Utility software

I will behave cautiously online

I can’t always know when I can trust a Web site to guard my private data. So I will take steps to keep personal information personal.

Secure your browser

Security: 2 Hassle: 2

Most Web browsers have handy autofill features that enable you to enter passwords, addresses, credit card numbers, and other data in forms with just a couple of clicks or keystrokes. Autofill isn’t dangerous in and of itself, but it can lead to problems. For example, someone with access to your computer could potentially log in to your bank account, make purchases in your name, or discover where you live. The same would be true if your computer were stolen.

If you follow the other practices in this manifesto—always log out before leaving your computer, use a keychain password that’s different from your login password, attach a security cable, and so on—your risks from using autofill are minimal. The very safest practice, especially if you’re unable to secure your Mac in all the other ways discussed here, is to disable autofill and delete all the information that your browser has already stored.

To do this in Safari, choose Safari: Preferences, click on AutoFill, and deselect User Names And Passwords and Other Forms. Then click on the Edit button next to each of these options, and, in the sheet that appears, click on Remove All and then on Done. In Firefox, choose Firefox: Preferences, click on Security, and deselect Remember Passwords For Sites. Then go to /Users/ your user name / Library/Application Support/Firefox/ Profiles/ your profile and delete the formhistory.dat file.

KEY
Security
4. Makes you practically invulnerable.
3. Good, strong protection—but a really determined intruder can overcome it.
2. Helps deter casual meddlers, but someone who wants to get in will.
1. Makes you feel better, but won’t really keep out intruders.

Hassle
4. Let’s be honest: it’s a pain in the neck.
3. Takes consistent, considerable effort.
2. Takes a little effort, but it’s not a big problem.
1. Set it and forget it.

Change insecure passwords

Security: 3 Hassle: 2

Most Web sites that collect personal information ask you to register with a user name and password. If you chose an obvious or easy-to-crack password when you originally signed up for a site, change it to something more secure the next time you log in. Passwords that protect private data, especially financial data, should be at least ten characters long and should include uppercase letters, lowercase letters, and numbers.

Check Web sites’ security

Security: 3 Hassle: 2

Before you enter credit card numbers or any other highly confidential information on a Web page, make sure the site uses SSL encryption. You should look for two signs: a lock icon in your browser (in the upper right corner in Safari; in the lower right corner in Firefox), and a URL beginning with https: instead of http. SSL protects your information against interception while it travels between your computer and the Web server.

Once your data is on the server, however, you must trust the server’s owner to keep it private. So you should also check a site’s privacy policy before entering any private data. Virtually every commercial site has one; you may find it linked from an About or FAQ page. Privacy policies are rather dry reading, but they’re worth looking at, because they spell out what personal data the site collects; whether, and under what circumstances, the company can share that information; and what steps it takes to keep your data private. If a site has no privacy policy, or if the policy’s terms aren’t satisfactory, avoid entering your personal data.

Nevertheless, I can’t stress this strongly enough: No security policy can ultimately protect your data . However well intentioned a company might be, the possibility of a security breach always exists. A software malfunction, a disgruntled employee, or a corporate spy could potentially expose your private information.

That’s why you should think twice before storing your credit card number on Web sites. Many shopping sites let you do this as a convenience feature, to make checking out easier next time. But storing your number also increases the number of ways in which it could be compromised. If you see a check box asking whether you’d like to store your credit card number, leave it deselected. And if you’ve already stored your credit card number on a site, log in, go to the portion of the site where your billing preferences are listed, and delete that credit card entry.

You should also keep an eye on your credit card statements. Check every statement carefully to make sure you recognize each transaction. If you see a suspicious charge, call your bank immediately. Banks generally don’t hold you liable for amounts charged to your account fraudulently as long as you report the problem promptly.

Finally, give out as little information as possible. If a site asks you to join a mailing list, say no. If it asks you for demographic information, don’t give any. Pro-vide only the information needed to complete your transaction.

Network carefully

Security: 3 Hassle: 3

An increasing number of Web sites exist to help people make friends online and expand their networks of contacts. Some of these, like LinkedIn, are oriented toward business networking and job-hunting; others, like Facebook and MySpace.com, are intended more for socializing and dating. Although membership details vary from one site to the next, typically you begin by entering a profile of yourself—including facts such as your employment background, and hobbies to help other users find you based on common interests. Some social networking sites also provide a blog for you to share information about yourself.

Often you can restrict access to your profile so that only people you designate can see certain details. Some social networking sites operate on the friend-of-a-friend (FOAF) model, so that your contacts can put you in touch with their contacts and so on, expanding your network; people more distantly connected to you may have less access to your profile details.

Unfortunately, sometimes profile restrictions don’t work as you’d expect. Mishaps such as software bugs can lead to personal information getting into the wrong hands. And social networks make it easy—sometimes too easy—for people who aren’t truly trusted friends to worm their way into your circle of contacts, where they can potentially see more information than they should.

When using social networking sites, assume that any information you enter about yourself is effectively public. Before you post your home address, a story about getting into a drunken brawl, or a scathing rant about your ex, ask yourself a couple of questions: What would your current or future employer think? Or your mother, spouse, or kids? The safest choice is not to post anything you wouldn’t be comfortable writing on a conventional, public blog.

Never post your home address online. If a friend needs to know it, you can send an e-mail message. For anyone else, knowing your city or neighborhood is more than adequate. Likewise, don’t post details about exactly where you’re going or when.

A lot of shady characters on the Internet may pretend to be friendly and work to gain your trust for nefarious reasons. Be wary when someone seems to make a special effort to win your confidence, and don’t hesitate to break off contact with someone if you become uncomfortable or suspicious.

[ Joe Kissell is the senior editor of TidBits and the author of Take Control of Passwords in Mac OS X (Take Control Books, 2006). ]

Secure Web Sites: To be sure a Web site is safe, check for https: in the address bar and a lock icon in the corner (exact location varies by browser).Privacy Policies: A Web site’s privacy policy may not be scintillating reading—but it’s the only way to know how the site will handle your personal information.

Subscribe to the Help Desk Newsletter

Comments