Internet Security- How to Stay Safe on The Web

• We'll begin with the basics. Cookies, JavaScript, and other such "features" should be disabled or at least restricted. See these instructions for Firefox on the Mozilla website for more information. In addition, websites commonly utilize Referrer headers, which enable them to see what sites you have previously viewed. Advertising companies often use this data to construct profiles about visitors, thus giving them the ability to show you more annoying and intrusive advertising.
  
  To disable this dangerous feature, type "about:config" (no quotes) into Firefox's address bar. You'll then see a long list of configuration settings. Go down about two-thirds down this list until you come to a setting titled "network.http.sendRefererHeader", whose default value will probably be "2". As-is, your browser is configured to send full referrer data, which is very bad! To disable this security hole, right click on the value and click "Modify". In the box that appears, input the number "0" (Zero) and apply the changes. When you restart the browser, this sensitive referrer data will no longer be sent to web servers. Please note, however, that certain sites require referrers, but I've yet to find one that was really reputable. The bottom line is, there are probably very few, if any legitimate reasons to even need this private data from anyone.


• If you use e-mail, either web-based or via POP3/IMAP, be sure to always use secure SSL connections whenever possible. If your server supports SSL, all transmissions between your computer and the server will be encrypted, thus making them extremely difficult (though not impossible) to intercept by third parties. See this tutorial for more help with Mozilla Thunderbird e-mail client.


• Use Open Source/Free Software applications, especially when it comes to the Internet. Such programs come with source code, enabling anyone to search for and discover security holes and other bugs quickly, often before they become a problem. Whatever you do, DO NOT, under any circumstances use Microsoft Internet Explorer or Outlook/Outlook Express! These applications are known to be extremely vulnerable to cracking, viruses, and spyware. Instead, use Mozilla Firefox and Thunderbird, which have a proven track record of superior security and ease of use.


• Finally, don't download or send any politically or culturally offensive or highly controversial data without protection. Also, don't open any suspicious looking e-mail from senders you aren't familiar with. Chances are, you'll end up being infected with something or have private data stolen from you. In a worst-case scenario, an authority could intercept your messages, track you down, and harass, arrest, or snuff you out. On the other hand, unscrupulous crackers could use your information to track down your computer, then compromise its security systems in order to steal data or infect you with a virus or other such program.

• A quick and simple way to protect your online privacy is the use of an anonymous proxy server. A network proxy acts as an intermediary between a client (you) and the website, thus hiding your IP address and sometimes other information from the Internet servers you're visiting. Two major types of proxies exist. HTTP(S), or "web" proxies, and SOCKS (TCP:1080 typically) proxies. Most commonly, HTTP proxies are used by web browsers. SOCKS proxies are for pretty much anything else (IM clients, P2P, etc), at least as far as we're concerned in this lesson. A good, reliable source for HTTP proxies is Stay Invisible, while a good SOCKS proxy list is located here.


• Although standard proxies are a good way to help protect your IP location data from certain Internet servers, they do nothing to protect the data as it travels from your PC to the proxy. Thus, its possible for analysts to intercept your data and track you down before it even gets to the proxy server itself. Additionally, standard proxies do nothing to filter out unwanted cookies, JavaScript, or other elements that might compromise your privacy and security.
  
  Luckily, more advanced proxy services like MegaProxy provide SSL encryption and filter out potentially dangerous web page or FTP site functions.
  Although such services are for-profit, many (including MegaProxy) have limited services you can try out. I personally recommend MegaProxy over other offerings, such as Anonymizer.com because they are very economical ($9.95 USD for 90 days), and are very reliable, both in terms of their server availability, and their privacy policy.


• For those of you who are even more hard core about Internet anonymity, such as political activists, journalists, or researchers, there's Tor. Tor is an encrypted network of secure proxy servers. When you channel a TCP/IP connection through the command-line Tor client, data is sent through a random series of these servers, whence it comes out the other end and reaches the intended server. Since everything between your computer and the last Tor proxy in the sequence is encrypted, it is very difficult to discover where the data is coming from, or even what is being sent unless an attacker carefully monitors the entire proxy network. As you may guess, this is very hard to do, though not impossible.
  
  For added protection, use Tor with Privoxy (for filtering ad/cookie content).
  
  NOTE: Currently (January, 2006), the Tor network is sometimes quite slow, though it has become much faster and more reliable with new releases and more Onion Routers coming online every day. Therefore, it works well for general web browsing, instant messaging, and e-mail, but it can make large downloads and streaming media quite slow. Please disable the use of a proxy temporarily when downloading large files, then re enable afterwards. See the official Tor wiki site for more information and other privacy information.
  
  For the less knowledgeable and/or parnanoid person, the Kaos Theory hacker clan has just recently released Anonym.OS, an Open BSD based LiveCD that has a Web browser, E-mail client, and IM client (GAIM) set up to use Tor securely. All you have to do is boot it up and get started. There is no complex and time-consuming configuration, so it's great for the less-than-tech-savvy polical dissident, as well as the archetypal (stereotypical?) grandmother/mother figure that we always mention in such discussions.


• Today, even a decade after the Internet "went public", E-mail is still the number one reason for users around the world to connect. Unfortunately, it is also one of the least secure. Luckily, you can often use SSL and other encryption methods to protect your messages from prying eyes (see this article). However, even this may not be enough, or even what you want at all. In some cases, you may want to send e-mails in which a message is not necessarily encrypted, but is instead very difficult to track back to you and your computer.
  
  To do this, we can use an anonymous re-mailer. Not only will it disguise where your message was sent from (like Tor), but it will also hide your reply-to e-mail address in nearly all cases. This can be a good or bad thing, depending on the situation. In general, anonymous re mailers are good for those times when you have something urgent or controversial to send, but do not require any reply. Or at least it should be, because you're not likely to get one! ;)