We increasingly live in a pervasive cyber world where many people use their smart devices across all aspects of their lives. Although pervasive computing facilitates our work/life activities, it is important to know both how to secure our data, and preserve our privacy. In the Privacy Flag project, we have surveyed common cyber-activities that users engage in with their computers and smart devices, to identify possible privacy leaks, and to recommend trusted tools that mitigate or prevent these leaks. The survey that was conducted examined a wide range of cyber-activities, from surfing the Internet and sending instant messages, to securely managing user credentials.
Below, we provide best practice guidance for the most common cyber-activities with the aim of increasing public awareness about security and privacy. We also recommend trusted tools that can help users to use these best practices to preserve their cyber-security and privacy.
When users browse the web, they leave ‘digital footprints’ or traces behind them, either locally on their machines, or remotely on the web servers. However, there are some tips that can mitigate privacy risks:
A. Private Browser Window
Most web browsers support a private browsing mode which deletes all data related to the user session once the browser window is closed. Session data may include browsing history, filled forms, cached media and first-party cookies.
B. Useful Add-ons
There are many browser add-ons that claim that they improve user privacy. However, not all are really doing so, or are operating in an effective or appropriate way. Below is a list of the most popular browser add-ons recommended and offered by authentic sources.
- uBlock Origin (Firefox/Chrome) is an efficient wide-spectrum advert blocker that is not memory intensive but supports more advert filters than other popular blockers. It is completely open source, has no monetization strategy, and does not allow so-called “acceptable ads” like AdBlock Plus.
- Self-Destructing Cookies (Firefox) automatically removes cookies when they are no longer used by open browser tabs.
- Click&Clean (Firefox/Chrome) deletes the browsing and download history, temporary files and cache, and removes cookies, including Flash Local shared objects (LSO).
- Disconnect (Firefox/Chrome) is an open source add-on that visualizes and blocks invisible websites that track the user. It blocks third party tracking cookies and gives the user control over all site scripts.
- Privacy Badger (Firefox/Chrome) stops advertisers and other third-party trackers from secretly tracking the user. If an advertiser seems to be tracking the user across multiple websites without his/her permission, Privacy Badger automatically blocks that advertiser from loading any more content in the browser.
- HTTPS Everywhere (Firefox/Chrome): encrypts user communications with many major websites, making browsing more secure. This add-on is a collaboration between The Tor Project and the Electronic Frontier Foundation (EFF).
- Decentraleyes (Firefox/Chrome): It emulates Content Delivery Networks (CDNs) locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required.
- uMatrix (Firefox/Chrome): Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics. uMatrix gives the user control over the requests that websites make to other websites. This gives greater and more fine-grained control over the information that the user leaks online.
C. Harmful Add-ons
There are also some popular add-ons that are supposed to protect user privacy but, in fact, they may sell the user data to 3rd parties:
- Ghostery gives the user control of the personal data that can be shared with trackers on websites visited. It can also block the offending trackers and significantly speed up the browsing experience. However, a recent MIT review reported that the company behind Ghostery helps advertising companies that want to improve their use of tracking code by selling them data collected from Ghostery users who have enabled a data-sharing feature in the tool.
- Web of Trust (WOT) uses crowdsourcing to rate sites based on trustworthiness and child safety. Howver, it also collects data about the user’s browsing habits. According to a report from the German television channel NDR, WOT then sells user data to various third party companies without effective anonymization, which means it is easy to re-identify the user.
D. Tor Browser
Where users really care about their anonymity, they are advised to use the Tor browser. The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor’s users employ this network by connecting through a series of virtual secure tunnels, rather than making a direct connection to the destination. Similarly, Tor can be an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. The Privacy Flag add-on and smartphone app enablers use this feature and can route Privacy Flag traffic through the Tor network if the user has installed and enabled Tor.
Since the Tor network only considers the anonymity of data transport, the Tor project has created the Tor Browser Bundle (TBB) which consists of a modified Mozilla Firefox web browser, the TorButton, TorLauncher, NoScript and HTTPS Everywhere extensions and the Tor proxy. The Tor Browser automatically starts Tor background processes and routes traffic through the Tor network. Upon termination of a session the browser deletes privacy-sensitive data, such as HTTP cookies and browsing history.
Virtual Private Network (VPN)
A Virtual Private Network (VPN) extends a private network across a public network, typically the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Business users employ VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same local area network (LAN), or as a method for securing and encrypting their communications when they are using an untrusted public network (e.g. open WiFi). When the user connects to a VPN, he/she usually launches a VPN client on his/her machine, log-in with his/her credentials, and the user device exchanges trusted keys with a remote VPN server. Once client and server have verified each other as authentic, all user traffic is encrypted and secured from eavesdropping.
VPN services have been commonly used to browse the Internet securely and anonymously. However, not all VPN providers are completely anonymous, even if they declare themselves to be so. Some providers log IP addresses and activities of their users. Thus, a VPN should not be considered as an anonymity tool, but as a security layer for user traffic so that it is not easily monitored or censored by intermediate parties. WE have identified some privacy-friendly VPN providers which support OpenVPN, do not require personal information to register, adopt no logging policy and offer protection against DNS leaks. Some examples are TorGuard, NordVPN, EarthVPN, and Proxy.sh.
Email service and client
Google has clarified its email scanning practices in a “terms of service” update, informing users that incoming and outgoing emails are analyzed by automated software. The revisions explicitly state that Google’s system scans the content of emails stored on Google’s servers as well as those being sent and received by any Google email account. This happens because emails are stored in clear text in the mail servers, even if they are transmitted to the server in an encrypted form. This information leakage is similar to other free popular email service providers.
To overcome this serious privacy leak, users are advised to use secure email services such as ProtonMail. Messages are transmitted and stored on ProtonMail servers in encrypted format. This means that the service provider does not have the technical ability to decrypt the user messages and, as a result, they are unable to hand the user data over to third parties. They also do not save any tracking information, such as the IP addresses used to log in. ProtonMail does not require any personal identifiable information during user registration.
When using corporate email service, users are advised to use Pretty Good Privacy (PGP) to encrypt and sign their messages. PGP can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted by using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also known as a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message; but to protect it during transmission it is encrypted with the receiver’s public key. Only the private key belonging to the receiver can decrypt the session key. PGP supports message authentication and integrity checking. The latter is used to detect whether a message has been altered since it was completed (the message integrity property), and the former to determine whether it was actually sent by the person or entity claimed to be the sender (a digital signature). Because the content is encrypted, any changes in the message will result in failure of the decryption with the appropriate key. The sender uses PGP to create a digital signature for the message with either the RSA or DSA algorithms. To do so, PGP computes a hash (also called a message digest) from the plaintext and then creates the digital signature from that hash using the sender’s private key. There are several add-ons that support PGP in different mail clients such as Enigmail for Mozilla Thunderbird and SeaMonkey.
Search engines (like Google, Yahoo) use search queries issued by users to deliver more personalized search results. This may appear to be a good feature but when enabled, search engines store user queries, timestamps and IP addresses to track users and infer user interests. This information is shared with the requested website and this threatens user privacy. the feature also limits the number of results from the whole Internet, and only shows things the algorithm indicates will be interesting to the user.
There are search engines e.g. DuckDuckGo which neither tracks users nor collects their personalized information. Startpage fetches results from Google on behalf of the user without recording their IP address or logging anything about user behaviour. SearX is an open source meta-search engine which aggregates the results of other search engines while not collecting/storing information about its users.
Instant Messaging (IM) and VoIP Software
Instant Messengers (like Skype, Whatsapp, Viber, Facebook Messager) are widely used to send text messages and place voice and video calls. Some of these popular IM services have recently started to support end-to-end encryption e.g. Whatsapp and Viber. This makes secures the conversation content even when stored on the servers of the provider. Facebook Messenger supports end-to-end (E2E) encryption only for mobile devices and text messages, but it is not enabled by default. Even if this feature is supported by IM applications, user privacy is still not guaranteed. WhatsApp wants to share user data with its parent company Facebook in order to draw in adverts to the platform. If regulators agree, third party companies will be able to send targeted messages directly to WhatsApp users.
To keep their messages safe and private, users are advised to use privacy-friendly open-source IM services. Signal is a free and open source mobile app which provides end-to-end encrypted instant messaging and voice calls (Video calls are beta supported). Encrypted group chats are also supported. Wire supports similar features to those of Signal and is supported for desktop, web and mobile platforms. For desktop or laptop machines, Ricochet Ricochet is a further alternative which uses the Tor network to reach user contacts without relying on messaging servers. Ricochet starts a Tor hidden service locally on a person’s computer and can communicate only with other Ricochet users who are also running their own Ricochet-created Tor hidden services. This way, Ricochet communication never leaves the Tor network. A user screen name (e.g., ricochet:hslmfsg47dmcqctb) is auto-generated upon first starting Ricochet; the first half of the screen name is the word “ricochet”, with the second half being the address of the Tor hidden service. Before two Ricochet users can talk, at least one of them must privately, or publicly, share their unique screen name in some way.
Encrypted Cloud Storage
Cloud storage (like Dropbox, OneDrive and Google Drive) has become a common tool for sharing files and media among a user’s devices or contacts. Although cloud services often promise security, they may store user files unencrypted in the cloud, whether on their own or on shared servers. This means that the technical team, or the government, have the ability to access a user’s personal files without notice. Also, if the servers are compromised, hackers will have full access to user files.
There are several secure alternatives for cloud storage like Sync , Seafile and SpiderOak. Sync is a zero-knowledge cloud service. This means the files are encrypted on the user’s machine before they are synced with the cloud servers. Sync.com use a 256-bit AES encryption on files and lock them with 2048-bit RSA private keys. For maximum security, passwords are never transmitted to Sync. Furthermore, Sync does not store passwords or password hashes during account creation, or when the user logs in. Another model is offered by Seafile. This cloud service gives users the opportunity to host files on their own servers. It also offers to host user files on servers either in Germany, or with Amazon Web Service in the US.
Disk and File Encryption
Disk encryption software protects the confidentiality of data stored on computer media (e.g., a hard disk, floppy disk, or USB device). Operating systems usually use and enforce access controls where each user account has specific rights on each file and directory. However, disk encryption passively protects data confidentiality even when the OS is not active, for example, if data is read directly from the hardware, or by a different OS. Disk encryption generally refers to complete encryption that operates on an entire volume mostly transparently to the user, the system, and applications. This is generally distinguished from file-level encryption which enabled by the user action on a single file or group of files. Disk encryption usually includes all aspects of the disk, including directories, so that an attack cannot determine content, name or size of any file. It is well suited to portable devices such as laptop computers and external drives, which are particularly susceptible to being lost or stolen. If used properly, someone finding a lost device cannot access user data, or even know what files might be present.
An example of a disk encryption tool is VeraCrypt which can create and maintain an on-the-fly-encrypted volume. On-the-fly encryption (OTFE) means that data is automatically encrypted just before it is saved and decrypted just after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. The on-the-fly encryption does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements. VeraCrypt supports individual file encryption as well. For file encryption, GnuPG is a simple option which is open-source and supported on all desktop operating systems (Windows, Linux and MacOS).
Good security practices require users to use different passwords for each website and service. For accounts of any significance, those also need to be strong passwords of one form or another. But if we combine those two requirements (one password per site and strong passwords) then it turns to a very complex task. To handle this complexity, there are many password managers but only a limited number are secure. Master Password is based on a password generation algorithm that guarantees the passwords can never be lost. Its passwords are not stored, but they are generated on-demand from the user name, the site and the master password. Therefore, no syncing, backups or Internet access needed. KeePass is a free open-source traditional password manager, which helps the user manage passwords securely. All passwords are stored in one database, which is locked with one master key or a key file. The databases are encrypted using the most secure encryption algorithms currently known: AES and Twofish.
Two-Factor Authentication (2FA)
After numerous account breaches including at major service providers (such as LinkedIn, Dropbox, Yahoo, Myspace, etc.), many providers have started to support two-factor authentication to protect their users. Two-factor or two-step authentication (2FA) adds a second level of authentication to an account log-in. When the user has only to enter a username and password to login to a service, this is considered to be single-factor authentication. 2FA requires the user to enter an additional secret (or verification code) that the user (should) possess or know. This additional secret may be transferred to the user through the user’s phone, or can be a biometric feature e.g. a fingerprint. For example, the verification code can be sent in a SMS, or generated by a dedicated mobile app that stores a secret (such as Google Authenticator, Duo Mobile, the Facebook app). 2FA offers greater account security by authenticating user identity using more than one method. Thus, even if someone were to obtain the user’s primary password, they could not access the account, unless they also acquired the mobile phone, or another secondary means of authentication.
The 2FA authentication has variant terms from service to another. Facebook calls the process “login approvals,” Twitter calls it “login verification,” and Google calls it “2-step verification.” An extensive list of services supporting 2FA is available here.
Since security and privacy threats and their countermeasures are continuously evolving, we have provided links to trusted online resources with up-to-date tips, tools and best practices for safer and more private communication. We have used these resources, among others, to compile this guide.
- The Surveillance Self-Defense Guide provided by The Electronic Frontier Foundation (EFF) provides best practices and step-by-step tutorials that help users at different levels technical knowledge to defend themselves from surveillance using secure technologies.
- PrivacyTools is a socially motivated website that provides information about tools for protecting data security and privacy. If the website is unavailable, users can access the information on GitHub
- The Guardian project provides open-source mobile security software to help end users to communicate freely and protect themselves from intrusion and monitoring.
- Prism Break is a crowdsourced portal for privacy-aware, generally open source, alternatives to the most popular applications.
- BestVPN is an excellent privacy guide written by the creators of the bestVPN.com website.
- Privacy Test portal is a diverse and comprehensive list of online privacy tests that can help users find out what kind of information various programs and services reveal about them and their devices.