It’s not so common.
When it comes to internet safety, the most oft-cited advice is:
Use common sense.
The most common response is:
Great. Just what exactly does that mean?
When it comes to technology and safety, “common sense” is important, poorly defined, and quite uncommon.
Let’s see if we can define it with some already-familiar rules.
Become a Patron of Ask Leo! and go ad-free!
What is common sense?
Common sense can be summed up in several familiar adages:
- If it sounds too good to be true, it’s probably not true.
- If it ain’t broke, don’t fix it.
- Free is never free.
- Read what’s in front of you.
- Don’t believe everything you read.
- Be skeptical: question everything.
- Do your research.
If it sounds too good to be true…
Many malicious incursions mask themselves in promises of the seemingly irresistible.
Practical examples of offers that really are too good to be true include:
- Many “free download” advertisements
- Software promising to speed up your computer
- Ads including the phrase “one stupid trick…” or variants
- Click-bait headlines including the phrase “you won’t believe” or similar
Common to most, beyond the fact that the promises seem extreme, is that you weren’t looking for them when you found them.
Look at any website, and you’ll see advertisements. Many are legit and well-positioned, but others are little more than over-the-top attempts to get you to click or download whatever they have to offer.
Particularly when you’re not looking specifically for something, don’t fall for extreme or outlandish claims. The same can be said of most shared or forwarded hoaxes and urban legends as well as many news stories.
Common sense tells us that if it promises too much, if it seems too extreme, if it seems too astonishing… then it’s probably completely false.
If it ain’t broke, don’t fix it
Whether following over-inflated promises such as those I just mentioned or out of desperation, I often see people trying to do things to their computers that have nothing to do with a problem they’re experiencing.
- They try to solve speed problems they don’t have.
- They try to remove malware that is not present.
- They try to update software they don’t run.
- They try to fix problems that have nothing to do with their computer.
The list goes on.
I understand that each of those assumes a certain amount of knowledge. How do you know you don’t have a specific problem? How do you know malware isn’t present? How do you know that the problem you’re experiencing is with the website you visit and has nothing to do with your computer?
That’s a fair concern. But if you don’t know that you have a problem, then why are you trying to fix it?
Turn the thinking around.
Common sense means not doing something because you might have a problem, but taking action because you know you have a problem and not before.
Research the problem first. Confirm you actually have a problem that needs fixing before you try to fix it.
(I’ll talk about research shortly.)
Free is never free
The economist’s old acronym is TANSTAAFL: “There ain’t no such thing as a free lunch.” That’s exceptionally true online.
Every “free” service has a cost. It may be the advertising you see, the mailing list you need to sign up for, the personal information you’re sharing, or something else entirely, but there is no such thing as “free” on the internet.
Most commonly, people fall into the “free” trap through advertisements of this variety: “FREE Scan! Scan your computer for malware for FREE!”
Some of these ads are 100% accurate. The scan is completely free. The not-so-free part? If you want to do anything about what the scan finds, you’ll need to pay. It’s a common sales tactic.
Less reputable programs lie to you. They warn you of malware and other scary things you don’t have or that aren’t issues — all making it appear that giving them your money is the only way to avoid certain doom.
This brings us to another important point.
Read what’s in front of you
This is a point that frustrates me. It works like this:
- A program fails or something goes wrong.
- The user gets frustrated or confused.
- The user completely misses the fact that the solution was included in the error message or descriptive text.
Another similar scenario:
- Someone gets an email and reads the first line, which is so outrageous that their reactions kick in right there and they stop reading.
- As a result, they miss the text after that, which puts the statement in a clearer context or provides additional information and removes all the outrageousness.
When something goes wrong with your computer, take the time to read what’s on the screen in front of you. I get so many questions that could be avoided or quickly dealt with had the questioner just slowed down and read the instructions in front of them.
I understand that those instructions are not always comprehensible. Honestly, I do. But sometimes they are so clear and obvious that just taking the time to slow down and carefully read what’s on your screen will get you a long, long way.
Which brings us to the flip side of the coin.
Don’t believe everything you read
I’m a firm believer that people are basically good.1
But that doesn’t mean that everyone is good or that everyone has your best interests in mind, particularly when it comes to the internet.
It’s too easy, particularly in today’s connected and information-rich world, to spread misinformation as fact. We see it all the time.
Misleading ads are only one blatant example. Misleading ads pre-date the internet by decades, if not hundreds of years. It’s just that today’s technology often makes it difficult to distinguish snake oil from valuable and effective medication unless we’re careful.
The internet can also supply us with a wealth of information to help us separate over-inflated claims from reality.
It can also provide us with even more misinformation.
“It’s on the internet, so it must be true” is one of those statements everyone laughs at because it’s so blatantly wrong, it’s laughable. Common sense tells us that because something is on the internet has absolutely no bearing on its accuracy. Yet we see people act as if it is, believing random and misleading statements from vague sources with less-than-altruistic agendas.
With information coming at you from so many random directions from sources both reliable and unreliable, it’s critical that we not believe everything we read just because it’s been formatted attractively2 on a site that looks authoritative.
And that brings us to the most important point of all.
Above all, be skeptical
Want something that’s very common sensical?
Question everything. Even me.
Never accept information at face value, particularly on the internet, and particularly from sites or individuals you’ve never heard of before.
Be skeptical. Ask questions. Consider the source and what that source’s agenda3 might be in spreading its message.
Over time, develop a set of resources that you trust. Naturally, I hope Ask Leo! will be one of them, but honestly, what matters more is that you reach out and find your own trustworthy sites, sources, services, and individuals.
Then use those resources to help you evaluate the constant stream of information and misinformation heading your way.
Yes, that’s a little bit of work. But it’s critical.
Do this
Search for yourself
Learn the basics of how to not only use a good search engine (Google, Bing, or others), but also how to interpret the results. Understand the difference between the advertisements presented on the search results page and the actual results.
Look for well-known reputable sites in those results, not just sites that happen to rank highly. As much as search engines work to make it not so, ranking highly in a search result is not an indication that the site is legitimate or trustworthy.
If you choose to look at information presented by a site you’ve never heard of before, remember, you’ve never heard of it before! Without more research, there’s no way to know whether the information is valid, biased, or completely bogus.
Get help
If you’re uncertain how to go about researching a particular topic, there’s nothing wrong in asking for help. You may have more experienced friends or family members who can help you find what you’re looking for. Librarians are also valuable resources when trying to determine the validity of information you run across online.
Regardless of who’s helping you, it’s still important to be skeptical. When they suggest a site as a trustworthy resource, don’t be afraid to ask them why they trust it.
Look carefully for confirmation
There are two types of confirmation:
- Source B repeating what source A has said.
- Source B independently presenting similar information or coming to the same conclusion source A did.
The first isn’t confirmation at all, it’s repetition. The problem is, when enough sites and so-called sources all repeat what only one of them has said, it may feel like many sources have all come to the same conclusion. In reality, it’s nothing more than a single opinion repeated over and over. This is known as the echo chamber.
Remember: repetition isn’t confirmation. You want to find multiple sources that are confirming (or denying) the issue, and are doing so having arrived at their conclusions independently, using their own research.
Use debunking sites
I’m a huge believer in using sites like snopes.com4, factcheck.org, mediabiasfactcheck.com, politifact.com, truthorfiction.com, or any of several others before reacting to the latest over-the-top, can’t-possibly-be-true news story, tech tip, or emailed rumor.
Many are very timely and do the kind of research you want to see before getting all excited or worked up about what just landed in your inbox.
Use resource sites
There are resource sites for just about any topic. Develop a set of sites that you trust. For example, when it comes to technology, I would hope Ask Leo! is on your list. Visit the sites for which you already have a level of trust and see what they say about the issue at hand. As always, I’m not saying that you need to trust them completely, but use them as part of your research to develop your own well-thought-out opinions.
The bottom line is this: if something you run across is worth the effort of taking any action at all — even if it’s just to forward an email — then it’s also worth your time to research it first. At worst, it may save you some embarrassment. At best, it could protect your computer, your identity, and even your possessions.
Podcast audio
Footnotes & References
1: That’s one reason I took on heroicstories.org and run notallnewsisbad.com.
2: Also not new. I’m fairly certain that my good grade on a paper I turned in while in college was due to the fact I’d figured out how to use a word processor to make it look much better than it was.
3: And don’t kid yourself, every source has an agenda. More here: Stop Spreading Manure.
4: No, Snopes isn’t left-wing biased. Generally people claiming so are simply unhappy with the truth Snopes has uncovered. Nonetheless, if you’re not happy with Snopes, look at any of the multiple debunking sites that are available these days.
“… but there is simply no such thing as “free” on the internet.”
I think the open source community would tend to disagree with you :)
And even if you want to consider licenses such as GPL, BSD, etc as not-entirely-free, there is plenty of true freeware out there, open-source (where applicable) and licensed with no restrictions. Not only software, but images, music, etc as well (e.g. think public domain). Real free is there if you know what to look for.
But as far as the “normal” internet consumer is concerned with seeing ads for “free” things, you are of course absolutely right.
Although I’m a strong proponent of free open source software (FOSS), I would disagree with you. FOSS does have an agenda too. But it is not hidden, guys like Richard Stallman are open about it, and in my opinion, it is a noble goal, but a goal nevertheless.
There are many reasons why people write open source. One of them is to acquire reputation, another is to do ego-boosting, and a third one is working towards your own political goals (such as Stallman explains). Probably a fourth and important one is fun and liberty to do what you like to do. By using their software, you are “paying” them with satisfaction in one way or another.
Now, in as much as I’m willing to believe that there is no *hidden* price to *using* FOSS, I’m absolutely not willing to believe that there is no hidden price in “free services”, because they do incur a financial cost on their providers, which have to cover that cost in one way or another.
Most people, when walking down the street and seeing an item of food lying on the sidewalk, would not even consider picking it up and eating it. Why is it that many of these same people would not think twice about installing an unknown program on their computers? The next time you are tempted to install a program that you didn’t actively search for and research to see if it comes with nasty little “extras”, ask yourself, “would I put it in my mouth”? Sure, it’s a kind of gross way of looking at it, but perhaps you’ll think twice before installing.
Nice article but even the term “use common sense” is misused all the time. What is really meant it “use good sense,” and in this case that means having a good working knowledge of just how some of the nitty gritty happens on computers as well as all the “social” contrivances used to influence and infiltrate the devices as well as the user’s head.
So while the article’s descriptions of good sense is right on, common sense is very much a subjective term so it really doesn’t get us anywhere.
Agreed Jack, like you I refer to “Good” sense because it ain’t that common!
how could you leave out the ever popular FB bait and switch come on?
“share this video in order to watch it”.
To keep my computer safe, I won’t click free Malware removal like you recommended. I just wonder I can see 2 free Malware Removal download on this site if you can’t get rid of them? Because you didn’t put them on here? I think some people don’t have much knowledge may confuse and think you put them on here and then may click…
Thanks once again Leo for reminding me to be careful.
As someone who is too old to have learned computer science in school I have just figured it out as I went along.
Your informative web site has played a huge part in my education and I have recently purchased your book on backing up with Macrium Reflect (yes, I finally realized I should be doing a better job of backing up)!
“Saved! – Backing Up with Macrium Reflect: Prepare for the worst – Recover from the inevitable”
I also read and trust the Bob Rankin site, any others I am extremely wary of.
Please continue to share your knowledge in the understandable way that you do.
I understand, Bob. We could simply take the warning labels off everything and let the problem sort itself out. Leo’s point ‘Read what’s in front of you’ seems to be in most folks’ blind spot.
Leo: I was waiting for you to get to specifics and was disappointed at the generality of your warnings. I often get phishing emails from my bank, paypal and my ISP but most of the time they are unbelievably obvious if you look at their internal data. Frequently they come from some crazy source like openbeach.com even though they are claiming to be from a known institution. They frequently have return email addresses that have one value in the Reply section and another value in the body. If you hover over the link that they urge you to click on it often has a geographical domain in Russia or South Africa or elsewhere. I get multiple short emails from women offering various ways to f@-k me (their disguises) because their husband or bf is inadequate but when I hover on the return addresses they are always the same ending in php?=a week after week, which I guess is a server instruction. So I guess they are all from the same place. I assume that malmail has a reasonable success rate so there must be computer users without the common sense to open their eyes and look. Not your subscribers of course.
Get to know what a legitamate alert from your virusscanner looks like! The best way to do this is to go to and copy the Anti-Virus Test String. Open Notepad (or equivalent), paste it in, and (try to) save it as “eicar.com”. If your virusscanner is correctly configuted, it won’t even LET you — it’ll stop the save dead in its tracks with a dire virus alert! The eicar test string is DESIGNED to be used by the anti- vitus community to test their scanners, so even though it is totally harmless, a virusscanner should respond to it AS IF it were a dangerous virus.
Take a close look at the alert your virusscanner displays. Learn to recognize it. Then there’s much less chance you’ll be taken in by a fake alert on the Web!
Finally, if you have the SLIGHTEST doubt of the authenticity of any such alert, DON’T CLICK ON IT, not even to close it! Call up the Task Manager (or equivalent — but Process Hacker is better) and kill it off from there. Then, manually call up a Full Scan in your own virusscanner!
Hope this helps…
The Web is amazing. It contains almost all knowledge know to the human race. Unfortunately, 98% (I made that number up, but it’s probably close) of the Web is misinformation. It takes a real effort to determine which 2% to believe.
A lot of that 98% you mentioned is made up of things people believe to be true, even if it isn’t. The internet is a fairly good snapshot of the state of human thinking. The last six months have proven that human thinking can stray pretty far from good sense. This post is a sensible approach to the nonsensical state of affairs we face on a daily basis.
“Common sense can be summed up in several familiar adages …”. This is a good list of adages, but in order to practice these behaviors people must have the capability for independent and critical thinking. If this capability was ever a human trait, it no longer seems to exist for the masses. Heck, even “expert” pundits are suffering from delusional group-think. How can you not believe what you read when facebook says you must believe and if you don’t you’re a social outcast? How can you do your own research when the information presented to you is a regurgitation of what you believe anyway? If people don’t use common sense on their computers that’s because they don’t use it anywhere else in life. The adage that may be the most helpful in self-protection is “Be skeptical; question everything”. I’ll add one more: “Everyone (except Leo) is out to get you”.
I recently posted a meme on Facebook saying that beer is healthier than milk. I got dozens of likes and positive comments. My final comment was “Confirmation bias makes you feel good, doesn’t it?”
Of course, everyone knew it was a joke, but the point is, you love to hear people say what you already believe. I have strong feelings about this upcoming presidential election and want to believe what I hear negative about the other party but I’m constantly warning my friends that just because the article supports what you believe doesn’t make it true.
There are plenty of free things. My OS (NixOS) is completely free and it’s even mostly libre (supposedly Linux has binary blobs in it) and so is the software on it. Also, ever heard of sites like freetechbooks.com? All free, safe, and legal.
As for “If it sounds too good to be true, it’s probably not true.”, if this is true then that is only because if it sounds too good to be true then it contradicts what you know. But a better rule would be to —instead of assuming that you know everything and that your judgement of what sounds too good to be true is impeccable— look at why it sounds too good to be true. How do you know that it’s unlikely, what evidence do you really have? Looking at evidence is IMO much more effective than going on a gut-feeling of things sounding “too good to be true” because those gut-feelings can just as well be just based on what you’re raised with or some other arbitrary things.
That’s not to say to people ought to try to prove or disprove everything, but if it’s really something important such as health then it might be worth looking into things that “sound too good to be true” because maybe your gut-feeling is wrong.
I also agree with people making the distinction between common sense and good sense. Common sense in itself is worthless as well very clearly demonstrated in Nazi Germany and many other regimes like that. Thinking like everyone else can be very harmful. Good sense is what I want to have. I want to think logically and with intellectual integrity, and whether that way of thinking is common or uncommon does not matter in this regard.
I also think that if you’re going to use debunking sites then you should be very critical of them. Debunking sites can make for great propaganda sites. They’re not guaranteed to be truthful just because they’re self-proclaimed “fact checkers”.
That’s the Dunning Kruger Effect.
Leo wrote:
“When it comes to your computer, when something goes wrong, take the time to read what’s on the screen in front of you.”
My version of this is, “Read the screen — it’s trying to tell you what you should do next.”
An adage my 90-year-old Mom can never seem to grasp… and occasionally, not even ME either! :o
Oh, I’ll admit, I’ve fallen for this as well. Particularly embarrassing.
A typical phone call I get from friends, “I have this error message on my computer.”
Me: “What does it say?”
Them “. . .”
Me “what does it say to do?”
Them “Should I do it?
But it’s not always as easy as that. Sometime the answer is “DON’T DO IT” because it’s a scam browser pop-up from a website. With so many bad actors, navigating a computer is like navigating the Panama Canal. A friend of mine is a yacht pilot and only local pilots who know the canal are allow to pilot boats over the canal. Schools need some serious courses computer literacy and safety.
WRT your point about “read what’s in front of you,” one frustrating thing I find all too often, and it’s to do with Microsoft Windows Update error messages.
Something fails, and all I get is a mysterious error code in hexadecimal notation.
I then have to use Google to find what that error code even means, let alone find how to deal with it.
I don’t understand why Microsoft’s Update Error messages couldn’t be more “user friendly,” maybe even (gasp)! going as far as offering possible solutions as well!
In my experience, most Google searches on these error codes lead to Microsoft community websites, and one can trawl through hundreds of threads, all on the same topic, none of which have any solutions, mainly because there will almost always be “MVP” moderator who is obviously operating from a script, asking the same questions over and over again, but offering no solution, even when all his/her questions have been answered.
It’s kinda sad, but it’s also kinda true. What’s sadder to me is that the information is often there, just not findable or not understandable. I’ve sometimes characterized my job as part search engine and part translation service (geek into English).
I read the title and thought of a possible sub-heading:
Just What Is Common Sense?
and why is it so uncommon? :-)
I get a lot of emails from legitimate sources like Netflix and Facebook with the subject “ACTION REQUIRED!“, bold and urgent. Reading further, it says something like “A log on has been detected from a different browser (or location or device). If this was you, you can ignore this message.” A less urgent subject line like “Please review this login” or something like that might get people to read the text of the email instead of panicking.
I think these types of emails are that way for two reasons:
I’ve gotten many “Was this you?” type headers and that got me to read the text. If it’s too sensationalist, it can be like the boy who cried wolf and get us to ignore serious warnings.
“there is no such thing as “free” on the internet.” There are a few exceptions like Linux distributions and Libre and Open Office and other free programs where the only price is to put up with ads to upgrade or ads for other products.
Others have already mentioned open source software (such as the Kee Pass password manager).
Let me add freemium online services. Many perfectly reliable and honest companies use that business model. They offer a free plan as well as paid plans.
In many cases, free plans are fully operational and perfectly sufficient for a lot of users. Of course, there are limitations, but not everybody needs the higher-end features.
This is very interesting, because free users benefit from the reliability of the paid service and its provider, without incurring the cost. Examples : Tutanota (encrypted mail), Anonaddy (email aliases)…
In such cases, there is really such a thing as a free lunch.
Thank you, Leo! I usually do a web search for “fact check” when I want to research something I’ve seen or heard on the Internet (or in email). Your list of fact check sites will save me a bit of time and a few clicks :). I also found the list of other fact checkers useful too. I now have a total of seven fact check shortcuts (links) in a folder easily accessible from my desktop.
According to Miriam Webster: SENSE, COMMON SENSE, JUDGMENT, WISDOM mean ability to reach intelligent conclusions.
COMMON SENSE suggests an average degree of such ability without sophistication or special knowledge.
The one thing that pops out for me in all this is that COMMON SENSE requires conscious thought and analysis. In other words, think about what you read/see/hear anywhere, then do your own research to confirm its truth or expose its fallacy.
Much of my research is completed with an Internet search where I scroll down past ALL the ads (which are getting harder to recognize since the little “Ad” icon no longer seems to be displayed in Bing search results – I may have to switch to another – not the default – search engine in Edge . . .) to read the links that comprise the search results. I have suggested using an Internet search in lieu of clicking a suspicious hyperlink in previous posts, but I neglected to explain how to use the results page. Leo did that. Thank you (again), Leo!
Ernie
Sadly, I think we lose a lot of people at “In other words, think”
:-(
Duck Duck Go is a good alternative search engine. They don’t track you via your searches.
https://duckduckgo.com/
I would also add: Don’t believe everything that you see. Video is so easily manipulated these days that the unbelievable can be made to seem believable. Improbable sports shots are rampant and are shown to be easily done by the participant in the video. Seeing is NOT believing.
I remember watching Running Man with Schwarzenegger when they manipulated the audio to make it look like Arnold massacred a city against orders. Later in the film, technology had advanced, and they manipulated video to fake his death. I read an article saying that it was impossible with the technology of the time to simulate humans realistically. Now we’ve gotten to that point. Now there are videos altered to make rival politicians look stupid. We don’t yet have the technology to make stupid people look smart, yet.
Commonsense isn’t.
Quip first seen in Reader’s Digest some seventy years ago!
I’m sure it predates that. It’s the human condition, sadly.
If you give them your email address, it is not free. They can use your email address for whatever reason they want to, including having it stolen in a data breach. If you send an email through any email service, they can capture words and phrases that you send/receive and use it for whatever reason they want. Free and paid services also know your IP address. It probably does not let them know your physical location, but if they get enough IP addresses from a general area, I think they can probably target that area with ads.
I’ve seen recipe sites that were free. Sign up and leave a comment on a recipe and they have numbers to boast how active their website is (I’ve seen this used with other websites too).
Always read the TOS and try to comprehend what it means. Maybe it says they do not sell, rent, lease (etc) your information, but I still generally do not trust them. Maybe “they” does not include their parent company. Usually your “information” is needed for their day-to-day work, which might include selling their company and your information to another company. When you decide not to use a service in the future, what REALLY happens to the information they already have? If they say they removed your information, it does not mean they really DID remove it.
That’s only true if you are not careful. I use a dedicated email address for “free” signups such as newsletters and another throwaway address for any signups I’m not completely sure of. I average 3 or 4 spam mails on my main email account which I’ve had for almost 20 years. My newsletter email account only gets slightly more. I have no idea how much spam I get on my throwaway account as I only check it when I sign up and since the email I’m looking for to confirm the signup is usually the first, I never look past that.
I believe in, & practice, a modified version of one of your adages, Leo.
LEO’ ORIGINAL VERSION: “If it sounds too good to be true, it’s probably not true.”
MY VERSION: “If it sounds too good to be true, it isn’t — period.”
MY RATIONALE: No reputable person or entity makes claims that “sound to good to be true”. A reputable firm takes care to couch their claims in reasonable terms. A disreputable claim is always to be ingored, even if it is strictly accurate. One disregards such matter to punish the disreputation, and not the verity, of the claim. Give me claims that are believable as well as true, and I’ll look at them. Otherwise I chuck ’em in the garbage bin with the rest of the trash.
MS Office is expensive and great. Libre Office is free and almost as good. That sounds too good to be true. 20 years ago, I got a job paying a salary double what I was making. That sounded too good to be true.
I could say that about Linux, but although it’s great, doesn’t sound so great to the technologically challenged.
The ‘Reply’ links at the bottom of posts doesn’t seem to do anything, so this is in response to Mark Jacobs (Team Leo)’s last post yesterday (February 8, 2023, at 3:53 am):
I have used Open-Source Software since the late 1990s. It has never seemed to be too good to be true to me, but then I try to contribute to the development/maintenance teams that manage the software I use (Linux Mint Debian Edition, LibreOffice, and a few others) in any way I can (financial contribution, work on documentation, answer questions I know the answers to in the forums, etc.). Open-Source Software is not free (as in free lunch), it is free as in we are allowed to see the source code, and make changes if we wish, providing we keep the GPL intact with our revision, in other words, freedom to know how it works. In most cases (e.g.: GNU Linux Distributions, etc.) the software can be downloaded and used legally without purchasing a license, but technical support can usually be purchased from commercial enterprises (such as Canonical – distributor of Ubuntu et-al).
I just want to make it clear that Open-Source is not necessarily synonymous with ‘free lunch’ although it IS synonymous with freedom (as in Liberty).
My2Cents (opinion),
Ernie