Beginner's Guide to Online Security and Privacy

The Merriam-Webster dictionary defines security as measures taken to guard against espionage or sabotage, crime, attack, or escape. Those descriptive words also apply to the protections you must take when you're online to safeguard your security and privacy. We all realize by now that the Internet is full of hackers looking to steal anything of value, but worse yet, the government that has pledged to be ‘by the people, for the people’ often intrudes on our privacy in the name of national security.

This guide, however, is not for those engaged in covert activities that need would shielding from the prying eyes of the NSA. It is intended to be a basic guide for people who use the Internet on a daily basis for:

  • Work
  • Social Media Activity
  • E-commerce

Whether your online activity is largely confined to a desktop, or you're a mobile warrior on the go, implementing the proper security and privacy protocols can protect you from hackers and also prevent your ISP provider from knowing every single website you’ve ever accessed.

What follows is a basic guide that anyone can use to beef up online security and ensure as much privacy as possible, while being mindful that total anonymity on the Web is nearly impossible.

Online Security for Desktops, Laptops, and Mobile Devices

Install Software Updates

At the minimum you need to make sure that you install the most recent software updates on all your desktop and mobile devices. We know that updates can be a pain, but they can ensure that your software is as secure as possible.

In fact, you will often notice that many update messages are related to some type of security glitch that could make it easier for someone to gain access to your information through the most common browsers such as Firefox, Safari and Chrome.

If you take your sweet time installing an update, it gives hackers that much more time to gain access to your system through the security flaw that the update was designed to fix.

Most of the major brands such as Apple and Samsung will send users messages on their desktops, laptops and mobile devices the moment they release a security update.

For example, Apple recently released new security updates for its iPhones, iPads and Macs for a computer chip flaw known as Spectre. This flaw affected billions of devices across all the major systems, including iOS.

Apple immediately sent a message to all its mobile users to install an update, which included security patches to block hackers from exploiting the flaw in the chip. The company also sent emails to desktop users to install Mac OS High Sierra 10.13.2, which included fixes to Safari for laptops and desktops.

The point is that you don’t need to worry that you won’t get these update prompts, because it’s in the best interests of the major brands to keep a massive hack from occurring. But if you want to ensure that you never miss an important update, there are several tools that can help you achieve this goal...

Update Tools for Mac Users

  1. MacUpdate/MacUpdate Desktop – These two companion apps scan your desktop or mobile devices to locate software that needs updating. The desktop version has a menu bar that informs you when a software update is complete. The basic updating function is free to all users, but there are premium tiers that are ad-free, and include a credit system that rewards you for every new software you buy.
  2. Software Update – This is a built-in app that you access through the Apple menu that opens the Mac App Store app and lets you click on the Updates tab. Software Update analyzes all the apps you’ve downloaded from the Mac App store to see if they’re updated. It does the same thing for your operating system software, which is a nice bonus.

Update Tools for PC Users

  1. PC App Store – A free tool that analyzes every program on your desktop and issues prompts for any software that isn’t updated. PC App Store is convenient because it updates directly through the program without you having to open a web browser. And the program tells you what the update includes so that if it isn’t related to a security flaw, you can skip it for a later time.
  2. Patch My PC – If you choose the auto-update feature on this free tool, it automatically installs software patches on any application that has a security update. If you run the manual version, the program quickly scrolls through updated and non-updated applications and lets you check the ones you want to update and patch. One other useful aspect of this program is that you can run it using a flash drive.

Take Advantage of Encryption

Encryption is a fancy word for a code that protects information from being accessed. There are various levels of encryption, and at the highest levels, encryption offers you the strongest protection when you are online. Encryption scrambles your online activity into what looks like a garbled, unidentifiable mess to anyone who doesn’t have the code to translate that mess back to its real content.

The reason this is important is that protecting your devices with only a password won’t do much to protect your data if a thief steals the device, accesses the drive and copies the data onto an external drive. If that device is encrypted, the data that the thief accesses and ports to another drive will still remain encrypted, and depending on the level of encryption, it will either take that thief a long time to break the code, or the thief will not be able to crack it.

Before we dive into some of the basics of encrypting desktops and mobile devices, remember that encryption has some drawbacks. The main one is that if you lose the encryption key, it can be very difficult to access your data again. Second, encryption will affect the speed of your device because it saps the capacity of your processor.

This is a small price to pay, however, for all the benefits encryption offers in terms of security from intrusion, and privacy from prying eyes that want to know exactly what you’re up to on the Internet.

Basic Encryption for Apple Devices

If you own an Apple mobile device such as an iPhone or iPad, these devices are sold with encryption as a standard feature, so all you need is a good passcode.

If you own a Mac desktop or laptop device, you can encrypt your device by using the FileVault disk encryption program that you access through the System Preferences menu under the ‘Security’ pull-down. Just follow the easy-to-understand directions to obtain your encryption key.

Basic Encryption for PCs and Android Devices

If you own a PC, you will need to manually encrypt your device. You can encrypt the newer PC models using BitLocker, a tool that’s built into Windows. BitLocker is only available if you buy the Professional or Enterprise versions of Windows 8 and 10, or the Ultimate version of Windows 7.

If you choose not to use BitLocker, Windows 8.1 Home and Pro versions include a device encryption feature that functions very much like BitLocker.

Newer Android phones including the Nexus 6 and Nexus 9, have default encryption. But for phones that are not encryption enabled, the process is not difficult.

For phones and tablets that run on Android 5.0 or higher, you can access the Security menu under Settings and select ‘Encrypt phone’ or ‘Encrypt tablet.’ You will have to enter your lock screen password, which is the same password necessary to access your files after encryption.

For phones and tablets that run on Android 4.4 or lower, you must create a lock screen password prior to initiating the encryption process.

Protect Your Text Messaging

Even before Edward Snowden became a household name with his explosive revelations about the extent of NSA’s wiretapping of Americans, it was obvious that text messages were vulnerable to interception by outside parties.

What’s even more insidious is that the information generated from your text messages, which is known as metadata, is extremely valuable. Metadata includes information about whom you communicate with, where that communication takes place and at what time.

Hackers and government agencies can learn a great deal about you through metadata, which is why it’s so important for you to protect the privacy of your text messages.

Fortunately, there are applications you can install to encrypt your text messages after they are sent to another person, and many don’t collect metadata.

Tools to Encrypt Your Text Messages

Signal is a free app that provides end-to-end encryption for Android and iOS, which means that only the people who are communicating on the text message can read the messages.

Any other party would need the encryption key to decrypt the conversation, and that includes the company that owns the messaging service. One of the big advantages of using Signal is that it collects very little metadata.

Another popular encrypted messaging service is WhatsApp, owned by Facebook, which works mostly on mobile devices. Remember to turn off all backups on your WhatsApp account by accessing Chats, then Chat Backup and setting Auto Backup to Off. This turns off backups on the app and the cloud.

If you don’t disable the Auto Backup feature, government and law enforcement agencies can access the backup with a search warrant. Why is that so risky? Because end-to-end encryption only covers the transmission of your messages, and doesn’t protect messages that are in storage. In other words, law enforcement or government agencies could read the text messages stored in a cloud backup.

One other thing to remember is that although WhatsApp is considered one of the more secure apps for encrypting text messages, it does collect metadata.

And if a government or law enforcement agency obtained a search warrant, it could force Facebook to turn over that metadata, which would reveal things you might want kept private such as IP addresses and location data.

Protect Your Browsing History

Whenever you’re on the Internet, there are people trying to see what you’re doing, when you’re doing it and how often you’re doing it.

Not all these prying eyes have ill intent, and in many cases, they are marketers who are trying to track your online movements so they can target you for ads and offers. But enterprising hackers are also monitoring your activities, looking for weaknesses they can target to obtain your personal information.

And your Internet Service Provider (ISP) gathers a ton of information based on your browsing history.

In the face of all these threats to privacy, how do you protect yourself when you’re online?

You can use a virtual private network (VPN), which acts exactly the way a standard browser does, but lets you do it anonymously.

When you use a VPN, you connect to the Internet using the VPN provider’s service. All transmissions that occur when you get online with your mobile phone, tablet, desktop or laptop are encrypted.

This protects all your online activity from the government as well as from your ISP, lets you access sites that would normally be restricted by your geographical location, and shields you from intrusion when you are at a public hotspot.

If someone tries to track your activity, your IP address will appear as that of the VPN server, which makes it nearly impossible for anyone to know your exact location, or your actual IP address.

However, VPNs don’t provide you with total anonymity, because the VPN provider knows your real IP address as well as the sites you’ve been accessing. Some VPN providers offer a ‘no-logs’ policy, which means that they don’t keep any logs of your online activities.

This can be hugely important if you are up to something that the government takes an interest in, such as leading a protest group, and you want to make sure none of your online activities can be tracked.

But VPN providers are vulnerable to government search warrants and demands for information, and must measure the possibility of going to jail by keeping your activity private, versus giving up your information and staying in business.

That’s why if you choose to go with a VPN, it’s important to do the research on a provider’s history and reputation. For example, there are 14 countries in the world that have shared agreements about spying on their citizens and sharing the information they unearth with each other.

It may not surprise you to learn that the U.S,  Canada, United Kingdom, France, Germany and Italy are all part of that alliance.

What may surprise you is that it’s best to avoid any VPNs that are based in one of these 14 countries, because of their data retention laws and gag orders which prevent VPN providers from telling their customers when a government agency has requested information on their online activities.

If you’re serious about VPNs and want to know which are trustworthy and which aren’t worth your time, we’ve done a pretty extensive review of VPN services that you can access here.

Used correctly, VPNs can provide you with a high degree of privacy when you’re online, but in an era in which billions have joined social media platforms such as Facebook, and services such as Google, what are the privacy risks related to how these companies use your personal information?

How the Heavy Hitters Use Your Personal Information


There isn’t much privacy when you join Facebook, especially since the company’s privacy policy blatantly states that it monitors how you use the platform, the type of content you view or interact with, the number of times you’re on the site, how long you spend on the site, and all the other sites that you browse when you’re not on Facebook.

How does Facebook know that little nugget? By tracking the number of times you click ‘Like’ on any site that includes a Facebook button.

Unfortunately, there isn’t much you can do to make Facebook more private. You can access the ‘Download Your Information’ tool to know exactly what the site has on you, and you can check your activity log to track your actions since you joined Facebook, but that’s about it.

Deleting your account will remove your personal information, but any information about you that your followers have shared in a post will remain on the site.


Google stores personal information such as your name, email contact, telephone number, how you use the service, how you use sites with Ad Words, your search inquiries and location tracking. More importantly, your name, email address and photo are publically available unless you opt out.

To protect some of your privacy, you can edit a number of preferences, turn off location tracking, change your public profile and read what information Google has collected on you through the company’s data board.


Apple’s privacy policy states that it collects information such as your name, contacts and music library content, and relays them to its own servers using encryption. Apple’s News app analyzes your reading preferences to match them to ads targeted toward what you like.

Targeted advertising is one of Apple’s biggest con jobs, and that’s said with respect for the company’s ability to print money like no other business on earth. Apple has created ad-blocking technology in its iOS software to prevent outside companies from reaching its customers.

But it makes no bones about using personal information and personal preferences culled from its customers to supply them with an endless stream of targeted and intrusive ads.

You can opt out of what Apple calls ‘interest-based ads’, but the company pretty much lets you figure this out on your own.


Amazon collects a ton of person information, including name, address, phone number, email, credit card information, list of items bought, Wish List items, browsing history, names, addresses and phone numbers of every person who has ever received an Amazon product or service from you, reviews you’ve posted, and requests for product availability alerts.

There isn’t much you can do to keep Amazon from being intrusive, unless you’re not planning on using the site for purchases. For example, Amazon uses ‘cookies,’ which are snippets of data that attach to your browser when you visit the site.

Cookies activate convenient features such as 1-Click purchasing, and generate recommendations when you revisit Amazon, but they also allow Amazon to send you ads when you’re on another website, which can feel like an invasion of privacy and are also annoying.

The problem is if you opt to turn off cookies on your Amazon account, you won’t be able to add items to your shopping cart, or do anything that requires a sign-in, which pretty much eliminates all your buying options.

That gives you a general overview of how some of the big brands use your data so you’re aware of the implications of providing your personal information. Let’s wrap things up with some frequently asked questions about security and privacy.

FAQ's about Security and Privacy

1. Can people really hack me at a coffee shop?

Most coffee shops offer public WiFi that have varying levels of security. In many instances, these free networks are not very secure, and even a low-level hacker could gain access to the transmissions occurring at the coffee shop by setting up a fake hotspot. If you want to get online at a coffee shop, do so through a VPN. If you don’t have a VPN, make sure you’re signing in under the name of the WiFi hotspot, and limit your activity to browsing instead of conducting financial transactions.

2. Is the NSA really watching me via my computer camera?

The NSA definitely has the technology to spy on you through your webcam. Edward Snowden revealed that the NSA has plug-in that can hack cameras and take pictures, record video and turn on the mic on a webcam to act as a listening device. One easy way to thwart this hack is to place a sticker on your webcam lens that prevents a hacker from seeing anything in your home.

3. Can Facebook see my messenger chats and change my feed based on those conversations?

Facebook’s Messenger feature uses security that it says is similar to what banks use to protect their clients’ financial information. Two years ago, Facebook added end-to-end encryption to its messenger feature, but users must activate it, because it’s not a default. However, Facebook does use your profile, public photos  and public posts to better customize things such as the content of the News feed it sends to you.

4. When can - or can’t - the government get personal data from companies?

Under the Electronic Communications Privacy Act passed in 1986, government agencies can obtain subpoenas and search warrants to force technology companies like Google or Apple to provide information about a user or a group of users. Companies can refuse based on the Fourth Amendment ban against unreasonable search and seizure, but they face an uphill battle if the request is for a legitimate reason. Recently, Amazon refused an order by the state of Massachusetts to turn over data about third-party sellers. But the company relented after it was served with court order to provide the data or face legal consequences.

The Only Constant Is Change

Privacy and security are two sides of the same coin, and while there is no way to guarantee total privacy or complete security in the digital world, the first step is to understand the tools available to you, and the ways in which your personal data is being used by big companies that want your business.

While this isn’t a comprehensive guide of every aspect of online security and privacy, it provides you with some best practices and important concepts that can help you better understand this complex and ever-changing issue.