Every time I sign up to a website or app I know I’m gambling with my personal security. Being spammed by a company’s mailing list has gone from my biggest sign-up stress to the least of my worries. Questions hammer my nerves with every piece of information I hand over. Are the company’s databases secure or are intruders lurking in the wires? Will it tell me who it is selling my information to? Will its product infect my computer or phone with malware? I can Google the company’s security record, but do I really want to? Would it be truthful anyway, or just PR?
I try to interpret signals in the sign-up process. The fractured negotiation begins with my email address and ends with the background information I know the company is recording from my phone or computer. I try to suss out which parts of the form I’m filling out I can fib about, and which could mess up my use of the product.
I’m not alone. Digital security is out of hand — just ask the holders of the 500m hacked Yahoo accounts. Nearly 5bn records have been lost or stolen in all known breaches since 2013, according to digital security specialist Gemalto.
Depending on how much I trust any given website or app (which is about how much I trust any total stranger — not at all, no matter how well-designed they seem), there are several things I do to shore up my shaky digital security. I never use my most personal email address for sign-ups — that’s what my three “dummy” accounts are for. The same goes for my phone number. I have a business mailing address, which ensures my home hasn’t been in anyone’s databases for several years.
I take things further if a situation looks especially shady. I use something called a VPN, or virtual private network, which is easy to buy and install. It essentially lets me flip a switch and send location information — my IP or internet protocol address — via another computer somewhere else in the world. I do this when I don’t want a site to know even generally where I live.
I encrypt my laptop’s hard drive, I use two-step verifications for logins whenever the feature is available, I make all my devices password-protected and I never sign in to any account on someone else’s device.
As companies and consumers wake up to the cyber threat, will they want to spend more on defending themselves?
Since hacking groups such as OurMine started combing through billions of breached records and stealing users’ passwords to see what works in other services, I have used a password manager called 1Password to find any duplicate passwords across my accounts and change them. I also keep a little sticker over the cameras on all my devices to prevent unauthorised spying. Programs that spy through webcams are cheap and fairly simple to use.
Other people’s bad security isn’t the only thing we need to look out for. Malvertising, where online ads spread viruses and worse, have been found on the biggest websites, including the New York Times and the BBC’s US site, which hosts ads. Tainted ads have been known to pass on malware, spyware and dreaded ransomware — where files are encrypted and held for ransom. The best defence against malvertising is always using an ad-blocker in your browser.
Ransomware also spreads through infected email attachments and links. For this reason, I tune my email settings so that they never do anything automatically, such as show images or download attachments. I also keep a back-up of my important files on a hard drive that is not connected to any network.
So far, so good on this side of the screen. But I might occasionally throw a little salt over my shoulder. Just in case.
Violet Blue is a personal online security expert and author of ‘The Smart Girl’s Guide to Privacy’