Our recent Facebook post about SearX seems to have struck a chord, given the number and diversity of page views. I believe this reflects a growing awareness of and concern about how large online services collect your information and who they share it with. Many alternatives exist, but in the past they were usually too confusing, limited, or inconvenient for the average person. Fortunately, that is by-and-large no longer the case.
In this post, I will discuss several painless yet powerful changes that anyone can make to take control of their data and be safer online. Each of these options are free, and should take about 5 minutes or less to get started.
Replace your Instant Messaging App with Signal
Signal, by Open Whisper Systems, seamlessly replaces your phone‘s default messaging app. It provides free end-to-end encryption for text messages and voice calls to other Signal users, and you can also use it to exchange texts with traditional SMS users. It‘s the same technology which underlies Facebook‘s WhatsApp messenger.
Install HTTPS Everywhere and Privacy Badger
These two browser plugins are published by the Electronic Frontier Foundation, and work with Firefox, Chrome, and Opera. They represent a two-pronged approach to safe browsing:
HTTPS Everywhere makes sure you‘re always using the secure version of a website if one is available. It works invisibly and requires no configuration. Just install it and go.
Privacy Badger is similar to ad-blocking software, but it works by preventing web sites from snooping on your browsing activity. A little badger icon by the address bar shows the number of trackers blocked for each web page you visit. You‘ll probably be surprised by how many it stops.
Ditch Gmail for Encrypted Webmail
ProtonMail is a CERN offshoot that provides secure webmail. Like Signal, they automatically encrypt all communication between users of their service, but they also give you the ability to send encrypted messages to any email address. They feature an feature easy-to-use, familiar web interface and mobile app.
Protonmail is headquartered and hosted in Switzerland, and their data is protected by Swiss privacy law. Service is free for basic users.
Use Two-Factor Authentication
The most common form of “2FA” combines your regular username and password with a special code displayed by a mobile app. The code is different each time, so even if someone steals your password, they won‘t be able to log in without having physical access to your phone. The vast majority of “hacking” that gets reported in the news is in truth no more than people getting tricked into giving away their passwords voluntarily. Two-factor makes you virtually bulletproof against these kinds of attacks. Not all online services support 2FA yet, but you should definitely enable it wherever you can.
Keep Your Passwords in a Password Vault
Most people have a hard time remembering passwords, so they end up using the same password everywhere. That means once a hacker breaks into your email, they can also get access to your Facebook, PayPal, and online banking accounts.
Password vaults such as KeePass allow you to generate a unique password for every site you visit, and organize them in an encrypted file on your hard drive. You only need to remember one master passphrase to open the file, and then you can copy-and-paste any of your passwords into a login screen with a couple of clicks. If you store your KeePass file in Dropbox or iCloud you can easily sync it to your phone and use it for mobile sites as well.
One caveat to this is that you need to make sure your master passphrase is strong and memorable. My preferred technique is to use a favorite book or movie quote, such as “Keep it secret! Keep it safe!”
That‘s it! If you can adopt even one or two of these changes it will put you far ahead of the pack. These suggestions only require a few minutes of your time to set up and then you can get on with your day with much better peace of mind. Why not give them a try?
Stay safe out there.
Brian O‘Donnell is Executive Director at Gibberfish, Inc
UPDATE 04/11/2017: A reader helpfully brought up some concerns about flaws in HushMail’s security model, so we have removed the recommendation from the article.