Robin Davis

Internet privacy is a moving target. With new technologies emerging at a steady clip, it can be difficult to keep up with how best to keep your data safe while using the web. I’ve highlighted 3 things you can do to stay secure on the web.

Two-factor authorization is offered by many email and banking services as a way to lock out hacking attempts. The two factors required to gain entry to your account are a password (most common way to authorize access) and something else that only you would have access to, most often your mobile phone. So even if a hacker swiped your password—by finding a Post-It note taped to your monitor or, more likely, buying passwords in bulk on the Internet’s black market—they would lack the second required factor. For instance, Bank of America offers SafePass, which you can set up such that when you try to transfer a large amount of money to someone, the bank will text a 6-digit code to your phone. You’ll need to input this code before the transfer can go through. Check to see if your bank, email service, health app, or other service offers two-factor authorization.

Virtual private networks (VPNs) are one way to stay secure while on a public, open network, such as a café’s wifi. While on that café’s wifi, other people on the same network could potentially spy on you to see the things you view and send online, just as if they were looking over your shoulder. A VPN blocks them from spying on you by encrypting the things you view and send. The world of VPNs can, admittedly, be very confusing—there are a thousand “Best VPN” lists and none of them seem that neutral or reliable. After all, the VPN company does see the things you view and send, so they might be incentivized to go to the dark side and make money off of your data. Luckily, John Jay offers faculty its own VPN, meaning you can access the John Jay network even while off-campus and feel more secure about using public wifi. You’ll need to install a VPN client, which, once installed, will require you to log in with your usual John Jay credentials whenever you want to use it. Just call DoIT (ext. 8200) to request VPN access and client installation. 

Check location services settings often on your mobile phone. Make sure that only the apps you trust most have access to your current and past locations. What funny business might an app get up to with your location data? Uber, for instance, tracked users’ locations 5 minutes after their ride ended, ostensibly for passenger safety, though that seemed a weak excuse in light of Uber’s past misuses of user data. (They rolled this back in 2017 after strong pushback.) Strava, a running app, tracked users’ runs and added them to their publicly viewable map of Strava runs all over the globe, not realizing that it pinpointed secret U.S. military bases where staff kept track of their exercise with the app. (Strava has since declared it would clear the public map every month.) The point is, even big-name apps might use your location data in fishy or insecure ways. Recently, privacy advocates have pushed for greater transparency: app store administrators have asked app developers to be more explicit about when and why they need user location data, and smartphones will now typically light up a little location pin icon to let you know that an app is currently tracking your location. It still pays to be extra careful about whom you allow to see your physical location, so check your location services settings on a regular basis.

More from the Spring 2018 newsletter »