Cyber security for journalists: How to keep your browsing private

Tuesday 21 April 2015, 13:36

Alan Pearce

is a journalist and author specialising in cyber security

Your browser probably knows more about you than your own mother does. It knows your interests and your friends; it sees what you read and download; and it allows criminals, corporations and law enforcement to follow you around the web.

But none of this need happen. You can keep your browsing private by tweaking the settings; and you can mask where you go by using a virtual private network (VPN).

Arguably the most security-conscious browser is Mozilla’s Firefox which works on most operating systems from PC to Mac. There are two modes. In regular browsing you can choose to record certain activities, store history and bookmarks and accept cookies from favourite websites etc. But you can also switch to private mode via the menu tab which prevents your computer from logging your actions, ensuring your private activities stay private.

As soon as you install the browser, make a few adjustments to the settings:

Select options/privacy. Tick the option ‘Do not tell sites anything about my tracking preferences’
Under advanced/network tick ‘Tell me when a website asks to store data for offline use.’

There are a range of free add-ons for Firefox that significantly boost your security. These include:

Force HTTPS - Hypertext transfer protocol secure (HTTPS) is used for secure end-to-end communication. HTTPS Finder for Firefox automatically detects and enforces HTTPS connections, providing a reasonable guarantee that you are communicating with the intended website and not an imposter; plus ensuring that communications between the user and site cannot be read or forged by a third party

Kill trackers - Blur blocks web beacons and trackers that monitor browsing habits. Once installed, a tiny icon in the top right-hand corner issues an alert whenever a site is tracking you

Block baddies - use either the free or paid-for versions of AVG or Avast which both warn of and block viruses and spyware from entering your computer via drive-by downloads and watering hole attacks

Control cookies - BetterPrivacy allows you to remove or manage cookies, and provides various ways to handle Flash-cookies set by Google, YouTube, eBay and others

Avoid detours - to stop websites from opening other pages on your browser and taking you off to potentially harmful sites, try Redirect Remover which prevents redirects from links and images

Secure download - DownThemAll! uses the browser’s safety settings, so requires no configuration and features an advanced accelerator that speeds things up considerably. You can pause and resume downloads. It also allows you to download all the links or images on a web page and customise the search criteria

Encrypt - Encrypted Communication encrypts messages prior to transmission, including posts to Facebook and other social networks, and is simpler than many other encryption options.

To prevent your internet service provider (ISP) and others from seeing where you go on the internet, you need to cloak your activities. The simplest solution for quick, anonymous browsing is to use a facility such as Snoopblocker, Guardster or Anonymouse. These free services allow you to type in any web address and then travel around without leaving a trace of your activities or giving away your location. These are particularly useful for sensitive search engines queries and for visiting locally banned websites. Also try Hola which allows you to bypass country restrictions.

A more secure alternative is a VPN: effectively a ‘secret tunnel’ where all your online activities are screened from eavesdroppers. Free versions include FreeVPN and ProXPN. A popular and fast paid-for option is VyprVPN which also speeds up the internet connection.

To tighten things even further, you can access the regular internet via a hidden network such as Tor. The non-profit Tor browser has an estimated 2.5m users a day, including members of the military, activists, businesses and some journalists to keep communications confidential and aid free speech.

It also allows access to the so-called ‘dark web’ of otherwise hidden sites, many of which are used for legitimate purposes, but some are used to trade illegal drugs, weapons and images of child sexual abuse.

To access Tor, you first need the specially configured web browser to divert your traffic through a worldwide volunteer network of servers. This conceals your location and your activities, effectively hiding you among all the other users.

Tor works by encrypting and re-encrypting data multiple times as it passes through successive relays. This way the data cannot be unscrambled in transit. Tor does have its flaws and should not be considered completely safe. Ideally, first run a VPN before connecting to Tor.

For extra security, install Tor directly to a detachable USB thumb drive. Once installed, click the Tor logo in the top left-hand corner and select ‘forbid scripts globally’. Also, add-on HTTPS Everywhere, Blur and DownThemAll!.

You are now free to travel the surface web incognito or visit the Tor hidden network on the Deep Web.

In my next post I will look at using the Deep Web for secure communications along with other secret messaging systems.

Alan Pearce is a newspaper journalist, broadcaster, former BBC foreign correspondent and author of Deep Web for Journalists: Comms, Counter-Surveillance, Search.

The BBC has no specific guidelines for its own journalists on using Tor and does not endorse the Tor browser.

Cyber security for journalists: How to devise the perfect password

Cyber security for journalists: The internet is a hostile environment too

Online security: Protecting private data

Investigative journalism blogs by web research specialist Paul Myers

Our investigative journalism section

Searching for people online: Advanced techniques

Searching for company data: Advanced techniques

Information security for journalists