It's no secret that 2013 wasn't a great year for Internet privacy.
Former National Security Agency contractor Edward Snowden leaked thousands of classified documents that revealed the depths of the agency's electronic surveillance program. Users had their information stolen en masse from private databases, including a security breach in November that reportedly resulted in 42 million unencrypted passwords being stolen from Australian-based Cupid Media, which was followed by a massive hack of Target credit and debit card information.
So, what's a concerned netizen to do in 2014? Turns out there are plenty of ways to keep your data safe without breaking your Internet addiction.
Take two steps towards better security
Even if you aren't worried about NSA agents reading your email, you should still be concerned about hackers taking a peek at your sensitive bank information or your "50 Shades of Grey" fan fiction.
That is why it's a good idea to take advantage of two-step verification, something that Google, Facebook, Microsoft, Twitter and other companies have been pushing more often lately as big password leaks have hit the news.
Basically, not only will the service ask you for your password, but it will provide you with a code via a text message or an authentication app that will verify your identity.
“People should take the extra step because it’s incredibly effective in making it hard for someone to break into your account,” Yan Zhu, technologist for the Electronic Frontier Foundation, an advocate for Internet privacy, told NBC News. “They not only need access to something you know — which is your password — but they need access to something you own, which is your phone or another secondary device.”
Check your URL
Every website you visit should have "https" before the URL in the browser, instead of just "http," to ensure Web traffic is encrypted for a more secure connection — especially in spaces with public Wi-Fi like airports and cafes. What do you do if that extra "s" is missing? You might want to install HTTPS Everywhere, a browser plug-in for Chrome, Firefox and Opera that rewrites requests to websites to keep you protected.
Change your terrible password
The top three passwords in a November security breach that reportedly affected 38 million Adobe customer accounts:
Not exactly impenetrable. And password cracking software — much of it freely available — is only getting more advanced. So how can you protect yourself?
“Use long passwords, at least eight characters, but the longer the better,” Maxim Weinstein, security advisor at Sophos, wrote to NBC News. “Avoid words (including names) and predictable patterns like adding a number to the end of a word. One trick is to choose a phrase or song lyric and use the first letter of each word (e.g., “Oh, say can you see, by the dawn’s early light” equals "oscysbtdel"), perhaps making some substitutions to make it more complex.”
Don't use the same password for everything
You should also have a different password for every site, so that a hacker who gets your dating website password won’t all of a sudden have access to your Gmail account. Weinstein also recommended using a password manager like 1Password or LastPass to keep track of all of them, or, at the very least, creating three different passwords for your work email, personal email and websites that you visit.
Browse without being tracked
Normally, when you search for something on the Internet, the site can see what search term you used, not to mention your IP address, which can be used to identify you. Switching from your current search engine to one like DuckDuckGo is one step you can take to protect your identity.
“When you visit anything on the Internet, your computer is sending information about itself over the Net that can be used to tie things back to you. Most services store this information, which then can be used by these government programs and other things to identify you,” Gabriel Weinberg, the site’s founder and CEO, told NBC News. “DuckDuckGo, on the other hand, does not store any personally identifiable information, so we literally have nothing to tie your searches to you."
When you are using Google, you can browse in Incognito mode. It doesn't mask your searches or IP address, but it does have some added privacy benefits, like not recording your search history and deleting new cookies after you close your browser windows.
Consider the power of Tor
For the strictest level anonymity, you can download Tor, a software network that bounces Internet traffic around thousands of relays around the world to mask what sites you have visited and where you have visited them from. (Although, as the recent arrest of a Harvard student who allegedly used Tor while sending a fake bomb threat shows, it doesn't guarantee you will be completely anonymous).
Encrypt your email
While free Webmail services like Gmail, Microsoft's Outlook and Yahoo Mail have upped their encryption standards over recent years, you might still want the added protection of end-to-end encryption. It basically cuts out the middleman and sends email messages directly to the recipient, who can only read it if he or she has two encryption keys, one public and the other private.
“I really hope end-to-end encryption becomes more popular over the next year,” Zhu said. “One of the great things about it is that because it happens on the user’s computer, they have full control over it. They don’t have to trust a third party to keep their data safe.”
The downside? It’s not very easy to implement. Even Glenn Greenwald, the former Guardian reporter who broke the Edward Snowden story, had trouble with it. You’ll need to download encryption software called PGP (Pretty Good Privacy), or the open-source GPG (GnuPG), and start using an email client like Thunderbird. (The Press Freedom Foundation has a good explainer on how to set everything up). It's all not very attractive or user-friendly — something that Mailpile, which raised $163,192 this year on Indiegogo, is hoping to change by developing a more Gmail-esque interface.
Protect your chats and cloud storage
Email isn't the only personal data you should be worried about. Plenty of services store chat logs, and while cloud-storage services usually have strong protections, your information could still be at risk from hackers or anyone who has your username and password.
Some good solutions: Programs like Cryptocat or Pidgin with the OTR plug-in, for encrypted chats, and Cloudfogger or BoxCryptor for storing sensitive documents on services like Google Drive or Dropbox.
Of course, the reason people pick passwords like 123456 is because it's easier than the alternative. If you want complete privacy and security in 2014, you're going to have to work for it.
First published December 31 2013, 1:27 PM