More than a billion people use the Internet, passing every kind of information in all directions. Much of the information is public, so that there is no concern about others accessing it. However, much is intended to be private (perhaps shared with close friends or family), or even secret. Given the large number of ways of communicating, the varying degrees of concern about keeping data away from prying eyes, and the variety of methods for unauthorized access, security on the Internet is a large and complex topic. The greatest difficulty is not in using the best methods for security, which have been crafted by experts, but in knowing that they exist, knowing what you need them for, and knowing where to find them.
A number of tools are built into the way the Internet works that enable data to be kept private and secure. Most significant among these is public-key encryption, which is used both for making data private and for authenticating users and websites. You rarely need to directly use public-key encryption, but when you use a URL that starts with "https://" or when Firefox warns you about a website's security certificate, public-key encryption is working behind the scenes.
The types of harmful actions that certain people on the Internet try to do fall into several broad categories:
The "bad guys" have devised a huge variety of strategies for doing these things. People who wish to compromise data security will examine every link in the chain, including you, your computer and its software, your home network, your service provider, the Internet in general, and any sites you might visit, looking for the weakest link. The most valuable information they can get is usually your login name, password, and account numbers for your banking, credit cards, or other financial accounts, in order to assume your identity and drain out as much money as possible.
Often the same bad guy uses a combination of techniques, such as tricking you into installing malicious software that snoops on your data traffic or that uses your computer to send fraudulent email messages to other Internet users.
Where does that leave you? You have to understand your part in password security and key management, the security settings in your operating system and software, and the signs that you should not open an e-mail or install offered software. Much like you would not leave your keys in your car, and you lock doors when necessary, your participation in security is important and Firefox does a lot to help you with these issues.
On a technical level, the variety of threats present on the Internet include:
The FLOSS Manual How to Bypass Internet Censorship, http://flossmanuals.net/CircumventionTools explains how and why governments snoop, and how to get around snooping, in addition to methods for accessing blocked Web sites.
You cannot protect a Web site from its own mistakes. You can tell them when you find mistakes, and you can avoid sites that do not protect themselves properly.
In general, if you have an always-on connection to the Internet (such as most broadband connections), you should always use a firewall, rather than connecting your computer directly. The basic reason not to connect directly to the Internet is that it provides too many avenues for someone trying to compromise your computer. Even if you have a perfectly secure setup, you don't want the traffic from those who want to break in and inspect your system or install malware on it. Let your firewall block it once for the whole network.
So how should you connect? Through a router with a built-in firewall. Fortunately, if you have a broadband connection, there is probably a firewall built in to the (cable or DSL) box from your Internet service provider (ISP). Ask your ISP if you're not sure. If you have a wireless router, there is probably also a firewall built into it. Be sure you follow the instructions for setting up your wireless network securely.
Who is left? Those on dial-up. You are OK. You don't need a firewall because you have a connection, but not an IP number. You aren't on the Internet; you can just talk to it.
How do you set up the firewall on your router? Well, probably there is an IP address that you can connect to in the router before you connect to the Internet that will serve a Web page with instructions for the firewall and the Internet connection. Check in the manual, or on the manufacturer's Web site (from a different network, of course, one that has a firewall running), or with your ISP. You want an incoming and outgoing connection to the Web, and you might need an e-mail connection. Don't enable anything else unless you know why you need it.
When you connect a new computer to your firewalled network, it may be in a vulnerable state. It certainly does not have the latest security updates for its operating system. Go directly to the update page and get the latest patches or packages. After your system is up to date, then you can think about getting your email or surfing the Web or downloading files.
Choose strong passwords. Your browser or your operating system can remember them for you.
Try to avoid using the same password for accounts that contain important personal information, such as credit card numbers, as for accounts that just store non-critical preferences. If bad guys get your password for one site, they are likely to try it on other sites where they've figured out you have accounts.
If you need to use the same passwords on more than one computer, you can take an encrypted copy of the Firefox password file with you. Then you have to remember only the decryption key for that file. A strong password is as random as you can make it, out of whatever characters are permitted on each site. It is also at least 8 characters.
If your are given the option of creating a password recovery question try to select a question/answer combination that is not commonly known by others (or one that could be searched for like where you went to high school).
If a message is vague throughout, it may come from malware rather than a real person, and if from a person, then someone intent on fraud. If you get an offer that seems too good to be true, assume it is. If a message appears to come from a business, but it has a lot of spelling and grammar mistakes, it may be fraudulent (but even real messages may have some mistakes).