Ways hackers can violate your online privacy
The world of technology is always evolving and so is our relationship with the internet. Back in the 1990s, the only thing you seemingly had to worry about was your email. Then, you started banking online and now, your smartphone's connected, you have Facebook… and pretty much your whole life is online. And you're always being tracked. Your entire browsing history is stored by your ISP, tracked by Facebook and perhaps other advertisers. Even your IoT devices might be reporting on you. So, keeping things private is already quite a big ask — even before the hackers get involved…
What information is available to hackers?
You may not have realized quite how much of your personal information is available on the internet. Let's have a run through some of the types of information that's there, and why hackers might be interested.
- PII - personally identifiable information. This includes your name, address, email address, SSN, tax number, date of birth, medical records, educational records, employment. There’s lots in this type of data that a hacker could use to steal your identity. It might include details of purchases that you've made on Amazon, or investments made with an online broker. All of this private information could be used to compromise your other online accounts, too.
- Emails, SMS, and instant messages are all kept on servers somewhere. There might be plenty of information in your emails that you don't want the world to see - confidential business documents, love letters, details of your bank accounts. And hackers will also be interested in your contacts, because if they can get hold of those, they can send phishing emails to everyone you know.
- Your browsing data includes cookies, ISP logs, and browser plugins that might store data. It's useful to advertisers, and with the advent of Big Data, it might be more useful than you realize.
- In real time, you may be using the internet to make a Skype call or for video conferencing. Are you sure that no one's listening in?
You may not even realize that some of these details have been stored. Or you may be annoyed by the way Facebook wants to tell your friends what you've just bought or listened to, or the way the LA Times is showing you ads for something you looked up two weeks ago.
Hackers are always evolving their techniques. For instance, phishing has been a standard method for over a decade, which involves sending fake emails that either ask you to connect to a spoofed website that looks like one you trust or that have links that install malware on your computer. But now, fake links on social media and hacked social media accounts are also serving as ways to intrude on your privacy and steal your data.
Public Wi-Fi is a marvelous thing, letting you work from any Starbucks, but it's also a huge security vulnerability. Unprotected hotspots give hackers yet another way to break into your device and steal your data. Given that hackers are a massive threat to your online privacy, what can you do about it?
Use a VPN to protect yourself against hackers
Public Wi-Fi doesn't require authentication to access it. That's great for you, and it's great for hackers, because they don't need any authentication either. They can use Man-in-the-Middle (MTM) attacks to steal your data, or - in some cases - they can even set up a 'honeypot' Wi-Fi hotspot to suck your data up.
If you need Wi-Fi for your laptop, it may be a better idea to share your mobile 4G connection by setting up your mobile as a Wi-Fi hotspot and letting your laptop connect to it securely.
Better still, use a Virtual Private Network (VPN), which creates a private gateway to the internet for you.
How does a VPN prevent hacking?
By redirecting your internet traffic to disguise your IP address, it makes it impossible to track you. And by encrypting the information you send across the internet; it stops anyone who wants to intercept your information from being able to read it. That includes your ISP. So, a VPN is a really good way to protect your privacy online.
A VPN isn't just good for your online privacy and security; it has a couple of other advantages. It can allow you to visit websites that may be blocked by the Wi-Fi provider - in some places, that includes Facebook and Twitter. And because it can access geolocation blocked content, it can be useful if you're traveling abroad and want to access financial accounts which may be blocked to 'foreign' users.
You can get free VPNs - but they can come with strings attached. If you really want to protect your privacy online, you should use a premium VPN; it's worth paying for.
How encryption protects your privacy
You might also consider using encryption to protect your online privacy. In fact, you're probably doing that already to some extent, since businesses that handle your data will sometimes encrypt it. Your bank, for instance, probably uses encryption on its website, through SSL and TLS certificates.
If you see a padlock at the start of your browser address bar, the link between your browser and the server is encrypted. If you're filling in a form without the padlock, a hacker could attach a malicious program to the server that hosts the website that could listen in to your communications and steal your data. If you're filling it in with SSL/TLS, no one can listen in.
Another way of telling whether a website is using SSL/TSL is if the URL begins with https:// rather than http://. HTTPS is a much safer protocol than HTTP. Remember, though, the encryption just protects your communication. Once your details are sitting on the company's server, they could be vulnerable to any attack on the company's network.
It's also worth knowing that phone calls on Skype are 100% encrypted - as long as they're 100% made on Skype. But if you make a Skype call to a regular phone number, the link over the PSTN (ordinary phone network) isn't encrypted. That could allow someone to listen in. You can also take advantage of encryption for your messages on Facebook, using 'Secret conversations', if you're on an iPhone or Android smartphone - but not on your PC or laptop.
One of the reasons WhatsApp has become so popular is its end-to-end messaging encryption. Other apps offer encryption but don't turn it on as standard. Look for the setting to turn it on - why on earth would you not want to?
You might also be interested in using Tor, an anonymous, encrypted browser network, to avoid having your browsing history tracked. Investigative journalists often use Tor, as do NGOs who are working in hostile environments. However, Tor is not perfectly safe; it has been known to deliver malware, and it's still vulnerable to 'man in the middle' attacks.
Encryption is a great bonus when you want to protect your privacy online. But governments don't always agree. Some are trying to force tech providers to include a backdoor allowing security agency to access the data. The problem, of course, is that as soon as you leave a backdoor open, hackers will try to get in.
Reduce your digital footprint to protect your privacy
When you're thinking about how to protect your privacy online, it's worth thinking about whether you might want to reduce your digital footprint. We're so used to posting photos online, telling our friends what we've just listened to or where we've been on social media… We don't always think where that information is being stored or what it could potentially be used for.
That may mean resisting some of the suggestions social media and other sites make, such as tags for people you were with. It might mean turning off location services for some of your social media. Pruning your online presence can be quite helpful in protecting your privacy. You can also think about the following ways to reduce how much of your personal information is available on the web, and to whom:
- Keep your social media private and restrict your Facebook posts to friends only rather than allowing anyone on the internet to access them.
- Tighten up who can send you friend requests, from 'anyone' to 'friends of friends' for instance.
- Turn off location, face recognition, 'interests' buttons, and advertisers on social media. Some social media platforms will actually post your location online whether you want it to or not - that's not great for your privacy, and advertising "I'm not home" to burglars is a big safety risk. Or you can just turn off geotagging by turning off the GPS in your phone.
- Unsubscribe from old email lists that you don't want to be on. Consider using a secondary email address for one-off purchases, inquiries for insurance quotes, and so on. Keep your personal email free for your friends and family.
- Be careful with Internet of Things (IoT) devices which monitor your personal habits - password protect them, run them on a separate guest network so they can't be used to gain access to your internet accounts, and remove older devices or ones you don't use from the network.
- Feel free to redact. If you want to show you've passed your driving test, for instance, you might well want to post a picture of your test result - but have the sense to obscure your address, phone number and other identifying information in the photo.
- Check up on what is being done for you automatically. Some people don't want Google to automatically log travel plans in their calendar, for instance.
Remember that social media did not get started as an advertising business. It got started as a service that individual users felt made their lives more enjoyable. All these tips may sound like hard work, but they're just a way of reclaiming social media as a fun service, rather than a drain on your privacy.
Protecting your privacy with anti-hacker software
There is now a wide range of software available for you to protect your online privacy and security. Some is aimed at preventing websites from tracking you, some at stopping hackers from installing malware on your PC; some is available as extensions for your web browser, while some requires separate installation. Perhaps calling it anti-hacker software is going a bit far - it won't stop a determined hacker but using such software can make it very difficult for a hacker to get into your computer or get access to your data.
For instance, browser plugins can be used to stop websites from tracking you. Facebook tracks you while it's open even if you are not on the site at the time, gathering your browsing history to use in serving up targeted ads. That's an innocent enough purpose perhaps, but Facebook's data collection and sharing practices have often been under fire, so consider protecting yourself.
Use a good anti-virus and anti-malware software. If a keylogger Trojan manages to install itself on your PC, goodbye online privacy! Cleaning up your PC or phone from time to time is also a good idea; make sure no hacker programs are listening in.
You might also want to download an app that can erase your phone's data if it is lost or stolen. If you sync Google devices, you can already remove the data from any device remotely. Don't let your contact list or banking apps get into the hands of hackers - just wipe the phone.
It's not strictly anti-hacker software, but a good password manager is worth its weight in gold. Using strong passwords and different passwords for different accounts and networks is what we'd recommend as a basic precaution for anyone who wants to minimize the risk of intrusion - but it's not that easy to do if you have multiple accounts to secure. Using a password manager helps keep your accounts secure; just make sure you've secured your password manager itself with a strong password.
You could install all these protections separately. Alternatively, you can take advantage of Kaspersky's Total Security, which packages all the protection you need into a single bundle.
How to keep your privacy secure
Protecting your online privacy means keeping your devices and networks secure. We've already mentioned some ways to do this - such as using a good password manager. However, here are some additional tips that can help you protect your privacy against hackers:
- Enable two factor authentication on your accounts. For example, when you use PayPal, you'll get an SMS message to verify each transaction. Other accounts use biometric markers such as fingerprinting, patterns, or even a physical fob or dongle to provide a second method of verification.
- Don't download unofficial apps on your smartphone - use the Apple App Store or Google Play.
- Watch out what permissions you give to smartphone apps. If a word processing app wants to use your camera and microphone, location info and in-app purchases, as well as access to your Google account, question it and investigate why.
- Uninstall software and apps you no longer use or need.
- Disable 'run as administrator' on all your devices, and don't root or jailbreak your phone. This means if a hacker does manage to gain control of a program, they won't be able to get control of the phone or change the settings and probably won't be able to install software on your phone or computer.
- Keep all your software up to date. Hackers regularly find new vulnerabilities in out-of-date software and operating systems.
- Deactivate the autofill option. It's a time-saving feature, but if it's convenient for you, it's also convenient for hackers. All the auto-fill info has to be kept somewhere, such as in your browser profile folder. This is the first place a hacker will go to look for your name, address, phone number, and all the other info they need to steal your identity or access your accounts.
- When you have a particularly sensitive transactionto make use a VPN or private browsing mode.
- Phones are small, and easy to misplace. They're also favorite targets for thieves. Ensure you have a screen lock and, as mentioned above, install software that can wipe your phone if it's lost.
- Configure your router with a secure new router name and password. If you change the password, using WPA authentication, you've made it less likely for someone to hack your router. But why change the username? Simple - most usernames show the type of router or the network it's running on. Change it to something else (preferably not your name, though) and you're depriving hackers of that information, too.
- Remember to log out! When you've finished using an account, log out of it. When you leave your accounts running in the background, that's a major security breach. Fortunately, most banks now log customers out after a certain time. But the big threat to your privacy doesn't come from them - it comes from social media.
These tips should help block all the little backdoors that hackers like to use to get into networks, apps, and devices. Together with the other actions you've taken - reducing your digital footprint, using a VPN, and using encryption - they should help keep your private life the way you want it: private.
Finally, if you care about protecting your online privacy, make sure you keep up to date on cybersecurity. New threats are always emerging, and new ways of dealing with these threats emerge in response. Just as you'd update your computer software, keep your brain updated by checking in with the IT security community every so often, and check out the latest articles here at Kaspersky.com.