Home

4. Secure online browsing

BE SAFE

Get to know technology and find out how you can take steps to make your online experience a safer one. Here are some tips and ideas on how you can protect your privacy while browsing and communicating online.

4. Secure online browsing

What's the risk?
Good practices for keeping safe
Resources

What does being “secure” when you browse on the internet mean for you? Are you concerned about your privacy and about others having access to your personal information such as emails, photos, files or who you communicate with? Could confidential information that you store online be leaked? Are you an activist who needs to hide your real identity to stay safe in your own country? If someone found out about the websites that you visit or the information that you download, would you be at risk? Do you worry about getting a virus online and damaging the computer you use? Are you confused by warnings about third-party cookies and alarming “pop-up” windows?

The answer will be different for each one of us. But one thing is certain: with email, social networking, file storage, news, activism, research and entertainment all taking place on the internet, many of us spend a significant portion of our time and concentrate large amounts of information in online spaces using web browsers such as Internet Explorer, Mozilla Firefox, Google Chrome, or Safari. We may not be aware how much our online experience leaves traces on the computers we use nor how much stays registered in cyberspace – many times for all to see. And we may not realise how vulnerable to outsiders our online information can be.

But because being online connects us to our communities and loved ones, entertains and informs us, links us to activist spaces that inspire us, we should know the dangers and embrace the opportunities!

When you are looking for information over the internet and browsing websites, information about your activity is also collected and stored.

For example, your computer automatically stores temporary internet files, also known as cache, of what you have done over the internet. Domestic violence abusers have tracked how their partners used the internet through checking the cache files. In this case, they are able to know if survivors of domestic violence have tried to search for information about support services and help.

What's the risk?

1) Traces of our online activities stored in our own computers

As you surf the internet, your browser will register the sites you visited, “temporarily” download files such as images and cookies, save passwords and preferred websites. These functions are designed to make internet browsing easier for you. This information will all be stored on the computer you use and anyone using the computer can know the sites you have visited and possibly gain access to your email and other services.

Many of us mistakenly think that when we close our browsers we are logged out of our online services such as email or social networking sites. However, if “save password” or “keep session logged in” options have been activated, anyone re-opening the browser will have direct access to our personal accounts.

Women doing research on sensitive topics online or survivors looking for support may not want these traces to be easily available to others Consider a woman reading about lesbianism in a country like Uganda where homosexuality is not violently prohibited. Or someone looking for a shelter to escape her partner's abuse. Deletingthe history of sites visited and making sure no passwords are saved can be necessary to protect our physical safety as well as our privacy.

The way the internet works is wonderful, collaborative and quite transparent. The risk is in not understanding how it works, what information gets stored where, and if that information being exposed can be harmful to you or not.

2) How the internet works leaves tracks

Our activities leave a footprint that can be tracked because of the way the internet works and the way we interact with it. . For many this will not be important. But for women's human rights activists or women facing violence, knowing where you leave digital traces is vital.

The internet is made up of interconnected and interdependent networks and computers. To be able to send your emails or present a requested website in your browser, it knows and registers where your computer is located on the internet and in geographically the instant it connects. This is done tyour unique internet protocol (IP) address that is assigned to your computer by your internet service provider (ISP). Generally, this is information that can be seen by anyone.

Our wireless connection, IP address and browser information may be used by some websites to present specific types of information to us. Many determine which language to display in their websites based on this information, or target advertisements based on our estimated geographic location. For example, have you ever wondered why adverts on Facebook and Gmail relates to where you live and what your interests are? This can be disconcerting but may be the result of an automated process, or a cookie.

3) Cookies

Many people mistakenly believe that cookies are some form of virus, especially if browsers alert us when there is a “third-party cookie” request. Cookies are not programmes and therefore cannot contain a virus. They are simply text files that your browser stores upon request of the websites you visit. They typically contain information such as a number that is assigned to you as a way of identification.

A third-party cookie means that a website other than the one you are visiting also wants your browser to store some information. This is common because websites are composed of many different elements – photos, videos, ads, that are channeled in from other websites. However, because cookies are frequently used to monitor your activities on a site – the pages you visit, the purchases you make – some feel this is an invasion of privacy and that every individual should be able to decide if they want to be tracked or not. This is why you are asked by your browser if you will “allow third party cookies” all the time.

If someone is being stalked or monitored through the use of spyware installed on her computer, it is also possible for the spyware to know her online browsing habits by accessing her cookies. Most web browsers gives you options on whether or not to allow or block cookies to each site that you visit. So if you're concerned about leaving digital traces, you can choose to exercise these options. However, some websites may not work properly without cookies enabled, such a Gmail. To better protect your privacy, it is good practice to regularly sweep away cookie-crumb trails on your computer.

4) Internet service providers

Although we may feel as if we are surfing the web anonymously, our ISP will know exactly which computer in its network was assigned which IP address at any given time, and others can generally know what geographic location we are surfing from, and what our ISP is. Our point of connection – the cybercafe or the ISP – can know a great deal about which websites we visit and our other activity on the internet. This level of access to privileged data means that they may sometimes face pressure from governments or other groups of power to reveal information. Realising that the cafe owner or ISP manager can easily invade our privacy may influence our decisions of where and how we choose to connect, and pay attention to the importance of good privacy protections in policy or law.

5) Information can be compromised while in transit on the internet

As you browse different services you will send usernames, passwords, documents, search queries, and fill in forms over the internet. Information flows in plain text over the internet. Without a secure connection that disguises or encrypts our information, this data can be “sniffed” or detected by others on the internet. There are also points of vulnerability to be particularly aware of, for example, if we connect via wireless networks (even if the network is password-protected), using our cellphones, or in a public wifi hotspot.

Also, one of the most common places to obtain a virus is surfing on the internet, frequently because we download and execute software believing it is something else, such as a game or music. Your browser can visit sites without realising that malicious code is contained in one of the page's elements, such as a flash-made video, and unwittingly be the window through which your computer is compromised.

6) The give and take of free online services

Most of us rely on free online services in much of our activities on the internet, from search engines, webmails, blogging platforms, social networking services, photo-sharing and video publishing sites to file sharing applications. Most are fully integrated into mobile phones, so we can publish, be connected and updated as long as there is a signal. Such services have allowed activists and communicators to network, collaborate, publish and amplify our voice as never before and are remarkably easy - and fun - to use.

These services are all "free". However, they do profit from our use. The profit is earned through their storage, analysis and sometimes, sale of our data. For example, search queries, keywords in email, social relationships, sites we “like” or tweet about on a personalised and massive scale. These data help them deliver targeted advertising with precision and enhance product development. Their user licenses (seldom read and perhaps hard to understand) may specify that they become the owners of our information once we upload it – and our right to delete may not be respected. Further, such services can reserve the right to block our access at any time, or may sell to another company with different policies. Information that we store on the internet, even if we only share access with a few or no one at all, can be compromised.

Privacy concerns vary in different contexts, across generations and over points of time in our lives. Relinquishing control over our data by using these services for some is unthinkable and for others it is just the way things are. For many, the services are so useful and necessary that what the service chooses to do with our data pales in comparison.

Privacy rights advocates are concerned about the erosion of our right to privacy and that such services put profit first and make your information as public as possible by default. In fact, Facebook is notorious for making changes in its privacy policy that completely upheave settings users have carefully examined to ensure their information is seen only by a few chosen and trusted friends.

7) Women's rights activists are targets for internet attack

Women´s rights defenders frequently cite losing access to their personal email, online groups, and social networking sites. In some cases this is because the provider itself blocks their access, in other cases, women suspect their accounts have been “hacked”, and still others only realise there has been a breach when their name or organisation is associated with suspicious activity online that discredits their work.

Women's rights defenders are subject to particular scrutiny as their activism in the advancement of women's human rights disrupts and runs counter to dominant norms and culture held by many. Further, violence against women in our societies is so pervasive that just having female-sounding names online can provoke abuse and harassment.

Feminist content on the internet is under constant attack, especially those that promote women's control over their own bodies. For example, users who are concerned about maintaining the sexist status quo can organise to alerti social networking sites about feminist content as being “inappropriate” content. Many sites will automatically temporarily block content if a certain number of alerts arrive.

Good practices for keeping safe

1) Understand your browser

A browser is a programme such as Google Chrome, Safari, Internet Explorer or Mozilla Firefox that you use to visit websites, including your email and social networking sites. It can save:
  • the history of sites that you visit
  • a “cache” or temporary storage site of files accumulated in the process of surfing - such as the images on sites you visit
  • information that you have entered into application and search forms
  • passwords and usernames
  • cookies - text files that the sites you visit share with your browser
  • any files you download as well as an index of those files
  • favorite or bookmarked websites

If having this information visible to others will put you or the people you care about at risk, you can erase or avoid recording data in places where this information is normally registered. Some suggestions:

  • Learn how to check privacy and security settings, and check which are activated every time you browse – at home, at work, or at cybercafes. (see below)
  • Change your browser privacy and security settings if doing so will not provoke suspicion and/or
  • Regularly delete site history, temporary files, cookies, form entries and passwords after you finish browsing.
  • Deleting such files should be your standard practice in any cybercafe.
  • You should also make sure you log out of any accounts when you are done, and not just close your browser. Note that this will affect the browsing experience of other people who use the computer – they will lose the history of their websites and saved passwords as well and this could raise suspicions in a more private computer setting such as a home or office.
  • Avoid visiting sensitive sites on computers where changing browser settings or deleting files would be noticed.

2) Private browsing

If you can only browse in an unsafe situation, activate a “private browser” session. From the point that you activate it, your page history, passwords and temporary files will not be saved. Here are steps to activate private browsing.

However, be careful not to download files or mark any pages as favorites as these will remain on your computer when you leave the private session. Be careful to log out of the private session when you are done, or you will alert the next computer user about your use of this option.

The most secure private browser session is offered by Mozilla Firefox. Although it leaves far fewer traces than other browsers in private mode, it does still leave evidence of surfing that a person familiar with computer technology could discover.

You can also use Portable Applications when you browse to improve your security and avoid leaving digital traces (see below). Please know that if you live in a situation of violence and the abuser is very familiar with computer technology, it is very difficult to remove all traces of your activity unless you are using Portable Applications on a USB flash memory drive and leave no traces to begin with.

3) Make your browser more secure

All browsers now have separate configuration settings for privacy and security. (see resources for detailed instructions per browser). Make sure your settings are configured to settings that does not allow your browser to remember or store any form or password information, or to erase history and cookies on exit. It is good practice to always check these settings before browsing – you never know when someone may have changed them.

Keep your browsers up-to-date. Browsers are constantly being improved and we should take advantage of updates as new security problems arise and are addressed on a regular basis.

Try using Mozilla Firefox instead of Internet Explorer, Google Chrome or Safari. Mozilla Firefox is a free and open source software* browser which offers a series of privacy and security add-ons to provide even more security features.

4) Encrypt your connection

Use https wherever possible to encrypt your communication with the websites you visit. This means that no one "sniffing" your connection will be able to see what information you exchange with the website - for example your username or password, credit card information, personal chats that you carry out in the browser window, search queries or email content. “Http” means hyper-text terminal protocol and is the set of rules which guides website browsing on the internet. “Https” simply means secure http. Your browsers will let you know if you have a secure connection by displaying a padlock or shading the website address field slightly. Many websites only encrypt the moment when you exchange username and passwords. However, all the other information you exchange, such as file sharing or emails is perfectly visible as it travels over the internet. This makes them vulnerable to interception, for example in wifi hot spots, by your cybercafe operator or even on your home wireless connection if someone were to gain access to your network. Many services, such as Yahoo, still refuse to encrypt even your username and password entry, although this security risk has been well known for several years. Some services automatically will encrypt your connection, but in others – such as Facebook or Twitter – you must go to your account connection settings and switch to https. Using https to surf is no longer just a good suggestion – it is a minimum requirement if you want t keep your passwords secure.

You can make sure you use https by first installing Mozilla Firefox and then installing the Https Everywhere add-on from the Electronic Frontier Foundation. You should also go to all your online services such as Gmail, Facebook, or Twitter to activate Use Https options in general configuration or in connection. Yahoo does not offer https and is insecure. Instructions on how to install Firefox and regarding several useful add-ons are in the Resources section.

Note that using https may affect the way some websites display, because sites pull information in from many sources and not all of them can be verified by certificate as secure. You can choose to continue to visit such websites and many times your browser will alert you that the site you visit or images you want to see are not secure, this means that at that point and time any information you give, such as search word queries, will not be encrypted as it travels over the web.

5) Know what you're trading in return for free services

Familiarise yourself with privacy policies and mechanisms for complaint when you subscribe to free services. Due to the work of internet privacy advocates, many companies are beginning to become more aware of the importance of online privacy, and write them in simpler terms that are accessible to their users. Find out:

  • What information will be stored
  • Who will have access to them
  • How will it be used
  • Under what conditions will they be shared, and with whom
  • How long will they be stored
  • How can you request for deletion

If the policy is not strong enough in their privacy protections, exercise your right as a user to opt for other services that has greater respect for online privacy rights. Or mobilise with others to demand for stronger privacy protection by the company. After all, the free online service is only as valuable as its number of users and the content they store in it.

Resources & tools

1. How to install Mozilla Firefox and key security add-ons

You can find out how to install Mozilla Firefox and a host of security add-ons that you can install on your browser on Tactical Tech's Security-in-a-Box resource here.

2. How to cover your browser tracks

You can find instructions on how to cover your tracks in any browser version through this helpful resource.

3. How to Clean Your Cache 

If you use Microsoft Explorer, they have written a comprehensive resource on how you can easily clean your cache.

If you use Mozilla Firefox, here is how you can remove tracks of your internet activity:

  • To clear your browsing history:
  • Go to Tools >> Options
  • Select the "Privacy Tab"
  • Go to "History" Tab
  • Select "Clear Browsing History Now"

To clear your cache:

  • Go to Tools > Options
  • Select the "Privacy Tab"
  • Go to "Cache" Tab
  • Select "Clear Cache Now"

To clear your download history:

  • Go to Tools >> Options
  • Select the "Privacy Tab"
  • Go to "Download History" Tab
  • Select "Clear Download History Now"

To configure Firefox to automatically clear cache and data every time you finish using Firefox:

  • Go to Tools >> Options
  • Select the "Privacy Tab"
  • Look for the text on the bottom of the box on "Clear Private Data".
  • Select "Settings"
  • Select which data you want Firefox to automatically clear everytime you close the programme.
  • Select "Clear Private Data when Closing Firefox"

Use Stealther for private browsing. When Stealther is turned on, the following things are disabled:

  • Browsing History (also in Address bar)
  • Cookies
  • Downloaded Files History
  • Disk Cache
  • Saved Form Information
  • Sending of Referrer Header

 4. Free speech is only as strong as your weakest link - resource from the Electronic Frontier Foundation that examines the structure of the internet and points of vulnerability to have in mind as activists.
https://www.eff.org/deeplinks/2011/11/free-speech-only-strong-weakest-link