DHitMA: Smartly Browsing the Internet

  1. Use at least two different browsers: one for personal work and one for anything that may fall within the concept of DHitMA
  2. Do not wantonly click links: verify where some link points to prior to clicking it (this can be done by hovering over the link, whereafter most browsers will display the destination URL in the bottom left of the browser window)

Compare these two links:

These two links are not the same. Notice that the first link uses the character 'l' (lowercase L), where the second uses a real, English 'i' (lowercase I). This is a very common type of attack, and many users never notice it. It can be more complex and undetectable, using, for instance, an 'i' with an accent mark in place of the dot, which is borrowed from the Spanish alphabet. In cybersecurity circles, this type of attack may be referred to as a form of a watering hole attack, or a poisoned URL attack. The fake site, with a URL almost identical to the real one, will copy the interface to mimic it precisely. Then, dumb users will enter whatever information they usually do (login, credit card, etc.) and their data is easily stolen.

One should also, before sending any link, make sure it is trimmed to its shortest possible length. Many sites, like Google or Facebook, append long strings of seemingly random characters to the end of a link, which, in actuality, is a means of fingerprinting the individual who copied the link and sent it, via cookies and cross-site trackers.

We recommend the reader refer to DHitMA: Internet Browsers and Search Engines for more precise information with regard to safe Internet browser use, and some recommended applications.