A First Look at Digital Security: Glossary

Last update: March 2018

Please find below a glossary of terms that can be found in A First Look at Digital Security booklet.

• Ad-tracking – When we browse the web, we can be tracked by many different entities: a lot of websites sell our data to advertising companies by installing small pieces of code that observe our browsing behaviour and keep track of our activities all over the web. Learn more about how web trackers work and how you can avoid been tracked in this website.
• Anonymity – A term that generally refers to situations where an author or artist prefers not to connect their work to their official name, in the internet anonymity is a condition where a user can hide their identity, location, and other identifying details while connecting to the web, browsing websites, sending emails, chatting, sharing files, etc. Different from pseudonymity (the use of a nickname, alias or handle other than one’s official name), anonymity online requires the deployment of tools and tactics which can hide the user’s IP address, client settings, and other features that could lead to their identification.
• Browser Extensions – A browser extension is a piece of software that can be added to a browser to extend its functionality. Some of these extensions have been created to enhance users’ privacy. Here’s a guide on some of the most useful extensions we can use to protect your privacy.
• Censorship Circumvention – A website or web service may be unreachable from our location due to internet filtering or other forms of blockage or censorship implemented in our local network, by our ISP or countrywide. Accessing the world wide web despite these blockages or filters is possible through tools for censorship circumvention. To learn more about all the possibilities we can use, read this page, with links to many guides and tools.
• Chat History – By default, many chat and instant messaging tools and services keep a history of all our conversations. Should someone access our device or account, they would be able to read all our conversations even if we use encryption. It is therefore a good idea to tweak the settings in our client, app or account so that our chat history is deleted when we close our conversation or after a set period of time.
• Defacement – A website defacement is an attack on a website that changes its appearance or content. Defacement is often used to spread political messages against the organization that runs the targeted website.
• Diceware Method – Strong passphrases usually consist of a string of characters that includes lower- and upper-case letters, numbers and symbols. This kind of passphrases is generally hard to remember, and even if they can be stored in a password manager, a passphrase is still needed to unlock the password manager itself. So how to remember that passphrase while keeping it secure? The Diceware method helps with this: passphrases generated with this method consist of 5 or 6 random words separated by spaces. Since blank spaces are a character themselves, this way we will have long passphrases with letters and symbols that are very difficult to crack. To generate a diceware passphrase we just need 5 dice, a piece of paper and a list of words like this. Read this article to find out more about the Diceware method.
• Email Encryption – Emails can be compared to simple postcards, as they can be read by anyone who has access to the servers of our email providers. Unlike postcards, though, they are stored in several copies in many different servers, so the possibility of someone reading them is even higher, not to mention that some services analyze the content of our email for their targeted ads. To protect our communications, we can encrypt our messages using GnuPG (often called GPG), a tool that turns our email into a long line of gibberish that can only be decrypted by the person/s we’re writing to. Using GPG is easier with a tool like Enigmail for Thunderbird, but whatever software we use, we should keep in mind that we can encrypt our emails only if the people we are writing to have already set up GPG on their computer. You can read more about email encryption in this guide or in the official GnuPG guide.
• Encrypted Chat – As with email, also with chat and instant messaging anyone who has access to the servers of our chat provider could read our conversations as well as our chat history, if we haven’t set our client to delete it automatically. But as with email, we can encrypt our chat so that it appears as an obscure string of characters to all but the person/s we’re chatting with. There are several tools for encrypting chat communications, for example OTR – which can be used for Jabber/XMPP or IRC with a variety of clients, like Pidgin, Adium, or Tor Messenger – or OMEMO – which also encrypts group chat, but is currently implemented only in the Android XMPP-Client Conversations, the iOS client ChatSecure, or as a plugin for the desktop client Gajim.
• Encrypted File Sharing – There are many options to share files with our friends and colleagues, but few offer reliable solutions to make sure that our files are only accessed by the people we meant to share them with. When deciding how to share files securely, we should check that the encryption takes place before it leaves our computer (end-to-end encryption) and that the web service we’re using for storage does not have access to our encryption key.
• Encrypted Instant Messenger – See Encrypted Chat
• Encrypted Messaging and Voice Apps – To protect our phone communications, there are several options we can use for encrypting both texting and voice, for example WhatsApp. Of all these, one in particular, Signal, offers end-to-end encryption both for messages, group chat and phone calls, is open source, has been audited for security and stores very few metadata. Signal is an Android, iOS and desktop app. To sign up, a phone number is needed, and encrypted communication is only possible with contacts who have set it up in their smartphones too.
• Encryption – Encryption is the process of encoding data in such a way that only authorized parties can access them. When we talk about encryption in this booklet, we always mean asymmetric, end-to-end cryptography, where only the sender and receivers of the messages can decrypt the messages or files and no third-party controls the cryptographic keys. You can read more on encryption in this guide.
• FDE – See Full-Disk Encryption
• Full-Disk Encryption (FDE) – Encrypting sensitive files is always a good idea, but it is even better to encrypt our whole hard disk, because if someone gets control of our computer or external hard drive, they will be able to see all the unencrypted data we have stored there, which might not be highly sensitive, but can still be very private. Be it for personal computers or mobile devices, every operating system offers an option for full-disk encryption, but remember that the device will be encrypted only when it’s switched off. You can read more about how to keep your data safe through full-disk encryption here.
• Identity – A complex connection between our body, documents, activities and social roles in the physical world, in the internet – also thanks to the existence of anonymizing tools – our identity can be more fluid and we can create many different identities that build a reputation of their own through their actions. You can read more on how to securely manage your official and virtual identities online in this manual.
• Online Persona – An online persona is a full-fledged, credible identity with a name, email address, and personally identifying traits that can be completely different from the features that characterize the physical person who has created that persona. Read more on online personas here.
• Password Manager – Password managers are tools for storing passphrases securely, so that no unauthorized person can access them. By using an open source password manager, we can create and store unique and strong passwords for each of our accounts or tools without having to memorize them. Read more about password managers in this tutorial.
• Privacy – Privacy online is the freedom to choose who can access which information about us. Unfortunately, commercial web services keep a lot of our personal data, and their privacy policies are long documents in legalese that we tend to accept without really reading them. Terms of Service Didn’t Read is a project that helps us understand the terms of service of the websites we visit and rates each one based on the respect of our privacy. You can learn more about how to control your data in this website.
• Short URLs – When we click on a shortened link, for example a bit.ly link, we can’t know what web page we’re going to open: it may be a legitimate website, but it might also be an attempt at infecting our computer or a phishing web page, so it’s always a good idea to check where a shortened URL leads to before we click on it. Fortunately there are several web services and browser extensions that can help us, expanding the URL so that we can check what we’re going to open, or offering a preview of the page linked through the shortened URL.
• Secure Connections – When we visit a website by entering a common URL starting with http://, our logins and passwords and other confidential data can be intercepted. To prevent this risk, many websites offer the possibility of accessing them securely, by entering a URL that starts with https:// – where the ‘s’ stands for ‘secure’. We can do this manually, but it can be even more convenient to install a browser extension that secures our connections whenever possible. To make sure that our connections are secure also when we read our email or chat through a client, we should always check that the TLS/SSL option is activated in our connection settings.
• Security Checkup – Facebook, Google and other web services offer their users a security checkup interface to review all their settings and check that their account is secured from attacks aimed at unauthorized access or hacking. To make sure that your account is secure, log in, go to the account settings and start your checkup.
• Software Updates – Software is developed continuously – be it Windows, your favorite videogame, or a component that makes your smartphone run, its developers always identify new vulnerabilities or bugs and get rid of them in the newer versions of the software. These vulnerabilities can be exploited by hackers to attack us with malware, ransomware and other malicious pieces of code. That’s why it’s so important to enable automatic updates of our operating system and software whenever possible and to avoid old unmaintained systems like Windows XP.
• Strong Password – A password is strong if it contains at least 20 characters, including lower- and upper-case letters, numbers and symbols. To learn more about how to generate and maintain strong password, read this tutorial. See also Diceware Method.
• Two-Factor Authentication (2FA) – When we log into a device or an online account, we need to verify our identity. Most of the time, we enter a user name and a password. Unfortunately, a password alone isn’t very secure: it can be guessed or we could be observed by someone while we’re entering it. It is therefore always a good idea to use two-factor authentication, a solution that requires both something we know (like a passphrase) and something we own (for example a smartphone with a code-generating app) to access our account. Read this guide on two-factor authentication to learn about the best practices to secure your account through 2FA.
• Unprotected Wi-Fi – Free public wi-fi hotspots are increasingly available in public spaces, and we tend to use them often, especially when we are traveling. But if a wi-fi is open, it is also unencrypted, and malicious actors could sniff on our connection to intercept our activities and passwords. There are however simple measures we can take to protect ourselves, like connecting to the internet through a trusted VPN.
• Untrusted Wi-Fi – See Unprotected Wi-Fi
• Virtual Private Network (VPN) – A Virtual Private Network is a network we can access to connect to the Internet via an encrypted tunnel. Our ISP, or anyone sniffing on the free wi-fi we’re using to access the web, can only see our connection to the VPN service, while the website we are visiting will only record a connection from the VPN servers. To decide which is the best VPN for you, read this guide.
• VPN – See Virtual Private Network