Are you a savvy surfer, or trapped in a mental underground bunker of your own making?
Dan AckermanEditorial Director / Computers and Gaming
Dan Ackerman leads CNET's coverage of computers and gaming hardware. A New York native and former radio DJ, he's also a regular TV talking head and the author of "The Tetris Effect" (Hachette/PublicAffairs), a non-fiction gaming and business history book that has earned rave reviews from the New York Times, Fortune, LA Review of Books, and many other publications.
"Upends the standard Silicon Valley, Steve Jobs/Mark Zuckerberg technology-creation myth... the story shines." -- The New York Times
ExpertiseI've been testing and reviewing computer and gaming hardware for over 20 years, covering every console launch since the Dreamcast and every MacBook...ever.Credentials
Author of the award-winning, NY Times-reviewed nonfiction book The Tetris Effect; Longtime consumer technology expert for CBS Mornings
I'll excuse you for feeling a little paranoid about the internet lately. Hardly a week goes by without news of some major data breach, hack or other security issue. And if you follow "Security Twitter," the loose amalgam of experts and commentators talking about the latest in devious schemes and security lapses, it might feel like it's time to unplug altogether.
People have their own methods of coping. Some simply plow ahead, thinking, "Hey, I've probably been hacked 10 times already, so what's the difference?" Others go for a digital version of the survivalist prepper manifesto, and become obsessed with minimizing exposure to anything and everything potentially unsafe.
Neither of those is the smartest approach -- extreme methods on either end of the bell curve rarely are. A more common approach is what I call buffet-style security: You pick up potentially useful information based on second-hand news reports or tips passed around at the virtual watercooler and come up with your own personal digital security plan. But is every suggestion worth following? And where should you draw the line between convenience and security? I asked a trio of experts to weigh in on some of the most common personal digital security questions.
Should I cover my laptop webcam with a Post-It note?
reportedly does it, so maybe you should, too. Or, then again, maybe not. Zack Whittaker, security reporter for CNET sister site ZDNet, says, "No, you don't have to do that, but it doesn't hurt… [Webcam hacking] is not easy to do and it's a targeted attack. Unless you have nuclear secrets or you're a spy, you don't need to worry about these things."
Troy Hunt, the Australian security researcher behind the popular "Have I been pwned?" website agrees, at least in part. "I don't do it, but I'm kind of conscious of what [the camera's] pointing at," he says. "I probably could cover it. But, on the other hand, are you going to cover the camera on your iPhone or iPad as well?"
But this view is not universal. "The biggest reason I think people should cover their laptop webcams is we've seen a lot of criminal behavior where there's malware and threats out there that rely on accessing your webcam and taking pictures of you," says security consultant Jessy Irwin, an in-demand conference speaker and the former Security Evangelist for 1Password.
My recommendation: Don't feel obliged to cover your webcam, but it couldn't hurt, and it might make you more comfortable.
Is it OK to allow online stores to remember my credit card number?
Tired of typing in your credit card number for every online purchase? Nearly every ecommerce site, from
to Posters.com, helpfully offers to remember your payment info. But should you take advantage of this helping hand?
Whittaker advises against it, even though companies like
are pretty reliable about keeping your account information safe. "The inconvenience of typing in your credit card each time is very small, compared with the massive inconvenience of having your information stolen," he says.
Irwin agrees, and offers a workaround. "Generally, don't save any kind of credit card information online," she says. "What I do recommend is using a password manager… [they] help keep your passwords together, but they also have places where you can keep credit card information so it's right at your fingertips whenever you need."
But Hunt thinks stealing personal account information is more important to criminals than your credit card number. "There are personal attributes that are genuinely very sensitive and important, like your password, " he says. "Because that will unlock other things."
He doesn't worry as much about credit card fraud. "My wife has had her card defrauded so many times and the bank calls up, they say, 'We're seeing fraudulent activity, would you like us to cancel it?'" he says. "They'll refund the money, they'll put another card in the mail… So when it comes to who I trust the card with, I honestly don't worry too much about that."
All three agree, however, that systems such as
are generally safe, because they generate one-time use tokens for payment rather than sharing your actual card number with a retailer.
My recommendation:Stick to big retailers with a good track record, or use a system like Apple Pay that hides the actual credit card number during transactions.
Is it ever OK to use public Wi-Fi?
The open Wi-Fi at Starbucks, public parks, airports and even deep underground in the New York subway system is free and convenient, but so is the bowl of mints in a nice restaurant bathroom. Doesn't mean you should use it. You should avoid doing your banking over your morning latte, but are these freebie connections safe for basic web surfing and email?
"I personally would rather not use public Wi-Fi," says Whittaker, but he also thinks it should be okay if each website you use is properly encrypted (look for "HTTPS" at the start of the URL). Many web browsers, including Google Chrome, label a site "Secure" if it has
Encryption is becoming much more common, and one of the reasons Hunt is less wary of public Wi-Fi than he used to be. "The stuff I want to do in an airport is check my email, check my Twitter, check my Facebook," he says. "I'm so confident in the encryption of all those entities now, that I'm actually quite happy doing that sort of thing on public Wi-Fi."
But that doesn't mean there's nothing to worry about, Irwin cautions. Even if the information you send or receive is encrypted, you still may be leaving identifying breadcrumbs about your device and location. "It might be information that can identify you when you're walking through a store," she says. "And it may be used to serve ads to you or send text messages to you from a retailer."
But her final warning is to not let high-tech solutions get in the way of common sense. "If you're using your devices in public and you have to enter a password or a passcode, it's very easy for someone to look over your shoulder and see your password." In other words, the lowest of low-tech hacks can sometimes get around even the most secure encryption.
My recommendation: Sticking to encrypted websites is generally safe, but watch for prying eyes over your shoulder.