Internet 101: Understanding Browser Data

Internet 101: Understanding Browser Data

There’s a lot going on behind the scenes as you surf the web. You might have heard about things like “cookies,” but do you know what they do or what else your browser is storing?

Whenever you use your browser, the sites you visit and actions you perform result in information being saved. This data is typically used to make navigating the web easier for you in the future.

Many different pieces of information are being stored while you’re online. Cookies are just one part of the equation. There’s also your browser’s cache, history, autofill information, saved passwords, and even more little bits of data.

Why does it matter?

You might be asking why you need to know about your browser data. Depending on the situation, you might want to change certain browser settings or learn how to clear your data. Understanding your browser data can do the following:

  • Avoid privacy or security issues
  • Help you make the right decisions with your settings
  • Underline the importance of clearing your data
  • Help you decide what data to clear
  • Show you how some websites work
  • Make it easier to troubleshoot problems

Also, many people use a browser on their computer, phone, or tablet every day. That’s a lot of data. It’s important to stay informed and know what’s being saved.

What data is being stored?

A lot of different kinds of information get stored while you’re using the web. In this article, let’s talk about some of the biggest types of data being saved, including how they work and what to watch out for.

Internet cookies

You’ve almost certainly heard about cookies over the years. You also may have noticed that some websites alert their visitors to let them know they use cookies. But what are they?

A cookie is made up of data. Whenever you visit a website that uses cookies, a cookie is sent to a file in your browser. Then when you revisit that site, the cookie is sent back to it. Essentially, cookies are a way for a website to remember you or certain information it was given.

What’s typically being communicated is information about what you’re doing on the site. Cookies help keep track of visits to a certain website, certain pieces of information, and things like what’s in your cart at an online shop. For instance, when you go back to a website and see your login information has been saved, it’s likely that cookies were used to do this.

There are two main types of cookies you should know—session cookies and persistent cookies. Session cookies are stored temporarily. Once a “session” is over, the session cookie is gone. This means you simply need to close out of your browser to lose the cookie. Persistent cookies, though, stick around. These are the kinds of cookies that help do things like save login information or preferences you’ve indicated on a website.

Though cookies are very helpful, it is possible for unwanted cookies to collect data about your visits and then be used in ways that aren’t helpful to you. For instance, some cookies can be used to keep track of your interests and show you ads based on those interests. This practice is concerning to some people. One way to try to combat this is to see if your browser allows you to block third-party cookies. These cookies are sent to your browser from a source other than the website you’re on—often from an ad on the page.

However, for the most part, it’s typically recommended to allow your browser to accept cookies. If you’re visiting safe websites, you’re probably not encountering unwanted cookies. They make visiting sites a much easier and enjoyable experience, as well.

History

Your browser history is pretty straightforward: it displays the sites you’ve visited in the past. Your history is a recording of the sites you’ve gone to, including the name of the page and when you visited. Depending on your browser, your history might go back to pages you visited months ago. This can be really helpful to you, because if you forget to bookmark a site, you can always go back and find it in your history.

Cache

If you’ve ever been told to “clear the cache,” you might have done so while wondering what you were even deleting. The browser cache is a way to save certain things on websites in order to load things more quickly and efficiently in the future. Pages or pictures on a website might be saved to the cache. This means that if you visit a site and certain images are saved to the cache, then the next time you try to load another page on the site with those images on it, they won’t have to be accessed from the website all over again—they’ll just be displayed from the browser cache.

This can be really helpful if you’re clicking through multiple pages on a website and there’s, say, an image at the top of each page being used as a banner. You won’t have to load it from the website every single time you click on a new page. Not only does this mean that things load more quickly for you, it also means it takes a bit of stress off the website’s server.

Autofill

Autofill data is typically form information that’s saved for later. Think about all the times you’ve entered your address in a form. Storing autofill data means that next time you need to enter your address, you might not have to type it all back in again. This works with all kinds of information. Different areas (or “fields”) of a form often have names assigned to them. Autofill can use these names to identify which field to enter each piece of information into, so it won’t accidentally put your city in the field asking for your phone number.

Saved passwords

Some browsers can also save your passwords for you. If you’re using different passwords for each different account you have (which you should—take a look at my article about managing your passwords!), then those passwords can be difficult to keep track of. You often have the option to let your browser remember the password for you. This password data is typically saved to just that certain browser on that specific computer.

Though it’s likely tempting to take this option, be careful! If you’re using a shared computer, others will have access to your accounts. Keep this in mind, and make sure you never save your password to the browser if strangers will have access to it.

What you can do with your browser data

Now that you know about some of the data your browser is storing, you can make some informed decisions. Data takes up some space on your devices, and some of the stored data may be totally useless to you (or even completely unwanted), depending on how you typically use your browser. The good news is, you do have some choices when it comes to your browser data.

Change your settings

Most browsers allow you to change your settings to fit your needs. For instance, you can choose to block third-party cookies, or, if you want, even block all internet cookies. You might also want to turn autofill on or off. Depending on your browser, you can likely edit your autofill information, as well. If you have a new address, you can update your old autofill information. If you saved some information on accident, you can delete it. You can also turn saved passwords off and on, as well as delete passwords. Most of this data can be managed in some way.

In Chrome, you can find these kinds of options in your Settings under the Advanced section. In Firefox, these options can be found in the Options under Privacy & Security. Similar settings can be found in most popular browsers.

Clear some or all of your data

You can clear your browser data as often as suits you. Unless you’re having issues with your browser, you probably don’t really need to clear your data. On the typical PC, browser data doesn’t usually take up that much space. Of course, phones and tablets can be a completely different story. If you don’t have much space left on your phone, clearing your browser history actually can make a notable difference.

Also, you can clear data if you have any privacy concerns. If you share your device, you might want to clear your history. (You can also bypass this altogether by using something like Chrome’s incognito mode, which prevents browser data from being saved while in use.)

You can typically choose which data to delete and how far back you’d like to go. For instance, you might only want to delete your history so you keep your cache and cookies for easier browsing. You could delete just some of your recent history, or you could delete it all. Take a look in your browser’s settings to see which options you can choose from!

Internet 101: Overview of security basics

Internet 101: Overview of security basics

Recently, Wombat Security Technologies surveyed 2,000 adults in the U.S. and U.K. to see how secure their online habits were, and measure the average level of knowledge about online risks. The results were disappointing (though perhaps not to companies who specialize in online security training, like Wombat Security). Wombat vice president of marketing Amy Baker states, “We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors.”

Two-thirds of those surveyed didn’t know what ransomware is, and nearly one-third didn’t know what phishing is. Half of the U.S. group had been victims of identity theft. Considering the abundance of online threats that have sprung up seemingly overnight, including the unprecedented WannaCry attacks and the Petya virus in May, maybe a refresher of online security terms and best practices is in order.

First things first. There is no need to panic. Most of the attacks are targeted at large corporations. Most, but not all. There are still plenty of scams and threats for those who are vulnerable. Online criminals are just like real-world criminals: opportunists. If you leave your valuables in plain sight in an unlocked car, they probably won’t be there when you come back. If you hide them and lock the doors, chances are good that thieves won’t bother you.

Keeping your online accounts and files secure is never a sure thing, but there is plenty you can do to lower your risks. If you at least make yourself a difficult target, thieves will most likely move on to easier pickings.

Basic security terms

Malware

Malware is an umbrella term to describe any software or program designed to damage computers or files. Viruses, trojans, spyware, and ransomware are all malware.

Ransomware refers to software attacks that take your files ransom: your files are encrypted, and you get a message with instructions to send payment to an untraceable account to regain access. Most attacks have been to companies and government servers, and individuals are at a low risk of attack. Unencrypting the files rather than paying the ransom hasn’t been successful and even paying does not guarantee you will get access to your files back. The best protection is prevention. Backing up your important files in a separate location (an external hard drive or a password protected cloud account) is already something everyone should be doing, but that many do not. Windows has issued a patch to secure the breach that was being exploited, so if you have a computer running Windows and have installed all available updates, you are not vulnerable to WannaCry.

Viruses are malware that spread rapidly by attaching themselves to other files.

Trojans are malware that looks like normal software. A Trojan lets other malware in.

Spyware doesn’t interfere—it records what you do, including passwords, account numbers, and other sensitive information.

Adware isn’t inherently malicious, though targeted ads, spam, and popups can make you feel attacked. And adware has to get through your security, leaving holes for other malware.

Phishing

Phishing refers to any scam where the scammer contacts you to try to get information or money. It could be on the phone, through email, through social media, or a website. It may be obvious (asking for information or to wire transfer money), or more subtle (clicking a link or installing/downloading a file, which then collects the information or transfers the funds).

To see examples of phishing, visit Microsoft support.

Facebook hackers

Sometimes your friends are not your friends: Facebook accounts regularly get hacked, and then the hacker can trade on the trust between friends to spread scams. Often the owner of the compromised account doesn’t even know what is happening. If a friend is posting links that seem out of the ordinary or making offers that promise free money or goods, it may be worthwhile to contact your friend offline to see if they are really behind the posts.

Mobile devices

The term “mobile device” doesn’t just refer to your smartphone. The growing “Internet of Things” includes smart watches and Fitbits, tablets, home networks and security, smart TVs, cameras—even refrigerators; anything that is connected to the internet or a network and isn’t an actual laptop or desktop computer is a mobile device. The problem with mobile devices (especially older ones) is that security updates are often neglected, or non-existent. Software companies are stepping up their security game with these smaller devices as attacks increase, but as with any new technology, it takes time to work out the kinks. Meanwhile, it is better to save your information sensitive transactions for your more secure devices.

Firewalls

According to Microsoft, “a firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.”

What can you do?

Use passwords. This should go without saying, but I’m going to say it: use passwords.

Choose a secure password—use numbers, symbols, and capital letters, and for the love of Pete, don’t use your name, birthday, or “password.”

Use different passwords—if a hacker does get into one of your accounts, that’s bad. If they have all of your accounts, that’s worse. Don’t make it easy for them.

Don’t share your password. Just because you trust someone doesn’t mean they are trustworthy. But it also doesn’t mean that they will be as careful with your accounts as you would be.

Only conduct business on secure Wi-Fi connections.

Public connections (hotels, coffee shops, airports) aren’t secure just because the business is one you trust. Places with a password that you need to get from the clerk (or that is printed on a receipt) are a little better than those with an open network (no password needed), but it’s better to wait till you are in a secure connection to send sensitive emails or do your online shopping.

Regularly update your software.

I’m as guilty as the next person of putting off that “update required” notification, but procrastination can get you in trouble: security teams who are keeping up with weaknesses in their software need you to install their patches, or you don’t benefit from their services., and it is usually something the software developer has developed and update to fix, meaning that those not updating regularly are at risk. The patches to stop the WannaCry attacks were available in March. “This isn’t rocket science; it’s an oil change,” comments David Venable, a former intelligence officer with the US National Security Agency.

If something seems too good to be true, be suspicious and do your homework

Don’t call me, I’ll call you: Don’t share personal info with anyone who contacts you; tell them you will contact them with the deets. This includes spam emails: if you didn’t solicit an email, or don’t know the person who sent it, don’t open attachments. This is how many viruses spread. Even if you do know the person who sent it, exercise caution. Email accounts can get hacked.

Never, ever wire transfer money to someone you don’t know in person, and can’t talk to on the phone. The same goes for giving out your credit card number. When shopping online, companies like eBay and Amazon offer protections and refunds if your goods never show up, and PayPal does too—not to mention that the payment can be can be tracked if something fishy happens, and individuals don’t have access to your account information.

Only download files from trusted sites. Your anti-virus software can only do so much.

Make sure you have firewalls and antivirus software installed and updated

AVG currently has some of the best free antivirus software. Or you can pay a little for more advanced security. You can even get security for your smartphone.

Cat has picture taken by phone security

I can haz credit card number?

Cat tries to unlock phone: https://imgur.com/ZfFg47qIf you have a computer that runs Windows Vista or newer OS, you have a firewall installed and running by default. For other operating systems, you should check with the provider to see if you are protected.

Backup

An external hard drive or secure, password-protected cloud storage should be a regular part of your internet security plan. If your computer files do get corrupted, either maliciously or not, having separate copy means you won’t lose everything. But the key word is “separate”: leaving your external hard-drive connected to your computer network defeats the purpose.

Why we choose terrible passwords, and how to fix them

File 20170428 12984 4awn7wHow secure are you?
Rawpixel.com via shutterstock.com

Megan Squire, Elon University

The first Thursday in May is World Password Day, but don’t buy a cake or send cards. Computer chip maker Intel created the event as an annual reminder that, for most of us, our password habits are nothing to celebrate. Instead, they – and computer professionals like me – hope we will use this day to say our final goodbyes to “qwerty” and “123456,” which are still the most popular passwords. The Conversation

The problem with short, predictable passwords

The purpose of a password is to limit access to information. Having a very common or simple one like “abcdef” or “letmein,” or even normal words like “password” or “dragon,” is barely any security at all, like closing a door but not actually locking it.

Hackers’ password cracking tools take advantage of this lack of creativity. When hackers find – or buy – stolen credentials, they will likely find that the passwords have been stored not as the text of the passwords themselves but as unique fingerprints, called “hashes,” of the actual passwords. A hash function mathematically transforms each password into an encoded, fixed-size version of itself. Hashing the same original password will give the same result every time, but it’s computationally nearly impossible to reverse the process, to derive a plaintext password from a specific hash.

Instead, the cracking software computes the hash values for large numbers of possible passwords and compares the results to the hashed passwords in the stolen file. If any match, the hacker’s in. The first place these programs start is with known hash values for popular passwords.

More savvy users who choose a less common password might still fall prey to what is called a “dictionary attack.” The cracking software tries each of the 171,000 words in the English dictionary. Then the program tries combined words (such as “qwertypassword”), doubled sequences (“qwertyqwerty”), and words followed by numbers (“qwerty123”).

Moving on to blind guessing

Only if the dictionary attack fails will the attacker reluctantly move to what is called a “brute-force attack,” guessing arbitrary sequences of numbers, letters and characters over and over until one matches.

Mathematics tells us that a longer password is less guessable than a shorter password. That’s true even if the shorter password is made from a larger set of possible characters.

For example, a six-character password made up of the 95 different symbols on a standard American keyboard yields 956, or 735 billion, possible combinations. That sounds like a lot, but a 10-character password made from only lowercase English characters yields 2610, 141 trillion, options. Of course, a 10-character password from the 95 symbols gives 9510, or 59 quintillion, possibilities.

That’s why some websites require passwords of certain lengths and with certain numbers of digits and special characters – they’re designed to thwart the most common dictionary and brute-force attacks. Given enough time and computing power, though, any password is crackable.

And in any case, humans are terrible at memorizing long, unpredictable sequences. We sometimes use mnemonics to help, like the way “Every Good Boy Does Fine” reminds us of the notes indicated by the lines on sheet music. They can also help us remember a password like “freQ!9tY!juNC,” which at first appears very mixed up.

Splitting the password into three chunks, “freQ!,” “9tY!” and “juNC,” reveals what might be remembered as three short, pronounceable words: “freak,” “ninety” and “junk.” People are better at memorizing passwords that can be chunked, either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.

Don’t reuse passwords

Suppose we take all this advice to heart and resolve to make all our passwords at least 15 characters long and full of random numbers and letters. We invent clever mnemonic devices, commit a few of our favorites to memory, and start using those same passwords over and over on every website and application.

At first, this might seem harmless enough. But password-thieving hackers are everywhere. Recently, big companies including Yahoo, Adobe and LinkedIn have all been breached. Each of these breaches revealed the usernames and passwords for hundreds of millions of accounts. Hackers know that people commonly reuse passwords, so a cracked password on one site could make the same person vulnerable on a different site.

No! Don’t do this!
designer491 via shutterstock.com

Beyond the password

Not only do we need long, unpredictable passwords, but we need different passwords for every site and program we use. The average internet user has 19 different passwords. It’s easy to see why people write them down on sticky notes or just click the “I forgot my password” link.

Software can help! The job of password management software is to take care of generating and remembering unique, hard-to-crack passwords for each website and application.

Sometimes these programs themselves have vulnerabilities that can be exploited by attackers. And some websites block password managers from functioning. And of course, an attacker could peek at the keyboard as we type in our passwords.

Multi-factor authentication was invented to solve these problems. This involves a code sent to a mobile phone, a fingerprint scan or a special USB hardware token. However, even though users know the multi-factor authentication is probably safer, they worry it might be more inconvenient or difficult. To make it easier, sites like Authy.com provide straightforward guides for enabling multi-factor authentication on popular websites.

So no more excuses. Let’s put on our party hats and start changing those passwords. World Password Day would be a great time to ditch “qwerty” for good, try out a password manager and turn on multi-factor authentication. Once you’re done, go ahead and have that cake, because you’ll deserve it.

Megan Squire, Professor of Computing Sciences, Elon University

This article was originally published on The Conversation. Read the original article.