SAFETY BASICS FOR THE MODERN WEB SURFER

1. Preface

This guide is aimed for non-technical people who would like some basic guidance and concrete steps to take on internet safety and privacy, written from the personal experiences of one privacy-conscious netizen. I'm not associated with Mozilla in any capacity, I just happen to use Firefox so that's what I can write about the easiest. DYOR (Do Your Own Research)! Written in November 2024.

Some relevant terms, in the context of online activity:

Security means that you're resilient towards exploitation, aka hacking, malware, phishing, etc.

Privacy means that you have the right to decide what parts of your digital life are shared; when, how and with whom. Your data is yours and you should be making informed choices about sharing it.

Anonymity means that what you do online can't be traced back to you. Your real identity can't be identified or reached through your online actions.

Everyone has different needs and lines on what they deem worth it, regarding their security, privacy and anonymity. You have to weigh the importance of all the different aspects regarding your own situation. The only way to be completely secure online is to not be online, so what we're doing is our best!

2. Browsers

I like Firefox: it works well for me, it has good built-in privacy and security protections, and it’s open source (meaning the source code is freely available). It’s also not based on Chromium, Google’s browser project, which has pretty much a monopoly on the browser market. I personally like to support the continuous existence of any alternatives! An even more privacy-focused version of Firefox is LibreWolf.

If you really need a Chrome-like experience, I hear Brave is pretty good. I wouldn’t recommend Chrome or Edge unless you need them for specific situations.

Ever wondered what information websites can get out of your browser? You can test your browser's digital fingerprint on coveryourtracks.eff.org!

Extensions:

If you’re using Firefox, the only browser extension you really need is uBlock Origin. It blocks ads, trackers, malware sites and more. You can also easily turn it off for specific sites and configure it to your liking.

Not about privacy, but I also like to use some site-specific extensions to make them suck less (very subjective!):

• Untrap for Youtube
• XKit Rewritten for Tumblr
• Control Panel for Twitter

Feeling like Google search kinda sucks these days? I'm not saying that the alternatives give necessarily always better results (though often they do), but at least they're not full of sponsored content & don't sell your data.

Some search engine alternatives to Google:

• Brave search
• DuckDuckGo
• Startpage
• Ecosia
• Qwant

3. Passwords

A password manager considerably eases your life once you manage to set one up properly. No need to remember passwords yourself, which also eradicates the inclination to reuse passwords or make them easy to remember (and thus easy to hack).

You most likely have already used a password manager in some form, maybe a built-in browser manager (like on Firefox), or one on your phone. Ever seen a pop-up saying something like “Remember this password?” when logging in somewhere? That’s what that is.

It’s completely fine to use these (if you trust the companies), but make it intentional: understand where your passwords are collected, so you can find them when you need to and keep them up-to-date. Take note of the password manager’s other functionalities too, like:

• Autogenerated unique passwords (when updating or making a new account)
• Website breach alerts

If you want a dedicated password manager app for cross-device functionality, extra features, or whatever, Bitwarden is a solid one (and has a free option).

You should also sign up for haveibeenpwned.com. There you can check if your credentials have been part of any data breaches, and it'll inform you if your info comes up in any newly discovered ones.

Multi-Factor Authentication

MFA means that you need to confirm your logins through an additional measure, like an authenticator app (recommended) or SMS. In a situation where someone gets your password, they can't use it to simply log in.

I would recommend turning on MFA (or 2FA, 2-factor authentication) for at least accounts with any sensitive information, and important social media accounts wherever possible. It can be a hassle at the start and when you have to use devices where you can’t stay logged in, but it’s worth it. Every platform has their own MFA settings, check them out at your own consideration.

4. On VPNs

You generally shouldn't need a VPN (Virtual Private Network) for normal web browsing at home. If you're considering using one, understand what they're for and what their limitations are. VPNs differ from each other too (DYOR!)

What VPNs CAN'T do:

• Make you anonymous and hide your online activity
• Protect you from cyber threats generally

What VPNs can do:

• Help you access geo-blocked content by making it seem like you're in a different country
• Hide the sites you visit from your internet service provider (but not from the VPN company!)
• Help encrypt your traffic when connected to untrusted public wi-fi

If you want to try one out, Proton VPN is pretty good in my experience, and has a free option.

If you're looking for real anonymity, read about Tor.

5. Good Practices

• Know your rights. EU citizens, read about GDPR. For everyone, you can check out this map for data protection laws worldwide on unctad.org.
• Actually read terms of services and privacy policies. Yeah, they're a slog, but it's good to know what you're agreeing to, and how platforms use your data.
• Keep your devices up to date. I know that sometimes new updates suck for user experience, but that's also how the developers patch security problems.
• Back up your data. If there's files, photos, anything at all you want to keep safe, you should have them backed up in at least couple of places (cloud, hard drives, whatever fits you).