Self-Test How do you conduct yourself when it comes to your data? Illustration: Man with smartphone | © Goethe-Institut/Julia Klement How do you conduct yourself on the net when it comes to your data? More on the cautious side? Or rather insouciant? Or balanced and pragmatic? Here is a self-test in six questions. How do you conduct yourself on the net when it comes to your data? More on the cautious side? Or rather insouciant? Or balanced and pragmatic? Here is a self-test in six questions. Click on [Start] 1. Are you familiar with the private surfing function of your browser? Yes, I know about it but don’t use it. It’s not safe enough for me. I use Tor anonymization, which is really anonymous. Yes, I use the private surfing function from time to time; for example, when I research things that are none of anybody else’s business. Nope. What do you need it for? NOTE: The private surfing function of the latest browsers makes it possible to use the net while preserving relative anonymity. Data about you and your system are suppressed; cookies are not installed. But beware: this does not provide secure protection. It remains possible to enquire about your identity through the provider. NOTE: Tor anonymization is in fact more secure, but brings restriction with it; for example, slower connection. It also requires special browser. For connections that are not so sensitive, the private surfing function may therefore suffice. NOTE: The private mode in a browser ensures a certain degree anonymity, but is not absolutely secure. Since the IP address is still transmitted, your identity can be determined by asking your provider. It is safer to anonymize with Tor. 2. Do you use the a password manager? Nope, I can remember the three passwords I have. Password manager? No way! All my passwords in one place and then perhaps in a cloud? Will never darken my door! I’m happy to use a password manager. I then have all my passwords on all my devices at my fingertips and have to remember only one master password. NOTE: Watch out! Passwords are the weakest point of data security with most people. If you use few and simple passwords, it’s only a matter of time before your internet accounts are hacked. You should use only long, complicated passwords – and a different one for each account. A password manager can help manage your passwords. NOTE: It’s right to be careful. We hope you can guarantee a high degree of security for your passwords without a password manager (by using long, difficult passwords and one for each account). But there aren’t many people with such a good memory, so that on balance you are safer on the net with a password manager than without. NOTE: Password managers allow a high degree of password security combined with a relatively high degree of user convenience. But they are also a “single point of failure”: if someone gets into your password database, he has all your accounts under control with one fell swoop. Make sure your password manager is well-protected! 3. Is your messenger securely encrypted? I try to use encrypted messengers whenever possible. Good that WhatsApp is now also encrypted end-to-end; many people will use it in any case. I use only the messengers Signal and Threema. They are very safe and I always have full control over my communications. Whew, encryption? I just use what my friends use. NOTE: There are still a lot of unencrypted messengers. For example, the default mode of Facebook Messenger is unencrypted. Most of the popular messengers, however, now use an end-to-end encryption. This means that only the sender and the receiver can read the message. NOTE: Both messengers are in fact considered very secure. Unfortunately, you can reach only a small part of your circle of friends with them. Did you know that WhatsApp uses the same encryption standard as Signal? And Apples iMessage is also considered secure. Still, the providers know who is chatting with whom. NOTE: WhatsApp uses in fact a secure encryption (the same as Signal). WhatsApp, however, belongs to Facebook, and Facebook is very interested in whom you are in touch with. The connection data can be collected by the provider in spite of encryption. 4. Do you use a cloud storage service such as Dropbox or iCloud? I use these services, but only for specially selected files that everyone can see. If I store something sensitive there, I make sure it is well encrypted. Sure! Dropbox, iCloud, Google Drive – the works. It’s very cheap and the data are always synchronized with various other devices. Extremely practical. No way! My data on the computers of strangers! So it’s come to that, has it? NOTE: Practical perhaps. But if you store your data on a cloud, it’s all in the hands of strangers, who can in the end determine what will happen with it. You should be careful about what you store there, and perhaps encrypt the data before uploading it. NOTE: Then we can only hope you secure your data in another way. In the case of data loss – for example, through ransomware – you would be glad if you had saved your data on a cloud. There are cloud storage services, such as SpiderOak and SkyCrypt, that encrypt stored data in default mode. NOTE: Storage services can also be hacked; for example, a lot of passwords have gone missing at Dropbox. There are also cloud services, such as SpiderOak and SkyCrypt, that store only encrypted data. If data there is fished up, hackers can’t do anything with it. 5. Do you use the fingerprint scanner on your smartphone? Nope, I’ve switched off the lock screen. It’s so annoying. Yes, I use the scanner. It’s the perfect balancer between security and user convenience. No! Fingerprint scanners are eerie. Moreover, you can fake fingerprints. I use instead a number code (PIN). NOTE: You should always have a lock on your mobile activated. If the phone falls into the wrong hands, a potential attacker can immediately get all your data, photos and identities at all the apps and social networks. NOTE: Fingerprints can in fact be found everywhere you have left them and forged. Also on your smartphone. But PIN entries can be observed or even filmed. A fingerprint is at least as secure as a four-digit PIN, and much more convenient. NOTE: Fingerprints ensure a certain degree of security. But be careful; fingerprints can be found everywhere you have left them - also on your smartphone – and then forged. If fingerprints fall into the wrong hands, there remain only nine other fingers that you can use to ensure the security of your phone. 6. Have you activated additional security measures for your accounts? Two factor authentication (2FA)? Out of the question. I’m not about to give them my telephone number! What security measures? A password is enough. I have two factor authentication (2FA). It protects my account against hacker attacks. NOTE: There are now many ways to crack passwords. A secure password is therefore mandatory. In addition, you can activate 2FA (two factor authentication). You store your telephone number and, when you log in, are sent an SMS with a code. This raises your account security immensely. NOTE: Then you should use a very, very secure password, because without 2FA your account is considerably less protected against hackers. There are now 2FA apps with which you don’t need to enter your phone number. NOTE: 2FA is a good security feature, but you should still choose a strong password. Did you know, by the way, that instead of entering a mobile number, you can enter a 2FA? You conduct yourself on the net ... rather nonchalantly You are rather carefree on the net. It’s your playground, where you run free. All honour to your insouciance, but you shouldn’t forget that there are real dangers lurking out there. Someone could, for example, hack your accounts and order things on the internet using your identity. While there is no absolute protection against such attacks, there are a few things you can do to improve your security. We hope we were able to furnish you with some tips. You conduct yourself on the net ... rather cautiously You are very data-conscious and that’s a good thing. You are prepared to do without many things, even user convenience. But you should ask yourself whether this is really always the best course. The greatest enemy of the good is not the bad but the perfect. The pursuit of perfect security sometimes leads to neglecting good security measures. There is no such thing as perfect security. In the end, you restrict yourself more than is necessary, and have less security than you could have. We hope we were able to provide a few tips for a pragmatic way of dealing with the technology. You conduct yourself on the net ... rather pragmatically You are pretty pragmatic! You reflect about what you do on the internet and how you can protect yourself there as well as possible. You are willing only reluctantly to do without user convenience and want to enjoy the possibilities of the internet to the full. You are on the right track. Security is always a matter of weighing the odds. There is no such thing as perfect security, but this doesn’t mean you should leave the front door open. Naturally, you can always do more. And the digital world is in constant motion: what was considered safe yesterday has already been outstripped today. So keep your eyes ahead and stay up to date. We hope we were able to give you a few tips on how to do this. Choose an answer!