Everyday cybersecurity

What is the dark web?

The dark web is a small slice of the internet that you can only reach with a special browser like Tor — it hides who is connecting and what they are reading, which is useful for journalists and dissidents but also where stolen passwords and illegal goods are traded.

What is the deep web, and is it the same as the dark web?

The deep web is everything on the internet that search engines do not index — your inbox, your online banking, internal company tools, paywalled articles, anything behind a login or a paywall — which is huge, completely ordinary, and almost entirely unrelated to the dark web.

What rights do I actually have over my personal data in 2026?

In the EU, UK, and a growing number of countries, you have legal rights to see what a company holds about you, get it corrected if wrong, get it deleted in many cases, get a portable copy, and object to certain uses — and these rights are free, the company has roughly one month to respond, and you can complain to a regulator if they ignore you.

Do I still need an antivirus in 2026?

On Windows, the built-in Microsoft Defender is genuinely good and is enough for almost every household; on Mac the platform's own protections plus careful behaviour are usually enough; on iPhone third-party antivirus is mostly theatre because the OS does not let it do much; on Android, sticking to the Play Store and keeping Play Protect on does most of the work.

What does the padlock in my browser actually mean?

The padlock means the connection between your device and the website is encrypted, so nobody on your Wi-Fi, your office network or your internet provider can read what you send or receive — but it does NOT mean the website itself is honest, legitimate, or safe to trust with your data.

What is malware, and what's the difference between a virus, ransomware, and a trojan?

Malware is any software written to do something harmful to you or your device — viruses spread, ransomware encrypts your files and demands payment, trojans pretend to be something useful, and spyware quietly watches; in 2026 most home malware arrives through scam downloads, pirated software, and links in phishing messages, not mystery email attachments.

How do I keep my kids safe online without spying on them?

The honest answer in 2026 is that technical controls (Apple Screen Time, Google Family Link, content filters on the router) handle the easy 20%, but the 80% that matters — kids reporting strange messages to you, recognising scams, knowing what to do if something goes wrong — comes from a continuing conversation, not an app.

How do I secure my home Wi-Fi router?

Five steps cover almost all real risk: change the default admin password on the router (not just the Wi-Fi password), use WPA3 or WPA2 with a strong passphrase, turn off WPS and remote admin from the internet, keep the router firmware updated, and set up a separate guest Wi-Fi for visitors and smart-home devices.

Is it safer to unlock my phone with my face / fingerprint or with a passcode?

Biometrics (Face ID, Touch ID, Android fingerprint and face unlock) are a convenient layer ON TOP of a strong passcode — not a replacement for it; the passcode is the master key the phone falls back to, so making it long and unique is what actually defends your device, while the biometric just speeds up day-to-day unlocking.

What is a password manager, and is it safe to use one?

A password manager is an app that generates a unique strong password for every account and remembers them for you behind one master password — yes, it is much safer than reusing the same password, even though all your passwords sit in one place.

What is two-factor authentication (2FA), and which kind should I use?

Two-factor authentication adds a second step after your password — a code from an app, a tap on your phone, or a passkey — so that a stolen password alone is no longer enough to log in; in 2026 the best option for most people is a passkey, then an authenticator app, then SMS only as a last resort.

What are cookies, and should I 'accept all' or 'reject all'?

Cookies are small files a website asks your browser to remember, used both for harmless things (staying logged in, keeping your cart, remembering your language) and for tracking you across sites for advertising — the legal 'accept all / reject all' banners in the EU and UK only control the tracking ones, so 'reject all' is almost always the right click.

Is my messaging app actually encrypted — and what's the difference between Signal, WhatsApp, iMessage, and the rest?

WhatsApp, Signal, iMessage, and the modern versions of Messenger and Telegram (with 'Secret Chats' switched on) all use end-to-end encryption, meaning even the company running the service cannot read the content — Signal is the most privacy-protective of the lot because it also minimises what it knows about who is talking to whom, while WhatsApp and iMessage are encrypted for content but retain more metadata than Signal does.

What does incognito (private) browsing actually hide?

Incognito mode (also called Private Browsing or InPrivate) tells your browser not to save your history, cookies or form entries on this device — that is all; your employer, your school, your internet provider, the websites you visit and any advertising network on the page can still see exactly what you do.

Is it safe to use public Wi-Fi (café, hotel, airport)?

In 2026, public Wi-Fi is much safer than it used to be because almost every website now uses HTTPS encryption — so your bank, your email, and your apps already protect themselves regardless of the network — but it is still wise to avoid logging into anything truly sensitive from a public hotspot you cannot verify.

What is a VPN, and do I actually need one?

A VPN is a privacy tool that hides your internet activity from your local network (your office, the café Wi-Fi, your ISP) and from websites — but it does NOT make you anonymous, and for most people in 2026 it is far less essential than the ads suggest.

What is a data breach, and what do I do if my information is in one?

A data breach is when an organisation that holds your personal information loses control of it — your email, password, phone number, address, sometimes your credit-card or ID details end up in a leaked file that attackers download and reuse; the practical response is to change the password on that account, change it anywhere else you reused it, and turn on two-factor authentication.

What is a deepfake, and how worried should I actually be in 2026?

A deepfake is a video, image, or voice recording generated or altered by AI to make a real person appear to say or do something they did not — and in 2026 the realistic threat to ordinary people is not political fake-videos, but voice clones used in phone scams targeting families and finance teams.

What is identity theft, and how do I tell if it has happened to me?

Identity theft is when someone uses your personal information — name, date of birth, ID number, banking details — to open accounts, take out credit, file false tax returns, or commit crimes in your name; signs include unexpected denied credit, unfamiliar accounts on your credit report, mail about loans you never asked for, tax notices for income you did not earn, and calls from collections agencies about debts that are not yours.

What is phishing, and how do I recognise it?

Phishing is when someone sends you a fake message — usually email, SMS or chat — that looks like it comes from your bank, your boss, a delivery service or a friend, hoping you click a link, enter a password or transfer money before you notice the small details that give it away.

What is quishing, and why are QR-code scams suddenly everywhere?

Quishing is phishing done through QR codes — the attacker prints or sends a QR that points to a fake page, you scan it without thinking, and end up entering your card details or password on a site that looks exactly right but is not.

How do I tell a scam call or text from a real one?

If a call or message creates urgency, asks for a code or password, requests a transfer or gift cards, or threatens you with arrest, fines or account closure, treat it as a scam regardless of who it claims to be — and call the real institution back on a number you find yourself, never on the number the caller gave you.

What is sextortion, and what do I do if it happens to me or my child?

Sextortion is when someone — usually a stranger online — gets or fakes an intimate image of you, then threatens to share it with your family, friends, or employer unless you pay or send more; the right response is do not pay, do not delete the conversation, take screenshots, report to the platform and to a national helpline immediately, and tell someone you trust — police and dedicated services can act fast if you act fast.