protecting personal data. With VPN, all requests are encrypted and reach their destination through tunnels. Anyone who intercepts data sees only an unreadable character set.
Free VPN is rarely of high quality. Moreover, it can become a source of another problem. For example, the sale of personal data to advertisers. Metric Labs studied the 20 most popular VPN applications on Google Play and the AppStore. They concluded that most of them cannot be trusted. Many products offer no privacy protection. There are applications that openly write that they collect data. Also, they reserve the right to transfer them to third parties. But users do not know about this because they do not read the rules.
Paid VPN-services do not trade user information. Because reputation is more important to them. But if there is no trust in companies even when purchasing services, then there remains one more option. That’s renting a foreign server and setting up a personal secure channel.
Create complex logins and passwords
Accounting data is all that is needed to obtain personal information. Therefore, they must be strong, which implies:
- Lack of identity. Use the name, date of birth, age – wrong.
- Using different layouts, upper and lower case, adding characters.
- Periodic change.
Logins and passwords must be different on different services. Then when hacking one account will not be discredited other profiles. In order not to keep in mind a bunch of identification data, you need to use password managers. It does not have to be a separate application. Often the capabilities that are offered by the manager built into the browser are enough to store. In Chrome, for example, he can also generate complex passwords. All that is required of the user is to click the Save button.
Another security thing is two-factor authentication. Here authorization requires entering a one-time key that comes in an SMS or is displayed in an application. For example, in Google Authenticator.
Do not trust public Wi-Fi networks
Social networks are dangerous. In April of this year, it became known that the personal data of users of the Moscow metro were publicly available. But to some data, vulnerability has existed for two years. According to programmer Vladimir Serov, who discovered it, it was possible to find out the approximate age, gender, marital status, income level, frequently visited places and other confidential information via a Wi-Fi network.
At the end of October, Meduza spoke about the free Wi-Fi network from the Maxima Telecom provider. It intentionally uses user data collection technology. The company sells this information to advertisers. They can, for example, look at what places a person most often passes and show him the relevant ads.
To avoid overflowing private information, stop using free networks. Clean the list of access points and leave only proven options. For example, a home network and Wi-Fi at work. In the subway you will have to drive without the Internet or have time to load the pages at the stations. As long as there is a signal for the mobile Internet to work.
Check your browser
Cookies are recommended to clear after each session. You can solve the problem radically by turning them off in the browser settings. But this will negatively affect the operation of sites. Another solution is to use incognito mode. In it, the browser does not keep records of the visited pages in the log. However, user actions are still recorded on the sites and marked by the provider.
The most secure way to protect personal data is to use anonymous browsers. The most famous is Tor, designed to maintain user privacy. It works on the “onion” technology. That involves wrapping data in several layers of encryption. Then sending them through different nodes before the signal reaches the desired server.
Another example is Epic Browser. It automatically deletes all information after the end of the session. So, it eliminates the dangers associated with the operation of cookies, auto-filling of forms and saving browsing history.
Use search engines that care about privacy
Personalized search is a convenient thing, but its existence puts the privacy of users at risk. Search queries allow you to identify a person through communication with an account or at least an IP address. In addition, search engines store location information using geolocation data and a selected region.
Another serious problem – the issuance of information to third parties for promotional purposes. Formally, there are no violations. For targeting, data are used that are not related to the personalities of specific people. But sometimes search engines misuse technical capabilities and to satisfy advertisers’ requests. For example, violate the right to privacy of correspondence. Google only in 2017 stopped reading emails sent through Gmail. Before that, the information received was used to select personalized ads.
To reduce the risk of collecting personal data and using search queries for advertising purposes, you can use systems that emphasize privacy. The most famous example is DuckDuckGo. But there are other search engines: Search Encrypt, Fireball.
Beware of phishing
No VPN, Tor, private search engines and complex passwords will save you from identity theft if you fall victim to a phishing attack. The essence of phishing is to force a person to click on a malicious link. It can be disguised as a useful button on the site or come in a letter of congratulations on winning a cash prize.
Most browsers have anti-phishing filters, but do not rely only on them. To increase security, you must use antivirus software with anti-phishing components that can catch the threat that the browser missed. The problem is that anti-phishing systems often rely on pre-blacklists. If the site you visit is included in it, then protection is provided. There may be problems with defining new threats. There is another situation. Sometimes browsers show a warning of possible danger. But the user ignores it and continues to enter the bank card data for payment or the password from the account.
Phishing is difficult to fight because it uses social engineering and tries to fool the user. The main weapon against such attacks is the knowledge of their existence. This keeps from the temptation to follow links with the promise of winning. Also, it forces them to carefully examine the sites before entering personal data on them.
Use instant messengers with message encryption
Even the security services are not able to read the correspondence, if you send it through secure chat rooms. Periodically, there are news that a vulnerability has been discovered in the same Telegram. But it very quickly becomes clear that “experts” access messages through a rooted Android or a user’s computer.
Telegram is not the only instant messenger that allows you to encrypt messages, calls and video calls. End-to-end encryption also supports Signal and Threema. You can use ProtonMail, Tutanota, Mailinator, and MailFence clients to ensure the security of email correspondence.
When creating profiles in social networks, people leave a variety of information about themselves. For instance, date of birth, place of residence, family ties, photos, phone number and email address. Attackers use all this data to attack. For example, sending personalized messages with phishing links. We do not urge to use only fake accounts, but caution will definitely not hurt. It’s not for nothing that it’s written on the same e-tickets that you don’t want to post them on social networks. People are sometimes too sure of their own safety.
Do not ignore system updates
System updates are not only new features, but also bug fixes and vulnerabilities. Ignoring updates by the user plays into the hands of intruders. Updates have two problems: they appear at the wrong moment and sometimes bring new errors. But to completely abandon them is still impossible. Developers usually eliminate errors quickly. Also, the automatic system updates by timer will help eliminate the inconvenience associated with downloading and installing the update.
Full personal data security is unrealistic to guarantee. But you can significantly reduce the risk of their unauthorized use, if you follow several rules:
- Install VPN.
- Create complex logins and passwords, store them in the manager.
- Try not to use public Wi-Fi networks or enter them through a VPN.
- Clean your browser or use anonymous web browsers – for example, Tor.
- Use search engines that do not collect personal data to personalize search results and ad targeting.
- Do not trust the links in the letters, do not click on incomprehensible buttons.
- Use instant messengers that support end-to-end encryption.
- Keep track of what information you leave in the profiles of social networks.
- Install system updates.
Monitor the security of personal data is necessary not only on the Internet, but also offline. The last vivid example is the discovery of scanned documents in open access on the computers of the MFC My Documents. Visitors used the scanner to download copies to verify their identity on the “Gosuslugi” portal, and left files on the hard disk. They had to be removed daily by the MFC staff. But they often forgot to do it. At the same time, third parties can print out the copies of documents and use them to obtain any services. For example, for processing a microloan.
The development of technology brings not only new opportunities, but also dangers. And we need to learn to live in a world where even toothbrushes connect to the Internet and transmit information about the owner. The advertisers are ready to buy any personal data, just to get a more accurate portrait of the audience.