Software: protecting your privacy online
It’s not just celebrities and politicians who need to protect their virtual presence and privacy. We look at tools anyone can use to improve their online safety.
Connect safely with a VPN
Who can appear on the public stage today without also appearing online? From politicians to D-list celebs, social media is the key to success – or rather, to getting attention. But to make sure it’s the right kind of attention, the inspirational motto “Sing like no-one is listening, dance like no-one is watching” needs a modern version: “Dance like it will be on YouTube tomorrow, tweet like it will be used against you in court the day after.”
It’s not just celebs who need to protect themselves online though – we all need to be careful. E&T has looked before at some of the key security tools you can and should run on your smartphone or tablet, such as password managers and encrypted messaging, and of course you should also be using whatever features your device supports as standard to encrypt its contents: those private photos, for instance.
However, there’s more to protecting yourself online than just the endpoint, as the security experts like to call it. Most obviously there is the connection from you to the internet. In particular, if you use Wi-Fi then you are vulnerable to the risk of a criminal tapping your network connection, either by pulling your unencrypted data out of the ether or by offering a free Wi-Fi hotspot that also logs everything you type and send. The fake hotspot can even masquerade as a network that you recognise.
A VPN, or virtual private network, sets up an encrypted link all the way from your device to a host computer somewhere on the internet. This has two advantages: first that the intermediate links can’t readily be tapped, and second that your traffic appears to originate from the host, not your real location. The latter has several uses, a notable one being when you want to access content that is restricted by location, for example a censor blocking you from browsing a foreign site or a national broadcaster that wishes to block access from abroad. (Be warned, though, that some now try to detect and block VPNs outright, in a baby-and-bathwater move.)
The tech-savvy traveller can set up their own VPN, installing host software on a desktop PC or a home wireless router, and then a VPN client on the mobile device. A popular choice here is the open-source OpenVPN project, which has been implemented on a wide range of devices and operating systems.
For most of us, the simpler choice will be a VPN service. These also have the advantage that they typically offer multiple exit points in different countries, so you can choose for example whether you want to appear to be in the US, Germany, Singapore or even Brazil.
There are lots of options to try here, but one we like is Canada’s TunnelBear. It runs on most types of device, has plenty of exit points around the world, and a free account gives you enough gigabytes of VPN usage per month for basic needs – if you need more, unlimited data is $50 a year. There’s also a grizzly volume of bear puns.
Free on Android; £1.49 on iOS
One of the perils of social networks is keeping track of what you’ve said in the past and who might have read it. The problem is worst on Twitter, where everything posted is publicly accessible and searchable, but it exists too on Facebook and elsewhere. Xpire lets you reduce the risk both by giving you more visibility into and control over your online presence, and by letting you post time-limited messages that in effect self-destruct after a specified length of time.
As well as Twitter, the iPhone app supports a few other social networks, though its Facebook functionality is more limited. This is thanks to recent technical changes at Facebook and a fix is due soon, says Xpire, but in the meantime you can still post normal or self-destructing messages. There is also an Android version, it is currently free but only handles Twitter. Xpire told us its developers have been focused on the iOS version, as that has more users. However, an Android release with the new functionality is promised for next year.
Either way, the control it gives over Twitter is rather useful. To be sure, some of what it can do is also available on the web, but there are a few extra features. For example, not only can you check and edit the list of accounts you follow, you can also do the same for your list of followers, removing (not just blocking) ones you don’t want.
You can also search and delete your own past tweets, and calculate your ‘social score’. The latter represents the amount of content shared on Twitter that might be inappropriate to a family member or potential employer, though Xpire does not say how it is calculated. The self-destructing tweets worked well – you don’t even have to be online at time of deletion. Of course you can’t stop anyone from copying the message while it is live, but retweets – the usual method of sharing someone else’s message with your own followers – will subsequently appear as “this tweet is unavailable”.
Reverso Translation, Softissimo Inc
Free with ads or $5 a year
Need to know what’s being said about you online in other countries, or reply to a foreign fan? Google Translate is a great start (and it keeps getting better), but it sometimes struggles with context, idioms and sentence structure. This is Reverso’s speciality, albeit in a dozen languages rather than a hundred.
Indeed, Reverso is less a translation tool than a localisation and understanding tool. As well as translating, where it will attempt to identify idioms, it also provides examples that it thinks may be – and usually are – related, to help you get a better sense of what the writer really means.
Similarly, where a word has multiple possible translations, it gives examples of how each might be used so you can understand its context and hopefully pick the one that fits best. There’s also several other options, such as hearing the word spoken and a direct link to a dictionary.
The free app only offers a few examples for each translation, but the Reverso website provides lots more grammar help, and an ad-free subscription for the app adds more results and examples. Reverso probably won’t replace Google Translate for most people, but if you regularly deal with other languages, Reverso is definitely useful to have on hand.
MEGA, Mega Ltd
The final thing you need to do to protect yourself online is stop using the cloud storage that came with your phone or laptop. All of these services are vulnerable to some degree – just think how many celebs have reportedly had photos stolen from iCloud – whether it is someone cracking your password or using social engineering on your hosting company to get access.
Switch instead to encrypted storage where you hold the encryption keys, your provider does not store or see your password, and its staff have no direct way of seeing or accessing your files – this is called zero-knowledge encryption. The most effective way to do this is using professional-grade encryption on each of your devices via a tool such as BoxCryptor, but a simpler route for most users will be an encrypted cloud storage service such as Spideroak, Opendrive or Mega.
Spideroak and Opendrive are the more business-oriented, offering encrypted backup, file synchronisation and collaboration tools for teams as well as individuals. Both start at $5 a month for their team-based services.
If you don’t need that much – and few of the free services provide more than 5GB – then Mega is better value, offering 50GB for free, albeit also with a limited data transfer allowance. Paid plans start at €5 a month and run up to 4TB of storage. Mega is headquartered in New Zealand and was originally founded by noted (or notorious) Internet freedom advocate Kim Dotcom, although he is no longer a director.
Mega has file synchronisation apps for all the major mobile and desktop platforms, plus a web-based file manager, all of which use 128-bit AES encryption and your details to generate a master encryption key. If you lose or forget your password, you can’t reset it with just your email address, unlike many other services – you need this master key as well, so it is vital to download and save it safely.
Once you have done that, though, it works pretty much the same as other file synch and share services, so you can choose folders to synch locally, share folders and chat online with other Mega users, and share files with other people by generating a public file export and decryption link. The company publishes its APIs so that other developers can support Mega, for example by adding it to the list of cloud services supported by a file manager app.
The one way that zero-knowledge encryption is as vulnerable as any other cloud service is if someone steals your device or installs key-logging spyware to get your password. You still need to take care of physical security, however.