Behaviour

Your behaviour is crucial when it comes to online security including privacy and integrity. Very often humans are the weakest link.

The very basics

Your behaviour includes but is not limited to

  • that you never click on links in e-mails unless you are sure what you are doing
    • in case you get an e-mail from a sender that you normally receive e-mails from, consider if you should log in to their site to read the message instead of clicking on a link in an e-mail!
  • Never ever use a password on more than one site and use long enough passwords consisting of random upper and lower characters, number and special characters
    • consider using a password manager that doesn’t store your passwords in the cloud – KeePassXC is my recommendation!
    • long enough passwords are these days probably at least 30 characters long, but why not use 128 characters?
  • use a well-known firewall software!
    • even if you at home or at office have a router with a built-in firewall you need a firewall if you use your computer on public networks!
  • use a well-known antivirus software!

Surfing

When I surf I always try to use SSL/TLS encryption (https). This way it’s more difficult for a man in the middle to see the content being transferred from the website to my browser.

Public networks

When online I more or less always use a VPN service from Mullvad. VPN is a short for virtual private network and this way I can use insecure WiFi networks at cafés etc as all the traffic to and from my computer is secured in in an encrypted tunnel.

Using a VPN is no protection by itself but gives two nice advantages

  1. your public IP address is your VPN provider’s meaning a site you visit can’t figure out if your true location in Paris, London or New York
  2. you can in many cases decide were you want to pop out meaning you can use streaming services in your country that normally is available in other countries only

Don’t click on links in e-mails

If something sounds too good to be true then it’s probably not true. Think twice before you click on links in e-mails. Even if you get an e-mail that looks like legitimate, hoover with your mouse over the link and check the link.

Why not take this a step further? Instead of clicking on the link in the e-mail, log in to the website and check the message there.

Don’t use Google all the time!

On the behavioural aspect I always recommend people not to use Google all the time. Use DuckDuckGo or a public instance of SearX search engines.

Could Wikipedia answer your question or is OpenStreetMap an alternative to find the way from A to B?

Just don’t use the same search engine all the time! Be creative not to lay all your eggs in the same basket!

Two computers?

Some people say that you have to use two computers to be totally anonymous. One of them you use normal normal surfing, like visiting your bank’s website or checking you social media accounts. The other you use when you visit your super-secret mail account etc. This is probably true, but I haven’t thought so much about being totally anonymous.

If you want to be totally anonymous I hear that Cubes OS or Tails are the operating systems to use.

With one computer

Many of us are happy to have just one computer.

If you now imagine that you have a totally incognito e-mail account. The first thing you do when you start your computer is to start your e-mail client.

The next things you always do when you start your computer is to login to Facebook to check what your friends are doing.

If you always follow this pattern, how difficult do you think it is to figure out how is the owner of you super secret e-mail account?

Do you agree that your behaviour is as important as the technical setup in your computer?