While the power and utility of the Internet can hardly be questioned these days, it has become extremely clear that the use of online services and the web has significant privacy ramifications.
From mass data harvesting performed by companies like Cambridge Analytica via Facebook to hackers phishing for your bank account info, there are several reasons to be concerned about your online privacy and security.
That’s why we’ve decided to answer some of your most common questions, explain a few key aspects of online privacy and offer some tips on how to protect your privacy when you're using the Internet.
Is my Online Behaviour Being Tracked?
Have you ever searched for a product, like a new pair of shoes or a lamp, and for days that item seems to be following you around everywhere you go on the web?
Advertisers and related organizations have become very good at being able to guess your preferences and determine your browsing history.
Because so many online companies like Facebook, Google and just about every news website make a majority of their money through advertising, they want as much information as they can get to specifically target ads at people. One of the ways this is done is with tracking cookies.
What is a Cookie?
When we're not talking about the sweet treat, a cookie is a small file that is stored by your web browser that keeps track of information so that online companies can use this data later.
Cookies can be set to expire after a short time (or when your browser is closed) or they can last for years, depending on how the website's creator set them up.
Most of the time cookies are innocuous and useful, storing things like your login information or settings so that you don't have to log in again or change your preferences every time you visit a website.
Often advertisers will create a cookie that stores an ID when you visit one website, so other websites that use the same ad network (like the one owned by Google) can easily determine your identity and use your browsing history to build a profile of you.
These profiles often list information such as what websites you visit, when you visit them and what products you’ve shown interest in.
How Do I Clear Cookies?
From time to time, it’s a good idea to clear cookies and your browser's cache.
This is particularly true if you’re finding that a website is not working as it should or if old data seems to be showing up when you go to log in or change something.
The following links provide instructions on how to clear cookies from various browsers, so you can click the link that pertains to the browser you’re using.
How Can I Avoid Being Tracked?
Unfortunately, tracking is just part of life on the web, but there are some steps you can take to reduce the degree to which you are tracked.
1. Use Private Browsing Mode
If you’re searching for something particularly private or sensitive, like information on a medical condition or shopping for a surprise gift, consider using your browser's Private browsing mode.
In Google Chrome this is called "Incognito Mode," while Microsoft Edge and Internet Explorer call this "InPrivate Mode."
When you use this mode in a browser, all traces of your session will be permanently erased once you close the window, including your browser history, cookies, searches and temporary files. This means that even a sophisticated user looking through your computer shouldn't be able to tell what you were looking at.
Using Private mode will also work as if you are no longer logged into any accounts which also helps make it more difficult for advertisers and the like to track your browsing.
2. Enable ‘Do Not Track’ Settings
Many browsers, including Safari on iOS devices (such as iPhone) and Chrome on Google devices support a feature that requests that advertisers not track you.
This can be helpful, however it is essentially an honour system, so there are no guarantees that a malicious organization will respect your settings.
For instructions on how to enable “Do Not Track,” follow the instructions pertaining to your browser:
3. Be Vigilant About Your Private Info
Be very careful about what websites and services you log into and only use your real information when necessary.
Avoid staying logged into services like Facebook or anything provided by Google for prolonged periods of time, as these organizations have ties with many websites that track you.
Can Others View My Webcam Without Me Knowing?
Most computers and mobile devices today have cameras in them to allow for things like video chatting with family and friends. This is handy at times, although having cameras everywhere does pose a risk to privacy.
Typically, when a camera is in use on a laptop, a light turns on to indicate that the camera is in use, so you can see that it is active. On some computers, researchers have demonstrated that it was possible to activate the webcam without the light turning on.
There is software available to malicious people known as "RAT" tools, which stands for Remote Access Trojan, that can give other people access to your computer, possibly including the ability to view your webcam.
While the risk of you installing malicious remote access software by accident is low, you might be concerned about the risk that it is indeed possible for your webcam to be operating without your knowledge; there have been high profile incidents where something like this has happened in the past.
To minimize the risk of your camera being viewed without your knowledge, you can take the following precautions:
- Ensure your operating system (e.g. Windows, macOS, iOS or Android) is up to date.
- On PCs and Macs, periodically run an antivirus or malware detection tool. MalwareBytes is quite effective and freely available for manually scanning your computer.
- If you don't use your webcam very often and you are concerned about being spied on, you can physically cover your webcam. For instance, it’s easy to make an elegant little cover for it by using a hole punch on a piece of black electrical tape. The hole punch will create a perfectly round, circle of tape that is big enough to obscure the view of most webcams. Keep your camera covered when not in use.
How Do I Avoid Falling for Phishing Scams?
Online security is a broad and complex topic, but there are simple things you can do that will significantly reduce your chances of having your accounts broken into and your data compromised.
First of all, be very careful about clicking any links from an email. Often hackers or crooked companies will send fake emails that appear to be from your bank, PayPal, eBay or another website you use that claims there is some issue that requires your attention.
This technique of attempting to steal people’s passwords is called "phishing." Upon close examination of such an email, you may notice that the email address it was sent from doesn’t look legitimate, there is poor spelling and grammar in the body of the message or there is a request for personal information.
Never click a link in such an email! Real emails from your bank would not ask you to do this; they would instruct you to log in by visiting the website yourself and logging in.
If you were to click a link in a phishing email, you would likely see a page that looks very similar to the page the email said it was sending you to, for instance, your bank. But inspection of the web address would show that it is a completely unrelated website—likely a website that was hacked and used to host a fake version of the site. This is intended to capture your password so that criminals can break into your account.
Be vigilant about this type of email. If something feels off about an email, it probably is. Check the sender’s email address and keep on the lookout for other red flags.
See below an example of a phishing email. Clicking the blue button would have taken you to a fake website used to harvest your personal data and PayPal login information.
How Do I Ensure My Passwords Are Effective?
Passwords are one of the first lines of defense in the ongoing battle to protect your privacy and personal data online. There are a few things you can do to help ensure they do their job:
1. Use Strong, Unique Passwords
One of the most powerful things you can do to shore up your online security is using strong, unique passwords.
Passwords like "123456" or "password" (both of which frequently show up on a lists of most commonly used passwords) can be cracked in seconds, resulting in your account being accessed by criminals.
Long, random passwords are best—something like "oM8tK9a#JPCMDhCrGA" would be excellent.
2. Never Re-Use the Same Password
While it may be tempting, you should never re-use the same password on multiple websites. In an era when we are all required to have dozens or even hundreds of online accounts for various purposes, this can sound daunting, but there are tools to help you manage passwords.
It is not a wise idea to use the same password, because websites are breached all the time and when this happens, your password will likely end up in a dictionary of passwords that crackers use to break into sites.
So, if you created an account for your favorite online clothing store or some woodworking web forum you visited once, and hackers access the database containing all the passwords for one of those sites, it won't be long before those passwords are used to attempt to access your Google or Amazon accounts.
3. Use a Password Manager
Because it would be impossible to remember hundreds of long, complex passwords, it is highly recommended that you use a password manager to help with this.
One option is your web browser. Browsers like Chrome, Firefox and Safari may have a feature built in to remember and automatically fill in passwords and allow you to retrieve your passwords later when needed.
Better yet, dedicated password managers like 1Password, LastPass or Dashlane have browser extensions for all browsers that can automatically fill in existing passwords and help you generate strong passwords for new websites.
These services also have convenient mobile apps so you can also access all your passwords from your phone. Some of these services will even help you automatically reset passwords after a website you use has had a security breach so you can secure your account before hackers get into it.
4. Enable Two-Factor Authentication (2FA), When Available
Many important online services such as those provided by Google, Apple, Microsoft and Facebook offer a feature call two-factor authentication (2FA) that sometimes requires you to enter a second, temporary code in addition to your password when logging in from a new, untrusted computer or device.
This means that even if someone else knows your password, they will be unable to log in unless they also have the means to get these temporary passwords.
This may involve sending a code in a text message to your mobile phone, but it can also be done with an app like Google Authenticator or Authy which generates temporary codes that you can use to log in with in addition to your password. The latter method of using an app is preferred, as it is possible for hackers to get access to your phone number and SMS messages even if they don’t physically have your phone!
If services you use have the option to enable two-factor authentication, it’s best to enable it. Activating 2FA improves the security of those services for you and it’s recommended that you do so. Learn how to enable two factor authentication for some major online services at the following:
- Google Account (Including Gmail)
- Apple ID
- Microsoft Account (Including Outlook.com and Hotmail)
This article only scratches the surface of the many online privacy concerns that are relevant to using Internet services, but this should give you a basic understanding of some of the more pressing concerns.
The Edmonton Public Library is committed to the confidentiality of customer use of its facilities, services, collections and website. Read up on digital privacy at EPL, including information about cookies, access to records and more.