If you’re anything like the majority of internet users, you probably don’t feel any pressing need to encrypt your internet traffic.
After all, you’re no Edward Snowden or Chelsea Manning. You’re not a government target and your search history is no less wholesome than anyone else’s.
An average citizen with normal browsing habits doesn’t need anything other than common sense to stay safe online… right?
Well, not quite.
The truth is, everything you do on the internet makes you vulnerable in one way or another.
Say you start the day off with a status update and a quick check of the local news. You make dinner reservations on your phone while in line at the coffee shop.
On your lunch break, you check your bank balance and finally remember to pay your credit card bill. Then you request a prescription refill online and order a birthday gift for your significant other.
At home that evening, you download a movie and make weekend plans with your friends over Facebook.
All in all, a pretty typical day. One in which you’ve potentially revealed personal data to many different sources.
Ad providers and data brokers learned what news you care about and what products you’re interested in.
Your ISP monitored your movie download, as did a covert copyright enforcer.
A hacker intercepted your coffee shop traffic and now knows when you’ll be away from home. Another swiped your banking information on your lunch break.
And the government recorded all of this as well, using legal loopholes and advanced technology to do so.
On the internet, it’s better to be overly secretive than unnecessarily vulnerable. It’s the only way to protect yourself from these – and other – prying eyes.
But without encryption, there’s nothing secret about any of your internet traffic.
Worried? Don’t be – it’s surprisingly easy to get encrypted, and we’ve got all the necessary know-how right here.
What Is Encryption?
Encryption is a way of securing information by encoding it with secret keys.
These keys scramble the data, turning it into random strings of characters that bear no resemblance to the originals.
To view the original data, it must be decrypted with the corresponding decryption key. Anyone without the key sees nothing but unreadable gibberish.
The algorithms used in modern encryption are highly complex and virtually impossible to break. That’s because computers are able to perform complex math and generate random data – two essential aspects of encryption.
SSL/TLS encryption, for instance, can be performed using the random patterns of lava lamps as a starting point.
Computers automatically convert the lava lamp images into strings of random characters that are similar to encryption keys. No two patterns are alike, so no two strings are alike.
The result is unguessable and perfect for encryption purposes.
Online tools, like this one from Devglan, can show you the power of encryption. Enter some text to encrypt, then enter a secret key – any random characters will do – and see what happens.
Using the secret key “fjghjrlkps274hti” to encrypt the word “Hello” with 128-bit encryption, we got “oNyeIufUxv+xI2rypQ92iA==”.
Completely indecipherable… and thus extremely secure.
Can Encryption be Broken?
Anything is possible, but modern data encryption being broken is among the least likely possibilities in the universe.
The most secure version of the most popular encryption algorithm, AES-256, creates unbelievably secure keys.
Tianhe-2, the world’s fastest supercomputer, would take 9.63×1052 years to crack just one AES-256 key.
That number is written that way because it’s ridiculously large – 1052 is a 1 with 52 zeroes after it. And it would take 9.63 of those to go through every AES-256 key.
Statistically, you’d only need to go through 50% of all possible keys to guess the correct one.
But that would still take around 4.8×1052 years – magnitudes longer than the universe has even existed.
Basically, once your traffic is encrypted, it’s impossible for anyone other than the intended recipient to view it.
Sure, someone could try, but they’d be dead millions of years before cracking the code.
Why Do I Need to Encrypt My Web Traffic?
Your overprotective parents were right: there really is danger around every corner. At least, that’s true online, anyway.
As we move more of our lives online, our data becomes more valuable. And not just to us, but to everyone else: profiteers, thieves, spies, authorities and many others will do anything for data.
Here’s an overview of these dastardly data collectors and the things they do with unencrypted internet traffic.
Deter Hackers
For as long as computers have existed, so have hackers. And the internet is by far the most valuable tool in a hacker’s repertoire.
Some hackers hop on unsecured public WiFi networks and monitor all the network traffic. They comb it for valuable data like passwords and credit card info.
If that data isn’t encrypted, then the hacker’s job is done. Your accounts, credit cards and more can be compromised without you being any the wiser.
Hackers use many other techniques as well.
Some set up fake or “spoofed” WiFi networks and siphon the traffic from anyone who connects to them. Others exploit bugs and security holes to redirect internet traffic and data to their personal computers.
But all of these techniques have one thing in common: they rely on unencrypted traffic.
Encrypted data is useless to a hacker, as it could be anything and can’t be deciphered. If you encrypt your traffic, hackers will most likely ignore your data and go for an easier target.
Evade Network Admins
Ever tried to access Facebook on your workplace WiFi only to find that it’s blocked?
Or worse, gotten called into your boss’s office to get a lecture about your “unproductive” web activity?
If so, you can thank your network administrator. Site blocks and traffic monitoring are intended to keep you on task, but in practice, they’re often incredibly invasive.
Network admins can see everything that happens on their networks, including your unencrypted web traffic.
But if you encrypt your traffic, all they’ll see is gibberish.
Encryption allows you to access the sites you want, when you want, without interference or blocks. Network blacklists and IT spying are fruitless endeavors if you use encryption to make your traffic unreadable.
Stop ISP Monitoring
Your internet plan costs you a lot more than just money. Many ISPs engage in extensive traffic monitoring, and they do so for several reasons.
Since the death of net neutrality in the USA, ISPs are allowed to sell user data to advertisers. Advertisers use this data to send you personalized ads, which are annoying at best and downright creepy at worst.
Partnerships with law enforcement and copyright associations also give ISPs incentives to monitor traffic. ISPs can provide police with your full web history or alert the MPAA that you downloaded a copyrighted movie.
But when you encrypt your internet traffic, you can stop these activities in their tracks. Encryption greatly reduces the amount of usable data your ISP can collect from you.
And some encryption methods, like VPNs, completely prevent your ISP from knowing what you do online.
Without that data, there’s nothing to sell and nothing to snitch about – a big win for your privacy.
Prevent Government Data Collection
Wiretapping doesn’t just happen to public figures and serious criminals anymore. Thanks to government programs like the NSA’s PRISM, it could very well be happening to you.
These programs are intended to target suspected terrorists, but they’re ten times more likely to collect data on innocent citizens instead.
Emails, web histories, download records… anything you do online could be monitored and stored in a government database. Whether or not you’ve done anything wrong, there could very well be a file on you.
But encryption significantly impairs the government’s ability to monitor you.
It can watch all it likes, but it won’t be able to collect anything useful, only gibberish encrypted data.
How Do I Encrypt My Internet Traffic?
Sold on encryption yet? If so, you’ll be pleased to know that you don’t need a computer science background to encrypt your internet traffic.
You have many encryption options both free and paid. They’re available for most devices and are generally very easy to set up.
Secure Your WiFi Network
These steps won’t stop ISP or government monitoring, but they’ll go a long way towards deterring hackers. Your web security is only as strong as its weakest link, and that could very well be your network.
First of all, if you don’t have a password on your WiFi network, set one now.
Open networks are convenient but dangerous. Only trusted individuals should be allowed onto your network; if anyone can use it, anyone can intercept your traffic.
And if you’re still using the password that’s printed on your router, you’ll need to make a change, too.
Opt for WPA2 or WPA3 password encryption rather than the less-secure WEP and WPA. WPA2 is more common than the brand-new WPA3, which is only available on newer routers.
Use a strong password with at least 12 characters, including uppercase and lowercase letters, numbers, special characters and (if allowed) spaces.
While you’re at it, change your router admin username and password as well.
These aren’t the WiFi credentials but the ones you use to access your router control panel. Usually, these are set to “admin” and “password” by default – terrible for security.
With these, anyone can log into your router, change the password or monitor your traffic. So make them nice and secure as well, and don’t just reuse your WiFi password!
Finally, make sure your router firmware is up to date. Updates often patch security vulnerabilities that could allow unauthorized access to your network.
You can check for updates from your router control panel or by visiting the manufacturer’s website.
Use HTTPS Everywhere
Have you noticed that over the past few years, website URLs have begun starting with “https://” rather than “http://”? That’s because the web itself is becoming more encrypted – the “s” stands for “secure”!
Over 72% of web traffic is now encrypted, and the vast majority of that is due to HTTPS.
Most pages that require you to input personal info, like passwords or credit card numbers, use HTTPS. In fact, you should never enter personal data on any non-HTTPS website.
But some websites only use HTTPS on login pages, leaving the rest of the site unencrypted.
What do you do then? Suck it up and go without encryption?
Absolutely not!
The Electronic Frontier Foundation (EFF), one of the web’s biggest defenders, provides a free tool called HTTPS Everywhere for just that scenario.
HTTPS Everywhere is a browser extension for Chrome, Firefox and Opera. It automatically redirects HTTP links to HTTPS so you can browse more securely.
The extension isn’t perfect. Some sites simply don’t support HTTPS at all, and the extension won’t change that.
But if an HTTPS version of a page is possible, HTTPS Everywhere will display it.
Unfortunately, HTTPS Everywhere isn’t available for Safari or Internet Explorer. However, the EFF is planning to release an extension for Microsoft Edge in the near future.
Switch to Encrypted Messaging
The outcry over the NSA’s mass-scale text message monitoring inspired the creation of many new encrypted messaging apps.
These apps encrypt all of your messages and attachments, preventing the government (and anyone else) from viewing them.
And they have other benefits, too. You can send messages internationally without extra charges, make video calls and use fun features like stickers.
The catch: you’ll need to get your contacts to use the same app as you. If they use a different app (or no app), messages won’t send and/or the encryption won’t work.
Many options are available; here are our favorites.
Signal
Recommended by Edward Snowden, Signal is available on iOS, Android, Windows, macOS and Linux. The cross-platform compatibility is great for productivity no matter which device you’re using.
All messages sent between Signal users are end-to-end encrypted. That means that the only two people who can view the message are the sender and recipient.
Not even Signal’s developers can see the messages you send through the app. They have no way of decrypting them – not even if the authorities command them to.
Signal supports the sending of text, images, documents and videos, plus voice and video calling. Individual and group chats are both supported.
You can even set messages to self-destruct after a set period of time. Once they do, they’re gone forever, even on the recipient’s device.
All Signal apps are free and open-source. Anybody can view the source code and verify that the app is secure and trustworthy.
WhatsApp is owned by Facebook, which doesn’t exactly inspire confidence in its privacy practices.
But, like Signal, WhatsApp features end-to-end encryption.
Nobody at Facebook (or anywhere else) can see your WhatsApp messages at any time.
WhatsApp works on iOS, Android, Windows Phone, Windows desktopand macOS. There’s no Linux app, but there is a web interface that works on Linux and other OSes.
You can send text messages as well as photos, videos, voice messages and other attachments through WhatsApp. Group chats are supported, as are voice and video calls.
WhatsApp is free, but it’s closed-source, so you can’t view the source code. If that’s important to you, we recommend Signal instead.
Other Encrypted Messaging Apps
Signal and WhatsApp are free, popular and easy-to-use, so they’re our top recommendations. But there are other excellent options as well.
Wickr Me is an encrypted messaging app intended for businesses, though individuals can use it as well. A free version is available, but more advanced features and larger file transfers are only for paid users.
Apple Messages comes preinstalled on iOS, macOS and watchOS. The catch? This end-to-end encrypted messaging app is only available on Apple devices – no messaging Windows or Android users.
Telegram is available for iOS, Android, Windows Phone, Windows desktop, macOS and Linux; there’s also a web app. It’s free and end-to-end encrypted, plus it lets you send attachments of up to 1.5GB apiece.
Encrypt Your Emails
You may have a password on your email account, but that doesn’t mean your email is secure.
Emails are highly vulnerable to interception while being transmitted. And if your email provider’s servers are hacked or searched by the government, your private communications are at risk.
Services like ProtonMail and CounterMail offer encrypted email accounts.
These providers’ email servers are encrypted so your messages can’t be stolen from them. Best of all, messages sent between accounts with the same service can be end-to-end encrypted.
As with encrypted messaging apps, often the toughest part is getting your contacts to make the switch. If you’re emailing someone with a Gmail account, your message will still be vulnerable on the receiving end.
Thankfully, many encrypted email providers let the recipient load your messages as encrypted webpages instead of emails. That way, you don’t need to sacrifice security for convenience.
Use Encrypted DNS
You visit a website by typing in a URL, but that URL isn’t actually the location of the website.
Just like you, the website has its own IP address. That’s what your browser actually navigates to; the URL is just easier to remember.
To convert the URL into the IP address, your browser queries a DNS server. DNS stands for Domain Name System – it’s like a phone book for websites, matching names with numbers.
DNS servers are usually run by your ISP, though you can also use third-party ones from Google and other companies.
But the problem is that DNS isn’t usually encrypted. That means that the operator of your DNS server can see a full list of every site you visit.
It also means that hackers can intercept your DNS queries and find out what you’ve been doing online.
Encrypted DNS solves those problems by encrypting your DNS queries in the same way that HTTPS encrypts webpages. Just switch to an encrypted DNS and your DNS queries instantly become more private.
It’s still fairly new, but it’s about to hit the big time. Firefox now uses it by default, and Chrome will roll it out in the near future.
If you want to use encrypted DNS independent of your browser, try 1.1.1.1. Easy instructions are provided for configuring your computer to use Cloudflare’s encrypted DNS – the same encrypted DNS used by Firefox.
Try the Tor Browser
If you’ve heard of Tor, it’s probably been in the context of some unsavory events.
It’s the most popular way to access the dark web, home of black market shopping sites and cybercriminal hangouts.
But Tor was intended to be used for a good cause: protecting personal privacy. It’s a heavily modded version of Firefox that encrypts and bounces your traffic around several relays.
These relays are located around the world and prevent your real IP address from being exposed to the sites you visit.
Tor is popular in countries with internet censorship. Its encryption prevents ISPs and governments from monitoring activity and blocking websites.
It’s also used by journalists, activists, whistleblowers and others who are at risk of surveillance.
However, Tor’s extensive protections have a downside: they drastically reduce your internet speeds. Because of this, Tor isn’t a viable option for everyday web browsing.
But we recommend installing Tor alongside your regular browser. That way, you can use Tor when you need some extra privacy and do your normal surfing at full speed.
Get a VPN
By far the best way to encrypt your internet traffic is to use a virtual private network, or VPN.
At first glance, VPNs seem very similar to Tor: they encrypt your data and reroute it to mask your IP address.
But there’s much more to them than that.
VPNs encrypt all of your web traffic, not just your browser.
That includes your torrent client, streaming apps, cloud backup apps and anything that uses your internet connection.
Traffic rerouting, or tunneling, is also much more robust with a VPN. You get to choose where your traffic is routed, be it near or far.
Want a website to think you’re from Spain? Just pick a VPN server in Spain and you’re all set!
How VPNs Work
VPNs work by encrypting your traffic on your computer and sending it to the VPN server.
There, it’s decrypted and passed along to its intended destination.
The website sees a request coming from the VPN server, not your actual IP.
It sends the requested data back to the VPN server, where it’s encrypted and sent back to you.
If your traffic is intercepted in between you and the VPN server, it doesn’t really matter. It’s encrypted, so nobody can view its actual contents.
You control the VPN from your computer, phone or other device. Most VPNs provide apps that allow you to easily manage your connection, change servers and adjust security.
VPN Logging
When you use a VPN, nobody other than you and the VPN server knows what you’re doing.
Your network admin, ISP and government only see encrypted traffic to and from your VPN server. The sites you visit never know your true IP address or location.
So it’s critical that you trust your VPN provider, as it’s the only entity that could possibly view your traffic.
Most of the top VPN providers are “zero-logs” providers.
That means that they keep no records of user activity or IP addresses – and that’s exactly what you want.
Not only is your traffic encrypted, it’s erased as soon as it’s processed. There’s no chance of anybody getting their hands on it, not even by court order, because it no longer exists.
Choosing a VPN
Not all VPNs are created equal. If you’re looking to encrypt your internet traffic and amp up your security, picking the right one is essential.
Free VPNs are out there, but they’re usually not worth it. Their encryption tends to be weaker and they typically keep activity logs, so it’s worth a few bucks to get something better.
Look for a VPN that specifies the encryption it uses. Just saying “military-grade” isn’t good enough; look for AES-256 by name for the strongest encryption.
Always read the privacy policy before selecting a VPN. Many that claim to be “zero-logs” do, in fact, keep logs of some sort, and the details will be given in the privacy policy.
Our VPN Picks
Of all the VPNs out there, a few stand out above the rest. Here are our favorite VPNs – give one a try if you want to get encrypted!
AirVPN offers ultra-strong encryption and a zero-logs policy. It’s very affordable at under $8 a month and is run by internet freedom activists.
NordVPN is well-known for its advanced encryption and huge server pool. Its apps are straightforward and great for novice tech users.
ExpressVPN is pricey but offers a premium experience. This VPN works on many different devices and is excellent for streaming, torrenting and staying secure.
Summary
Encrypting your internet traffic prevents hackers, ISPs, and other snoops from viewing your data. And it’s surprisingly easy for anyone to set up!
