Page History
...
Never submit sensitive data to a website that's not secured!
On most modern browsers, a secured website will have a green lock and the address will show "https:", modern browsers also give you a clear warning that requires multiple clicks to bypass and use an insecure site. But if you're using an older browser or one that doesn't have these safeguarding features, always look for a closed lock icon and "https" in the url.
Secure website Insecure website 
Always make sure to type out "https://" to ensure complete end to end encryption
Info title Important! This is critically important if you're on a public/untrusted network (e.g. public WiFi). This also applies at the Internet Service Provider level, if you have reason to believe your ISP or its government are intercepting your data, always make sure to type out "https://"
Unfortunately, the internet was designed without any privacy and security features in mind, and these features were only added on later. But because these added measures required a time and monetary investment from website operators, adoption has been a very slow process. As a result, the internet effectively operates in two discrete modes, the new secure protocol (https) and the old insecure protocol (http), with http being the default.
Because the two modes are discrete, most websites support both protocols to allow users to simply type "example.com" instead of "https://example.com". "example.com" translates to the default protocol ("http://example.com") and then the website may redirect you to the https protocol.
An attacker can take advantage of this redirect with a technique known as "Man In The Middle", in which the attacker intercepts your insecure requests and sends them to the website through the secure protocol, it then receives the response from the website and sends them back to you after reading its content.Info title Techno-babel For a better understanding, here's an illustration of your communication with example.com when properly secured using https:
Notice how your communication with the website is encrypted end-to-end, and no outside party can view what you send and receive.
When browsing to example.com without typing "https", assuming the site implements a redirect, the initial communication with the website is insecure, the website then instructs your browser to communicate over the secure protocol insuring all future communication is secured and private.
An attacker (e.g. a malicious WiFi hotspot, ISP, etc) can take advantage of this by not sending the initial request to the website over the insecure protocol, instead sending your data to the website over the secure protocol after reading the content.
Notice that example.com is communicating securely with the malicious network, it's acting as a Man In The Middle.
VPN
...
Virtual Private Networks (VPNs), employ end-to-end encryption technologies to creates a safe and encrypted connection over a less secure network, such as the Internet. For our purposes, VPNs are used to insure our online activities cannot be snooped on by unauthorized parties.
Without a VPN, we rely on HTTPs and other forms of encryption to hide the contents of our interactions with a website, but that doesn't hide the fact that we communicated with the website. Think of HTTPS as using a special code language to communicate with each other in public, extending this analogy, VPN is the equivalent of going into a private room from the front door, and your partner enters through he back door which is well hidden. The observer knows that you entered the room, but we don't know what you said or to whom.
As an example, let's say you are making a purchase of a product from example.com for $100, here is what an eavesdropper can observe:
| example.com | https://example.com | https://example.com over VPN |
|---|---|---|
|
|
That's all an observer is able to see, since even web requests are encrypted end-to end over VPN, observer can't see any websites you attempt to access, or make any assumptions about what you did on said websites. |
It's important to recognize that while a VPN hides your activity from the public network you're on (or your ISP), your provider VPN can see your activity clearly. It's very important to use a VPN from a trusted provider. The most important factors to look out for when choosing a VPN provider are:
- Do they keep access logs?
- Using a VPN to protect your privacy is pointless if everything you do is stored into neat logs. The VPN providers we trust do not keep any logs.
- Do they use a modern and secure tunneling protocol?
- Avoid VPN services that only support PPTP.
- Where are they based?
- Are they based where the government of your place of residence has jurisdiction?
- Are they based in the "Five Eyes"? (Australia, Canada, New Zealand, and the United States of America). These countries are bound by the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.
- Are the based in the "Nine Eyes", consisting of the Five Eyes plus Denmark, France, the Netherlands, and Norway?
- Are they based in the "Fourteen Eyes", consisting of the same countries as the Nine Eyes plus Germany, Belgium, Italy, Spain, and Sweden?
- Other considerations:
- How many servers do they have? Do they have servers physically near you? The closer you are physically to the server, the faster your connections will be.
- Do they have bandwidth limits? Do they throttle speeds for any reason?
- How many concurrent connections can you make? Can you secure all your devices?
VPN services we recommend:
- NordVPN (https://nordvpn.com/)
- They don't keep logs
- Based in Panama, can't be compelled to produce any logs
- OpenVPN protocol, most modern and secure.
- Kill-switch. When setup, if the VPN connection were to fail for any reason, the kill switch prevents your computer from quietly falling back onto the insecure connection.
- Plus
- Fast, reliable
- Works with Netflix
- Affordable
- Double VPN feature - Just a gimmick In my opinion, but not a bad thing
- They don't keep logs
- ExpressVPN (https://www.expressvpn.com/)
- They don't keep logs
- Based in Panama, can't be compelled to produce any logs
- OpenVPN protocol, most modern and secure.
- Kill-switch. When setup, if the VPN connection were to fail for any reason, the kill switch prevents your computer from quietly falling back onto the insecure connection.
- Plus
- Fastest tested, reliable
- Works with Netflix
- More expensive than NordVPN, though consistently faster.
- They don't keep logs
Additional reviewed VPN services:
- PersonalVPN by Witopia (https://www.personalvpn.com/) <- Overall not recommended!
- Overall, PersonalVPN is a solid VPN service that's relatively easy to use, fast, and reliable. However, at the time of testing, it has a serious privacy issue. Furthermore, it is slow to offer modern features, and still lacks behind competition in several areas. My recommendation is to switch to NordVPN or ExpressVPN.
- They don't keep logs, but they are based in the Five Eyes, so be careful.
- Very fast
- Leaks your DNS! This is a major flaw, potentially gives away your real IP address. Beware!
- No kill switch. Risky.
- On the expensive side.
Passwords
Dual Factor Authentication
...
