If you have an account, please:
Log in

Online Defense

As the Internet has evolved, companies are finding new clever ways to track and profile you. Rather than explain the risks of advertising systems, web-bugs, etc., would you believe me if I told you it's bad? If so, here's what to do:

(Image used under: Fair Use doctrine)

Use Firefox

Of all the browsers out there, Firefox has the best combination of built-in protection for both security and privacy. It's open-source and not designed to favor one operating system or company over what should be its primary function: web browsing. Little by little Firefox has gained built-in phishing and malware protection, a "do not track me" function (though you have to turn the option on yourself — click here to see how), and multiple privacy options like "private browsing" and easy clearing of history and cache.

Use an ad-blocker

This advice at times causes some controversy, but let me summarize by saying that online ads are too often careless and abusive. Not only do they steal your attention and are evolving to be hidden in the content (e.g., Native Adverstising – A new branch of marketing focusing on masking ads as actual content), but they are also a vector for viruses and privacy invading web bugs and trackers.

(Image used under: Fair Use doctrine)
With an ad blocker, you may get harassed occasionally to turn of the blocker at some websites, but that's a small price to pay for the privacy, security, and speed you gain by having the blocker in place.

Finding a blocker is as easy as searching for "adblock [name of broswer]" in a search engine, but here's a direct link to the Mozilla plugins page for one of the most popular versions (Mozilla created and maintains Firefox).

Other plugins I recommend are (click each image to load their homepage):

(Image used under: Fair Use doctrine)
(Image used under: Fair Use doctrine)

Both are made by the The Electronic Frontier Foundation (EFF) – a non-profit consumer group dedicated to protecting your privacy rights online. There are surely tons of other interesting ones out there (or that will be released in the future), but for now, these are the basic ones I use and recommend.

Multiple browsers

There are several reasons it's good to use more than one web-browser on your computer:

Though I once recommended Firefox and Chrome for this purpose, Chrome has always been iffy when it comes to privacy, but in 2019, there were signs they would implement changes to cripple ad-blocking. There are actually tons of options out there, but of the simplest to use and best supported, your best arrangement will be Firefox and Opera (the EFF plugins work for both browsers and Opera has built-in Adblock).

Private mode

(Image used under: Fair Use doctrine)

Private, Incognito, and various other forms of the same thing are a way to open a browser window that won't remember any history, cookies, cache, or other record of where you went or what you did. Of course you're not invisible to the websites you interact with (especially if you log in), but it does prevent your data from being exposed on the computer you're using. Here's why that matters:

I once gave an OPSEC briefing at an Air Force conference in Florida. Between sessions, I noticed there was a set of common-use computers set out for people to check their email and such. After waiting my turn, I sat down and tried opening Facebook. As I expected, I was in some poor Airman's account and could have done anything from simply embarrassing him to putting his clearance and job at risk).

It's really easy to forget to log out when using someone else's computer which is why private mode is awesome. Here's how it works:

  1. Right-click the browser icon on the taskbar and select "New private/incognito Window" (or if that doesn't work, check out this handy guide from HowToGeek on opening private browsing in any browser).
  2. Verify in the new window that you're in super-secret-spy mode and then open your email, social sites, or print your airline tickets like normal.
Fun fact: If you borrow a friend's computer to load email or social pages that your friend also uses, you don't have to log them out first because the browser treats a private session as completely separate.

Because your activity was confined only to short-term memory, anyone who opens the browser later or tries to find sensitive information in the history or system files won't find any. Just be aware that any public-use computer is risky due to the possibility of viruses or keystroke loggers, but if you determine it's necessary to take the risk, you're still better off using private mode.



Sometimes the best option to keep your information safe requires using non-factual information. Though it's solid security (and can be quite entertaining as well), I can't possibly advise you on the consequences of doing so for every situation. It is your responsibility to determine the legal, moral, and/or ethical repercussions of applying any of the below advice. Use your head, tread carefully, err on the side of caution.

So what about those challenge questions. If I know your mothers' maiden name and your first pet's name, I can unlock your account, but no one knows that but you right? Except maybe for the family and friends I already talked about who are a risk. And there are all those other websites you gave the same information to… and the employees that work for them, the business they share data with, or possibly the rest of the world if they have a data breach.

Fake answers work just as well and can be changed to new fake data later (unlike true answers). In my encrypted file, I keep a list of the websites I care about the most, what password I used and what fake data I use in case I need it later. Though I can't counsel you on the legalities of faking challenge questions or other information, I can assure you that the challenge question system is weak, and easily abused (just ask Former President Obama and Singer Brittney Spears who's Twitter accounts were "hacked" by a French man who simply reset their passwords by answering the challenge questions).


"What's the password"
(Image used under: Creative Commons 2.0 [SRC])

It's time to stop ignoring the advice you've heard everywhere about not using the same password everywhere. I know it's a pain, but it's necessary. That's not to say there aren't a variety of ways to simplify the problem.

Though you could create unique passwords for every site and keep the information safe in an encrypted password file, one trick is to use password levels. For this, you use a simple name/password pattern for sites you truly don't care about – ones that aren't attached in any way to your money or reputation. For example, if you used the first four letters of the website and then append a math equation like so:

Because the pattern is easily understood if viewed, you wouldn't use it for important sites like your email, banking, job-search sites unless they have the option of two-factor authentication. 2FA (for short) is becoming far more common because it's just too hard to make and use good passwords everywhere. Instead, if you use a password AND a code that's texted to your phone or secondary email, hackers are far less likely to get in. Maybe you don't need to bother for low-importance sites, but for ones that matter, always enable 2FA if you can.

Another technique is to use password managers. These tools will create and store complex passwords for you and even autofill sites you visit with your login information. There's a lmited form of this built into most web browsers already, but there are paid options as well (which have the advantage of making passwords available on both your computer AND phone for example while a browser password manager is only good for the computer it's installed on). When choosing a password manager, make sure they encrypt passwords on the device before storing online so your passwords aren't exposed outside of your control. Also be sure you understand the process for recovering access if you forget or lose your master password.

Avoid cross-site login

This is a bad idea
(Image used under: Fair Use doctrine)

Sometimes instead of making a new account, a website will let you login with Facebook or Twitter or some other website's information, but how do you know that form is actually doing what it says and not harvesting your logins and passwords? Who runs the site? Was it coded properly? Is your information exposed or stored in the process? There are many questions; all of which you can avoid by not giving up your login information.

That said, if the company really does have a partnership or is owned by the other, making a new account would be a waste of time. To find out, open a new tab and log into whatever service they said they're affiliated with, then go back to see if you're already logged in. For example:

It works because Google owns Youtube, but if it hadn't, there's no reasonable way to know if it's safe. Never enter a password to a website unless you're actually on the website the password belongs to.

Credit and debit cards

For the most part, you're covered under a federal law that limits your liability for unauthorized transactions, but only for actual credit cards. Banks have the discretion of whether to protect your debit cards at the same level or not so it's best to do your research or make most payments with credit card if you can. The liability protection is strong enough you don't have to be too careful (and are actually better off using credit cards for payment online), but it's still good not to be careless. Click here to read some ways to keep your credit card information out of the hands of bad guys.


Exercise by Nick Youngson - Alpha Stock Images
(Image used under: Creative Commons 3.0 [SRC])

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog

The Electronic Frontier Foundation (EFF)

The Electronic Frontier Foundation (a.k.a. the EFF) - a nonprofit group of passionate people — lawyers, technologists, volunteers, and visionaries — working to protect your digital rights.

[Click for full description]