CNET también está disponible en español.

Ir a español

Don't show this again

Security

How to become a privacy ninja: Use these journalist tools

You don’t have to be a gumshoe reporter to practice a bit of surveillance self-defense.

Hello my name is NINJA

Practice vanishing with this security training checklist. Smoke bombs optional.

Getty Images

A new privacy breach story seems to pop up every week, repeating the nagging question for most of us: When was the last time you upgraded your surveillance self-defense? You don't have to be investigating the next Watergate to command some basic privacy on the internet.  Whether you're a newcomer to online privacy protection or a security-savvy pro ready to move into next-level cybersecurity training, we've got a checklist to get you started. 

For the newcomer

Use a password manager

If you've heard one piece of internet security advice, it's this: Create strong passwords unique to each of your online accounts, change them routinely and never reuse old ones. Most browsers will automatically offer to store your passwords when they see you log into a new site. Don't take the bait, and don't waste your time trying to memorize them all. Instead, put a secure password manager to work.

Now playing: Watch this: Keep your data secure with a password manager
1:13

The easiest place to start is LastPass, a service with in-browser extensions and its own one-tap authorization app for both iOS and Android. Although it offers a premium option for $36 annually, the free version's security features are solid: LastPass reviews your database of passwords and alerts you of duplicates, can automatically generate unique passwords for each site and automatically saves new site logins on creation. LastPass isn't the only player in the game, though. CNET's recent run-down on password managers can get you up to speed if you're browsing for the right option at the right price.

While you're beefing up your login practices, consider enabling two-factor authentication for your social media and email accounts. For sites like Twitter, Facebook or Google, enabling this extra layer of protection means you'll be prompted on login to enter not only your password but a secondary form of authentication, often a single-use SMS security code the site sends to your cellphone.

Adopt encryption

Simplified encryption apps on your cellphone offer privacy by scrambling your communications so anyone who intercepts them is unable to read them -- as long as both the message sender and receiver use encryption properly. Though there's debate about the comparative security strength of different encryption apps, the perpetual quest by governments and intelligence communities to break or ban them stands as a testament to their overall effectiveness. You don't have to understand exactly how end-to-end encryption works to benefit from it; you just have to get moving on installation. 

Start with Signal, the free and open-source software application for desktop, Android and iOS. You can use it to make encrypted phone calls, send texts, video and pictures. To use it, both you and your message's recipient need internet access on your mobile device. And Android users have the option of making Signal their default messaging service. 

And why stop with your phone when you can encrypt your messages on all digital fronts? There are suites of possible apps offering degrees of privacy for video chats, hard drives, email and more. But remember: fishy files can still find their way to an encrypted inbox. Run suspicious attachments through an online virus scanner like Virus Total before unleashing them on your device.

Stop web browsers from spying on you

The Washington Post has dubbed Google Chrome, the world's most popular web browser, "surveillance software." The fact is that you need to be vigilant to keep Chrome from spilling your data all over the internet. In Chrome or Firefox or most other popular browsers, you can use private mode or incognito mode to protect your browsing sessions. 

But if you really want to get serious about privacy, Brave is a browser equipped out-of-box with nuanced controls for blocking ad trackers, third-party cookies (which track you across the web via social buttons on a webpage) and third-party fingerprinters. Since Brave is built on the same open-source Chromium technology as Chrome, you can enjoy using most Chrome extensions without dragging a nasty trail of Chrome trackers behind you.

You'll find the same Chrome-based mechanics under the hood of Vivaldi, which offers versions for MacOS and Windows. From the makers of Opera, Vivaldi is a hyper-customizable browser that's expected to release versions for iOS and Android in 2019 (sans ad blockers, along with a stand-alone email module. 

Intermediate level

Get a VPN

A virtual private network is an essential layer of browsing software-based security that creates a private network between you, the websites you visit, and any wireless devices you've connected to. While VPN use won't guarantee absolute privacy, it generally works by blinding your internet service provider to the websites you visit, and blinding websites to your IP address. And it's absolutely critical if you're on public Wi-Fi and anyone could be potentially snooping on you, or worse. 

VPN prices range as widely as their security, which is largely based on which protocols are used. Long-time favorites like IPVanish, for example, might cost $58.49 for a year, but they keep no log of user activity, allow you to pay in bitcoin and offer a connection killswitch. 

CNET's side-by-side comparison of the best VPN services we've found in 2019 can steer you away from the rocks.

Learn Tor

Similar to a VPN, the Tor browser operates through an ever-expanding network of servers. In Tor's case, every request made from your computer bounces through an encrypted relay system of intermediaries to keep your identity hidden and make tracking your activity intensely difficult. The relays, or nodes, are volunteer-operated and open. 

Unfortunately, there are no official Tor browsers for iOS but Tor has install options for both Windows and MacOS, and an official app for Android. Security is a slow business, though. Don't expect to stream movies via Tor browsers. 

Head over to the official Tor site for download and set-up instructions. 

Your privacy hygiene list

To sum up, here are some quick tips for good privacy hygiene:

  • Never reuse passwords on multiple sites.
  • Never allow a web browser to save your passwords.
  • Enable two-factor authentication for your accounts whenever possible. 
  • Never connect to a public Wi-Fi hotspot without connecting to a VPN.
  • Use incognito mode or a privacy-focused web browser whenever possible, or make the jump to Tor.
  • Run a virus scan on email attachments -- even those from friendly sources -- before opening them. 
  • Any sensitive text-messaging conversations should always be conducted over a secure messenger such as Signal.

Advanced training

If privacy tutorials and surveillance-dodging has whet your appetite for cybersecurity, there's no reason to stop with these apps. Here are a few places you can go for more training that is either free or low-cost. 

  • The Society of Professional Journalists keeps a list of privacy and security tutorials and tools stuffed into their Journalist's Toolbox.
  • Udemy offers a cybersecurity survey class for $9.99 that allows you to get an overview of the fundamentals of good security.
  • Professor Messer offers an extensive collection of security training videos if you're interested in sampling a range of cybersecurity principles and best practices.
Now playing: Watch this: Loads of Android apps are skirting privacy controls
1:12