The Internet age has given new meaning to the old saying, "Just because you're paranoid, it doesn't mean they aren't out to get you."
Corporations large and small are eagerly sucking up data regarding browsing habits and purchasing preferences, the Justice Department is logging journalists' phone calls, and every week we hear of new ways that the NSA is spying on the entire Internet.
However, if privacy and security are more important to you than convenience, here are a few tips from the pros about how to keep the snoopers at bay.
Best of all, none of these solutions requires you to wear a tinfoil hat.
Java and Adobe Flash Player plug-ins are common points of vulnerability for many browsers. The two software platforms are useful and power a lot of interactive content on the Internet, but Justin Cappos, a professor of computer science at the Polytechnic Institute of New York University, says each platform is just too much of a risk.
"Those are the main [plug-ins] to be concerned about," Cappos said, because hackers often build Java- or Flash-based exploits.
Cappos noted that it's very easy to take control of a computer or its webcam. He uses the simple, low-tech expedient of a piece of black tape to cover the camera lens on his laptop.
It's harder to do that with a microphone, Cappos said, though something to muffle sound wouldn't be a bad idea.
Doing so will stop webcam Peeping Toms, blackmailers and other sleazeballs.
Many websites silently send and receive a lot of information about you to and from other websites that you'd never directly visit.
Fortunately, there are a number of software tools, such as the free browser add-on Lightbeam, that visualize this two-way flow of information.
Almost any piece of information you post on a social-networking site could later be used hurt you. Cappos avoids all social networks except for the professional-networking site LinkedIn, and even there, he doesn't post much information that an identity thief might use.
If you have to have a social network account, use two-step verification, said David Kennedy, CEO of TrustedSec in Strongsville, Ohio, and founder of the annual Louisville, Ky., security conference DerbyCon.
A password by itself, Kennedy said, is just not secure enough anymore.
The latest ATM-fraud devices use a tiny, almost invisible camera to record your keystrokes as you enter your PIN, while a "skimmer" in the card slot reads the card information.
Crooks combine the video feed with the skimmer data to match PINs to cards. Bingo! They've got access to your bank account — unless you covered one hand with the other while entering the PIN so the hidden camera couldn't see it.
The open nature of the Android platform, and the minimal vetting of apps in the Google Play app store, means it's much easier to end up with an infected Android phone than an infected iPhone. (Created in 2007, the iOS platform remains nearly malware-free.)
Furthermore, the permissions that Google grants Android apps are greater than what Apple gives iOS apps. Android apps are more likely to read your personal data than iOS apps are, because Apple won't let its app developers access the guts of iOS.
A virtual machine is essentially a separate, software-based computer within your physical computer.
Using a virtual machine to run Web browsers and email clients is sound practice. To an extent, it will protect your real machine from Internet-based malware, and will mitigate the damage if attacks do get through.