How to Secure Your Web Browser

Security
Photo by Yuri Samoilov

In this article we look at how to secure your web browser and protect your online privacy.

Which browser is the most secure?

When choosing a web browser to use, many of us consider which one is the fastest or is recommended by our favorite websites, but which one is the most secure?

According to a report by Cyber Security Blog, no browser stands above the rest in terms
Vulnerabilities by Browserof security. Over an 18 month period all 5 major web browsers had hundreds of vulnerabilities discovered. Internet Explorer, Google Chrome and Firefox all had a similar number of vulnerabilities–over 200 each–while Safari and Opera had less than 200 combined. Does this mean Safari and Opera are more secure browsers? Most likely no; the best explanation is found in market share. These 2 browsers combined only account for 5% of all web traffic. Lower market share means less opportunity for profit. Opera and Safari are targeted less often by hackers, so fewer vulnerabilities are discovered.

Does it matter which browser I use if they are all vulnerable?

All web browsers are vulnerable to security flaws. We at IWKYS recommend using browser extensions to beef up security and protect your online privacy. Two browsers stand out as the most friendly to extensions: Google Chrome and Mozilla Firefox. Stick with either of these browsers and install the following extensions.

Our recommendations for the best browser extensions in three categories: Ad Blocking, Security and Privacy.

Ad Blocking Extension – AdBlock Plus (Firefox, Chrome)

AdBlock Plus blocks ads on webpages such as pop-up ads, video advertisements on youtube, flashy banner ads and more. It does not require any configuration and works well out of the box.

Not all ads are blocked by default; they allow ads on webpages considered acceptable to be charitable, or websites that rely on advertising revenue, but you can change this setting and block ALL ads. Adblock Plus has a couple more features that are optional: you can disable social media buttons, prevent websites from tracking you, and block websites that are known to have malware. 

Security Extension – NoScript (Firefox) / SaferScript (Chrome)

NoScript for Firefox and SaferScript for Chrome will both block all scripts from running on web pages. This includes Java, Javascript, Flash and others. These scripts can pose a security risk because they can be used to download malware to your computer, steal personal information (side note: Edward Snowden recently recommended using NoScript to protect against government snooping). Be aware these extensions are very powerful and using them will break a lot of web pages because scripts perform legitimate functions on many sites. You will need to manually allow scripts on pages that you trust so that those sites work properly.

Security Extension – HTTPS Everywhere (Firefox, Chrome, Opera)

This extension will encrypt your traffic to major websites so that your web traffic cannot be spied upon. As long as the website you are visiting supports encryption this extension forces that website to connect to you through an encrypted channel called HTTPS. This extension does not require any configuration but you will on rare occasions need to whitelist web pages that do not run properly with this extension.

Privacy Extension – Ghostery (Firefox, Chrome)

Ghostery protects your privacy by blocking tracking cookies and other third-party trackers such as facebook widgets, advertisements, hidden tracking elements and more. By default Ghostery does not block any trackers; when you visit webpages it will show you the trackers on that page and allow you to block them. In the settings you can also tell Ghostery to block whole categories such as advertising or analytics across all web pages.

 

The Dangers of Generic Apple Cables

The new USB cable used in all Apple iPads/iPhones/iPods is called the lightning cable.

Apple charges $20 for the 3 foot lightning cable and $30 for the 6 foot lightning cable. Seizing an opportunity, many third party manufacturers have started to sell their own lightning cables, with some no-name manufacturers selling them for as little as a couple dollars. 

applechip

These Lightning connectors are more than mere cables; they contain an actual chip inside of them. No one is entirely certain the purpose of this chip, but it is believed to be used to regulate voltages, make the reversible feature of the cable possible, and also allow the device to verify it is a legitimate cable. 

This authentication chip is reverse engineered by third party manufacturers to make their cables work. There are reports that some of these third party Lightning Cables cause damage to your iPhone or iPad, they can fry part of the logic board or kill the battery. Add to this many of them use low quality wires that are not shielded correctly which can easily break and cause electric shock.

Apple has developed a program called the MFi program, or the “Made for iPod/iPhone/iPad” program. This is a certification given to manufacturers that meet Apple’s performance standards.

If you are looking to get a new cable for your iPhone or iPad and want to save a few bucks here are the cables we recommend.

Anker Lightning to USB Cable 
ankerimage

Anker has a 3ft Apple MFi certified lightning to USB cable available for purchase here.
Anker is a mobile accessory company. This is a sturdy cable, and Anker backs it with an 18-month hassle-free warranty. The lightning end of the cable is also slim like the Apple version so as to not have any problems fitting into iPhone or iPad cases.

At the time of writing this cable is available for $13.99.

Amazonbasics Lightning to USB Cable

amazoncable

Amazon has recently gotten into the cable market selling their own branded cables. This lightning cable is available for purchase here.
Amazon backs this particular cable with a 12-month limited warranty, and the lightning end of this cable is slightly fatter than the original and may cause problems with some iPhone or iPad cases.

At the time of writing this cable is available for $10.99 in the 3ft version, and $13.99 in the 6ft version.

Video explaining the problem with Facebook

The problem with Facebook video clip

What’s wrong with Facebook? The popular social network has been increasingly restricting what you see and who your posts reach. In the process of trying to cut down how many status updates your newsfeed displays, they’ve ended up blurring the lines between the advertisers, content creators, and average individuals on the site. As a contrast, content creators on YouTube are paid through working with advertisers, but on Facebook the content creators have to pay to reach their own fans who already “Liked” their page. Watch this video to understand the problem.

[Video on YouTube]

.

How to Opt-Out of Turnstyle’s Mobile Device Tracking

How to opt-out of Turnstyle tracking
Turnstyle’s opt-out tool

The Wall Street Journal reported yesterday on one of the companies using sensors in different locations to track mobile devices, including where each phone shows up around a city and how frequently a user visits that place [What Secrets Your Phone Is Sharing About You].

As with other surveillance and tracking, services like these allow for more targeted marketing and sales but introduce big privacy concerns.

The WSJ profiles just one of these tracking companies named Turnstyle, which according to GetTurnstyle.com, “provides location based marketing solutions and consumer analytics for brick and mortar retail stores.”

Thankfully this company currently provides smartphone users with an easy-to-use online tool for preventing a phone or mobile device from being tracked, with the instructions: “Enter your device’s MAC address to opt out of Turnstyle Solutions’ services and remove your phone’s identifier from our databases.”

Opt-out of Turnstyle’s services here: http://www.getturnstyle.com/opt-out

Users then see a confirmation, “You have successfully opted out of Turnstyle Solutions’ services.”

What should concern us is the lack of warning about being tracked in the first place, and rather than sign up for the service, users are by default enrolled–only being removed if they go through the steps provided. Most people will not even become aware they were ever being tracked (Some might be aware and not realize the implications, which is another matter). One final question to keep in mind: what other services are also participating in this kind of tracking and storing uniquely identifying details in databases without our knowledge?

.

Tickets stolen after social media photos with barcodes posted

Concert tickets showing barcode on Internet A headline from ABC News in Houston, TX this morning caught my attention: “Thieves stealing barcodes from pictures of event tickets posted on social media.”

This can include using sites such as Facebook or Twitter to share images of paid events that others might want to enjoy–think football, baseball, basketball games, hockey matches, concerts, and more.

“…barcodes can be copied from pictures of real tickets and printed on homemade tickets. That would let someone else into the event while the real ticket holder gets shut out… Scam artists can make fakes and sell them to unsuspecting concert goers.” (source)

How come it’s so easy for the scammers?

Many barcodes have their actual number printed next to the barcode, which means anyone with a barcode maker could type in that number and add your barcode to their homemade counterfeit or home-printed ticket.

Picture of concert tickets online

So how can I prevent someone from stealing my ticket online?

Don’t post pictures that display the barcode. Cover it up if you must publish it, or wait until the event has ended. Also, in the case of showing anything valuable, make sure your social media privacy settings are set as visible to Friends only, rather than Public.

What else can we learn here?

Be careful about buying any event tickets from third parties. That doesn’t mean none can be trusted, but it should make us more cautious about trusting the seller, even if the seller didn’t realize they may have been given counterfeit tickets.

Fire hazards: Generic laptop power cords

Dangerous laptop charger
Photo credit: Sarah / IWKYS

Recently I heard from a friend whose laptop power cord got so hot that it melted a hole in her carpet. Turns out it was a generic branded adapter, not specific to the laptop manufacturer. While some of these off-brand adapters and power cords may be safe and of sound quality, it’s unfortunate that others are dangerous safety hazards, making it a gamble to purchase one. You’ll notice in the photo that there is no brand name on the label, but that the model suspiciously contains the characters “HP” without claiming to be made by HP, a well-known computer manufacturer.

I decided to look up one of these generic “notebook adapters” on the Amazon Marketplace, and here are a few quotes from the reviews of just this single item:

  • “The power adapter gets so hot that it actually burnt the skin of my two year old son.”
  • “…it decided to make my living room stink of melting plastic… it overheated and died.”
  • “I received the first charger and it did not work. So I decided to return it and buy another one because it was cheap. The unit arrived promptly but it makes a terrible noise when you plug it in which apparently means it is failing…”
  • “…it burnt up in two weeks, the adapter bubbled on the outside…”
  • “…one day it just starting crackling…”

We all want to save money on expensive items like electronics, especially when an item with the official company logo is way over-priced. However, for the safety of yourself and those around you, not to mention the health of your laptop’s battery, look for an officially branded power cord that matches your computer. You may still find a deal through an online retailer, marketplace, or auction site, but as always, beware of any offer that seems too good to be true. Just because some universal products like this one pose a threat to your safety does not mean all of them do–but it’s not always obvious which ones can be trusted, especially when purchasing online, where you can’t easily inspect before ordering.

I believe the computer manufacturers and retailers might be able to cut down on this danger by offering more affordable accessories, but I haven’t seen that happen yet.

There’s some truth to the old saying, “You get what you pay for,” and in this case it’s not worth saving a few dollars when a faulty, over-heating laptop cord could start a fire in your home or office.

If you do purchase from a third-party seller online:

  • Look for a trusted brand name
  • Find out if a particular seller has a positive history
  • Check for a return-policy before ordering
  • Though they’re not always 100% accurate, read product reviews carefully
  • Contact the seller if questions remain
  • After item arrives, inspect it closely

.

How to Opt-Out of Online Behavioral Advertising

What is OBA?  Just in case you haven’t noticed, the internet has ads. And in recent years those ad companies have advanced the techniques they use to target specific ads to what you’re interested in from the websites you visit. For example, if you watch a video on ‘auto repair’ via YouTube and then switch to Amazon.com, the site may show you ads for books about auto repair. Online Behavioral Advertising (OBA) is the official term for this, but you may have also heard it referred to as interest-based advertising, contextual advertising or ad targeting. Apple calls them iAds within their network, but its all the same idea. To find out more visit the National Advertising Initiative (NAI) at networkadvertising.org. Even if you can’t stop ads completely, it’s important to remember that you have the right to say NO and Opt-Out of these targeted ads.

Why would I WANT to Opt-Out?  In a word … Privacy. The only advantage in using OBA is “More relevant advertising creates a benefit for both consumers and companies, because consumers find more of what interests them and companies spend less on ineffective advertising.” – NAI. The logic is that if you are going to see ads anyway, why not cater them to your interests? While it’s a valid point, not everything I do online relates to my retail buying interests. Just because I researched Grandma’s pain medicine online, should I be targeted for prescription drugs? It’s just not comforting to know your being tracked, especially if it’s not relavant. Even if it is relevant, it may not always be appropriate. Target used OBA techniques to find out a teen girl was pregnant before her family did. While it’s not necessarily unsafe if you prefer OBA, it’s certainly safer to Opt-Out.

While most ad tracking companies do not use personally identifiable information (PII), it’s certainly possible for them to use your name or email, specifically if you already have an account with the company and you have agreed to terms and conditions that they reserve the right to change. For instance, Facebook says this under Privacy Settings > Ads, Apps, and Websites > Ads > Edit Settings: “Facebook does not give third party applications or ad networks the right to use your name or picture in ads. If we allow this in the future, the setting you choose will determine how your information is used.

Other benefits of Opting-Out include performance issues. The NAI identifies 95 ad tracking companies and Google identifies 232 ad tracking companies that obtain activity information from cookies within your browser. This could mean a slower browser experience, and if you are using a mobile web browser, it may mean unwanted data usage as well as more battery consumption, even if this is minimal.

How to Opt-Out  If it were just search engines like GoogleMicrosoft, and Yahoo that tracked you, it would be easy, especially since they each offer a simple Opt-Out. But there are a lot of companies that you have probably never heard of that harvest this same information and then provide it to companies you have heard of, like Facebook and Hulu. So, if you really want to get serious about blocking all OBA, the NAI offers a Consumer Opt-Out tool that will block dozens of popular ad networks with a single click. Each company listed has more information available and lists a link to Opt-Out individually.

Apple tracks your preferences a few different ways within their proprietary services on their mobile devices. To Opt-Out of Apple’s iAd network, visit https://oo.apple.com with mobile Safari on your iPhone or iPad and switch it to “Off”. While you’re at it, visit Settings > General > About > Advertising > Limit Ad Tracking and switch it to “On”. To disable location based ads, go to Settings > Privacy > Location Services > System Services > Location-Based iAds and switch it to “Off”.

Lastly, it’s a good idea to familiarize yourself with cookies in each browser you use and learn how to manage them. Cookies are the main method OBA is obtained by these ad networks. While completely disabling the use of third party cookies within your browser can prevent OBA, many things you frequently do online will not work without cookies, so you will have to make exceptions for the sites you trust and use often. Also, keep in mind that if you clear your browser’s cookie information, your preferences will be lost. If you are a Chrome user, Google offers a plugin called Keep My Opt-Outs which will take care of your cookies and keep you Opted-Out.

 

How to delete your Facebook search history

Searches on Facebook recorded

Facebook is tracking your searches and displaying the history in your Activity Log. While this may be a beneficial feature, instead of asking users if they would like to opt-in, Facebook made their usual decision to roll this out on all users, failing to adequately notify everyone about the change. At this point Facebook claims the search history is only visible to an individual, but when Facebook has potential revenue to gain from sharing this kind of data with marketers, we shouldn’t hold high expectations for Facebook to uphold the privacy of its users, especially considering their past. In recent years the company has been known to abuse the trust of its users by signing them up for new features that an individual neither fully understands nor plans on using, sometimes out of valid concerns for privacy and safety. While it is true that Facebook is provided as a free service that no one has to use, there is a fair expectation from users that when they sign up for a service at a certain point in time, the users do not anticipate the future changes that in hindsight may have prevented them from committing.

How do I turn off the search history in Facebook? At this point it doesn’t look like there is a way to disable the tracking of search history within Facebook, but you can at least clear out the terms. In their help center, Facebook explains how to remove your search history:

  1. Open your activity log and select Search from the dropdown menu at the top of the page
  2. Click remove icon next to the search entry
  3. Click Remove…
    .
    Or, click the Clear Searches button at the top of your activity log to clear all of your searches at once.

A few observations regarding the Activity Log, when it comes to individual privacy concerns:

  • When I browse to my Activity Log to see what Facebook is keeping track of, how come the default filter is only set to “Posts and Apps,” effectively hiding all of the additional activity from the casual browser who doesn’t bother to click the drop down in the top right section of the page?
  • While Facebook has a “Clear Searches” button that deletes all past searches, they do not provide the same button for other categories in the Activity Log. This could include “Posts with Location” that display my geographical location on a map. How come Facebook doesn’t provide an easy way to remove this content?
  • If I need to remove posts and other content that is Public-facing (as opposed to being visible to friends only), why isn’t there a filter to see content that is visible to the entire web? At this point the way to remove this content is to scroll through the entire activity log, looking for the globe icon showing up next to all Public content.
  • What else does Facebook know about me, if this is only a list of what they want to tell me they know about me?
  • How come I can’t disable future tracking of activity within Facebook?

.

When You Die, You Still Live Online

What will happen to all your personal emails after you’re gone? What about your Facebook page and your documents and photos stored in the cloud? Traditional wills include the future of your physical assets and bank funds, but one thing that may get overlooked are the many online and digital accounts you may have. Wouldn’t you like all your online accounts to be closed, terminated, or financially distributed to the right person and in the right way when you are no longer around?

Preparing your Digital Accounts. Although you can make legal documents online (LegalZoom, RocketLawyer, Global-Wills), speaking with an attorney may be the most comfortable way to start. If you have a good relationship with a lawyer or have known people who have used them for this very thing, having a real person around can be very helpful to answer some of your questions. One important thing to know is that if you do not have a will or your will does not name an Executor, then the probate court involved in settling your estate will name one. That might get messy since basically, state law will make the determinations. But if you have a Last Will and Testament in place, the appointed Executor can manage all your accounts will the proper legal means. They can handle all final affairs related to your estate (no matter how small). But it may be wise to add a special paragraph to your will for this “Digital Executor.” For instance:

“My Executor may manage, distribute, or terminate my digital assets. My digital assets shall mean electronic assets that are stored on my computers, any electronic devices, or on any online accounts, including, but not limited to, social networking sites, online backup services, servers, email accounts, photo and document sharing sites, financial and business accounts, domain names, virtual property, websites, and blogs. An instructional document with associated websites, usernames, passwords and related information, shall be found in my Letter of Instructions.”

Including something like this will directly put the person (or persons) who you trust in charge of these accounts. It will also bring those accounts to their attention and avoid them being forgotten into the digital abyss. For more information on protecting this, see IWKYS post: A growing crisis: Loved ones dying without sharing passwords.

Closing Accounts for the Deceased. Hopefully your loved ones were able to designate an Executor with access to their Important Papers or access to their passwords. If not, one good resource for finding information about closing online accounts is Deceased Account. It’s a free resource provided by LifeEnsured for families to help manage the on-line accounts of deceased relatives. It provides links, information, and various state laws on what is known about closing these accounts. While it may not be convenient to accomplish this shortly after the loved one has passed, it’s understandable and appropriate in regard to security measures. Some services like Gmail and Twitter have information readily available which generally includes:

  1. A death certificate copy. (Keep in mind that some services are time sensitive.)
  2. A driver’s license or some form of official identification.
  3. Information regarding your relationship with the deceased and your purpose.

These requirements are also similar for closing bank accounts (along with the Important Papers of the deceased and/or a safety deposit box key), but speaking directly with the bank should be able to answer most questions. Other services mentioned on Deceased Account may not be so clear. For instance, Facebook encourages you to memorialize the deceased instead of closing the account. This may or may not be appropriate. Closing Facebook accounts can be a challenge anyway since they only offer deletion by request.

While this post is certainly not an exhaustive resource for outlining the benefits of having all your Important Papers in order (Last Will and Testament, Advance Directives, Power or Attorney, DNR, etc.), it may help encourage you to organize your accounts and alleviate some of the hassle in closing them when we pass on.