New Year's resolutions are notoriously difficult to maintain. Whether you're planning to eat better, quit smoking, exercise more or call your mother more frequently, it's easy enough at the start, but very few people maintain their resolutions past the 1st of February.
So we've put together this list of easy resolutions for you. Most require a little bit of work at the start but you'll still have all your New Year's momentum for that, and they'll help to protect your Digital Rights for years to come with barely any effort required past 1st February.
And, of course, there's no better time to sort out your online presence than the summer holidays...
1. Install a Password Manager
Most people know they should create strong and unique passwords for every system they use. In practice, this is of course all but impossible for most humans without assistance, which is why Password Managers (Password safes) were invented.
Installing a Password Manager is one of the most important steps you can take to protect your identity, finances and privacy. Password Managers make it simple to use strong and unique passwords for all your systems, and can be synched across multiple devices.
They're not totally infallible though - you'll have to remember the master password of course (make sure it's a strong one!), and if someone manages to get in to your Password Manager, they'll have full access to everything. So it's critical that you also maintain proper protection from malware, viruses, keyloggers etc, and avoid basic security mistakes like writing your master password on a Post-It note stuck on your monitor (this practice is sadly far too common)!
There is a wide range of password managers available. Here are some recent reviews to help you choose the right one for your needs:
- PC magazine's review of nine of the most popular free password managers
- PC magazine's review of ten of the most popular non-free password managers
- LifeHacker's review of the five best password managers
Enable Two-Factor Authentication
Where available, you should also use 'Two-Factor Authentication', which usually involves entering a time-sensitive code generated by an app or sent via SMS, in addition to your password. Again, this is not infallible - if someone gets access to your phone, for example, this probably won't stop them accessing your accounts - but it is an extra layer of security. Check the settings, help or support sections of your various systems to see if they offer two-factor authentication. If they don't, you may want to contact the vendor to ask them when they will.
2. Protect your web surfing
You should of course never provide personal information, particularly including payment details, over an unencrypted link. You can tell whether your connection to a website is encrypted by looking at the URL - if it starts with just http then it's not encrypted. If it starts with https, then it is encrypted (the 's' of course stands for 'secure').
Using an https connection means that the data sent and received between your browser and the webserver is encrypted and your data is therefore protected should anyone intercept it while it's making the journey between them. Many of the most popular platforms now force https by default (including Facebook, Twitter and Gmail) and its use is becoming increasingly common across the web (you'll note that this website also forces an https connection).
The simplest way to ensure that you're using a secure connection wherever one is available is to install HTTPS Everywhere. This browser add-on was developed by our friends at the Electronic Frontier Foundation (EFF) in the US and is currently available for the Chrome, Firefox and Opera browsers.
As you travel around the web, there are many systems that are trying to track your movements. You may have noticed that you'll sometimes be served advertisements that are directly related to searches or browsing you've recently done on other websites. This of course is no coincidence.
There are many browser add-ons you can install that enhance your privacy by preventing most or all of this tracking activity, including:
- Privacy Badger - developed by our friends at EFF
- AdBlock Plus
- uBlock Origin
3. Encrypt your communications
Mobile phone-based communications, particularly text (SMS) messages, are inherently insecure. There are however a number of services that provide encryption for text messages and voice calls, most of which are very simple to install and configure.
Email is also inherently insecure and while it's a bit more work, it is relatively easy to implement encryption, depending on the email client you use.
Note: for all of these tools, the communication will only be encrypted end-to-end (ie from sender to receiver) if both sender and receiver have the relevant tool installed. So, once you're setup, make sure you encourage your contacts to do the same.
Signal is an increasingly popular messaging service that provides end-to-end encryption. It is endorsed by Edward Snowden and Bruce Schneier (one of the world's most respected security technologists) and is very easy to setup. It uses phone numbers for addressing, but uses your device's data connection, rather than its phone connection, to send and receive.
WhatsApp is another popular messaging service, which uses the same encryption technology as Signal.
It has however been the subject of ongoing controversy, primarily about whether or not it is possible to match WhatsApp and Facebook accounts (WhatsApp was acquired by Facebook in 2014).
OTR is a protocol that provides end-to-end encryption for multiple messaging platforms, including Google Hangouts, Yahoo! Messenger, Facebook Chat, Windows Live Messenger and ICQ.
- How to install and use OTR for Windows
- How to install and use OTR for Mac
- How to install and use OTR for Linux
Encryption for email
Encrypting email has been for a long time a relatively complex process that has prevented its widespread adoption, however there are now much more user-friendly options available.
ProtonMail - is a new email service that provides end-to-end encryption through web, Android and iOS clients. It is based in Switzerland, which has strict privacy laws. For more information, visit the ProtonMail website.
StartMail - is another new email service providing end-to-end encryption, from the people that run StartPage, which claims to be 'the world's most private search engine'. It's based in the Netherlands, which also has strict privacy laws. For more information, visit the StartMail website.
Tutanota - is a German-based provider that takes a different approach to most others and is able to provide encryption for subject lines and attachments as well as email content. For more information, visit the Tutanota website.
Gmail - although Google announced in 2014 that it was working on an extension for their Chrome browser that would provide easy end-to-end encryption for Gmail, they have not as yet released a production version. There are however a number of third-party Chrome browser extensions that claim to provide end-to-end encryption for Gmail.
PGP - our friends at EFF have published guides for implementing encrypted email using the PGP (Pretty Good Privacy) standard and the Mozilla Thunderbird email client. This is what EFA uses for encrypted email (details on how to contact us are here):
- How to install and use PGP on Windows
- How to install and use PGP on Mac
- How to install and use PGP on Linux
4. Upgrade your social media privacy
There are a number of simple steps you can take to ensure you have greater control over how easy you are to find, and who gets to see your content on social media.
Obviously, you should first check your privacy settings. Facebook and Google, among others, have greatly simplified the process of managing your privacy settings on their platforms over the last few years, so you should start the new year with a thorough review.
- See Google's Safety Center
- See Facebook's Privacy Settings Help page
- See our recent post on how to download your content from Facebook and Twitter
Control how easy you are to identify
Just as using a unique password for every system gives you an extra level of protection, so does using a unique email address for each social media site. Doing this will create a disconnect between your various social media profiles and make it at least one step harder for people you don't want to find you to do so.
It's simple to do in Gmail - ie you can use [email protected] for Facebook and [email protected] for Twitter - but your best option is to register your own domain name and create a separate alias for each platform.
You can get your own domain name for $10 a year or less, and a good email service will cost you at least a few dollars a month. Over a year, it will be equivalent to the cost of having a Post Office box - roughly $10 a month and worth every cent. For specific advice on this (there are literally thousands of providers) please email socialmedia[AT]efa.org.au and we'll happily give you some good options to consider.
A couple of must-dos are:
- don't publish your full date of birth - this is key information used by all sorts of organisations to authenticate your identity. Facebook will let you suppress either your full date of birth (in which case you won't get any love on your birthday except from people that independently know your birthday) or just the year (in which case you will still get all that love). If you choose the latter option, it won't be hard to work out your DoB, but there's no reason to make it easy.
- use a nickname or pseudonym - this will make you just that much harder to find on social media. Note that Facebook has a 'real names' policy, so you'll need to consider this carefully, but they will accept nicknames, maiden names etc.
5. Get involved with groups that work to protect your rights
There are many ways to do this, such as:
- Joining an organisation like EFA
- Making a donation
- Signing our petition to protect encryption
- See EFF's excellent Surveillance Self-Defense site (from which much of the information in this article is sourced)
- Journalists should also see the Privacy for Journalists site