Here are some tips to help you protect your data and avoid exposure to attacks. What we offer you is a collection of tips referring, in many cases, to articles that we have published in the past.
The idea is to offer a sort of “decalogue” to take stock of what are now the most effective strategies to navigate in anonymity and prevent the theft of personal information by malicious people.
Use Tor Browser on PC, Orbot and Orfox on Android and Onion Browser to Protect your Online Browsing Sessions
The Tor network, as we have repeatedly pointed out, allows you to reach any remote host without the data exchanged can be read in any way during the journey (so even the information exchanged using communication protocols that do not involve the use of encryption). Tor’s layered encryption allows you to protect yourself from any man-in-the-middle attack: see also How to open sites that are blocked or prevent the use of Tor.
Tor also hides the real IP address assigned by the Internet provider you choose to your modem router or connection in use.
Tor Browser is the software to be installed on your PC to protect your browsing session while Orbot and Orfox allow you to surf in complete anonymity on Android.
A similar application for iOS devices is the Onion Browser, which can be downloaded free of charge from here.
It should be borne in mind that in some countries of the world, the use of the Tor network and in any case of VPN services that apply data encryption is considered illegal. In Italy, Europe and the United States there are no restrictions in this regard. On the contrary, in the USA providers are even entitled to sell the browsing history of individual users to third parties: Surf anonymously without even the provider being able to monitor the sites visited.
Recognizing Phishing Attacks
Although all major browsers now incorporate features that allow you to automatically block access to potentially malicious websites, it is important to be able to recognize on your own any attempts at phishing or understand which web pages are not what they would like to make you think you are.
Even VirusTotal, by clicking on the URL tab, allows you to check the “goodness” of any web page.
If you have any doubts about the identity of a website or the content on it, you can refer to the URL card of VirusTotal or the urlQuery service that we presented a while ago: Check if a site is infected with urlQuery.
Send Personal Data Only on HTTPS Sites
When registering a new account it is always good to check that the site to which you are connected uses the HTTPS protocol and a valid digital certificate.
In this regard, the latest versions of Firefox and Chrome explicitly indicate which websites are considered to be safe: Safe site on Chrome and Firefox, what it means.
The extension HTTPS Everywhere, if installed inside the browser, allows you to automatically activate – where available – the HTTPS version of the websites. Below are the versions for the various browsers:
- HTTPS Everywhere for Chrome;
- HTTPS Everywhere for Firefox;
- HTTPS Everywhere for Opera.
Secure Information Saved on Your PC With BitLocker or VeraCrypt
As a rule, all data stored on your Windows PC can be read by anyone, for example, who disconnects the hard disk or SSD drive and connects it to another machine.
VeraCrypt free software allows you to encrypt all the contents of your storage drives, including the one where Windows is installed: how the application works is explained in our article How to protect the contents of your hard drive with VeraCrypt and Bitlocker.
VeraCrypt also offers the ability to create “encrypted containers” in which to store important information and data that should never fall into the hands of others (see How to protect password files in Windows under Creating a container with VeraCrypt).
Except for Starter and Home versions of Windows, you can use Microsoft BitLocker software as an alternative to VeraCrypt in the other versions.
To enable hard disk content encryption, simply type in BitLocker Management in the Windows search box and then click Enable BitLocker and follow the instructions.
Checking the Security of Your Accounts
The steps to be taken are those we have suggested in the article Protecting web accounts and improving their security.
In particular, two-factor authentication prevents unauthorized access to your account.
Using a U2F key allows you to automatically unlock access to your accounts only by connecting this tool to your PC.
We talked about it in the article Accessing Google, Gmail and Dropbox without typing in a password.
An extension such as Password Alert for Chrome immediately displays an alert if the user mistakenly enters the password to access the Google/GMail account on unofficial websites.
Managing Passwords Securely on PCs and Mobile Devices
Nowadays it is essential to remember dozens and dozens of access credentials to use multiple websites and online services.
Make sure you Have Configured the “Find my device” Feature of Android
Following the instructions in the article Android device management: you renew the app to find your devices make sure you have configured your smartphone in such a way that its location can be detected remotely, that the device can be locked and that the content of the device can be reset remotely.
As an app for instant messaging and absolutely secure voice calls, the “main app” is Signal, available for both Android and iOS.