Search

The internet commonly provides a false sense of anonymity, whereas there is only pseudo-anonymity for most users. Pretty much everyone is identifiable online by their IP address , a unique identifier assigned to you by your internet service provider (ISP).

However, there are tools which can help you mask your actual IP address and provide an additional layer of protection for your online identity. This can be achieved with the use of Tor Browser or Virtual Private Network (VPN)  services.

Tor Browser is a free and open source software customised to work with the Tor network, based upon Mozilla Firefox, which encrypts  your browsing traffic and gives you a new identity, i.e. a new IP address. It is also particularly useful for accessing blocked websites on your network. There are some drawbacks however, as the Tor network provides generally slow internet speeds and users’ identity can be exposed if they do not use Tor Browser properly.

Virtual Private Network (VPN) is a service which enables users to connect to the public internet through a private network, providing an additional encrypted layer of privacy and masking the users’ actual IP address. There are many VPN providers, but users should still take note and be aware of possible security aspects such as:

• Jurisdiction, i.e. in which country is the company providing VPN services based. Countries which are members of the “Five Eyes” mass surveillance alliance (USA, UK, Canada, New Zealand, Australia) should generally be avoided;
• No logs policy, meaning that the VPN provider doesn’t log your internet traffic made through their network;
• Regularly performed independent security audits, which are usually documented on the VPN provider’s website;
• Price - some VPN services are quite expensive, but you should be vary of “completely free” VPN apps , as their business model is almost certainly based on tracking users. However, some paid-service providers  offer free plans with limited possibilities, such as lower speeds and a smaller number of servers .

IP Address Digital hygiene Browser Apps Encryption Data leaks Safety

No matter what you do online, you should always try to follow general good security practices:

• Be very careful with your personal data;
• Respect the privacy of others on the internet;
• Only download files and install software from known and trusted sources;
• Regularly update all software and operating system  of your devices to reduce the risk of attacks;
• Create unique and complex passwords and securely store them in password managers  ;
• Enable multi-level authentication  for your online accounts wherever possible;
• Use an anti-virus/anti-malware software;
• Encrypt everything you can encrypt;
• If you use a public computer, try not to leave any traces  behind;
• If your USB flash drive was in a public or unprotected computer, be sure to scan it with anti-virus/anti-malware software before using it again. It is generally recommended that portable devices, e.g. USB flash drives or external hard drives, are scanned each time they are connected to a computer;
• Take into account the risks that your every action on the internet implies, privacy does not mean less responsibility;
• At least quickly read through the Terms of Use/Service before clicking "I accept".

Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Habits are hard to change, but you should try your best to avoid these bad security practices:

• Never send passwords , personal data or financial information via plain text email;
• Do not access networks or other systems for which you do not have authorisation, even if you have somehow obtained certain login credentials (username, password). This does not mean that you have been authorised to use them;
• Do not install suspicious add-ons and software updates;
• Don't click on suspicious links you received via email, no matter how interesting the message may seem;
• Avoid using public or unprotected computers;
• Avoid using other people's mobile devices;
• Don’t write your passwords on a post-it. Seriously, don't!
• Don’t put the names or dates of birth of people close to you as passwords;
• Don’t leave your devices unattended and unlocked;
• Don’t ignore suspicious activities - sometimes it’s better to be paranoid;
• Do not use pirated software. If you do not want to pay for software, look for a free and open source  alternative;
• Don't live in your comfort zone. Sometimes it is worth investing a little time and effort and learning the basics of how to be safe on the internet.

Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Encryption is the process of protecting data with a complex cipher, scrambling it so that it can only be accessed (decrypted) with a password or key, sometimes requiring an additional authentication factor, e.g. a digital certificate  . Encrypting hard drives and removable devices, such as USB drives, is especially recommended for people working with confidential information, primarily journalists and human rights activists.

VeraCrypt is a multi-platform (Windows, Linux, MacOS X) free and open source  disk encryption software with advanced capabilities. It can be used to encrypt only specific files, whole hard disk partitions, removable drives, as well as a partition or drive where Windows is installed (pre-boot authentication).

Cryptomator enables you to encrypt your cloud storage files for services such as Dropbox or Google Drive. Files are encrypted within a secure vault which is then stored with cloud service providers, which cannot access the data. Cryptomator is open source and available for Windows, Linux, MacOS X and mobile platforms (iOS, Android).

Digital hygiene Apps Encryption Data leaks Cloud

Conventional deletion of data from a device is not an effective solution for permanent deletion, because there are ways to recover deleted data with the help of special software. The solution to this are programs that use complex algorithms for decomposing data into a digital “mash” that can no longer be returned to its original form. Eraser is a free Windows application [APLICATION] that can completely remove data from hard drives by overwriting it several times with carefully selected patterns.

As for optical disks (CDs, DVDs), the most elegant way to permanently destroy them is to use a special shredder that can destroy disks in addition to paper. Methods for physically destroying hard drives that can be found online, where the drive is acidified or burned, are extremely dangerous. Hard drives contain various types of harmful chemicals, which can cause toxic and flammable fumes.

If old equipment is ready for sale or a hard drive is destined for disposal, it will require deep cleaning, even if it is broken. The software that does this very efficiently is Darik’s Boot and Nuke. Good practice suggests that when disposing of old equipment - after special software has performed deep cleaning of the disks - the equipment is disassembled to destroy the ports and break the pins on the connectors.

Digital hygiene Apps Data leaks

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges