by

Basic Ways to Protect Yourself Online

Recently one of my relatives asked me how to get their personal information removed from Google. I had to inform them that you pretty much can’t. Google isn’t the culprit, but the website where you have listed your information (aka Facebook & others). What most people don’t realize is that Google is only collecting publicly available information. It’s not datamining private information. Most people think of Google as being like the phone book where you can contact the phone company to be unlisted. This is actually a wrong comparison. The phone company is providing the service of a phone number and listing those who are using their service. Google isn’t providing the service (unless you’re using your Google Account/Profile). The comparison I used was that of a newspaper who reports a publicly listed police report with a person’s name and city of residence. At that point, anyone can take that name/city and use the phonebook to find their address and phone number. You don’t complain to the newspaper (well, most of the time) because the information is publicly available. It’s up to that person to contact the phone company and tell them to be ‘unlisted’. Because remember, while you might complain to Google, there are many other search engines out there, some big some small, and all have access to public information that’s on the net.

The same applies to the internet and website profiles. Probably 90% of websites with profiles allow those profiles to be listed in Google and other search engines by default. Almost all of them have options to be ‘unlisted’, but you have to make that setting change yourself. If that site does NOT have an option to be ‘unlisted’, then immediately remove your information, delete your account and don’t use that site.

The burden of responsibility falls on YOU the user.

Yes, it sounds like it would be a lot of work, but only at first if you haven’t been following ‘safe surfing’ practices. After that, it’s only a matter of following some simple rules. Here are the ones that I follow:

 

  • I never use my real name  unless I absolutely have to. When I first signed up for Facebook I actually had it listed under my handle, not my real name. Eventually when my family started to join Facebook I did switch over, but only after I was satisfied with Facebook’s privacy settings (which was ages ago). I strongly suggest that people carve their online identity under a handle or pen-name that is extremely hard to track back to your real name. Anyone who tries hard enough can find out who “Lethann” is, but I’ve tried to make it hard. Right now there is only one point of easy cross over and I’ve just rectified that.
  • Only buy from established and verified websites. I feel confident giving my information to sites like Amazon and NewEgg, but even then I often opt not to have them store my purchasing information (ie Credit Cards, etc). If you want to buy from a smaller site, you can often go to your credit card’s website and generate a temporary number for your credit card that’s strictly for online use. If that number is compromised you don’t have to worry about cancelling your entire account and changing all your subscriptions. You can also sign up for PayPal as another buffer, though not all websites accept it as a payment option. Just remember, offline you’re not really going to hand over your credit card to someone selling watches off a table on the street (If you do, you’re a dumbass). Sadly on the internet it’s a lot easier to make a website that looks all nice and professional but actually the equivalent of that shady table on the street. “Better to be safe than sorry”, and “If it looks too good to be true it often is” are two phrases to remember when online shopping.
  • When asked for my birth date, I lie, unless it’s for a money transaction that has to match my Credit Card information. Often I will stay with the same month/day but change the year so it’s a bit harder to dig up personal information. Keep it reasonable, a year or two off, but honestly most don’t NEED it other than saying they are trying to keep minors off of certain stuff.
  • Don’t list your exact address or even city. This is easy for folks who live near a big city. I tell folks I live in Atlanta, GA. Obviously I don’t live in Atlanta Proper (few do), but Metro Atlanta covers almost all of northern Georgia. If you don’t really live near a big city, I’d still suggest using the nearest large/big city. Sadly if it’s something that requires delivery you don’t have much choice, but that’s why you use trusted sites that have security measures. Even then, it isn’t hard to find someone’s address no matter how hard they try to be invisible, so don’t stress over every little instance.
  • Don’t list your home phone number or your cell number. If you need to use a phone number, I suggest getting a Google Voice number that will ring either/both lines and yet acts as a buffer. If the scammers can use them to trick you, you can use it to protect yourself from them. This is great for online resumes. I really need to use mine more than I do.
  • Don’t have a single email address. I suggest having at least 3, if not more. One address for friends, one for professional use, and one for spam/websites. I actually have even more than that. I have a separate one for my family, especially since some of them are very bad about forwards. If you have a gmail account, you can use the nifty ‘alias’ feature to your email address to find out which sites are distributing your email to spammers. If your gmail is username@gmail.com  you can use username+website@gmail.com and then monitor your spam box to see if you start getting email sent to that address.
  • Have multiple passwords. While the best practice is to use different randomly generated passwords for every computer account (both online and off), we all know that’s a bit unrealistic. For things like forums I have a couple easy to remember passwords. Yes they can be hacked, but there is nothing in them. For things like bank accounts and email boxes, I use far more secure randomly generated passwords that use both lower case, upper case and numbers. The point of passwords isn’t that they are completely unhackable. Anything can be hacked given enough time and processing power. The point is to make it so hard it’s not worth the time and effort. Using an encrypted program like KeePass will help you store and generate your logins and passwords. My rule of thumb: if it’s all false/non personal info, I don’t care if it gets hacked. Annoying but not dangerous. If it has anything personal (name, address, phone, deals with money), that get’s a secure password.  If you don’t think this is important, then read how the Anonymous hackers were able to bring both HBGary’s businesses to it’s knees because two VPs decided to use easily hackable passwords and use them repeatedly.
  • Use secure passwords for email accounts! This is so important I’m putting it separately. From forum access to bank accounts, all of these logins have password recovery feature that is typically nothing more than an email sent to you with either a new dummy password or a link to reset the password itself.  So if someone has access to your email account, they have access to all those logins. If you have a single email for web logins, lock it down with as secure password as possible. You can then use a less secure, easy to remember password for your ‘chatting’ email if you want, but I still suggest using a secure one. Email is just that important. If you read the article I liked above about the Anonymous attack on HBGary the major damage was done because they had access to employee email accounts.
  • Never store passwords online! I know there are websites out there that boast being secure enough to store your passwords, but nothing is foolproof. Not only that, but what if something happens to their servers and you don’t have those passwords backed up elsewhere? Again, I suggest using KeePass or another desktop equivalent, making sure to backup the program and the encrypted database file that has your passwords in it. I specifically use the “Portable KeePass” and regularly backup my KeePass to a USB thumbdrive.
  • Don’t leave account creation or password recovery emails in your inbox.  Often when you create a new login, you are sent a confirmation email with your username and password. Many of us, myself included, have a nasty habit of leaving this emails hanging around in case we forget our login information. This is a very bad idea. If your email account DOES get compromised then all of those accounts are ALSO compromised, which is another vulnerability that was exploited in the HBGary attack.  Reading that article reminds me that I need to go through my massive Google inbox and search for all those emails and delete them, AND empty the trash can.

Following these basic rules won’t keep you entirely invisible. That’s pretty much impossible to do in this day and age. You’d have to not own property, a car, a phone, work for a job that pays only cash and doesn’t report taxes, pay for things only in cash, and basically live a life of fear and paranoia. Simply accept the fact that you’re traceable. This is nothing new to the digital age either. Ever since there were birth certificates, property deeds, taxes, social security, and more we’ve had a paper trail to tell people who we are and were we can be found. Most of us were just blissfully unaware of how easy it was.

The digital age has indeed made things fairly easy, but not as much as you think. There have always been services that anyone willing to pay the subscription fee for could use and all they needed was a name, social security number, or previous address. I used to work for a law office and they had a private detective on staff. It was a bit scary to see that anyone who subscribed to these services could access this information, but there it was. It’s all publicly available, not private like you think. The moment you own a house,  buy a car, pay taxes, etc, all of  that is put into public record.

The point is not to be afraid. We’ve lived with the fact that our names, phone numbers, and addresses were in the phone book for decades. You could opt out and be unlisted if you choose, but it didn’t make you live in fear of being stalked or robbed. We take precautions at home, locking our doors and windows, but don’t live in fear because of it. Don’t let the information age change that.

Practice safe surfing rules and be smart, not afraid.

What other tips, tricks or rules do you follow to keep yourself safe on the internet?

Advertisement

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s