Basics of secure browsing

Your System

Regardless of whether your computer uses Windows, macOS, or Linux as its operating system (“OS” for short), the security of your entire computer depends on how secure your OS is. This should come as no surprise because the OS quite literally runs everything on the computer. Therefore, if there is a serious vulnerability in your operating system, everything you do on your computer could potentially be stolen. This includes all your data, everything you do, and every site you access. So, ensuring your operating system is secure is a critical foundation for your cybersecurity.

Fortunately, vulnerabilities that severe in the operating system itself are exceedingly rare and are quickly fixed via patches. So, the best thing you can do to ensure a secure OS is to simply install any available automatic updates without delay. This makes you a difficult target that’s not worth a would-be hacker’s time, who will probably instead focus on easier victims who never bother updating and therefore have more vulnerable computers.

Your Browser

The web browser is the window to the entire internet, both the good and the bad. As you are well aware, the internet is filled to the brim with bad actors trying to take advantage of unsuspecting victims in countless ways. Their methods are not just limited to tricking victims into downloading viruses, but also snooping in on insecure connections, tracking your activity, and more.

One way to protect yourself from a wide array of attacks is by accessing the internet through what is known as Tor, short for “The Onion Router”. Tor is a free and open-source software project that basically passes your internet connection securely through multiple nodes run by volunteers across the world. The original name likens this to layers of an onion, but you may also think of it like an anonymous relay-race, where data is passed through several people before reaching its destination instead of sending it directly.

The effective result of using Tor is that there is no longer a single point of failure, so even if someone tries to snoop in on the connection to the first node, they will not know the data’s destination. Or if someone intercepts the data on the final leg to the destination, they will not know from where it originated (which is you). This also means the website itself will not know your IP address – only that of the final node. This makes your connection virtually untraceable.

To connect to the internet through Tor, a specially configured browser is usually required. The recommended option is the “Tor Browser,” which is the official browser by The Tor Project team that maintains the Tor network. You can find simple instructions on how to install the Tor Browser on our page: How to Connect to the Tor Network.

After installing the browser, you are able to choose from a few security levels: Standard (Default), Safe, or Safest. It’s a good idea to choose the Safest setting because this blocks all JavaScript (among other potentially exploitable features). Most of the time such browser features are fine, but in certain instances (such as websites that have been compromised, or for untrustworthy websites in general), they can be used maliciously against the user. For example, the Safest setting should prevent any potentially malicious scripts from automatically running and executing a so-called “drive-by” attack on your computer. Be aware though, there is a convenience trade-off with the Safest setting. Websites will likely look more bare-bones because JavaScript is often used to make websites look nicer with animations and dynamic content. Of course, if the point of using the Tor Browser is to obtain the highest level of security, it is worthwhile.

Your browsing habits

Even if your connection cannot be directly tracked, you still need to be aware of other ways you may accidentally reveal personal information about yourself. For an obvious example, if you log into a website and provide any of your real personal information, clearly that website will know who you are. This is fine if you fully trust the website, but if your objective is to remain completely anonymous, you should not provide any real personal information. This also includes using any email addresses you’ve associated with other non-anonymous accounts.

Instead, you would ideally create a new separate email address while logged into the Tor browser, and only ever log into that email account while using Tor. Then you would use that email address when signing up for websites you absolutely do not want to know anything about you (all while still using Tor).

You should also always use completely unique passwords on all of your accounts. Data breaches happen all the time where emails and associated passwords are leaked publicly. If you use the same password for everything, and if the password is unusual enough, that alone can be used to tie together many of your accounts.

In addition, you must always be aware of the information you voluntarily share on websites, such as in the form of comments or posts. If a bad actor is determined enough, seemingly innocuous bits of information about yourself can be pieced together to learn more about you. For just one example, simply mentioning the home team for your favorite sport will dramatically narrow down your geographic location. Always be conscious of what clues you may be accidentally leaving in your posted content.

Managing metadata

In addition to limiting the actual direct information you reveal about yourself online, you must also be aware of what is known as metadata. Literally, metadata means “data that describes data”, or in other words, it is information that is attached to your browsing activities or files you upload that can be used to “read between the lines” and gain insight about you.

For example, when using a typical internet browser, you may notice many websites have a lock symbol next to the website name to signify the connection is secure and encrypted. However, while the content of the connection (information displayed on the website, forms you filled out, etc.) is indeed secure, anyone snooping in on the connection can typically still see where (meaning the name of the website) the connection is going. This also includes your internet service provider itself or any government agencies working with them.  The website itself will also be able to see where the connection is coming from in the form of your IP address. You may not wish anyone to be able to even see what websites you are visiting at all, which is one benefit of using Tor.

You should also be aware of metadata attached to actual files on your computer. Every file typically has basic metadata such as the date and time the file was created, but it may contain more. For example, your smartphone may be configured by default to attach a GPS location to every photo you take. Also, your word processor may include the name of the author with the files you save, which is usually your full name. If you then share these files without removing this metadata first, you could be revealing extremely personal information without even realizing it. Knowing all of this will make you much less vulnerable online.