Internet Explorer Categories - Safegadget.com

How to: Anonymous Browsing, Internet Privacy

SafeGadget — Sat, 01 Feb 2020 08:00:44 +0000

Last Updated: 2/20/2022

Check out our Facebook Settings How To Privacy Page

Why should I be concerned about Internet privacy?

Do you like online ads following you around from site to site?
Can you discuss your health problems online without fear of losing insurance?
Do you worry about publishing private information that could lead to stalking, surveillance, or identity theft?
Does your work place monitor your Facebook or Twitter? Could you be fired over a post?
Do you live in a country where you could be arrested or tortured based on what you post online?
Did you know that third-parties collect information the government is not allowed to collect? The government has purchased this information too.
Companies such as FinFisher are selling hacking software to countries and corporations to break into people’s computers and monitor them.
Visit the EFF’s Panopticlick site to see what you are telling the world right now, before using the tools below.
Tactical Technology Collective has tips for journalists and activists on how to increase their privacy.

60% of people polled by the WSJ.com were tremendously worried about the loss of online privacy.

The Internet appears to facilitate privacy and anonymity, but in recent years has been a battleground that pits advertisers on one side and users on the other. It has become increasingly difficult to maintain privacy on the Internet because money has gotten into the game. As online advertising has grown, companies have sprouted up, attempting to optimize Internet advertising performance by combining advertising with profiling. While individual users may not be known by name, they have become ghost profiles that are increasingly matched up with appropriate advertising. If you have found Internet ads following you from site to site, you have been profiled and are seeing the results. In this article, we will examine many methods to enhance our Internet privacy and perform operations anonymously.

One of the main goals of Internet privacy is to make that people have the ability to make informed decisions about how they act online. Users should be told ahead of time how their personal information is used and shared.

The Real Cost of Free Content

While many users assume that most content sites are free, there is a hidden price being paid, the users private information. Most online advertising companies are tracking web browsing activity across many websites in order to build profiles of users. They cross-reference and trade information to generate revenue and better target online advertising and promotions.

Hide your phone number

Once a cybercriminal gets your phone number, they can wreak all sorts of havoc including SIM Swap your phone and take over many accounts. Hide your number or at least used a VoIP number such as Google Voice. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google
- Remove your phone number from myaccount.google.com – Personal information
Microsoft
- Remove your phone number from account.live.com
Facebook
- Select Settings under the drop-down arrow at the top right. First, click on Mobile in the right-side menu, and remove your phone number
Twitter
- Click your avatar, go to Settings and Privacy, and navigate to Mobile on the right hand menu. Remove your number and use an authenticator app

Android

Turn off your advertising ID. This is attached to all you apps, search history, purchases, recent locations and much more.

Settings > Privacy > Ads > Delete Advertising ID

Older Android versions may have Opt Out of Ads Personalization

Chrome

Turn off 3rd party cookie tracking on both Chrome for computers and Chrome App

Settings > Security & Privacy > Block third-party cookies

Privacy Oriented Browser

brave is a browser from a mozilla co-founder, which is focused on privacy.

Internet Browser Cookies

In the past, users have been able to delete their Internet browsers’ cookies and thereby foiling efforts to track the user. Here are instructions for clearing the browser cache in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Below is how to set browsers to not accept third-party cookies. These cookies are typically generated by tracking and advertising companies when you visit a website. Occasionally this technique will cause a website to malfunction, particularly if it uses a third-party to handle tasks like commenting.

To optimize third-party cookie privacy settings in Firefox do the following:

Select Options… from the Tools menu
Select Privacy tab
Select Use custom settings for history
Uncheck Accept third-party cookies
Optionally select Keep until: I close Firefox – This will delete cookies after every browser session, which you may not want to happen.

To optimize third-party cookie privacy settings in Internet Explorer 9 do the following:

Select Internet Options from the Tools menu
Select Privacy tab
Check Never allow websites to request your physical location under Location
Select Advanced
Check Override automatic cookie handling
Check Block under Third-party Cookies
Press OK

CCleaner is useful Windows utility to clear out unnecessary files including temporary files, and cookie files.

Identity Finder helps you remove personally identifiable information from your computer’s files. They have a free Windows and Mac version.

While this technique is still somewhat helpful, the advertisers have gotten smarter and utilize other tracking techniques. Consult our guides to Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox for information.

IRS Tax Filing IP PIN

An IRS IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns.

In 2019, they expanded the states that support this protection.

HTML5 and Privacy

HTML5 represents the latest standard for web design that significantly increases the flexibility and interactiveness of websites. Along with these impressive new features, comes a major privacy issue. HTML5 local storage allows data to be stored in your browser. It can potentially be used to track your movements and regenerate any cookies that you delete. New methods of blocking need to be created to block this intrusive technology.

Google Chrome and Firefox clear HTML5 local storage whenever you clear your cookies. Safari clears this when you select: Preferences -> Privacy tab -> Cookies and other website data -> Remove All Website Data

You can set Firefox to warn you whenever a website is attempting to use HTML5 local storage by selecting: Options -> Advanced -> Network -> Tell me when a website attempts to store data for offline use.

Flash Cookies

Adobe Flash also generates cookies that have been used for tracking and are difficult to remove. Adobe has a special page that requires Flash, in which you can delete your Flash cookies. Also visit this Flash configuration page to prevent 3rd parties from storing Flash content on your PC. You can install a Flash blocker to prevent these cookies from being installed on your system. Flush for the Mac, removes Flash cookies.

Adjusting Google Privacy Settings

In 2018 Google Created this Activity Tracking page to enhance privacy.

To clear Google’s “web history” which includes a log of all your searches, follow the instructions on this page.

To see and revoke access to your Google account by third-party sites, follow the instructions on this page. Also turn on Do Not Track.

To get a copy of everything Google has stored about you, visit Google Takeout. Additional Google services not covered by Takeout are located at Data Liberation.org. To delete the information, you must visit each Google service and delete your data manually.

Privacy App

Jumbo Privacy iOS App helps set Google, Facebook, Ad settings that we have mentioned

Adjusting Facebook Privacy Settings

Our article on Facebook security covers how to adjust Facebook’s privacy settings. Keep in mind that privacy settings only prevent others from seeing your profile. Advertisers and Facebook still have access to your private profile.

AVG Privacyfix.com helps you manage your Facebook privacy settings by showing you which ones need to be fixed.

Logging Off for Privacy

Intentionally logging off a site helps preserve your online privacy. If you were on Amazon, Facebook, or Google, we recommend you log off the site and not click away to a different site. This will help prevent ads from following you.

Fact: When a someone has more information about us, we are more likely to trust them. If your personal details leaked in a company’s data breach, criminals could use that information to craft emails that look more credible.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

Anonymous Browsing

Most modern Internet browsers have options to perform anonymous browsing. You can utilize this function to help hide your identity. Here are instructions for anonymous browsing in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Optional third party browser plug-ins are also available to help enhance Internet privacy.

Adblock Plus is a plug in to block ads. Firefox – Chrome
ChromeBlock is a plugin to help increase privacy. Chrome
Cookie Master is a Firefox plug-in to manage cookies
Disconnect.me is a plugin to help increase privacy. Firefox – Chrome – Safari
Do Not Track Plus is a Firefox plugin to help increase privacy.
Ghostery is a free plug-in to view and block what trackers and advertisers a website uses. Available for most web browsers
NoScript is an extension for both Firefox and Chrome which prevents scripting from automatically running
PrivacySuite is a plugin to help increase privacy. Firefox – Internet Explorer (Soon)
Trackmenot is a Firefox plug in to prevent tracking. Chrome version

Opting Out of Online Ad Personalization – Do Not Track

Advertising companies that are members of the Network Advertising Initiative (NAI) and other self-regulatory efforts allow users to opt out of personalizing ads that are shown. Here are instructions for opting out of online ad personalization in Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

The Network Advertising Initiative also has a page that allows you to opt out of online ad personalization from a variety of member advertising companies.

Other Opt-out pages:

AOL
Apple iAds
Mastercard
SelectOut – Optout of almost 200 trackers
Self-Regulatory Program for Online Behavioral Advertising
Yahoo

Using Linux for Internet Privacy

Linux can be utilized to enhance our Internet privacy. We can set up a bootable Linux USB key or CD, which allows us to start up our computer into a totally clean operating system, devoid of cookies and the like. Use one that has a write lock physical switch. Consult our article Creating a Bootable Linux USB Key or CD for more information.

Using a VPN for Internet Privacy

A VPN or Virtual Private Network allows you to tunnel your Internet traffic through a third party provider, making your traffic appear to come from a different location. While this option is more complex to implement, when combined with the suggestions listed above, a VPN connection forms a very powerful tool to protect your privacy. Consult our article How to Use Wireless Networks or WiFi Safely in Public for more information. Make sure you select one that is located outside the USA and which does not logging.

Email Snooping

Yahoo was exposed in 2016 to having scan all its customer’s emails looking at incoming email streams for a digital signature associated with a known terror organization.

The ultimate way to prevent email snopping is by running your own email server. This has a cost and can result in your emails not going through.

Credit Card Privacy

Privacy.com creates secure virtual credit card numbers, hiding your real card.

Secure Instant Messaging

Privacy relates to how easy it is to ease drop into a messaging client. Can the government listen in? Is it encrypted?

The EFF has a great Secure Messaging Scorecard page.
Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

Silent Circle
Redphone
OSTel
Chat Secure
Signal (Formerly Textsecure)

Anonymous Registration

It is annoying registering for forums and many content sites where your real information is not necessary. When asked for personal information, we suggest you enter bogus information if you wish to remain anonymous. Create an email address that is tied to this information and save this information as a profile within password management utilities.

MySudo helps you create temporary emails address and phone numbers. Free Trial. You can also this by create multiple gmail and google voice accounts.

Removing Yourself from Online Databases

There are several large databases that contain personal information that is culled from telephone books, court records, and other third parties. You can opt out of their data by visiting the following links.

A paid service DeleteMe helps automate this for $129/year

Identity Theft Protection

If you are a Comcast subscriber, you are eligible for free Identity Guard (discontinued). Consult your ISP to see if they have any free identity theft programs.

Social Security Account Setup

While we are on the subject of protecting you from identity theft. If you have not already setup your Social Security Account, you should set one up before a thieve makes one before you.

Or better yet, block Electronic access to your Social Security Record.

TV Privacy

If you have a Smart TV, it may be watching or listening to you. In March 2017 a Wikileaks CIA leak indicated that they are listening in on those with Samsung TVs.

Turn off any Smart TV Functions on your TV
Use an external Roku or AppleTV box instead
Use a power strip and turn off the TV’s power that way

Opting out of TV data

Many TV content suppliers log your viewing habits and sell them to other companies. Opt-Out of this madness! Cable and satellite television networks have their own opt-out for anonymous-viewer information.

DirectTV – Contact the company by phone, email, or mail to opt-out.
TiVo
Optimum.net – They removed their opt-out page.
Comcast
AT&T
Vizio – Vizio TVs spied on what people were viewing, causing the FTC to sue them. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.

Turn off iPhone Diagnostic Log Sending

To turn off sending of diagnostics data to Apple do the following:

Open Settings
Select General
Select About
Select Diagnostics & Usage
Click on Don’t Send

Color Laser Printer & Color Copier Privacy Issues

The Electronic Frontier Foundation (EFF) discovered that most color copiers and color laser printers have been adding invisible tracking codes to every single printed page they produce. The government asked printer makers to do this in an effort to prevent counterfeiting. The dots help track what type of printer and its serial number as well as when the document was printed.

This relativity little known tactic can undermine anonymity for political, religious, or any other reason. Users need to understand this and tell printer manufacturers that they do not like this hidden invasion of privacy. For more information, take a look at this webpage and support their efforts.

If you are purchasing a new color laser printer, try to purchase one that does not print these invisible codes.

Kindle eBook Privacy issues

Reading in the new age via eReaders such as the Kindle expose users to additional privacy issues. Previously, with physical books, it was difficult for bookstores and publishers to know whether you had really finished a book, highlighted specific passages in the book, or what book you purchased next.

With eReaders such as the Kindle your privacy has gone out the door. Kindle users have to agree to allow Amazon to store information on the device and Amazon’s servers including where you left off in the book, notes, highlights, bookmarks, and more. With all of this information, the Electronic Frontier Foundation (EFF) is pushing for legislation to prevent eBook sellers from reveling people’s reading habits without a court’s approval.

If you are concerned about your privacy, you may want to steer clear of eReaders or utilize an eReader that does not any have Internet connectivity. Find one that allows eBooks to be downloaded to a computer and manually added to your eReader.

More Resources

privacy tools.io – Lists many resources that can help you reclaim your privacy

With some leg work, we can significantly improve the privacy of our online activities.

Facebook Privacy Settings to Limit Sharing

SafeGadget — Wed, 02 Jan 2019 17:30:31 +0000

Last Updated: 10/18/2018

Note: Facebook has committed to making these settings easier to find, so there may be some variance in what we depict below.

A September 2018 security hole in Facebook allowed 50 Million accounts to be accessed by hackers. Check to see if you were affected.

Facebook reached a new low in March 2018. A massive data compromise was exposed that allowed Cambridge Analytica to obtain extensive psychographic information about 50 million Facebook users in 2014. This data was probably used to manipulate the 2016 Presidential elections.

Let’s be honest, in exchange for using this FREE service, you upload text, pictures, videos for Facebook to learn more about you. They then use this personal information to sell ads and more. There is no free lunch. Facebook is a money making machine, not your friend.

Short of deleting Facebook and Facebook messenger, This is how you can adjust your Facebook Privacy Settings to protect yourself.

Two Factor Authentication

In September 2018 it became know that Facebook uses your second factor authentication for advertising purposes! Do not use your phone number or another email address, instead use the option of employing Google Authenticator.

Important: You need to make change at both Facebook.com AND inside the Facebook App

Adjust Facebook.com Website Settings

Remove any friends you do not really know. They can send you scams or other information with out being filtered.

Click Edit in the Apps, Websites and Plugins box.

Also set Old Versions of Facebook for Mobile to Only me

Click Disable Platform

This will prevent Facebook from sharing your data with other apps and websites. You also cannot use your Facebook login to login to other sites any more.

If you want to still allow using Platform but want to lock down what is shared, instead of Disable Platform, select Edit under Apps Other Use.

We recommend Unchecking EVERY box and hitting Save

Adjust Facebook Ad Settings

Click on Ads in the lower left area of the Facebook Settings Page

For Advertisers you’ve interacted with – Click the triangle in the right side, to show the settings. Click on every company to disable this.

For Your Information – Click the triangle in the right side, to show the settings. Turn off everything. Also click the Your categories tab and turn off EVERYTHING. Pretty scary?

For Your Ad Settings – Click the triangle in the right side, to show the settings. Turn off everything.

For Hide Ad topics – Click the triangle in the right side, to show the settings. Set all of them to Permanently

Facebook Privacy Settings and Tools

Visit the Facebook Privacy Page to lock down its settings.

Adjust the settings so it looks like our screen. This was the best we could do. Make sure you have a bogus phone number in Facebook. Do not allow search engines outside of Facebook to link to your profile.

Change your birthday so it is a day earlier

Click the Use Activity Log link and remove yourself from any posts you have been tagged in.

Turn off Face Recognition

Visit the Face Recognition Settings and turn it to No

Adjust Timeline and Tagging Settings

Visit the Timeline and Tagging Settings and adjust it to the following:

Remove Facebook Likes

Click Timeline on your personal Facebook Page

Click More in the middle area and select Likes

Remove the Likes for as many items as possible! Delete TV Shows, Books, Events, Questions, Reviews and Movies from the list

Facebook Mobile App Privacy Lockdown

The above settings affect the Facebook App, but there are additional settings that need to be set in the App.

Prevent Facebook from using your Location

Facebook’s App can use your location even when you are not running it.

To disable it in iOS:

Settings – Privacy – Location Services -Facebook – Never or While Using App

To disable it in Android:

Settings – Apps – Facebook – Permissions – Location – Off

Remove Uploaded Contacts from Facebook

Click here to visit the page to remove uploaded contacts in Facebook.

Prevent Facebook from continuously uploading new contacts from your phone.

Turn off Upload contacts if you use the Facebook App, it is located at:

3 lines in lower right corner of Faceebok App, Settings, Account settings, General, Upload contacts
Facebook has a page to help you prevent syncing of contacts to Messenger. Details on the issue with Facebook looking at all your calls

Adjust who can see your posts from New Feed or Profile

Select 3 lines in lower right corner of Facebook App, Settings, Account settings, General, Privacy, Check a Few Important Settings

Select Friends or Only me

On the next screen for Posts, also select Friends or Only me

The next screen will then be Profile

Lock Down your Profile

Select the appropriate level of lockdown for each item. Only me would be most secure.

The Next screen would be Apps

Remove Unnecessary Apps

Click the X next to apps you no longer need.

Timeline and Tagging

Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Timeline and Tagging

Adjust Time line and Tagging to: Only me for all settings

Change the 2 Review settings to: On

Limit Facebook Location Data

Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Location

Do not allow Facebook to save your location, do not share location with Nearby Friends, Do not Find Wi-Fi

Adjust Public Posts

Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Public Posts

Adjust these settings to something less than Public

Interests

Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Ad Preferences

Remove all the Interests by clicking on each one and selecting Remove Interest. Other settings should have been set at Facebook.com with the instructions above.

Facebook Messenger

Facebook keeps all your messenger messages.. FOREVER. Scary isn’t that?

Here is how you delete Facebook messenger messages, conversations and photos.

Items We are still working on cleaning:

Check-Ins
Removing Apps

Do you feel more secure now?

How to: Safe Online Shopping

SafeGadget — Tue, 01 Jan 2019 08:00:32 +0000

Last Update: 1/22/2020

Online shopping has been gaining market share every year. Security breaches make headlines almost daily. With more and more shoppers going online, consumers are worried more than ever about keeping their online shopping safe and secure. In this article, we will help you shop more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online shopping when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

4. Make sure you are shopping at a reputable online store that has a good reputation. Gone are the days when you could score a stellar deal on a iPad from a no-name vendor. Online shops need to buy and sell in volume to produce low prices. Check vendor review sites like Google Product Search, BBB online, or Reseller ratings for feedback.

5. Type the URL for the shop directly in the address bar, do not rely on a link from email. This helps prevent phishing scans. Make sure you are accessing the online store’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the online store takes orders over the phone.

6. When creating an account at the online store, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions. Using Paypal, Apple Pay, or Google Pay also solves the unique password problem.

7. Pay for your purchase with a credit card and not a debit card or check. This gives you the best purchase protection, under Federal law your liability is limited to $50.

Some credit cards allow you to create single use, virtual, or disposable credit card numbers. Try to use these unique credit card numbers whenever possible. Check your credit card issuer’s website to see if they offer this feature.

If possible, do not allow the online store to save your credit card number.

Remove your credit card and use prepaid gift cards on Facebook, iTunes, Playstation Network, and Xbox Live.

8. Another method to avoid transmitting your credit card number is by using Google pay or PayPal access. These checkout systems store your credit card number and prevent the number from being seen by the online store. Additionally when paying with PayPal, select the option that causes payment to come from your credit card, not from your bank account. This gives you more recourse in case of problems.

9. If you are using PayPal or buying from eBay, consider purchasing their PayPal Security Key that adds an additional log on step. You need to hit the button on the security key and type in the security code it displays before you can log into eBay or PayPal.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice instead.

A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

10. Sign up for alerts from your credit card vendor by email or text message. This will allow you to respond to any credit card fraud rapidly. Also carefully check each month’s credit card statement for erroneous or fraudulent charges. Consider checking your outstanding charges every couple of weeks via the credit card company’s website.

11. When shopping on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

12. Explicitly logout of a website after you are finished. Do not just close the browser. This helps terminate your session officially.

13. Print out the confirmation screen of your order to ensure you do not get overcharged.

Things Not To Do

1. Do not shop when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do you perform all the above? Do you have other security tips?

How to use Wi-Fi securely in Hotels, Airports, and Beyond

SafeGadget — Sun, 10 Jun 2018 08:00:15 +0000

Last Update: June 18, 2019

While SafeGadget has several tutorials geared towards using Wi-Fi securely, we still realize that this is a major problem area. On our recent trip, we encountered insecure Wi-Fi at several airports, hotels, and restaurants. This tutorial is designed to help all users utilize Wi-Fi safely and securely.

Free Wi-Fi is available in many locations, from airports, hotels, local café, Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.

Many public wireless networks are completely unencrypted so that users can log on to them easily. Anytime you login to a free Wi-Fi hotspot that does not require a password, assume that a hacker can ease drop and see all information that is being sent and received.

Some Wi-Fi hotspots from vendors like AT&T and Comcast require you to log in with your username and password before you can get access. You need to understand that this is just access restriction and will not create a secure wireless connection.

This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.

Finding Free Wi-Fi

Boingo has a Wi-Fi locator. The Starbucks and McDonald’s entries are free.
Xfinity has a Wi-Fi hot spot locator
There are several free apps that help you find Wi-Fi (Free Wi-Fi Finder on iPhones and WiFi Finder for Android)

Secure web browsing using HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie – https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

Disable File Sharing

Prevent sharing of any files or folders that are unnecessary. This should be obvious, but becomes a large problem if you are connected outside the home, to a public network. When you are on a public network, you do not want to share files, printers, or any computer resources. To turn off file sharing under Windows 7 do the following:

Click Start Button
Type Network and Sharing Center into Start menu’s Search Box
Select Network and Sharing Center from the results
Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.

If you are using a Macintosh, consult this article on how to turn off sharing.

Enable your firewall

A firewall prevents unauthorized users from accessing your computer. Windows 7 and Windows Vista have a built-in firewall that is enabled by default. If you are running on the Mac, consult this article on how to turn on your firewall.

Connecting to a Public Wi-Fi Network

When you are setting up a new network connection, Windows will prompt you to choose what type of network this is. The choices are Home Network, Office Network, or Public Network. A Home Network is the most open network because all computers on the network will be treated as friendly, allowing for easy sharing of folders and files, and also allowing the creation of a Home Group for all computers on the network.

Office Network is slightly more strict, but the Public Network is the most strict. Selecting Public Network will hide your computer on the network and disable file and print sharing. This is recommended if you are running a notebook and connect to external networks often. If the computer is only used at home and file or printer sharing is used, do not change the setting.

If you need more control when connecting to different networks, try the Window’s Utility NetSetMan. Macintosh users can try AirPort Location.

Setup a VPN or virtual private network

A virtual private network (VPN) is a secure, encrypted tunnel for your computer to communicate with the Internet. All traffic travels over this secure connection, preventing hackers from eavesdropping. VPNs help secure Internet traffic that is not sent using SSL secure connections. The tunnel starts on your computer, travels over the public wireless network, and connects you with either a VPN server in your home or one that you subscribe to. Your data travels over a secure, private network even though you may be accessing a public insecure network. There are several free VPN options as well as many companies selling VPN access.

Be aware that using a VPN to order products online may cause some problems. The VPN will make your IP address appear to be located wherever the VPN server is located, which could be in another state or even country. If you order an item and have it shipped to a location different from where your VPN server was located, some fraud detection systems might flag the order as being fraudulent.

Here are some free VPN options:

CyberGhost VPN free – Installs software on your machine to access their free service. This service is usually overloaded during daytime hours and requires users to wait in a queue for free access. They also have paid accounts that do not require the wait. One downside of this service is that we found several sites which are not accessible through this VPN. PC only; no Mac version.
Ultrasurf – This free VPN service was mainly designed to circumvent the firewall in China. This VPN only supports web traffic and not other internet traffic like FTP or VOIP. We found that this VPN service does not support certain websites, including WordPress administration pages. PC only; no Mac version.
Proxify – This web-based service helps you surf the web anonymously and securely. Proxify is limited to web access only. The free service has ads and does not support all file formats.
Hotspot Shield – A free service for Windows that is slow and filled with ads, spys on you, but works. Paid version eliminates ads. Warnings
Hide My Ass – A free service that includes a free Web Proxy, Facebook Proxy and more. Read the disclaimers.
proXPN – Free version is bandwidth throttled and does not allow you to select a country.

All the free VPN services have limitations. If you can work within their limits, we suggest you utilize one. Most users require more robust VPN access and will have to either set up a VPN server on their home computer or sign up for a paid VPN service. Note that most VPNs and Proxy services will not tolerate illegal activities and will cooperate with authorities.

Some proxy servers intentionally strip HTTPS secure connections. Test your proxy at proxycheck.

Signing Up for a Paid VPN Server

Users who travel or are not satisfied by the options we listed above, should sign up for a paid VPN account. This type of VPN access gives the use maximum flexibility and compatibility with various applications.

PPTP protocol is built into Windows and is the VPN protocol of choice, but is easy to block. Open VPN requires a software download for installation. Open VPN will work in places where PPTP VPN is blocked, typically countries in the Middle East or China.

PPTP VPN typically offers less secure 128-bit encryption compared to OpenVPN based VPN servers who can offer up to 2048-bit encryption.

Overcome geographic locks on website access. Hulu.com and Pandora.com are only accessible from within the United States. Users can purchase a VPN account from a service that makes you appear to be located in the U.S. even though you are abroad.
Access the internet anonymously. Your IP address will be anonymous and cannot be tracked.
Security. Use public wireless hotspots securely and prevent others from stealing your identity.
Bypass firewalls. Access sites that are banned in your country. Log in to Facebook when you are in China.
Skype discount. You can appear to be located in another country and make “local” calls within that country.

What to Look for in a VPN Provider

Price – Obviously, the cheaper, the better, but the cheapest providers have a limited feature set and slow performance. Open VPN support cost more.
Length of Contract – The longer period you commit to, the lower the price.
Countries – Different VPN providers have servers in different countries.
Encryption Strength – The stronger the encryption, the higher the price.
VPN Software Compatibility – Some VPN servers require special client software for higher security access like OpenVPN.
Logging – Make sure your VPN provider is not logging your Internet activities.
Speed – Some lower cost providers overload their servers and Internet connections, slowing access.

Users should examine their needs and budget, and select a VPN provider that fulfills their requirements. It is wise to Google search the provider, looking for problems or disgruntled users before signing up. Google search for VPN providers.

When You are Finished Using a Public Wi-Fi Hotspot

When you have finished your online activities, it is important that you turn off your Wi-Fi connection to the public wireless network. Intentionally logging off will prevent any accidental data leakage. In Windows, you can simply right-click on the wireless signal bar icon in the task bar to disconnect from a wireless network.

With some attention to security, free public Wi-Fi can be a useful tool and a safe one.

This concludes our How to use Wi-Fi securely in Hotels, Airports, and Beyond article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

How to use Wireless Networks or Wi-Fi securely in Public

SafeGadget — Thu, 08 Feb 2018 08:00:26 +0000

Last Update: June 18, 2019

Free Wi-Fi is available in many locations, from your local café or Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.

Many public wireless networks are completely unencrypted so that users can log on to them easily. This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.

Finding Free Wi-Fi

Boingo has a Wi-Fi locator. The Starbucks and McDonald’s entries are free.
There are several free apps that help you find Wi-Fi – search the app stores for Wi-Fi

Secure your computer, web browser, Internet connection

Secure web browsing using HTTPS

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

Disable File Sharing

Click Start Button
Type Network and Sharing Center into Start menu’s Search Box
Select Network and Sharing Center from the results
Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.

If you are using a Macintosh, consult this article on how to turn off sharing.

Enable your firewall

Connecting to a Public Wi-Fi Network

If you need more control when connecting to different networks, try the Window’s Utility NetSetMan. Macintosh users can try AirPort Location.

Setup a VPN or virtual private network

The tunnel starts on your computer, travels over the public wireless network, and connects you with either a VPN server in your home or one that you subscribe to. Your data travels over a secure, private network even though you may be accessing a public insecure network. There are several free VPN options as well as many companies selling VPN access.

Be aware that using a VPN to order products online may cause some unforseen problems. The VPN will make your IP address appear to be located wherever the VPN server is located, which could be in another state or even country. If you order an item and have it shipped to a location different from where your VPN server was located, some fraud detection systems might flag the order as being fraudulent.

Some VPN services log your activity or many be required to do so by where they are located. They may claim no logging but the fine print indicates otherwise. We recommend not using the Free services.

Here are some free VPN options:

CyberGhost VPN free – Installs software on your machine to access their free service. This service is usually overloaded during daytime hours and requires users to wait in a queue for free access. They also have paid accounts that do not require the wait. One downside of this service is that we found several sites which are not accessible through this VPN. PC only; no Mac version.
Ultrasurf – This free VPN service was mainly designed to circumvent the firewall in China. This VPN only supports web traffic and not other internet traffic like FTP or VOIP. We found that this VPN service does not support certain websites, including WordPress administration pages. PC only; no Mac version.
Hotspot Shield – A free service for Windows that is slow and filled with ads, spys on you, but works. Paid version eliminates ads. Warnings
proXPN – Free version is bandwidth throttled and does not allow you to select a country.
Tor – Is not really a VPN but it will shield your traffic.

All the free VPN services have limitations. If you can work within their limits, we suggest you utilize one. Many users require more robust VPN access and will have to either set up a VPN server on their home computer or sign up for a paid VPN service. Note that most VPNs and Proxy services will not tolerate illegal activities and will cooperate with authorities.

Some proxy servers intentionally strip HTTPS secure connections. Test your proxy at proxycheck.

Setting Up Your Own VPN Server

There are several options for setting up your own VPN server. Most of them require advanced user knowledge of PCs and/or Linux. While this option requires a lot of user intervention and computer hardware, the resultant VPN can be very feature-rich and is essentially free.

Algo VPN – Easy to use scripts to setup a VPN on DigitalOcean (most user friendly), Amazon EC2, Google Compute Engine, and Microsoft Azure.
Asus Wireless router – Several Asus routers have VPN servers built in.
Adito – This VPN server is written in Java and requires a Linux installation on your machine. Adito is very feature-rich.
OpenVPN ALS – This VPN server is a descendant of Adito and also requires Linux.
Logmein Hamachi – This zero-configuration freeware VPN tool allows users to easily connect to computers behind network routers. Users can use this software to access their home computers from a Public wireless network or any other location. Hamachi helps to make it appear that you are actually located on your home network, so you have full access to resources such as your printer, music server, files, and other computers. Both Clients must have Hamachi installed on their computers and join the same group for Hamachi to work. Many people use this software to play network games. This software is partly controlled by the company that makes LogMeIn remote control software. It works on Macs and PCs. Lifehacker has a tutorial on how to use Hamachi.

Signing Up for a Paid VPN Server

PPTP VPN typically offers less secure 128-bit encryption compared to OpenVPN based VPN servers who can offer up to 2048-bit encryption.

Overcome geographic locks on website access. Hulu.com and Pandora.com are only accessible from within the United States. Users can purchase a VPN account from a service that makes you appear to be located in the U.S. even though you are abroad.
Access the internet anonymously. Your IP address will be anonymous and cannot be tracked.
Security. Use public wireless hotspots securely and prevent others from stealing your identity.
Bypass firewalls. Access sites that are banned in your country. Log in to Facebook when you are in China.
Skype discount. You can appear to be located in another country and make “local” calls within that country.

What to Look for in a VPN Provider

Price – Obviously, the cheaper, the better, but the cheapest providers have a limited feature set and slow performance. Open VPN support cost more.
Payment – Bitcoin support helps improve your privacy
Length of Contract – The longer period you commit to, the lower the price.
Countries – Different VPN providers have servers in different countries.
Encryption Strength – The stronger the encryption, the higher the price.
VPN Software Compatibility – Some VPN servers require special client software for higher security access like OpenVPN.
Logging – Make sure your VPN provider is not logging your Internet activities. You cannot really take their word for it though.
Speed – Some lower cost providers overload their servers and Internet connections, slowing access.
Location – Pick someone outside the US and UK, if you really want to be private.
Blocking – Avoid picking a large VPN provider that may have access blocked to certain large websites.
DNS and IPv6 leaks – Avoid VPNs that have problems with this.

One of the biggest problems, especially with the well known VPN providers, is websites blocking them.

With PrivateInternetAccess, we found we could not visit certain websites, including Target.com and BestBuy.com! Make sure you have a limited time trial to test the service.

privacy tools.io has a list of VPN providers with minimal logging some of the lower cost ones are:

NordVPN – Panama – $48 a year
Cryptostorm.is – Iceland – $52 a year
We have used AirVPN and find it ok, but their Mac Client is buggy.

We have tried some that are based outside the US and the connection speeds were very slow, even with their US nodes.

VPN Discovery

VPN Hunter is a service that scans a specific domain name looking for VPN servers and then classifying them by the manufacturer and possible security holes.

SSH Tunneling For Security

Power users could setup a SOCKS Proxy over SSH tunnel to increase security even more when using a Public wireless network. This basically sends all web traffic through an encrypted SSH connection to another computer that you have set up elsewhere. Web browsers need to be configured to use a proxy server, so using a VPN server is a lot easier and allows all types of Internet traffic to flow through it.

Advanced Security Tools to prevent man in the middle attacks

Many people have their smartphones and laptops set to automatically log into wireless networks such as their home’s and free Wi-Fi hotspots like McDonald’s, Starbucks, or attwifi. Your device will keep looking for these names and automatically join you to their network. Hackers could set up wireless hotspots with exactly the same name to lure your device to join their network automatically. They would then start capturing all your traffic while sending it across the Internet. We suggest you manually join wireless networks and disable automatic joining.

To prevent man in the middle attacks, where a hacker is pretending to be a wireless access point and capturing all your information, you need to install special software to prevent ARP cache poisoning attacks like this software utility.

When You are Finished Using a Public Wi-Fi Hotspot

With some attention to security, free public Wi-Fi can be a useful tool and a safe one.

This concludes our How to use Wireless Networks or Wi-Fi securely in Public article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

How to Secure Windows 10

SafeGadget — Mon, 29 May 2017 02:47:26 +0000

Last Updated: 11/1/2017

Windows 10 is the latest and greatest operating system from Microsoft. It still need help to become more secure.

Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update. It works well and should be used by all Windows 10 users.

Securing the Boot up Process

Windows 10 Secure Boot prevents rootkit attacks, where malicious code attempts to tamper with Windows before it boots, before antivirus and other system defenses load. Microsoft introduced features to protect the Windows kernel and privileged drivers in previous versions, but Secure Boot enhances those measures to prevent system tampering.

If your PC is a recent one, you will have what is known as UEFI Firmware that support Secure Boot. This allows the PC to check the signature of each piece of boot software to ensure they are not compromised. Make sure you enable this.

Secure boot is supported by Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2

Set Windows Defender Built in Antivirus blocking to High

Windows Defender Antivirus ships with all versions of the Windows 10 operating system. Versions included with the Windows 10 Creator Update version 1703 or newer in 2017 allow you to set the blocking level to high. Be sure to do this.

Windows 10 Wi-Fi Sense

Windows 10 will by default, share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype, and with your approval, your Facebook friends. This is intended to solve the give your friends access to your home Wi-Fi problem. The problem is, it can lead to compromising your Wi-Fi password.

After the Windows 10 upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.

Open Start Menu
Select Settings
Select Network & Internet
Select Wi-Fi
Scroll down
Select Manage Wi-Fi Settings

To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it. IE (SSID: wifibox_nomap_optout) This prevents Windows 10 for sharing it and Google from indexing it.

Windows 10 Enterprise

Window’s 10 has an excellent featured called Device Guard that introduces whitelisting of programs to the operating system. Programs aren’t allowed to run unless they are specifically determined to be safe, by checking the file’s cryptographic signature. Device Guard relies on Microsoft’s Hyper-V virtualization technology to store its whitelists in a shielded virtual machine. It is only available for systems capable of hardware CPU virtualization and I/O virtualization. Device Guard also relies on the on-board TPM chip and UEFI Secure Boot.

Windows 10 privacy

Windows 10 in some ways, has rolled back privacy. Microsoft has built into the operating system more ways to know what you are doing. There are a boatload of 3rd party program that help you regain privacy. Some even cause unwated programs to be installed. Check out this Review

Do you have any Windows 10 security tips?

How to: Safe and Secure E-mail

SafeGadget — Sat, 25 Feb 2017 08:00:22 +0000

Last Update: 8/26/2017

Every computer user uses e-mail. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their e-mail safe and secure.

E-mail is the major way most malware is transmitted across the Internet. E-mail is the largest attack vector against large companies, as it is far more difficult to physically infiltrate a company. In this article, we will help you use e-mail more securely.

A recent experiment of 150,000 test emails sent by Verizon Enterprise Solutions found that 23% of recipients opened the email, 11% click on the attachment. One person clicking on the attachment would have infected the organization. The human is the weakest link.

Secure your computer, web browser, Internet connection

The Golden rules of the Internet:

Do not trust anyone
If it is too good to be true, it probably is
Don’t install software from anonymous sources
Don’t automatically hit “yes” to any pop-up
If it looks suspicious, run

Secure Your Router

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, access your e-mail when connected by a hardwired connection such as Ethernet.

Update and Secure Operating System

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Secure Internet Browsers

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

Pick a Good Email Provider

4. Most people already have an e-mail address that they are connected to. If you are considering a new e-mail address, consider examining how sophisticated the provider is. Infrastructure and state-of-the-art spam filtering are not inexpensive. We recommend users consider e-mail addresses from providers like Lavabit, Google and Hushmail. These companies are committed to staying on the leading edge, and are accessible anywhere. ISP based e-mail is convenient, but locks you in to the ISP. The same argument applies to school or company based e-mail addresses.You can always access these e-mail account via POP access in Gmail. This will allow your email account to utilize Gmail’s excellent spam filters.

Look for e-mail providers that have good spam filters and allow you to control attachments and HTML within e-mail messages.

Make Sure Email is using HTTPS

5. Make sure you are accessing the e-mail provider’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure.

Use Unique Passwords

6. When creating an account at the e-mail provider’s website, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

Create Multiple Email Accounts

7. We recommend creating multiple email accounts for different purposes, in order to maximize online safety. Having multiple email accounts linking to different accounts online. One example would be to have one email account for forums, one for banking, and one for shopping. Do not have all your emergency recovery email address be the same. This way if one email account gets compromised, the others are safe.

Use Two Factor Authentication if Available

8. Some e-mail providers support two factor authentication which requires users log in with both a password and a phrase generated on a smartphone, smartcard, or printed on a piece of paper. Gmail is a leading e-mail provider that supports this 2-factor authentication. Yahoo mail added 2-factor support at the end of 2011. A hacker who had your password could not log on without a second means of authentication. This is especially good for people that travel out of the country.

Two factor authentication system using SMS text messages is not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s.

Use 3G/4G connection instead of Public WiFi when checking Email

9. When accessing e-mail on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

Don’t open suspicious links and/or attachments

10. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Spear Phishing is utilizing realistic looking e-mails with personalized information, possibly emanating from a known person to steal your login password, run a attachment that contains malware, or force you to visit a web page containing malware.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account. From there, you can use Google Docs to open Word Processing, Spreadsheets, etc. No need to endanger your own computer.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

Fight SPAM

11. Spam unfortunately, remains a unfortunate element in e-mail. Leading e-mail providers are pretty good at fighting spam, but no one is perfect. Unintended consequences include good mail ending up in a spam folder. Be very careful when accessing the spam folder as many a penetration has been enabled when workers accidentally click on links within spam folder e-mails that look legitimate.

Don’t Display HTML

12. For maximum security set your e-mail provider’s configuration to not display HTML when displaying e-mail. A less secure setting is to allow HTML but not to display images. This additional security tactic helps prevent rogue pages from being displayed within e-mail. (Windows Live Hotmail does not allow you to control this.)

We suggest these settings for Gmail:

Select Mail Settings from the Gear Icon in the upper right corner
In the General Tab, next to External Content: Select Ask before displaying external content

Use SSL to access Mail Servers

13. It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobileMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.

To enable SSL with Yahoo Mail (not enabled by default) follow these steps:

Login to your Yahoo Mail account
Click the Gear icon on the upper-right corner
Select “Mail Options“
Click General on the Left, Under Mail Options
Check the Box next to “Turn on SSL“
Click Save at the top of the screen.

14. If you have applications other than your web browser accessing your E-mail IE. A desktop mail client suck as Windows Live Mail, Outlook, or Mail.app, make sure you enable SSL secure connections within each application. Here is a tutorial on using Gmail with Windows Live Mail.

Be careful of Short URLs

15. Do not click on shortened URLs, expand them first using a site like URL Expander or run them through a service like Virustotal.

Report Phishing

16. If you encounter phishing emails you can forward them to:

reportphishing@antiphishing.org
spam@uce.gov
Internet Crime Complaint Center
Anti-Phishing Working Group
Stay Safe Online has spam reporting information on the top 10 ISPs

Check to see if any Email addresses have been compromised

17. There are databases of email addresses that have been compromised. If you are listed, immediately change all your passwords connected to that email account.

haveibeenpwned.com

18. Someday phishing will hopefully fade in volume. DMARC.org which stands for “Domain-based Message Authentication, Reporting & Conformance” may help reduce the volume of problematic emails.

Encrypt the contents of Email

19. Email uses an insecure SMTP protocol to send data between servers. All the data sent is unencrypted. This factor has nothing to do with using SSL to connect your email provider. You need to use tools like PGP (pretty good privacy) to encrypt the contents of your emails to ensure privacy. Never send a password in email.

Email Attachment

Next to clicking a link in an email, clicking an attachment is the second most dangerous way to get infected.

Block attachments in your email client.

Gmail automatically blocks:

.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH

We recommend you supplement this by blocking these file types that are not used very often any more. Select Create a new filter from Filters and Blocked Addresss

Things Not To Do

1. Do not access your e-mail from public wifi hot spots unprotected or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

2. Always log out web-based e-mail account, do not simply close the browser.

3. Do not have a single email address where everything goes. If everything is linked together, you entire security chain can get compromised with one break in.

Secure Internet Explorer 9 Browsing

SafeGadget — Mon, 12 Oct 2015 08:00:07 +0000

Last update: 4/14/2016

Internet Explorer remains the most popular web browser for Windows. This makes it a large target for malware and cybercrime. We will focus on securing Internet Explorer 9, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Internet Explorer and recommend users to upgrade to Internet Explorer 9. It requires Windows Vista or Windows 7 to operate, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Enhanced Mitigation Experience Toolkit (EMET)

Internet Explorer users should definitely install Microsoft’s free Enhanced Mitigation Experience Toolkit. It helps beefup IE’s security. It even prevented the major Zero Day IE vulnerability of April 2014.

Windows 8 and Internet Explorer 10

In 2012 is a new version of Windows and a new Internet Explorer promising tighter security. ForceASLR will be added, making more applications use the randomization code protection of ASLR. High Entropy ASLR will be added to take advantage of the larger memory address space of 64-bit Windows 8 PCs.

Secure your computer, web browser, Internet connection

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping. Internet Explorer has seen so many bugs over the years, that even with all our suggestions, security conscious people might want to run Firefox or Chrome instead.

Internet Explorer 9 includes the following security oriented features:

ActiveX Filtering
Domain highlighting
SmartScreen Filter
Cross site scripting (XSS) filter
A 128-bit Secure Sockets Layer (SSL)
Tracking Protection
InPrivate Browsing

The Golden rules of the Internet:

Do not trust anyone
If it is too good to be true, it probably is
Don’t install software from anonymous sources
Don’t automatically hit “yes” to any pop-up
If it looks suspicious, run

Before you make any changes to your system, always back it up.

Internet Explorer Add-ons to UNINSTALL

Software that enhances Internet Explorer can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Internet Explorer through its removal.

Adobe Reader or Adobe Acrobat – This is a major source of internet threats, so consider using an alternative PDF reader such as Foxit Reader, or PDF-XChange.
Flash Player – This animation enhancement plug-in is widely used but full of security holes, leading to many updates. If you need Flash, you will have to update it constantly.
Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
Silverlight – We recommend removing it from your system unless you really need it. This software is another possible time bomb waiting for exploitation.

Hardening Internet Explorer 9’s Settings

Internet Explorer 9 can be secured even more with several key changes to the browser’s settings. Many of these settings were recommended by Microsoft’s Business Oriented Security Compliance Manager Security Guide for Internet Explorer 9. We have selected all the Critical settings for Internet Explorer 9.

1. Selectively Enable ActiveX to increase security

ActiveX is a technology that allows webpages to be more powerful. Because ActiveX code is downloaded from the website you are visiting, it could be crafted to produce security risks such as malware. Our goal is to only use ActiveX when visiting known safe Internet websites.

Launch Internet Explorer 9
Click on the Gear Icon in the upper right hand corner
Select Safety
Select ActiveX Filtering

When you visit a website that has ActiveX support, a Light Blue circle with a line through it will appear. Click on this icon to enable ActiveX for this particular site. You need to do this once per website.

2. Enable Protected Mode for Intranet and Trusted Site Zones

Protected Mode is usually enabled for Internet Zone, we can enable it for the two other zones for which Protected Mode comes disabled to increase security further.

Launch Internet Explorer 9
Click on the Tools Menu
Select Internet Options
Click on Security tab
Click on Local intranet
Check “Enable Protected Mode“
Repeat Step 6 after Clicking on “Trusted Sites“

3. Mark Valuable Data Inaccessible to Internet Explorer

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Internet Explorer. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

Press Start menu
Go to All Programs
Go to Accessories
Right-Click on Command Prompt
Select Run as Administrator
Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
Press Enter to Execute the Command
Type Exit to end the Command Prompt

4. Set Internet Explorer 9 to High Security

US-CERT recommends the High security setting be applied for the Internet Zone. (Default is Medium-High security) High security will cause several features including ActiveX, Active Scripting, and Java to be disabled. With these features disabled, the browser will be much more secure but many websites may not load correctly, forcing you to tediously add them to the Trusted Zone list so they load properly. Many folks may not want to perform this step.

Launch Internet Explorer 9
Click on the Tools Menu
Select Internet Options
Click on Security tab
Click on Internet
Select High for Security level for this zone
Check “Enable Protected Mode“

5. Internet Explorer 9 security settings

These settings are not available to Vista Home or Windows 7 Home.

If you are running Windows Vista Pro or Ultimate or Windows 7 Pro or Ultimate do the following:

Hit Windows key and the letter R
Type “gpedit.msc” into the Box, Hit OK
If User Account Control is enabled, Hit Yes

Now that Group Policy Editor is open, we will make several changes to increase the security of Internet Explorer 9.

Disable AutoComplete for forms – It is possible that this feature will cache sensitive data.

Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable AutoComplete for forms”
Check Enabled and Press OK

Disable Save this program to disk option – Users could download and execute hostile code from Web sites.

Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Save this program to disk option”
Check Enabled and Press OK

Disable changing certificate settings – Users could import new certificates, remove approved certificates, or change settings for previously configured ones.

Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing certificate settings”
Check Enabled and Press OK

Prevent users from bypassing SmartScreen – Reduces risk of malware infection via visiting malicious websites.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent users from bypassing SmartScreen Filter’s application reputation warnings about files that are not commonly downloaded from the Internet”
Check Enabled and Press OK

Only use the ActiveX Installer Service for installation of ActiveX Controls – The standard installation process is less secure than using the ActiveX Installer Service.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls”
Check Enabled and Press OK

Prevent Bypassing SmartScreen Filter Warnings – The user can ignore a SmartScreen Filter warning and navigate to a site determined to be unsafe.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings”
Check Enabled and Press OK

Turn off Managing SmartScreen Filter for Internet Explorer 9 – Reduces risk of malware infection via visiting malicious websites.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter for Internet Explorer 9”
Check Enabled and Press OK

Java permissions – Java applications could contain malicious code.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions”
Check Enabled and Press OK
Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions“
Check Enabled and Press OK

Turn on ActiveX Filtering – Without ActiveX Filtering you cannot make an informed decision about every ActiveX control you run.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX Filtering”
Check Enabled and Press OK

Security Zones: Do not allow users to change policies – Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to change policies”
Check Enabled and Press OK

Security Zones: Do not allow users to add/delete sites – Users will be able to add or remove sites from the Trusted Sites and Restricted Sites zones at will and change settings in the Local Intranet zone.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to add/delete sites”
Check Enabled and Press OK

Security Zones: Use only machine settings – Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Use only machine settings”
Check Enabled and Press OK

Turn off Crash Detection – A crash report might contain sensitive information from the computer’s memory.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection”
Check Enabled and Press OK

Turn off Encryption Support – The allowed encryption protocols determines the possible encryption types that can be used.

Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support”
Check Enabled and Press OK

Helpful Internet Explorer 9 Add-ins

Web of Trust (WOT) for Internet Explorer – Displays a simple gauge showing the website’s danger levels.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

Phising Toolbars – Internet Explorer 9 already includes the SmartScreen Filter that detects dangerous websites and warns you. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Internet Explorer from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Internet Explorer 9 Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Internet Explorer Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.

If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:

ide0:0.mode = “independent-nonpersistent”

Secure Web Browsing with HTTPS

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Internet Explorer 9 settings, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Welcome to Safegadget.com

SafeGadget — Mon, 15 Jun 2015 08:02:31 +0000

Welcome to Safegadget.com, the one-stop website for securing your computer and gadgets. Don’t wait until you have become a victim of malware. While it is impossible to prevent all attacks, it is important that we all secure our systems so we aren’t easily hacked. This is akin to wearing a seat belt to prevent an accident.

We feature many different security tutorials.

Learn how to secure your PC, find free anti-virus software, and find Windows security software
Secure your Mac and find free Mac security software
Use Linux for secure online banking, online trading, and online shopping
Secure your wireless network (Wi-Fi)
Learn how to create, store and use secure passwords

Harden the Security of your Browser

Boost the Security of your Smartphones and Tablets

Learn how to perform the following Safely and Securely

How to Safely use Twitter

SafeGadget — Mon, 09 Jun 2014 08:00:50 +0000

Last update 1/9/2015

Twitter is becoming more popular everyday. With millions of people to be targeted, Twitter is definitely a battleground for security and privacy. This website has become a worldwide hit and consequently has become a target for those intent on spamming, spreading worms, and stealing private information. In this article, we will cover many techniques to allow you to safely use Twitter.

Secure your computer, web browser, Internet connection

It is important that you follow the tips above to ensure your computer is secure. There have been Twitter Spam Attacks caused when malware infects a computer and gives control of the user’s Twitter account to a spammer. The spammer then posts messages on Twitter offering everything from Free items to pictures of celebrities, all appearing to be posted by the infected user. If one of your friends clicks on the offer, they instantly get infected, repeating the cycle of malware propagation.

Access the Real Twitter

Always make sure you are at a real Twitter log in page when you access their site. Do not count on Twitter links in email or on web pages to access the real Twitter website.

Think before Clicking on Links

There have been several viruses that have hit Twitter users, many of which have caused links to malware on Twitter. It is important that you exercise care before clicking on any links. Twitter has added a automatic link screening service, but this service could be bypassed. Be especially cautious in clicking links from direct messages.

Shortened links that do not fully disclose the destination site should be expanded before being clicked. You can expand short links with a browser plugin such as Linkpeelr for Chrome or visit a site like URL Expander or unshorten.it Virustotal.com checks shortened url’s for malware. Consult our How to Secure Your Internet Browser article for details. Internet Explorer 9 – Mozilla Firefox – Google Chrome

Enable Two Factor Authentication

Enable Two Factor Authentication so a login will require you to check your smartphone for a pin code. This only takes a minute and would have prevented many Twitter hacks.

Secure Twitter Browsing

As with the rest of the web, browsing a website using a secure connection is always preferable. You can set Twitter to automatically use secure HTTPS browsing by doing the following:

Click your Twitter Account name on the upper right hand corner
Select Settings
Check Always use HTTPS
Click Save

Sharing Sensitive Information

The following information is sensitive and may not be desired to be shared with others. Thieves can use this information as well those trying to piece together your identity or those attempting to hack your passwords. Think twice before including any of this information in your Tweets.

Who your friends are
Vacations or times away from home
Real birthday, at least no year
Mother’s maiden name
Pets names
Children’s names
Address
Phone numbers
Schools attended
Religious views
Political views
Tweet Location
Changing Passwords
Moving
Switching Servers

Consider having separate work and personal Twitter accounts. Be sure not to Tweet anything that could offend your employer.

Twitter Passwords and Access

It is important to follow our standard password suggestions. Consult our article on How to create, store, and use secure passwords.

Removing Unnecessary Twitter Applications

Twitter stores access credentials for 3rd-party applications. This allows them to send Tweets. You should review the list of applications allowed access to your account and remove unnecessary applications.

Click your Twitter Account name on the upper right hand corner
Select Settings
Click on Applications tab
Click Revoke Access on unnecessary applications

We have covered many areas in which you can increase the security and privacy of your Twitter usage. We suggest you implement as many of the suggestions as quickly as possible to maximize your safety on Twitter.

Scan your Twitter feed for Spam

Use a site like TwitBlock to look for spammy followers and bots.