When I open my Google Chrome browser, I know there are certain risks involved when I enter “Battlefield Internet”. But like a lot of people out there, I have a busy job and when I get home I’m tired and I don’t want to bother about things that don’t immediately impact my general life. This type of unawareness is exactly what web specialized companies (legal) and cyber criminals (illegal) take advantage of with only one goal: financial benefits.
I hope this post will bring a little bit of awareness to everyone about the dangers but also to annoying things (for instance unwanted ads) you might run into on the internet.
Snooping on online activity
When you browse the internet, you build up a browsing history. By going through your browse history you can identify a certain path. A lot of people don’t realize that this path can help other people to analyze a behavioral pattern because your path is in most cases formed subconsciously. This is called “snooping” or more dramatically put: “spying” because you don’t realize someone is “following” your trail.
This tracking is done by sensors that keep track of your browsing history and monitor all your web searches. Most of the time this is done legally by, for instance, marketing companies. You agree with that by accepting terms and conditions that you run into. Examples are terms and conditions on Google, Facebook/Instagram and LinkedIn. The sensors can give them (but also companies they sell this information to) a good view of your desires and interests. This helps e-marketeers to show you advertisements according to your preferences and interests.
A practical real-life case as an example
Tracking is not limited to the internet only. I learned that the hard way a month ago. To get a better grasp on terms and conditions, I went through the terms and conditions of our SmartTV. The first “odd” term made sense to me. It gave the TV manufacturer permission to actively monitor what we were watching on our SmartTV. But another line was not as straightforward and in my opinion a really grey area. It gave the TV producer the permission that all the personal pictures that we presented on the TV (for instance by downloading them from the cloud or by putting a USB in the TV) were recorded and could be used for marketing purposes. My wife went ballistic and said to me that we didn’t agree on that. But after reading the terms and conditions we actually agreed with this: by turning the TV on we gave confirmation and that was literally in the terms and conditions. However, there was an “escape”. By opting out, data was not provided to the TV manufacturer. It was not the easiest way to do but in the end, we managed. The lesson I learned from this was to make sure to also read the terms and conditions for any electronic/smart device (yes, even the kid camera of my little daughter) and to check for “opt-ins” that are automatically set. Other examples would be thermostats, automatic lighting, smart kitchen hardware and other popular Internet of Things devices. I don’t own all of them myself and knowing this now makes me think twice before buying a piece of advanced technology for my house. Personally, I think it’s not protected enough as of yet.
Browser cache
As you saw in my real-life example, information can be acquired for legal purposes. But it can also be exploited on the internet by cybercriminals. They can follow your tracks, violating your online privacy and making you publicly accessible in order to earn money. This can endanger your online life, leading to blackmailing, someone impersonating you or somebody impersonating someone you know (and trust).
There are ways to prevent people from “snooping” in your browsing history. Clearing your browser cache is a good start to wipe out potentially damaging information. Your browser cache is the location on your computer where you store your temporary internet files. This is done automatically. Cybercriminals can misuse your browser cache, especially when you executed confidential activities like doing your online banking. Clearing your cache can be done manually or automatically. I also advise you to use full incognito mode when browsing. This way you browse completely private because no harvestable data is stored. Do this especially if you work on a public device or use a public network: free WiFi (see also my previous post on this subject). You don’t want someone after you using a computer that registered your data. Worst case you might even forget to log out of your (for instance) Google account. You also don’t want someone grabbing your information when on a public network so be really careful.
Cookies
In addition to your browsing history, there are also cookies: files that are stored locally and can identify users/link users with websites. Cookies can be compared with browsing history: they can identify your browsing history and based on that make a profile of you, hence making you a target for e-marketeers and cybercriminals. Cookies make your life easy. They keep you logged in when you leave a site and when you come back afterward and they can easily rebuild your shopping basket if you accidentally close your webpage. But as we have seen now, by making things “easy” for yourself, you also make things easy for people that want to abuse your “easy” life on the internet for their own financial gains. There are three types of cookies:
- First-party cookies: directly created by the website you are using. These are relatively safe as long as you only visit reputable websites or websites that have not been compromised (which happens a lot nowadays: LinkedIn is a good example).
- Third-party cookies: generated by websites that are different from the website you are visiting. They are usually linked to advertisements on that page and the website is getting paid for that. You receive that cookie even if you do not click on the advertisement banner. This is super annoying but because a lot of websites get paid for it they allow this. It is also not illegal to do it.
- Zombie cookies: third-party cookies that are permanently installed on your computer, even when you opt-out of installing cookies. They also reappear when you delete them.
The best way to protect yourself against cookies is to disable cookies in your browser:
- Firefox: Tools > Tools > Options > Privacy. Uncheck “Accept third-party cookies.
- Google Chrome > Settings > Advanced Settings > Privacy > Content Settings. Check “Block third-party cookies and site data.
- Microsoft Edge > Settings > Cookies and site permissions > Manage and delete cookies and site data > Block third-party cookies.
- Safari: Safari > Preferences > Privacy. Check “Block all cookies.
Saved logging credentials
It is great that computers are getting smarter and smarter because they can increase your quality of life by eliminating bothersome tasks. For instance, remembering all kinds of passwords when you need to log into a site. Saved passwords are absolutely a no-go for me. The benefits don’t outweigh the risks (getting hacked and someone obtaining all your passwords) in my opinion. You are making the life of a cybercriminal way too easy by using this functionality. Some sites use two-factor authentication such as texting access codes to your mobile phone or by generating a random number on an app (for instance Google authenticator or Windows authenticator). Two-factor authentication is getting more and more common but most of the time you have to “opt-in” instead of “opt-out”. I know Google is working on making it mandatory but even logging into your Google account right now leaves out the option of two-factor authentication. You have to set this up yourself and for many people, it is not as easy as you think. Setting it up takes time and a lot of people just don’t want to have all the hassle of setting this up. The same applies to two-factor authentication on your Microsoft/Hotmail account.
Saved credentials that are linked to your e-mail account or your online shopping account work like chum into a shark tank. Attackers can easily get into your e-mail account then after which they reset your password on almost any website you access. After that, it’s peanuts for them to do all kinds of (financial) damage until you find a way to get them out.
My advice is to never ever save any credentials in your browser. It might save you some time but like said before, I think the risk is too high. A lot of people think that it will not happen to them but you never know. It’s like the inverse of winning the jackpot: you can be a random target for any cybercriminal that tries to have an easy stream of revenue by scanning for ignorant people that are “low-hanging fruit” to them. If you make it too time-consuming for them, you are not “low-hanging fruit” anymore and they will skip you. Not to put some extra salt in your wounds but my next advice is to never ever write down any password. It can be hard to remember all the passwords but there are password managers that do the job for you. Personally, I like KeePass. It’s a free password manager (open source) with a bit of a learning curve. But after this learning curve, I am quite sure that you will like it.
Final thoughts
I hope you got a better understanding of the possible threats you run into when browsing the internet and the basic protections you can apply to reduce these threats. I know that these are just the basics and that there are far more risks and ways of protecting yourself. That is also the reason why I want to continue posting about the risks you run by surfing on the internet and on free networks (WiFi). By writing these posts it makes me aware that there are serious threats out there that I used to ignore. On a positive note, there are also remedies to make it harder for people to abuse this ignorance. I hope this will help other people as well.
Feel free to ask me any questions or give me additional advice by contacting me and if you want to keep in the loop when I upload a new post, don’t forget to subscribe to receive a notification by e-mail.
