Check out our Facebook Settings How To Privacy Page

Why should I be concerned about Internet privacy?

• Do you like online ads following you around from site to site?
• Can you discuss your health problems online without fear of losing insurance?
• Do you worry about publishing private information that could lead to stalking, surveillance, or identity theft?
• Does your work place monitor your Facebook or Twitter? Could you be fired over a post?
• Do you live in a country where you could be arrested or tortured based on what you post online?
• Did you know that third-parties collect information the government is not allowed to collect? The government has purchased this information too.
• Companies such as FinFisher are selling hacking software to countries and corporations to break into people’s computers and monitor them.
• Visit the EFF’s Panopticlick site to see what you are telling the world right now, before using the tools below.
• Tactical Technology Collective has tips for journalists and activists on how to increase their privacy.

60% of people polled by the WSJ.com were tremendously worried about the loss of online privacy.

The Internet appears to facilitate privacy and anonymity, but in recent years has been a battleground that pits advertisers on one side and users on the other. It has become increasingly difficult to maintain privacy on the Internet because money has gotten into the game. As online advertising has grown, companies have sprouted up, attempting to optimize Internet advertising performance by combining advertising with profiling. While individual users may not be known by name, they have become ghost profiles that are increasingly matched up with appropriate advertising. If you have found Internet ads following you from site to site, you have been profiled and are seeing the results. In this article, we will examine many methods to enhance our Internet privacy and perform operations anonymously.

One of the main goals of Internet privacy is to make that people have the ability to make informed decisions about how they act online. Users should be told ahead of time how their personal information is used and shared.

The Real Cost of Free Content

While many users assume that most content sites are free, there is a hidden price being paid, the users private information. Most online advertising companies are tracking web browsing activity across many websites in order to build profiles of users. They cross-reference and trade information to generate revenue and better target online advertising and promotions.

Hide your phone number

Once a cybercriminal gets your phone number, they can wreak all sorts of havoc including SIM Swap your phone and take over many accounts.  Hide your number or at least used a VoIP number such as Google Voice. Do not allow Google Voice to forwards Texts/Calls to your main number.

• Google
  • Remove your phone number from myaccount.google.com – Personal information
• Microsoft
  • Remove your phone number from account.live.com
• Facebook
  • Select Settings under the drop-down arrow at the top right. First, click on Mobile in the right-side menu, and remove your phone number
• Twitter
  • Click your avatar, go to Settings and Privacy, and navigate to Mobile on the right hand menu. Remove your number and use an authenticator app

Android

Turn off your advertising ID.  This is attached to all you apps, search history, purchases, recent locations and much more.

• Settings > Privacy > Ads > Delete Advertising ID

Older Android versions may have Opt Out of Ads Personalization

Chrome

Turn off 3rd party cookie tracking on both Chrome for computers and Chrome App

Settings > Security & Privacy > Block third-party cookies

Privacy Oriented Browser

brave is a browser from a mozilla co-founder, which is focused on privacy.

Internet Browser Cookies

In the past, users have been able to delete their Internet browsers’ cookies and thereby foiling efforts to track the user. Here are instructions for clearing the browser cache in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Below is how to set browsers to not accept third-party cookies. These cookies are typically generated by tracking and advertising companies when you visit a website. Occasionally this technique will cause a website to malfunction, particularly if it uses a third-party to handle tasks like commenting.

To optimize third-party cookie privacy settings in Firefox do the following:

• Select Options… from the Tools menu
• Select Privacy tab
• Select Use custom settings for history
• Uncheck Accept third-party cookies
• Optionally select Keep until: I close Firefox – This will delete cookies after every browser session, which you may not want to happen.

To optimize third-party cookie privacy settings in Internet Explorer 9 do the following:

• Select Internet Options from the Tools menu
• Select Privacy tab
• Check Never allow websites to request your physical location under Location
• Select Advanced
• Check Override automatic cookie handling
  
• Check Block under Third-party Cookies
• Press OK

CCleaner is useful Windows utility to clear out unnecessary files including temporary files, and cookie files.

Identity Finder helps you remove personally identifiable information from your computer’s files. They have a free Windows and Mac version.

While this technique is still somewhat helpful, the advertisers have gotten smarter and utilize other tracking techniques. Consult our guides to Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox for information.

IRS Tax Filing IP PIN

An IRS IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns.

In 2019, they expanded the states that support this protection.

HTML5 and Privacy

HTML5 represents the latest standard for web design that significantly increases the flexibility and interactiveness of websites. Along with these impressive new features, comes a major privacy issue. HTML5 local storage allows data to be stored in your browser. It can potentially be used to track your movements and regenerate any cookies that you delete. New methods of blocking need to be created to block this intrusive technology.

Google Chrome and Firefox clear HTML5 local storage whenever you clear your cookies. Safari clears this when you select: Preferences -> Privacy tab -> Cookies and other website data -> Remove All Website Data

You can set Firefox to warn you whenever a website is attempting to use HTML5 local storage by selecting: Options -> Advanced -> Network -> Tell me when a website attempts to store data for offline use.

Flash Cookies

Adobe Flash also generates cookies that have been used for tracking and are difficult to remove. Adobe has a special page that requires Flash, in which you can delete your Flash cookies. Also visit this Flash configuration page to prevent 3rd parties from storing Flash content on your PC. You can install a Flash blocker to prevent these cookies from being installed on your system. Flush for the Mac, removes Flash cookies.

Adjusting Google Privacy Settings

In 2018 Google Created this Activity Tracking page to enhance privacy.

To clear Google’s “web history” which includes a log of all your searches, follow the instructions on this page.

To see and revoke access to your Google account by third-party sites, follow the instructions on this page. Also turn on Do Not Track.

To get a copy of everything Google has stored about you, visit Google Takeout. Additional Google services not covered by Takeout are located at Data Liberation.org. To delete the information, you must visit each Google service and delete your data manually.

Privacy App

Jumbo Privacy iOS App helps set Google, Facebook, Ad settings that we have mentioned

Adjusting Facebook Privacy Settings

Our article on Facebook security covers how to adjust Facebook’s privacy settings. Keep in mind that privacy settings only prevent others from seeing your profile. Advertisers and Facebook still have access to your private profile.

AVG Privacyfix.com helps you manage your Facebook privacy settings by showing you which ones need to be fixed.

Logging Off for Privacy

Intentionally logging off a site helps preserve your online privacy. If you were on Amazon, Facebook, or Google, we recommend you log off the site and not click away to a different site. This will help prevent ads from following you.

Fact: When a someone has more information about us, we are more likely to trust them. If your personal details leaked in a company’s data breach, criminals could use that information to craft emails that look more credible.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

 Anonymous Browsing

Most modern Internet browsers have options to perform anonymous browsing. You can utilize this function to help hide your identity. Here are instructions for anonymous browsing in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Optional third party browser plug-ins are also available to help enhance Internet privacy.

• Adblock Plus is a plug in to block ads. Firefox – Chrome
• ChromeBlock is a plugin to help increase privacy. Chrome
• Cookie Master is a Firefox plug-in to manage cookies
• Disconnect.me is a plugin to help increase privacy. Firefox – Chrome – Safari
• Do Not Track Plus is a Firefox plugin to help increase privacy.
• Ghostery is a free plug-in to view and block what trackers and advertisers a website uses. Available for most web browsers
• NoScript is an extension for both Firefox and Chrome which prevents scripting from automatically running
• PrivacySuite is a plugin to help increase privacy. Firefox – Internet Explorer (Soon)
• Trackmenot is a Firefox plug in to prevent tracking. Chrome version

Opting Out of Online Ad Personalization – Do Not Track

Advertising companies that are members of the Network Advertising Initiative (NAI) and other self-regulatory efforts allow users to opt out of personalizing ads that are shown. Here are instructions for opting out of online ad personalization in Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

The Network Advertising Initiative also has a page that allows you to opt out of online ad personalization from a variety of member advertising companies.

Other Opt-out pages:

• AOL
• Apple iAds
• Mastercard
• SelectOut – Optout of almost 200 trackers
• Self-Regulatory Program for Online Behavioral Advertising
• Yahoo

Using Linux for Internet Privacy

Linux can be utilized to enhance our Internet privacy. We can set up a bootable Linux USB key or CD, which allows us to start up our computer into a totally clean operating system, devoid of cookies and the like. Use one that has a write lock physical switch. Consult our article Creating a Bootable Linux USB Key or CD for more information.

Using a VPN for Internet Privacy

A VPN or Virtual Private Network allows you to tunnel your Internet traffic through a third party provider, making your traffic appear to come from a different location. While this option is more complex to implement, when combined with the suggestions listed above, a VPN connection forms a very powerful tool to protect your privacy. Consult our article How to Use Wireless Networks or WiFi Safely in Public for more information. Make sure you select one that is located outside the USA and which does not logging.

Email Snooping

Yahoo was exposed in 2016 to having scan all its customer’s emails looking at incoming email streams for a digital signature associated with a known terror organization.

The ultimate way to prevent email snopping is by running your own email server.  This has a cost and can result in your emails not going through.

Credit Card Privacy

Privacy.com creates secure virtual credit card numbers, hiding your real card.

Secure Instant Messaging

Privacy relates to how easy it is to ease drop into a messaging client.  Can the government listen in?  Is it encrypted?

The EFF has a great Secure Messaging Scorecard page.
Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

Silent Circle
Redphone
OSTel
Chat Secure
Signal (Formerly Textsecure)

Anonymous Registration

It is annoying registering for forums and many content sites where your real information is not necessary. When asked for personal information, we suggest you enter bogus information if you wish to remain anonymous. Create an email address that is tied to this information and save this information as a profile within password management utilities.

MySudo helps you create temporary emails address and phone numbers. Free Trial.  You can also this by create multiple gmail and google voice accounts.

Removing Yourself from Online Databases

There are several large databases that contain personal information that is culled from telephone books, court records, and other third parties. You can opt out of their data by visiting the following links.

• BeenVerified
• Family Tree Now
• Intelius
• PeekYou
• PeopleSmart
• Pipl
• Spokeo
• Whitepages
• ZabaSearch

A paid service DeleteMe helps automate this for $129/year

Identity Theft Protection

If you are a Comcast subscriber, you are eligible for free Identity Guard (discontinued). Consult your ISP to see if they have any free identity theft programs.

Social Security Account Setup

While we are on the subject of protecting you from identity theft.  If you have not already setup your Social Security Account, you should set one up before a thieve makes one before you.

Or better yet, block Electronic access to your Social Security Record.

TV Privacy

If you have a Smart TV, it may be watching or listening to you.  In March 2017 a Wikileaks CIA leak indicated that they are listening in on those with Samsung TVs.

• Turn off any Smart TV Functions on your TV
• Use an external Roku or AppleTV box instead
• Use a power strip and turn off the TV’s power that way

Opting out of TV data

Many TV content suppliers log your viewing habits and sell them to other companies.  Opt-Out of this madness! Cable and satellite television networks have their own opt-out for anonymous-viewer information.

• DirectTV – Contact the company by phone, email, or mail to opt-out.
• TiVo
• Optimum.net – They removed their opt-out page.
• Comcast
• AT&T
• Vizio – Vizio TVs spied on what people were viewing, causing the FTC to sue them.  The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.

Turn off iPhone Diagnostic Log Sending

To turn off sending of diagnostics data to Apple do the following:

• Open Settings
  
• Select General
• Select About
• Select Diagnostics & Usage
• Click on Don’t Send

Color Laser Printer & Color Copier Privacy Issues

The Electronic Frontier Foundation (EFF) discovered that most color copiers and color laser printers have been adding invisible tracking codes to every single printed page they produce. The government asked printer makers to do this in an effort to prevent counterfeiting. The dots help track what type of printer and its serial number as well as when the document was printed.

This relativity little known tactic can undermine anonymity for political, religious, or any other reason. Users need to understand this and tell printer manufacturers that they do not like this hidden invasion of privacy. For more information, take a look at this webpage and support their efforts.

If you are purchasing a new color laser printer, try to purchase one that does not print these invisible codes.

Kindle eBook Privacy issues

Reading in the new age via eReaders such as the Kindle expose users to additional privacy issues. Previously, with physical books, it was difficult for bookstores and publishers to know whether you had really finished a book, highlighted specific passages in the book, or what book you purchased next.

With eReaders such as the Kindle your privacy has gone out the door. Kindle users have to agree to allow Amazon to store information on the device and Amazon’s servers including where you left off in the book, notes, highlights, bookmarks, and more. With all of this information, the Electronic Frontier Foundation (EFF) is pushing for legislation to prevent eBook sellers from reveling people’s reading habits without a court’s approval.

If you are concerned about your privacy, you may want to steer clear of eReaders or utilize an eReader that does not any have Internet connectivity. Find one that allows eBooks to be downloaded to a computer and manually added to your eReader.

More Resources

privacy tools.io – Lists many resources that can help you reclaim your privacy

With some leg work, we can significantly improve the privacy of our online activities.

Online banking and online trading have been gaining market share every year. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their online banking and online trading safe and secure. In this article, we will help you bank and trade more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online banking and online trading when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Google Chrome, and Google Chrome.

4. Make sure you are accessing the online banking or trading website is using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the bank or brokerage takes transactions over the phone.

5. When creating an account at the online bank or brokerage, we recommend you use a unique password as it is far safer in case the website gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

6. Sign up for alerts from your bank or brokerage by email or text message. This will allow you to respond to any fraud rapidly. Also carefully check each month’s statement for erroneous or fraudulent transactions. Consider checking your outstanding transactions every couple of weeks via the company’s website.

7. Two factor authentication is available from many banks and brokerage houses. Bank of America, Citi, Schwab, Fidelity Investments, and several other companies have this available, so check with your representative. This technique forces the use of both a password and a number generated by the hardware security token in your position, both are needed in order to log in. Clearly if criminals got a hold of your password, they would not be able to login.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

8. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9.Internet Explorer Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. You can perform your online banking and trading within the virtual machine to increase security.

10. When banking or trading on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

11. Explicitly logout after you are finished.  Do not just close the browser.  This helps terminate your session officially.

Things Not To Do

1. Do not bank or trade when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do these safeguards make sense?

Security has become an ever more important part of using a personal computer. Increasingly, the daily headlines include news of companies and websites getting hacked. It is important to learn how to properly secure your wireless Internet as well as secure your personal computer.

This article focuses on how to secure your wireless network router so that you do not become part of the statistics. The wireless router typically includes a firewall that defines the perimeter of your network. Think of this as a fence, walling off your network from the Internet. Having a vulnerable wireless network allows criminals to ppossibly steal your data as well as Internet access. You could also become responsible for illegal downloading if your wireless Internet was compromised.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Government Spying via Compromised Wi-Fi Routers

WikiLeaks has confirmed that insecure wireless routers were hacked and users spied probably by the CIA.  If you own a router on the list, update its software immediately or buy a new one.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes.

Wirless Routers are a big Security Hole

The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers in late 2015. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Few routers automatically update their software, like Windows does. Most networking companies’ stop updating them after a year or two (They have no financial incentive), resulting in a major security risk.

Hackers can take control of insecure wireless routers to snoop on all your Internet traffic, initial denial of services attacks on others, or steal your financial information.

Cable or DSL Modem Direct Connection

Some high speed Internet connections allow you to directly connect your computer to the modem.  We recommend installing a network router in this situation to help protect the computer from external traffic. Install a wireless router and turn off the wireless capability if you do not need it.

Hardwired Ethernet Network

Secure wireless is an oxymoron! Using a hardwired Ethernet connection is much more secure than wireless Internet, a must for those looking for the maximum protection. Unfortunately, this is type of access is not possible for some devices (iPad, iPhone, etc.) and is far from convenient. Most users who demand the utmost in security and performance lay Ethernet networking in their homes and businesses. They may still run a wireless network, but limit access on that network to just a couple devices.

What is the most secure Wireless Router?

Wireless router hardware is available from many major manufacturers, including Apple, Cisco – Linksys, D-Link, or Netgear. We suggest avoiding smaller companies because they may be slow to update the software (firmware) and patch security holes. Unfortunately, even the large comes stop upgrade software on their routers after a year or two, you then should buy a NEW router. Fewer notify users of new software availability.

Manufacturer’s models differ in wireless range, speed, wireless standard support (Wireless-AC), and special features. Always make sure to update to the latest firmware available; bug fixes, security fixes, and enhancements were possibly added.

More Advanced Routers

The best routers are more robust routers targeted towards small business. They have more advanced security and are updated more often. If you are not technical, forget about buying one.

• pfsense – Makes a solid security appliance. Their 2 port model is more affordable at $299, $374 with 802.11N. You need to be somewhat technical to setup Virtual LANs.
• Ubiquiti Networks – Makes a great low cost multi port router, EdgeRouter X, for under $50. Add their UniFi AP AC Lite access points ($90) and you have one of the best and cost effective Wireless setups. Again not for beginners. Great Setup Guide

Cheap 3 Router secure Wireless Setup for IOT

Here is a good setup if you are concerned about security, are not a network expert, and need to have a guest network or have Internet of Things devices. (IE Nest Cam, Nest Smoke Detector, etc)  This configuration prevents these devices from snooping or intercepting your normal traffic. Using a typical Wireless router’s Guest network will NOT accomplish the same thing.

Kudos to Steve Gibson of Security Now. Buy or re-use a cheap old router that does not have to have wireless capabilities. We will be connecting them in a Y configuration. Connect this Router 1 to your Cable / DSL Modem.

Wireless Router 2 and Wireless Router 3 are both plugged into Router 1.

• Use Wireless Router 2 for all your computer, tablet, smartphone needs.
• Connect Wireless Router 3 with all your IOT or Internet of Things devices, like security systems, cameras, thermostat, etc.
• IOT devices should use a different DNS Server than your standard one.

Optimizing Wireless Routers for Maximum Range

• Physical Location – Where you place the wireless router is very important.
  • Position the wireless router to most central or optimal location for best coverage of your wireless network, and least amount of leakage to unwanted places like your neighbors or passersby on the street. This may be high up on a wall and may not be in the room the Internet connection is located in. Keep the wireless router away from microwave ovens and cordless phones.
  • If you have sufficient wireless coverage and your wireless router supports it, you could also Reduce your wireless router’s transmitter power so it doesn’t send the signal beyond your home.
  • Run a utility such as inSSIDer that helps you adjust your wireless router’s channel configuration to prevent interfering with surrounding wireless wifi networks. Wifi Analyzer for Android, Wi-Fi Finder iOS also works. Most routers are preset to channel 6, causing more collisions.
  • Antennas – Low cost 3^rd party add on antennas extend range without the need to buy a new wireless router; free antennas can also extend range. Some antenna’s omnidirectional, while others are directional, allowing you to focus a wireless signal. Replace the cheap antenna that came with your wireless router, to significantly increase performance.
  • Add an electrical power timer to turn off the wireless router when not in use or at night. This saves money and offers added security.

Wireless Network Router Settings

Wireless routers need to be configured properly to ensure proper operation as well as maximum security. Although wireless routers from different vendors include differing configuration options, most include these configuration settings. We have included screenshots for a variety of popular wireless routers, but can never cover every single wireless router available. We recommend disconnecting your cable or DSL modem while your router is being configured as some routers take a while to boot up and present an unfiltered connection while loading up.

Before you make any changes to your wireless router, always note how it was configured before the changes were done, so you can undo changes.

Access the administrator configuration for your wireless router by either running the software that was included with it or by accessing it directly from a web browser. For instance, Linksys router web interface for their wireless routers can be accessed when entering the following URL into your browser: https://192.168.1.1/

Administrator Password

• Password entered to gain access to the wireless router hardware. The administrator password MUST be changed from factory default to something difficult and long. Many people never change the factory password and leave themselves wide open to getting hacked. See our article on generating secure passwords for tips.
• Router Default Passwords can show you passwords for routers left unchanged from default
• Disable remote router access or Remote management so no one can change your settings from outside your network. On Linksys routers, it is located on the Administration tab – Management.
• Enable Logs so that you can go back and see where problems arose.

Cisco Linksys Wireless Security Settings

Cisco Linksys Dual Band 2.4Ghz 5Ghz Wireless Security Settings

DLink Wireless Security Settings

Wireless Encryption

• It is best to use WPA2-Personal security mode, AES encryption (do not select TKIP), a long Pre-Shared Key. Recommendation: Long (40+ characters) and include symbols, and upper and lower case. You will have to enter this password on each wireless device.
• Do not use WEP or WPA encryption as they are easily hacked. WEP encryption can be broken in under a minute. If you have hardware that does not support WPA2 encryption, replace the hardware.
• Always use encryption and NEVER have an open Wi-Fi access point without a password.

Mac Address Filtering

• This should be Disabled. This ensures that only authorized Wireless devices’ Mac Address (the serial number of the networking devices) are allowed to access the wireless router. Enabling it does not make it anymore secure against hackers. They can spoof Mac Addresses.

SSID

• Name – Change the default name. Do not use your address or a personal name. It is important to have a unique name so that when you’re away from home, your devices do not automatically try to logon to other wireless networks with the same name. This will also make you less susceptible to attacks using precomputing tables based on default names. Make sure you do not use names like: linksys, netgear, attwifi, 2wire####.
• To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it.  This prevents early Windows 10 installs from sharing it and Google from indexing it.
• Broadcast – Should be enabled to present easy access and prevent devices beaconing for it when it is out of range. Hiding it does not make it anymore secure against hackers.

UPNP – Disable this feature.  Very Important! It makes your network much more vulnerable. Although adding devices will require manual action. You could also enable Universal plug and play only when adding a new device.

Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier.  It makes your network much more vulnerable to external hacking. A flaw allows a remote attacker to recover the WPS PIN and, with it, the router’s WPA/WPA2 password in a few hours was uncovered in December 2011. Checkout our WPS article on this.

Some older Linksys routers have SecureEasySetup (SES), which can be disabled to increase security.

Bands – More advanced wireless routers operate on multiple frequencies at the same time.

• 2.4 GHz – This is the typical Wi-Fi frequency used by most wireless routers.
• 5 GHz – More advanced routers support this frequency. Your computer or Wi-Fi device needs to also support the 5 GHz frequency option, so an extra network adapter may be required. Utilizing only this frequency helps prevent your network from being probed by less sophisticated hackers. *Note* 5 GHz performance transfer rate decreases dramatically the farther the device is from the router. Buy a new router if this is the case.

DHCP

• DHCP is used to handout Internet IP Addresses to your local network devices. Be sure to set a limit to the number of DHCP addresses given out by your router. This number should correspond to the actual number of devices you own. Occasionally, login to your router and audit the number of DHCP addresses given out, to look for nearby Internet leeches. RogueScanner is a free tool that will help you find rogue wireless access points and devices.

DNS

Set the DNS (Domain Name Server) that the router uses to either your ISP’s DNS Server or better yet, to Google’s high performance DNS: 8.8.8.8

Leaving the field empty could lead to DNS spoofing.

Wireless Routers with Guest Network 

This is an IMPORTANT feature to look for in a new Wi-Fi router. If your wireless router is capable of setting up a separate network for your Guests and Internet of things (IOT – Cameras, Doorbells, etc) devices, you need to ensure that it is set up properly to prevent access to your main network. Keep in mind that some older guest networks (Linksys, Cisco) simply have a password but do not utilize wireless encryption such as WPA2. Buy a new router if this is the case.

Use a different password for this network and give this out to your guests.  Also place the following types of devices on this network, not your main network.

• Security Cameras
• Wireless Thermostats and Smoke detectors (IE Nest)
• Internet of things devices (Toys, Cars, Appliances, etc)
• Cars

Isolating Guest Network Access

If you have a D-Link wireless router, be sure that the Enable Routing Between Zones option is not checked. This will prevent access by a guest network client, onto your main network.

If you have an Asus wireless router, be sure that the Access Intranet option is set to Disable. This will prevent access by a guest network client onto your main network.

• Some Asus routers have Set AP Isolated in their Wireless-Professional Menu. Setting this to Yes for the 2.4Ghz Band will also increase security by preventing guest network clients from accessing each other.
• Advanced Asus Router users: If you are running 3rd party Asus Merlin firmware adding this rule to a firewall-start file will prevent guest network users from being able to access each others:
  • wl -i wl0.1 ap_isolate 1

Known Wireless Router Issues

If you own an AsusRT-N66U or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm.

Additional Security

• Options such as Radius Authentication may be supported by the wireless router. This is more for corporate or small business security. ZeroShell allows you to set up a RADIUS server inside a virtual machine.

Third Party Wireless Router Firmware

• 3^rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware. This many also be more secure than your original firmware.
  • Why? – Need a particular special feature. Often only for power users.
  • What features would be available? – Stability, security, configurability
  • Wireless Router Compatibility – Check website to see if your wireless router is supported by 3^rd party firmware

• Tomato – Popular 3^rd party replacement firmware for many wireless routers.

• DD-WRT – Popular open-source 3^rd party replacement firmware for many wireless routers. This firmware enables you to adjust the transmit power of the router to help boost range.
• Asuswrt-Merlin – This 3rd party alternative firmware is focused on Asus routers.

Buffalo  makes wireless routers with DD-WRT pre-installed. This allows them to reduce the amount of software (firmware) they have to write, and concentrate their efforts more on hardware. If you are afraid of accidentally damaging your wireless router by installing 3^rd party firmware consider purchasing a Buffalo High Performance wireless router.

• Do It Yourself (DIY) Wireless Router – allows for advance features , good if you have extra computers, higher performance needs, QoS, IP filtering, traffic stats, special network configurations that are not mainstream.
  • Smoothwall – Popular 3^rd party Linux based router software. Runs on any Pentium-class PC with at least 128 MB of RAM. Snort Intrusion Detection System support is also available, so you do not have to run Snort in a separate installation.

Testing Wireless Router Security

Testing wireless router security is important to see how secure your wireless router really is. Here are some sites that help test your wireless router’s security. You can adjust your configuration to close any vulnerabilities they find.

• Rapid7 – Has penetration testing software
• Shields Up – Tests your network with tools from Steve Gibson of GRC.
• HackerWatch – Tests your network with tools from McAfee.
• HackerTarget – Multiple tests on your network
• Arachni – Security scanning framework

By applying special settings to your wireless router, you can significantly increase the security of your wireless network to prevent theft and secure our privacy.

Also keep you wireless router’s software up to date and buy a new one every couple years, if there has not been an software update recently.

This concludes our How to setup a Secure Wireless Network Router  article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless network Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Passwords are one of the biggest security problems on the Internet, possibly even more so than Malware. Poorly chosen passwords and security questions are making online accounts easily hackable by cyber-criminals.

1. Check to see if you have a compromised account
2. See if a password you used has been hacked

Everyone knows it’s important to create and use complex passwords, ones that do not include:

• Words from the dictionary of any language
• Personal information such as names of your kids, pets, addresses, etc.
• The same password for more than one site
• Ones that are written down

Few people follow this type of policy. If you are guilty of one or more of the above, you are at risk of getting hacked. Hackers are able to use brute force attacks to test over 200,000 passwords per hour. As technology improves, they will be able to test passwords even faster. In this article we will help you create, store, and easily use secure passwords.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Better Usernames

We suggest users first start with a non-obvious username. Don’t use your first name or first name + last name as your username throughout your online accounts. Make up a name or alias. Include numbers and/or upper and lowercase letters. Better yet, use a different username on every site. The password managers recommended below will automatically remember all your logins.

What is a good password?

1. Characters, numbers, symbols, length, complexity

A good password has alphabetical characters of both upper and lower case, numbers, symbols. The password should be at least 12 characters in length. Length is more important than complexity. Computers have gotten so fast that they are able to password crack shorter passwords in no time especially with high speed GPUs. Keep in mind that some online services have limits as to what characters are valid and how long a password can be.

Examples of good passwords include: 9F1%6!Q(&3mdIOe39 or f7aX3z&a8L2;’\]

These are pretty hard to remember, aren’t they? We will include suggestions on how to create strong and easy to remember passwords below.

2. What passwords not to use

There should be no words from the dictionary of any language, present in your password. No personal information should be in your password including birthdays, names, addresses, phone numbers, etc. Develop a mnemonic system for remembering complex passwords.

Examples of bad passwords include: 12345 or john or 123elm or password

If you have to use one of these passwords, at least harden them with some extra symbols and length.

Examples of better passwords include: 12345!!!!???? or !!!!john!!!! or $$$$123elm$$$$ or %%password!! or {[password]}

Not only are the passwords only slightly more difficult to remember, but the security is enhanced by orders of magnitude.

3. Every website you visit should have a different password. The average Internet user has over 25 password protected accounts. If you only use one password, you would be in danger of losing your entire universe, if only one site got hacked and they stored passwords in plain text.

Examples of better passwords include: 12345!!!!????ebay or 12345!!!!????gmail

Another way to create an easy to remember but secure password is to come up with a memorable sentence or phrase and use the first character of each word. Append onto the end of each site’s password, the name of each website and a symbol and a number.

Example sentence: Jack and Jill went up the hill to fetch a pail of water

Website: gmail.com

Password: JaJwuthtfapowgmail!1

4. How often to change your password

Passwords should be changed every so often, especially if you think it has been compromised. Changing a password too often causes major logistical problems. Some companies require password changes every XX weeks.  This causes more harm than good. Works will then reuse old passwords or slight variants of them. The focus should be on changing the most important and most used passwords every couple months. US-CERT has additional password tips.

5. Avoid sites that are not making security a priority. See the posts on Plain text Offenders.

How to create secure passwords

Read the National Institute on Standards and Technology’s 2017 password guidelines.

1. Manually creating passwords

You will basically pick numbers, characters, and symbols at random and keep doing so until you have created a fairly long password. The upside is that it is easy to do, but the downside is that you will probably not pick very random passwords.

2. Web pages that create secure passwords

There are several websites that help you generate secure passwords. Keep in mind that having to visit a website every time you need to generate a password, becomes inconvenient really fast.

• GRC has a password haystack page that helps compute how long it would take to hack a given password.
• GRC also has a page that generates high-security passwords.
• PC Tools helps you generate secure passwords with customizable criteria

3. Software Utilities

Several free software programs can also help you generate secure passwords. Most of these programs also store the passwords, so they’ll be covered in the section below.

4. Password testers

It is best to test your password’s security with the hacking tools the expert hackers use. Windows-based password hacking utilities include: John the Ripper password cracker, Cain and Abel (Windows only)

5. Password recovery questions or security questions

We recommend that users enter secure passwords in these fields and not the true answer. Hackers can and have mined social media including Facebook to extract answers to these questions. You can alternately put in the correct answer and then consistently append a word to it.

6. Need to register and generate a password to see content?

BugMeNot.com is a database of usernames and passwords for sites that require logging in to see content.

7. If you use Steam, turn on Steam Guard so you need to respond to an email or use a mobile code every time you login to Steam from a new computer. Blizzard has an addon two factor authentication app to protect their gaming logins for iOS, and they also have a hardware authenticator for sale.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

Many sites give alternate methods of logging in, if you do not have your second factor available. Commonly these are using your social security number or birthday, data that could be publically found.  This helps negates the advantage of two factor.

In the end, using Two Factor authentication is better than not using it.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

8. There are password cracking utilities from companies like Elcomsoft that can break the encryption on many programs and even smartphones. Keep this in mind when assessing the security of a product.

9. If you are buying a new notebook, consider buying one with a hardware security module built-in. The new Intel Ultrabook lightweight notebook specification includes support for a IPT Identity Protection Technology hardware security module or Trusted Platform Module (TPM) that can enhance security by requiring both a password and this hardware key to access certain websites.

How to store and use secure passwords

1. Do not store your passwords in a simple Word or text document. Also, do not write your passwords on a piece of paper or Post-it note. Obviously, your passwords could be easily stolen this way. Storing password in a browser is also a no-no. They have been hacked easily. If you really need to write down your passwords, only write down parts of your passwords and or login, and leave the rest blank.

2. The best place to generate and store passwords is a password wallet utility program.  Our goal is to find a Multi-platform PC, Mac, iOS and Android compatible program that can create  secure passwords, save the passwords, and automatically fill forms with the secure passwords. Here are some examples:

• Lastpass – A password manager that works on Windows, Mac, Apple iOS, Linux, WebOS, Windows phone, Symbian, Android, and Blackberry. Stores data on the web for access anywhere and at anytime. Automatic form filling, one click login. Supports Yubikey, multi-factor authentication including Google two step authentication. Free for mobile users starting in August 2015. Make sure you have Password Iterations set higher than 1. Downside: Mobile version costs money, data is stored on their servers. A two factor authentication system using SMS text messages is not secure.
• KeePass – Open source password manager with auto type capabilities. Available for Windows.  Unofficial versions for Apple iOS, Android, Mac, Linux. Be sure to select the options to:
  • Lock workspace after KeePass inactivity
  • Lock workspace after global user inactivity
  • Lock workspace when minimizing main window
  • Lock workspace when locking the computer or switching the user
  • Lock workspace when the computer is about to be suspended
  • Lock workspace when the remote control mode changes
  • Downside: Password database is stored locally, no online synchronization.
• 1Password -A $49.99 password and identity manager that automatically save and fill website logins. Supports Apple iOS, Android, Mac, and Windows.
  Downside: Cost, Can’t retrieve master password.
• Passpack – Free version supports up to 100 logins. Windows only. Supports most browsers. Supports yubikey. Uses Adobe Air. Allows sharing of logins.
  Downside: Adobe AIR only. (No iOS support)
• Password Safe – Open source password manager for Windows.
  Downside: Windows only.
• Roboform – A password and wallet manager for Mac and Windows that is complete with 1-Click form filling. One identity is Free, Unlimited Logins, Identities, Bookmarks, Safenotes and more cost $29.95.
  Roboform everywhere supports Apple iOS devices, Windows phone, symbian, Palm, Android, and Blackberry. It costs $9.95 for the first year. $19.99/year thereafter.
  Downside: Cost, occasionally pops up when not needed, smartphone apps can’t fill forms, remote access doesn’t allow editing form-fill data.
• Clipperz – Free Online password manager from an Italian company.
  Downside: Web based, requires connection.
• SafePad – Is a notepad with password protection

Our recommendation is to use one of the password managers above for most of your passwords, while remembering a couple important passwords through memorization. Your e-mail, online banking, and online trading passwords should not be stored within these password managers.

Important: If you use a password manager and use its convenient form filler, DO NOT enable automatic form filling. You could be brought to a malicious page and have all your information automatically entered on it, before you realized it.

3. Never send your password via email, over a social network like Facebook, or via phone.

4. Do not forget to backup your Google account with Google Takeout

We have covered many ways for you to create, store, and use secure passwords. If more people utilized the techniques covered above, fewer password intrusions would occur.

Free Wi-Fi is available in many locations, from your local café or Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.

Many public wireless networks are completely unencrypted so that users can log on to them easily. This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.

Finding Free Wi-Fi

• Boingo has a Wi-Fi locator. The Starbucks and McDonald’s entries are free.
• There are several free apps that help you find Wi-Fi – search the app stores for Wi-Fi

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Secure web browsing using HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

Disable File Sharing

Prevent sharing of any files or folders that are unnecessary. This should be obvious, but becomes a large problem if you are connected outside the home, to a public network. When you are on a public network, you do not want to share files, printers, or any computer resources. To turn off file sharing under Windows 7 do the following:

• Click Start Button
• Type Network and Sharing Center into Start menu’s Search Box
• Select Network and Sharing Center from the results
• Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.

If you are using a Macintosh, consult this article on how to turn off sharing.

Enable your firewall

A firewall prevents unauthorized users from accessing your computer. Windows 7 and Windows Vista have a built-in firewall that is enabled by default. If you are running on the Mac, consult this article on how to turn on your firewall.

Connecting to a Public Wi-Fi Network

When you are setting up a new network connection, Windows will prompt you to choose what type of network this is. The choices are Home Network, Office Network, or Public Network. A Home Network is the most open network because all computers on the network will be treated as friendly, allowing for easy sharing of folders and files, and also allowing the creation of a Home Group for all computers on the network.

Office Network is slightly more strict, but the Public Network is the most strict. Selecting Public Network will hide your computer on the network and disable file and print sharing. This is recommended if you are running a notebook and connect to external networks often. If the computer is only used at home and file or printer sharing is used, do not change the setting.

If you need more control when connecting to different networks, try the Window’s Utility NetSetMan. Macintosh users can try AirPort Location.

Setup a VPN or virtual private network

A virtual private network (VPN) is a secure, encrypted tunnel for your computer to communicate with the Internet. All traffic travels over this secure connection, preventing hackers or your ISP from eavesdropping. VPNs help secure Internet traffic that is not sent using SSL secure connections.

The tunnel starts on your computer, travels over the public wireless network, and connects you with either a VPN server in your home or one that you subscribe to. Your data travels over a secure, private network even though you may be accessing a public insecure network. There are several free VPN options as well as many companies selling VPN access.

Be aware that using a VPN to order products online may cause some unforseen problems. The VPN will make your IP address appear to be located wherever the VPN server is located, which could be in another state or even country. If you order an item and have it shipped to a location different from where your VPN server was located, some fraud detection systems might flag the order as being fraudulent.

Some VPN services log your activity or many be required to do so by where they are located.  They may claim no logging but the fine print indicates otherwise. We recommend not using the Free services.

Here are some free VPN options:

• CyberGhost VPN free – Installs software on your machine to access their free service. This service is usually overloaded during daytime hours and requires users to wait in a queue for free access. They also have paid accounts that do not require the wait. One downside of this service is that we found several sites which are not accessible through this VPN. PC only; no Mac version.
• Ultrasurf – This free VPN service was mainly designed to circumvent the firewall in China. This VPN only supports web traffic and not other internet traffic like FTP or VOIP. We found that this VPN service does not support certain websites, including WordPress administration pages. PC only; no Mac version.
• Hotspot Shield – A free service for Windows that is slow and filled with ads, spys on you, but works. Paid version eliminates ads. Warnings
• proXPN – Free version is bandwidth throttled and does not allow you to select a country.
• Tor – Is not really a VPN but it will shield your traffic.

All the free VPN services have limitations. If you can work within their limits, we suggest you utilize one. Many users require more robust VPN access and will have to either set up a VPN server on their home computer or sign up for a paid VPN service. Note that most VPNs and Proxy services will not tolerate illegal activities and will cooperate with authorities.

Some proxy servers intentionally strip HTTPS secure connections. Test your proxy at proxycheck.

Setting Up Your Own VPN Server

There are several options for setting up your own VPN server. Most of them require advanced user knowledge of PCs and/or Linux. While this option requires a lot of user intervention and computer hardware, the resultant VPN can be very feature-rich and is essentially free.

• Algo VPN – Easy to use scripts to setup a VPN on DigitalOcean (most user friendly), Amazon EC2, Google Compute Engine, and Microsoft Azure.
• Asus Wireless router – Several Asus routers have VPN servers built in.
• Adito – This VPN server is written in Java and requires a Linux installation on your machine. Adito is very feature-rich.
• OpenVPN ALS – This VPN server is a descendant of Adito and also requires Linux.
• Logmein Hamachi – This zero-configuration freeware VPN tool allows users to easily connect to computers behind network routers. Users can use this software to access their home computers from a Public wireless network or any other location. Hamachi helps to make it appear that you are actually located on your home network, so you have full access to resources such as your printer, music server, files, and other computers. Both Clients must have Hamachi installed on their computers and join the same group for Hamachi to work. Many people use this software to play network games. This software is partly controlled by the company that makes LogMeIn remote control software. It works on Macs and PCs. Lifehacker has a tutorial on how to use Hamachi.

Signing Up for a Paid VPN Server

Users who travel or are not satisfied by the options we listed above, should sign up for a paid VPN account. This type of VPN access gives the use maximum flexibility and compatibility with various applications.

PPTP protocol is built into Windows and is the VPN protocol of choice, but is easy to block. Open VPN requires a software download for installation. Open VPN will work in places where PPTP VPN is blocked, typically countries in the Middle East or China.

PPTP VPN typically offers less secure 128-bit encryption compared to OpenVPN based VPN servers who can offer up to 2048-bit encryption.

• Overcome geographic locks on website access. Hulu.com and Pandora.com are only accessible from within the United States. Users can purchase a VPN account from a service that makes you appear to be located in the U.S. even though you are abroad.
• Access the internet anonymously. Your IP address will be anonymous and cannot be tracked.
• Security. Use public wireless hotspots securely and prevent others from stealing your identity.
• Bypass firewalls. Access sites that are banned in your country. Log in to Facebook when you are in China.
• Skype discount. You can appear to be located in another country and make “local” calls within that country.

What to Look for in a VPN Provider

• Price – Obviously, the cheaper, the better, but the cheapest providers have a limited feature set and slow performance. Open VPN support cost more.
• Payment – Bitcoin support helps improve your privacy
• Length of Contract – The longer period you commit to, the lower the price.
• Countries – Different VPN providers have servers in different countries.
• Encryption Strength – The stronger the encryption, the higher the price.
• VPN Software Compatibility – Some VPN servers require special client software for higher security access like OpenVPN.
• Logging – Make sure your VPN provider is not logging your Internet activities. You cannot really take their word for it though.
• Speed – Some lower cost providers overload their servers and Internet connections, slowing access.
• Location – Pick someone outside the US and UK, if you really want to be private.
• Blocking – Avoid picking a large VPN provider that may have access blocked to certain large websites.
• DNS and IPv6 leaks – Avoid VPNs that have problems with this.

One of the biggest problems, especially with the well known VPN providers, is websites blocking them.

With PrivateInternetAccess, we found we could not visit certain websites, including Target.com and BestBuy.com!  Make sure you have a limited time trial to test the service.

Users should examine their needs and budget, and select a VPN provider that fulfills their requirements. It is wise to Google search the provider, looking for problems or disgruntled users before signing up. Google search for VPN providers is almost useless as there is so much affiliate spam that finding honest reviews is hard.

privacy tools.io has a list of VPN providers with minimal logging some of the lower cost ones are:

• NordVPN – Panama – $48 a year
• Cryptostorm.is – Iceland – $52 a year
• We have used AirVPN and find it ok, but their Mac Client is buggy.

We have tried some that are based outside the US and the connection speeds were very slow, even with their US nodes.

VPN Discovery

VPN Hunter is a service that scans a specific domain name looking for VPN servers and then classifying them by the manufacturer and possible security holes.

SSH Tunneling For Security

Power users could setup a SOCKS Proxy over SSH tunnel to increase security even more when using a Public wireless network. This basically sends all web traffic through an encrypted SSH connection to another computer that you have set up elsewhere. Web browsers need to be configured to use a proxy server, so using a VPN server is a lot easier and allows all types of Internet traffic to flow through it.

Advanced Security Tools to prevent man in the middle attacks

Many people have their smartphones and laptops set to automatically log into wireless networks such as their home’s and free Wi-Fi hotspots like McDonald’s, Starbucks, or attwifi. Your device will keep looking for these names and automatically join you to their network. Hackers could set up wireless hotspots with exactly the same name to lure your device to join their network automatically. They would then start capturing all your traffic while sending it across the Internet. We suggest you manually join wireless networks and disable automatic joining.

To prevent man in the middle attacks, where a hacker is pretending to be a wireless access point and capturing all your information, you need to install special software to prevent ARP cache poisoning attacks like this software utility.

When You are Finished Using a Public Wi-Fi Hotspot

When you have finished your online activities, it is important that you turn off your Wi-Fi connection to the public wireless network. Intentionally logging off will prevent any accidental data leakage. In Windows, you can simply right-click on the wireless signal bar icon in the task bar to disconnect from a wireless network.

With some attention to security, free public Wi-Fi can be a useful tool and a safe one.

This concludes our How to use Wireless Networks or Wi-Fi securely in Public article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Google Chrome is one of the most popular web browser for Windows, Mac, and Linux. This makes it a large target for malware and cybercrime. We will focus on securing Google Chrome, and will significantly increase the browser’s security through add-ins and special hardening settings. We also recommend running under Windows 10 or Windows 7, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

The #1 Tip for Chrome Security

Keep it updated.  Google fixes bugs quickly and updates an internal Flash plug regularly. When you start Chrome, you should select from the Chrome menu – Settings – About – If it shows a newer version, download it and relaunch before doing ANY browsing.

Why Chrome?

Chrome is a much newer browser than Firefox or Internet Explorer.  It is not saddled with all the baggage of IE, where a change needs to be regression tested with many parts of Windows.  Firefox has been around for a while and is also slowed down with lots of historical code.

A recent security test from Accuvant Labs found Chrome more secure, primarily due to its Sandbox technology.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Google Chrome includes the following security oriented features:

• Safe Browsing
• Sandboxing
• Auto-updates
• Built in PDF viewer
• Built in Adobe Flash – Kept up to date by Chrome

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Google Chrome Add-ons

Software that enhances Google Chrome can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Google Chrome to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Google Chrome through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

• Adobe Flash is built in to Chrome. A pdf viewer is also built in. We recommend Disabling it
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Flash Player in the list of plug-ins. You may see more than one Flash Player listed.
  • Select Disable for each Flash Player listed
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – Is disable by default on newer version of Chrome.  We recommend removing it from your system unless you really need it.
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Silverlight in the list of plug-ins.
  • Select Disable for each one listed

Hardening Google Chrome’s Settings

Google Chrome can be secured even more with several key changes to the browser’s settings. We have selected all the Critical settings for Google Chrome.

1. Prevent Google Chrome from saving passwords

Google Chrome can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

1. Launch Google Chrome
2. Click on the Dashes Icon on the far right
3. Select Options
4. Select Personal Stuff on the left hand column
5. Make sure Never save password is checked
6. Click Manage Saved Passwords
7. Click and remove all saved passwords

2. Mark Valuable Data Inaccessible to Google Chrome

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Google Chrome. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

3. Allow Google Chrome to update itself

Google Chrome automatically tries to update itself, which is a good thing, but if it asks whether it is ok to restart the browser to use the new version, be sure to say yes right away.

4. Google Chrome secure website warnings

Google Chrome displays warning icons when you visit a website that has possibly dangerous information on it. Look for the following icons right next to the https:// in the browser.

The site uses SSL, but Google Chrome has detected insecure content on the page. Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

5. Sandbox Google Chrome plugins

Google Chrome has an option to for plugins to be run in a safe sandbox. Make the following change to enable this feature. Note: Files and folders marked with the everyone permission, will only be accessible.

1. Press Start menu
   
2. Right click on Google Chrome
3. Select Properties
4. Add the following text to the Target field, right after “chrome.exe ” –safe-plugins. Make sure there is a space after .exe.
   
5. Click OK

6. Prevent Chrome from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They are supported in the latest Chrome. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem by adding the following when launching Chrome:

--disable-accelerated-compositing

7. Enable Server Certificate Revocation Checking

Note: This was removed in later versions of Chrome

Most browsers do not have a setting enabled by default to check Security certificates to see if they have been revoked. It is important to do this, otherwise you could be access a sign with a stolen certificate and it appears to work fine.

1. Click on the Dashes Icon on the far right
2. Select Settings
3. Select Show advanced Settings.. at the bottom
4. Scroll down to HTTPS/SSL and Check Check for server certificate revocation

8. Check for Compromised Digital Certificates

The NSA has a PDF that describes a way to help Windows defend against Compromised Certificates.

You can also run the RCC program to check for untrusted root certificates.

Helpful Google Chrome Add-ins

Docs PDF/PowerPoint Viewer – Automatically previews pdfs, powerpoint presentations, and other documents in Google Docs Viewer. No need to download pdf files to your computer and potentially have a bug in Acrobat cause a security problem.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

ScriptNo – A ‘NoScript-like’ extension for a safer and faster Chrome. Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting.

KB SSL Enforcer – Automatic security, browse encrypted using HTTPS secure connections whenever possible, automatically.

Flashblock – Blocks Flash so it won’t get in your way

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Google Chrome can warn you if it detects that the site you’re trying to visit is suspected of phishing or containing malware. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Google Chrome to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Google Chrome from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Google Chrome Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. You can manually install Google Chrome. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins. You can manually install Google Chrome.

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Google Chrome settings and adding add-ons, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Linux is a great operating system to supplement your existing environment. We suggest using it on a bootable piece of media to perform your more important online tasks, such as online trading and online banking.

How to use Linux for secure computing

1. Installing a Clean Linux OS with no modifications, program add-ons, etc, helps prevent keyloggers, spyware, and other malware from being installed. Burning Linux Live CD to a write only media such as a CD/DVD or a Kanguru USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

2. Ubuntu Linux is a user-friendly Linux distribution and a good bet for most Linux newbies and novices. Try it on USB drive or burn it to a CD, there is no need to install the operating system on to a hard disk. We recommend you use an LTS or long term support version of Ubuntu so that there is long term stability to your Linux choice. (10.04 LTS is a good choice) The other popular Linux distribution is known as Fedora, it is more data center, server-oriented. If you are reading this, Ubuntu is the way to go.

3. Unetbootin is a useful utility that creates a bootable live USB drive or flash drive from Linux distributions, such as Ubuntu, Fedora, etc. It even downloads the Linux distribution automatically.   This program run on Windows, Mac OS X, and Linux, but the resulting USB drives are bootable only on PCs.

4. Backtrack is a specialized Linux distribution for penetration testing. It is filled with useful tools to test the security of computers and networks. You can use Unetbootin to install it on a USB drive. Backtrack is designed for security experts, it is not easy to learn.

5. Tails is a preconfigured Linux distribution full of security essentials. It includes the Iceweasel browser, which utilizes the Tor network for anonomys browsing. HTTPS Everywhere, Adblock Plus, and NoScript are preloaded, to increase security and block ads.

6. If you cannot make a Linux Boot Disk, use a Chromebook.  It runs a custom version of Linux and does not run software, like Flash or Java. Login using guest and you will use the chromebook with no installed chrome web apps. After you log out, all traces of your activity are erased.

Use the Chromebook only for your banking, no email or web browsing!

Tor is only as secure as its exit nodes. If a hacker creates an exit node, they can ease-drop on all communications.

Claws email client with OpenPGP is included for secure email. LUKS is utilized for automatic file encryption.

Does this make you want to try Linux? Have you used a Live CD?

We feature many different security tutorials.

• Learn how to secure your PC, find free anti-virus software, and find Windows security software
• Secure your Mac and find free Mac security software
• Use Linux for secure online banking, online trading, and online shopping
• Secure your wireless network (Wi-Fi)
• Learn how to create, store and use secure passwords

Harden the Security of your Browser

• Chrome
• Internet Explorer 9
• Firefox

Boost the Security of your Smartphones and Tablets

• iPhone
• iPad
• Android Smartphone or Tablet

Learn how to perform the following Safely and Securely

• Online banking and online trading
• Online shopping
• E-mail