Everything you need to know about your online data: Where it comes from, who has access to it and how best to protect it. A few answers from the experts
Can I prevent certain information from being shared?
Michael Littger, Managing Director of the German Internet safety initiative Deutschland sicher im Netz (DsiN): 'I’m free to choose which data I enter, of course. But I have limited influence on the technical data that’s produced when I start browsing the web. I can reject or delete cookies. I can also hide my IP address relatively easily with the appropriate programs. And if I don’t want the smart speaker in my living room to passively listen as it waits for an activation command, I always have the option of switching it off.'
Who’s actually interested in my data and why?
Michael Littger, DsiN: 'User data is extremely valuable for companies. They collect the data generated during the use of their services in order to improve their products or produce more targeted advertising. Unfortunately, user data is also of interest to cybercriminals, who may try to use it to blackmail individuals or raid their bank accounts. And we mustn’t forget the use of personal data for law enforcement authorities such as the police. An individual’s browser history can be requested as part of an investigation – but only with a court order.'
How can criminals gain access to my information?
Stephan Micklitz, Director of Engineering on Google’s Privacy and Security team: 'The two most common methods used to illegally obtain user data are phishing and hacking. Phishing involves tricking users into voluntarily providing their data – for instance by creating a fake banking website where users enter their account information in good faith. Hacking is when the attacker uses malware to break into an account. Cybercriminals will generally employ a combination of these two methods.'
Help, my account has been hacked! What should I do?
Michael Littger, DsiN: 'First, I’d contact the account provider and change my password. In the case of highly sensitive accounts, such as bank accounts, it may also be wise to apply a temporary block. To make restoring the account easier, it helps to have provided an alternative email address or mobile phone number that the company can use to contact you. Once I had recovered the account, I would use certain tools to try to ascertain the damage. I’d also go to the police and file a report – after all, I was the victim of a crime.'
Am I more vulnerable to attacks on a smartphone than on a PC?
Mark Risher, Director of Product Management for Internet security at Google: 'Smartphones have built-in protection against many of the threats that previously caused problems with PCs. When developing operating systems for smartphones, companies such as Google were able to incorporate a great deal of past experience. However, I strongly advise users to always have the screen lock activated. Most people rarely leave home without their smartphones, which makes them an easy target for thieves.'
How complicated should my password be?
Michael Littger, DsiN: 'A strong password shouldn’t be a word that you could find in a dictionary, and it should contain a combination of letters, numbers and special characters. In our training courses, we teach participants simple tricks for coming up with strong passwords that are easy to remember. Here’s one basic method: I think of a sentence like, ‘My buddy Walter was born in 1996!’ Then I string all the first letters and numbers together: MbWwbi1996! Another method is what we call the three-word rule: I think of three words that summarise a memorable event in my life. For example, MrsCarnival1994 could be the password of somebody who met their wife at a carnival in 1994.'
How useful is a password manager?
Tadek Pietraszek, Principal Software Engineer for user account security: 'Many people use the same password for multiple accounts because they don’t want to have to remember too many passwords at once. However, if attackers learn this password, it immediately compromises several other accounts. That’s why we advise users to never recycle their passwords. It’s also common for users to accidentally enter a password on a website that has been built by scammers – especially if they use this password often. A password manager solves both these problems. First, it removes the need to remember your passwords, so you’re not tempted to reuse them. And second, the password manager only uses the right password for the right account; unlike humans, it doesn’t fall for fraudulent sites. However, it’s important to only use password managers from reputable companies; for example, Dashlane, the Keeper Password Manager or the password manager integrated into Google’s Chrome browser.'
Artwork: Jan von Holleben; Portraits: DsiN/Thomas Rafalzyk, Conny Mirbach (3)