What does being “safe” on the internet mean for you? Does it mean feeling confident about your skills? Are you concerned about your privacy and about others having access to your emails, photos, files or who you communicate with? Are you an activist who needs to hide your real identity to stay safe? If someone found out about the websites that you visit or the information that you download, would you be at risk?
The answer will be different for each one of us, depending on if we are everyday users, bloggers, women's rights defenders, live in a situation of violence – or all of the above. One thing is certain: with email, social networking, file storage, news, activism, research and entertainment all taking place on the internet, one of the main gateways to our online activities are web browsers.
Many of us spend a significant portion of time and concentrate large amounts of our information in online spaces using web browsers such as Internet Explorer, Mozilla Firefox, Google Chrome, or Safari. We may not be aware how much our online experience leaves traces on the computers we use nor how much stays registered in cyberspace – many times for all to see.
What are the some of the risks?
Traces of our online activities stay stored in our own computers
As you surf the internet, your browser will register the sites you visited, “temporarily” download files such as images and cookies (text files that websites we visit ask your browser to save for them until you visit again), save passwords and preferred websites. These functions are designed to make internet browsing easier for you. This information will all be stored on the computer you use and anyone using the computer can know the sites you have visited.
Saved passwords and active sessions
Many of us mistakenly think that when we close our browsers we are logged out of our online services such as email or social networking sites. However, if “save password” or “keep session logged in” options have been activated, anyone re-opening the browser will have direct access to our personal accounts.
Women doing research on sensitive topics online or survivors looking for support may not want these traces to be easily available to others Consider a woman searching for information about lesbianism in a country like Uganda where homosexuality is violently prohibited. Or someone looking for a shelter to escape her partner's abuse. Deleting the history of sites visited and making sure no passwords are saved can be necessary to protect our physical safety as well as our privacy.
Information we send over the internet can be compromised while in transit.
As you browse different services you will send usernames, passwords, documents, search queries, and fill in forms over the internet. This information is channeled throughout cyberspace in plain text, just as if it were printed out neatly on a postcard. Without a secure connection that scrambles or encrypts our information, this data can be “sniffed” or detected by others on the internet. There are certain points of particular vulnerability; for example, if we connect via wireless networks (even if the network is password-protected), using our mobile phones, or in a public wifi hotspot. Because a cybercafe manager can monitor all traffic flow coming from each computer, cybercafes can also be unsafe. "Sniffing" software is freely available on the internet and very easy to install – you don't have to know a lot about computers to be able to hack into someone's Facebook nowadays.
Women´s rights defenders frequently cite losing access to their personal email, online groups, and social networking sites. Many suspect their accounts have been “hacked”, only learning there has been a breach when their name or organisation is associated with suspicious activity online or when personal information is released publicly in an attempt to discredit them. Imagine if you are a part of a network of health practitioners that help rape victims have access to safe abortions, in a country where abortion is illegal, or a member of an LGBTQI support network. If someone gains access to your friends list in Facebook or email, your networks could be at risk of attack or arrest. Keeping such information safe is key for many people's safety.
There are many ways that access to our accounts can be compromised, as we saw when we learned about secure passwords, but one easy step we can take to help stop hacking is to activate secure connection settings.
Know the risks and empower yourself with knowledge. Take control of technology, make informed decisions, and create safer online spaces that respect our right to privacy and security. Take back the tech!
1) Choose secure browsers
- Do a search and find out what other browsers are available, and how they rate against privacy and security issues.
- Internet Explorer is one of the most popular web browsers being used, but it's also one that has a high number of security vulnerabilities.
- Try the free and open source browser Mozilla Firefox, available for download (link) in dozens of languages. Firefox is considered especially secure because of a suite of different privacy and security add-ons which extend its capabilities. Learn more about Firefox and security add ons.
- All browsers will have security issues, so whatever browser you use, it is important to keep the software up-to-date and to become familiar with it's privacy and security settings.
2) Use HTTPS
- Secure your connection by using "https" whenever possible.
- "Http” means hyper-text terminal protocol and is the set of rules which guides website browsing on the internet.
- “Https” simply means secure http.
- This means that information like account details, emails etc. sent over the internet to that site is encrypted, and no longer in plain text where anyone who is "sniffing" your connection can read it.
- Your browsers will let you know if you have a secure connection by displaying a padlock or shading the website address field slightly.
- After you've installed Mozilla Firefox, install the “Https Everywhere” add-on from the Electronic Frontier Foundation next.
- You'll see in the browser bar that where possible it applies a secure, encrypted https connection so that all of your exchange with the website is hidden.
- Go to all your usual online services like Gmail, Facebook, or Twitter, and activate “secure browsing” or “https” in general configuration or in connection configuration.
- In fact, because you have installed the Https Everywhere add-on these sites may ask you if you'd like to switch your settings to surf securely at all times. Make sure you say yes!
3) Spread the word
- Print out the “I use https. Do YOU?” sign and color it in.
- Paste it in bathrooms at local cybercafes, your school, or restaurants with wireless.
- Make up your own messages: "Practice safe cybersex – use https!"
- Change the wallpaper of computers at your library, office or cybercafe to the flyer image.
- Print out the small-version and give them out like cards to anyone you see using wifi.
4) Demand privacy
- Not every website offers https. It has additional cost and configuration implications, so a local women's rights organisation for example, may not be able to offer this. Take Back the Tech! is currently working to be able to support https on our site.
- But if the site contains large amounts of information by millions of users who use it everyday, we have a right to demand for privacy and security protection.
- Twitter, Facebook and Hotmail only offered https connection in 2010, and only if you activate it, not by default.
- Yahoo! does not offer https.
- Mobilise and petition popular sites that you use to offer https!
Keep your online spaces secure. Activate, secure, inform, demand. Use https!