There's no need to give up the idea of safely navigating the net just yet
Like it or not, we live in a world where our online activities are becoming popular conversation. Currently, the hot topic is how Facebook users’ personal information (including that of more than 620,000 Canadians) was improperly shared with Cambridge Analytica.
Mark Zuckerberg is calling the fiasco “a breach of trust.” For some, it might call into question trust across the internet, regardless of site.
But how do you know which sites and downloads are safe? NAIT network security analyst, Daniel Juan Toral (Bachelor of Technology in Technology Management ’16), is immersed in the world of web privacy and confidentiality practices, and has some tips for restoring that broken trust, and for protecting yourself in the online world.
To start, always use the latest version of your web browser, he says. “Every day, new vulnerabilities are found. The way to prevent hackers from exploiting them is to keep your web browser up-to-date with the latest security patches.” Some browsers will update automatically, but others may prompt you.
But that’s not all. Here are a few other things you can do.
Look for https
Websites that includes https rather than http in front of the URL are more secure. In fact, the s in the address means secure protocol.
“When we say secure we mean that it is encrypted between your computer and the server,” says Juan Toral. There’s no possibility of someone being “in between” you and the server, watching your activity.
“You can make sure the information you enter into the website is confidential,” he says.
Trusted certificates
Website certificates are like drivers’ licenses, Juan Toral says. Website owners go to a registry for a certificate, or license. When you visit a website, “they are showing you their driver’s license. If [your computer] doesn’t know that registry, it won’t trust the license they’re presenting.”
Look for a padlock icon in the address bar. If it’s green, you’re good to proceed.
Look for a padlock icon in the address bar. If it’s green, you’re good to proceed. If there are warning icons, like a broken padlock or an alert symbol, or no padlock at all, click it to find out what your computer is telling you about the site.
“I wouldn’t recommend to visit any website that your computer doesn’t trust,” says Juan Toral.
Be aware of what you share
The recent Facebook and Cambridge Analytica controversy has highlighted that users don’t always know what information is being tracked and shared for the possibility of use for targeted messaging. In that case, “likes,” identities and friend groups were tracked, in an effort to build profiles to target ads.
Many of those details could be considered somewhat superficial but some information we share can make us vulnerable.
You can never be too cautious, regardless of what site you’re on, Juan Toral says. “I wouldn’t recommend saving any password or credit card information. Once you save it, it’s not within your control.”
Stop downloading plug-ins
Many websites, like those featuring video clips, for example, will only let you watch something if you install their specific, often unheard of software, or plug-ins.
“They’re not secure. That’s really dangerous,” says Juan Toral.
“There’s no one carefully reviewing each plug-in to make sure it’s legitimate software.”
“There’s no one carefully reviewing each plug-in to make sure it’s legitimate software.” In some cases, those plug-ins can override your computer’s certificate trust procedures, so you may wind up on unsecure websites without receiving a certificate warning.
Browse but be vigilant
“We don’t have the power to decide where websites send our information,” says Juan Toral. But that doesn’t mean we have to let down our guard.
Juan Toral uses Lightbeam, an application he’s added to his browser to keep any eye on who is seeing his activity. Not every site sends information to other parties, but it happens.
Web browsers themselves can be nosy, too. Many users don’t type URLs into the address bar, using it instead as a search shortcut. Enter the name of your bank, for instance, and you’ll likely start seeing related, targeted ads. To avoid this, use the bank’s actual URL, says Juan Toral, or your browser’s incognito mode for more privacy.
Then, there are times where you just have to accept that there’s almost always a price to be paid for free content. When Juan Toral wants to visit CNN.com, Lightbeam can tell him that many third party sites know he’s chosen that site. He knows that there’s little he can do about it other than be aware (and ignore the targeted ads he gets as a result.)
“You can try to not visit some websites,” he says. “But I’ve found that hard. I want to read the news.”