That’s a question I hear often and there’s lot of confusion on how to keep your email and other online accounts safe. Whether you’re in an Internet cafe to make use of a desktop or simply paying for some quality wifi, there are a few ways you can stay safe in unfamiliar digital territory.
Scoping The Landscape: The Basics
Basically there are two points of vulnerability you need to be concerned about at Internet cafes. One is the computer you’re using and the network you’re on. If you happen to be on your own iPad, laptop, or other mobile device, you mostly need to worry about the network, so skip right along to the next section. Everyone else, stay with me so we can make that Internet cafe computer a bit safer.
Add Layers Of Protection With A USB Stick
Keep in mind you’re in unfamiliar territory and security is never absolute. That said, the most secure way to go at an Internet cafe is to bring along your own USB drive to create a little quarantine for your browsing. You can carry around your own virtual computer on a USB drive using PendriveLinux (here’s how) which gives you an entire operating system you know hasn’t been tampered with.
- Tweaking Firefox – Say you’re not going to go the extra step and plug Linux onto a USB drive, you can simply load Portable Firefox instead (with HTTPS Everywhere – here’s how to set it up).
- Click And Paste Passwords – Along with Portable Firefox, use KeePassX to store your passwords and copy-paste them for your online accounts. By avoiding typing them, you work around ‘keystroke loggers’ which are nasty little programs that record everything that’s typed on a a computer.
- Load SafeKeys – This program creates a virtual keyboard you can use to type passwords with so you don’t have to use the keyboard for logins.
- Logout From Your Accounts – I know you can’t wait explore Berlin but be sure to log out of your online accounts first and have the courtesy to do so for others who may have forgotten.
Don’t have a USB drive handy?
You can still cover your tracks with the Firefox installed on the computer you’re using with Private Browsing mode. As Mozilla clearly points out, it won’t protect you from keystroke loggers but will make sure you don’t leave behind any passwords, user names, or cookies behind. Another crude, but effective way to copy-paste passwords is to type a string of random characters in Notepad (or equivalent); then select the characters you need individually. For example: 3wivfjL9O5VdjEwMYdsDqqo54aq!$GÂ = (iLOVEMYDoG)
While we’re at it, remember that USB drives have a habit of getting lost. Some basic encryption can go a long way to protecting the data on those drives if they’re lost or stolen. Several drives come with encryption built-in like the IronKey S200, Corsair Flash Padlock, or the Patriot BOLT. Of course, there’s always the do-it-yourself free method of encrypting any old drive with TrueCrypt (here’s how).
- Finally, it’s worth mentioning that many banks like HSBC and online services like Paypal offer hardware tokens for a few dollars or in some cases free. (They’re not usually advertised well so call and ask your bank.) These small devices generate a random series of digits every minute or two, required with your password to login online.
In effect, they make your passwords useless without the device; that is unless you use the same password for all your online accounts – a common traveler tech mistake.
Surfing The Waves Of An Unsecured Network
There’s a bit of a misunderstanding about wireless networks, the main one being that ‘secured’ connections are always secure. Any network, wired, wireless, with or without passwords is only as secure as the people and programs who are and have been on it – relying heavily on what security measures exactly are in place. A wireless password helps keep people out but in an Internet cafe everyone has the password.
- On Your Own Device? Turn off file sharing and make sure your firewall is up and running. (How to check on Mac OS X and Windows.) Another good step is to make your laptop hidden on the network – both Windows and Mac OS X make this easy.
- Use A VPN – Business travelers you company network might have a VPN you can use (or at least request from you IT department). Otherwise if you’ve got a computer at home you can turn your desktop into a personal proxy for free or use on of these online VPN services.
- Verify The WiFi Network – Don’t just connect to any old open wireless network floating around the Internet cafe, confirm the establishment’s connection with staff.
I can’t stress enough how important it is to have separate passwords for every single one of your online accounts. That helps minimize the damage a bad hacker can do if they happen to get a hold of one.
- Type In URLs Directly – With the huge caveat that you know exactly what they are. Start off with https:// and go to Amazon.com or whatever from there. (Remember https – with the “S”.) It’s not perfect but better than letting the browser guess the link for you. Type it out completely!
- Limit What You Access – Don’t go into all of your sensitive online accounts when you sit down at an Internet cafe; check what you need to.
- When In Doubt, Don’t – Familiar websites that don’t quite look right, links in emails, and other pop up ads should be avoided. Questionable content or fake versions of popular websites designed to steal you logins are common online tricks so if things don’t feel or look right…don’t take chances.
Digitally Insulate Yourself At Each Level
Security is never perfect and this post is really only the beginning – there are far more complex and varied tactics you could use in Internet cafes. That said, your best protection is insulation against the most common threats. Separate your online accounts and cover your tracks so once you leave that Internet cafe, it’s like you were never there.
[photos by: jared (Internet cafe fish eye view), whl.travel (surfing Isla Grande Panama)]
Awesome, thanks for this. I didn’t know about “stealth mode” for my Mac.
🙂
Glad I could point you to that nifty little Mac feature 🙂
wow man, you’re awesome. you’ve got everything covered. i’m not a techie by any means (my bro si the computer savvy IT guy in the fam) so this has really opened my eyes to a lot ridiculous ways i can get screwed over while traveling. i’ll def take this to heart and check out some of your how-tos.
Feel free to let me know if you have any questions setting anything up.
thanks anil,
much appreciated.
Thanks for this, Anil. Awesome tips, I hadn’t thought of running an OS off of a USB stick before. That’s an excellent idea for security.
Hi Dean,
It comes in handy since you can set up many of your apps and stored accounts. Not 100% protection but much closer to it than not 🙂
Plenty of practicla info I did not know about Anil that I will certainly use. Thanks!
Thanks Federico 🙂
Thanks for the great and useful info! I’m curious – why should you type in the whole url instead of letting the browser finish it for you?
Two major reasons; the first is to force the site to go to the HTTPS version (which most do now automatically but can be disabled) and the second is it’s a common trick for malicious folk to set up copy fake sites that look very much like real ones (tactic called phishing).
So, in an Internet cafe, I can get you to do to https://bankofamericca.com via auto-complete (as an example) and waiting there for you is my fake site. Enter your login details there and now bad guy gets them.
Wow, Anil, that’s amazing! i didn’t know any of that! thanks so much!
I’m also curious, like Sherry, why you should type the whole url?
cheers, Lash
Hi Lash, two major reasons to type out the entire url:
http://www.foxnomad.com/2011/07/19/how-can-i-protect-my-online-accounts-at-internet-cafes-when-traveling/comment-page-1/#comment-174475
“Another crude, but effective way to copy-paste passwords is to type a string of random characters in Notepad (or equivalent); then select the characters you need individually. For example: 3wivfjL9O5VdjEwMYdsDqqo54aq!$G = (iLOVEMYDoG)” I’ve been doing this for years and thought I was the only one because I never read about anyone else doing it. As they say, great minds think alike.
Simply yet effective 🙂 Thanks Barbara!
This was so helpful. I’m planning on taking my laptop with me on the road for the first time, and this has helped to ease my mind a bit, in terms of information security. Thanks!
Hi Jodi, glad you found the post useful 🙂 To make sure you’ve got your laptop locked down, here’s a series I wrote you might find useful:
http://www.foxnomad.com/2010/04/07/the-travelers-guide-to-locking-down-your-laptop-part-1-physical-security/
I think it’s the most useful thing you can carry while traveling…well, except for a camera 🙂
As usual you provide some of the best practices to making sure you are protected. Some are simple but many of us just overlook them.
Simple security measures are often the most effective 🙂
I’ve recently started to use Last Pass http://lastpass.com/ for managing all my passwords. I’ve found it to be a lot more convenient than KeypassX.
I’m curious, what’s the feature that made you switch and stay?
I like that there is a single master password and then my passwords are accessible everywhere and synched between all the devices I use.
Thanks Dan, I appreciate the feedback. I’ll download and play around with Last Pass and check it out a bit more.
As always, awesome article! I am a fan of your work. You take me places.
Thank you very much!
Good post and great site, which I’ve been reading for the past few days.
I wonder, can you tell me what the difference is between having Linux on a USB drive or using (as I was thinking) the PortableApps.com Platform and Suite. Is the latter, with the addition of Neo Safekeys, a good way to go for security or does the Linux route offer more?
Thanks Joel, I appreciate that very much.
To answer your question, the major difference is that the running portable Linux gives you a completely isolated environment to work in. Booting up with portable Linux means you know all of the programs running and have added security against various malicious tactics like keystroke loggers. (There are ways around those protections of course but in general it’s pretty solid overall.)
Portable applications give you trust in those applications – but not anything else running on the computer at the time. It’s better than using what’s already available on the computer and a bit more straightforward than using portable Linux.
Portable Linux adds a few minutes of boot time to your browsing session but gives you the advantage of added security over using the Portable Apps suite which is better than using the machine directly.
Hope this helps but if not ask away 🙂
Thanks Anil. That’s clear. Now I’m wondering whether internet cafés are going to be against you booting up your own operating system on their machine. For instance, don’t they have a timer running on the native Windows on the machine you’re using to time your session? Won’t they regard this as bypassing? What has been your experience in using portable Linux? (I’m personally interested in India, Thailand, and China, if you or anyone else has any experience of using USB Linux in those places.)
Most of them officially would be, but I’ve never run across the problem so long as I reboot the computer when I’m done back to the Windows environment. India actually was one of the easiest places for this I found; not sure about Thailand or China though since I haven’t been yet.
This is real helpful Anil, really enjoy reading your blogs, you have so much to share… I didn’t know that I was exposed to all kind of digital dangers when connecting to others’ wifi, really learned something valuable here, keep up with your good works… 🙂
Thanks very much and hope I’ve made the airwaves a it safer for you 🙂
great detailed tips! thanks for all this great information!
You’re very welcome 🙂
Hey Anil,
I know this post is an old one but I’m researching a bit about password storage and thought you might have something on it:-)
The thing is that I don’t want to use the same password for everything (duh) but I also find it a hassle to remember all my different passwords.
I was wondering if you’ve checked out Lastpass and if you liked it?
I don’t feel good about my passwords being somewhere in the cloud. Keeping them on the laptop isn’t completely safe either, but it somehow does feel that way:)
But the comments are always up to date 😉
I’ve used Lastpass but I prefer KeePassX.
All great advice! Thank you for this. Wow I never even knew about ‘keystroke loggers’.
I’m happy to share and glad to know you’ll be a little digitally safer.
Really useful info. Identity thieves can wreak havoc if they can get a foothold.
Thanks for the information! But I am having trouble downloading the KeePassX… Do I just save it on the USB because that doesn’t seem to work…
What’s the trouble you’re having? And which system (Windows, Mac, etc.) are you using?
https://www.keepassx.org/downloads/