Weird Science

How to stay safe online

More and more of our lives are moved online: our money, our personal information and our social life are entrusted to the algorithms and safety measures of companies and institutions. Should we trust them?

STAY SAFE ONLINE: There are many ways to have your personal information compromised and abused online. Luckily, there are ways to stay safe.
Arjun Ahluwalia (art), University of Bergen.

Main content

What should we be worried about when we go online?

"What we should be worried about is fraud and misuse of information, compromised privacy and exploitation of kids", says Mohsen Toorani, postdoctoral fellow at the Department of Informatics at the University of Bergen (UiB).

Toorani finished his PhD on security protocols in 2015, and is an expert on cryptography and information security.

“When you post pictures or share your personal information online, the information might be used to level an attack against you. Sharing location information can provide useful information for anyone that wants to harm you. For example, posting a photo and location on Facebook or posting your travel plans while you are on a trip will inform burglars that your house is empty or that your family is home alone.

That’s probably not a good idea then. Any other safety concerns?

“Phishing websites can gather your personal information and misuse it. The number of phishing websites increased by 250 percent between October 2015 and March 2016, according to the Anti-Phishing Working Group data.

Identity thieves gather personal information from social media websites. Despite benefits, there are risks associated with the use of social media. There are many ways a hacker might use the available information for bad purposes. Social networking websites are famous for information gathering (intelligence), phishing, fraud, and spamming.”

Most people log in to their bank with pass codes and security tokens. How does this work?

“User authentication is usually based on a combination of factors: Something a user knows, a password, something a user has, a security token, and something a user is, biometric data. Most often, the authentication is based on two out of these three factors.

There is always a trade-off between security and usability. Usability is a critical factor that can drive a bank to lower its security threshold to satisfy its customers’ desires.”

How safe are these methods?

“Banks use cryptographic techniques to provide security. However, this is not the whole story. Even with the use of strong cryptographic techniques, there are always ways to launch an attack. For example, if there is a keylogger installed on your computer that copies whatever you type, it can steal your password and sensitive information and send it to criminals.

So we are never quite safe?

"If strong cryptographic techniques are implemented correctly and the user interface is safe and understandable to all users, we would be somehow safe. However, there are still system properties that can affect the level of security."

What should someone that has been compromised do?      

“If you have lost your bankcards or OTP generator, you should immediately contact the bank. For other cases, you may have to contact the owner of a website. The Slettmeg.no website provides some guidelines and information when things go wrong on different popular websites."