Protecting your Data/Personal Security Online

[AssignedPuuurfectAtBirth]

In light of the data breach, I thought it might be a good idea to discuss 'Best Practice' for protecting yourself online.

This is what I do to protect my data:

• I have a cookie/ad/tracker blocker on my browser. I use ghostery, on ALL my devices, with Firefox
• DuckDuckGo is a browser that doesn't track you
• I have one main account for banking, financials etc, for which I have a VERY long, random password, recorded not on my computer. I have it hidden and written down, and even them it's in my own personal code.
• For SOME other online accounts, such as John Lewis, M&S which I don't use very often, I log the account with my main email address but ask for a new password every time and use some random letters for single use only. So I change my pasword every time I use these accounts.
• For other accounts with financial tranactions I use more frequently, such as Amazon or Google, I have a random, long pasword, again recorded in my code and hidden.

-You can use a password tracker application, but I prefer my method.

-Never use the same password on more than one site if there your financial or personal data is saved on it.
-Never log into an application or website using your Facebook, Google, Yahoo or any other accounts.
-For applications from which a)you will never receive a delivery from and b)Do not have your financial date, such as, for example, Mumsnet, Twitter or Fitbit - USE A FALSE NAME AND POSTCODE.
-Don't give your phone number unless you absolutely have to.

-Question every single field of data you are being asked to give and if there is no benefit to you to give it, don't give it.
-Obviously check your setting on FB (I use FB only for non personal reasons, so it's not in my name)

-Beware of loyalty cards and schemes. You are the product and the companies swap and sell your information. They build it up into a big data warehouse, combine it with financial, consumer, demographic, etc data to build up a terrifying picture of your,life. Then some fuck from 4 Chan will hack it and sell it on the Dark Web

To check if any of your email addresses have been compromised, have a look on
haveibeenpwned.com/

There will be more...

Any experts out there on VPNs, I would be grateful for advice. I have used a couple but would like a more permanent solution. Particulary interested in critique of Opera

Any tips people?

Stupid question (maybe) it won't have the same impact if you haven't always done this, will it? Can you "undo" where you've been shit with personal security? I.E going back through all your accounts and changing everything, or is it pointless once they already have your data?

Use a password manager. For everything. You cannot possibly maintain separate passwords for each site (which you should) by hand or by thought.

This is current NSCS/GCHQ policy for everything which doesn't sit in scary protectively marked environments. The debate is over, and people (and websites) which attempt to discourage you from using password managers are living in the past.

www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

I use LastPass; there are concerns about their governance, but at the moment it looks alright. Apple users can use the built-in stuff, which is OK. Others are available.

Use a VPN if you are concerned that either (a) your local network may be compromised or (b) your IP number will reveal your location. The Opera built-in one looks OK, but there are plenty of alternatives. I use Privatetunnel.net. Warning: using a VPN requires that you somewhat trust the people providing your VPN.

Run the latest bits. Never, ever get into the "I cannot update my software because reasons". Run the latest bits.

Don't install random shit. Don't root your Android phone. Don't jailbreak your iPhone.

Don't run as administrator on Windows machines.

going back through all your accounts and changing everything

About seven years ago, I went through every account I had, several hundred of them, and changed the passwords to those generated by Lastpass. It took about three days of distraction activity. Occasionally, even today, I turn up accounts I created before them which I didn't have records of, which I need to change.

Forgot to say that for twitter, mumsnet an dother non financial websites, I use a many different email addresses.

I have a 'system' for passwords/numbers (not telling you, but pick something random, not a word and play with it). On these email addresses, do not use your own name, address, postcode. You may be forced to use phone number. Ask yourself if you really need the service that much to justify giving away your phone number.

-Some sites, like Pinterest, ask that you log in using FB. Either start a false FB page (Do it in an incognito window if you already have a FB account). Again, ask yourself, how much do you need the account?

Some of the companies that ask for FB passwords have been hacked recently, such as My Fitness Pal. Find out if you are at risk.
Use the pwned.com link I posted earlier

When random checkout people, like Toys R Us etc ask for your postcode, SAY NO!

Ask yourself: Is it really worth a fiver off something to give out your personal details to a company you know fuck all about? And again, even the reputable companies build up a shocking amount of data on individuals, most of which is not necessary for your interests

Check your 'online footprint' and try to reduce it. Ask yourself what a stalker would find out about you in half an hour on Google

On Opera - I googled 'Opera VPN' and got a bunch of links saying that the Opera iOS app which provides free VPN connections is being discontinued at the end of this month. I'm sure it would be possible to pay for the facility, though.

On Opera - I googled 'Opera VPN' and got a bunch of links saying that the Opera iOS app which provides free VPN connections is being discontinued at the end of this month

Which isn't the same thing as the VPN built into the browser for desktop/laptop machines. I should have been clearer.

KeneftYakimoski

"using a VPN requires that you somewhat trust the people providing your VPN."

Yes, this has been my concern. I am probably going to use a paid service, rather than free for this reason. Any recommendations?

Scarlet
It's only the app which is no longer free. The Opera browser VPN will still be available. There are other free VPN apps, but I don't know anything about them, so if anyone has any information about an alternative I'd be interested.

x-post with Keneft.

But I'm grateful to both of you

Thanks for all this tips. Ive realised i know nothing about internet safety. Quite scared now actually. Especially as just put my gmail address which is my nsme into the link assigned suggested and it says Iv been pwnd. Any advice on what to do please?

My real name

Oh, and never, ever ever do Online surveys on Social media. The data from these can be used to profile you for all manner of services, including financial and credit scoring.

Actually, the algorithms on FB do this too, so if you don't want to be profiled and have it used against, get off FB. It's evil

I am probably going to use a paid service, rather than free for this reason. Any recommendations?

I use privatetunnel.net. But of course, they have my real name and my credit card details, which means that if they did go to the dark side, they have a direct link back to me, which the free ones don't.

The basic problem with all this stuff is that risk assessment is hard, and determining your own risk appetite is hard. It gets boiled down to simple statements which don't apply to everyone, and then some people get emotionally invested in the rightness of those positions in the face of being told it's more complex than that.

Thank you! Coming back later with a strong coffee to engage my brain before attempting to read it.

What this means is that some site has been hacked where your email address has been registered. Most reputable firms encrypt the passwords, so they most likely don't have it in plain text, but if they are obvious they can be broken easily. All password can be broken with enough computing time, the trick is to make your take a shitload of computing time to break. Make it difficult for the fuckers

www.telegraph.co.uk/technology/internet-security/10303159/Most-common-and-hackable-passwords-on-the-internet.html

Change your password now, using random characters, upper and lower cases, numbers and characters. It's better if it's not a word, but it could be the first letters from a phrase you know, interspered with numbers etc.

Either write it down and hide it. Have a backup account if is your main account, in case you lose the account or enable the 2 step authentication

Or use a Password manager. But change it now anyway, then look into the password manager

Thanks to @KeneftYakimoski for the tip re proton mail, just spent 30 mins changing various social media mail accounts over to an "anonymous" account rather than my old ego boosting eponymous one.

the tip re proton mail

I was reminded of it by someone on the other thread yesterday, whom I can't now find. Thanks

yes I'm going to do it later today. Thanks from me too

I'd recommend PIA VPN - I've been using it for about six months. I'm not technically-minded at all but found it very easy to set up and use. It's also reasonably priced, although I think I got my subscription when it was on special offer.

Thanks assigned
Much appreciated

I've been using Opera VPN for a year or two. I did some research then and there didn't seem to be any security issues, and I've had no problems since.

As KeneftYakimoski said, one advantage of the free VPNs (apart from being free) is that you don't have to give them loads of data like credit card and real name etc.

I use ExpressVPN because (apparently) they record as little information as possible about you. It is a paid service.

www.expressvpn.com/what-is-vpn/policy-towards-logs