There was a time when being ‘online’ was a temporary state, something you logged into and out of. Today, that boundary has all but disappeared. So much of daily life, including banking, shopping, friendships, work, activism, and even healthcare, now exists within digital spaces that the idea of stepping away from them entirely feels almost unrealistic.
And yet, while our reliance on technology has deepened, our understanding of how to protect ourselves within these spaces has not always kept pace. For many, digital safety still feels like something technical, complicated, or only relevant in extreme cases. But increasingly, experts are pointing out that online safety is not just about preventing rare incidents; it is about navigating everyday risks that quietly shape our lives.
The real landscape of digital risk
When people think of online threats, they often imagine worst-case scenarios: hacking, identity theft, or large-scale data breaches. While these risks are very real, they represent only one part of a much broader picture.
Sociotechnical researcher Saritha Irugalbandara emphasised that one of the most overlooked aspects of digital safety was not what is taken from us, but what we give away, often without realising it.
“On digital safety, I would say people overlook how much data they are actually sharing online and where that data is going,” she explained. “We often think of online safety as something done to us, like hacking or leaking information, but one of the biggest threats to your safety is how much of you is constantly being collected, owned, and sold by companies.”
This data is not limited to obvious identifiers like names or contact details. It includes patterns, what you click on, how long you spend on a post, what you search for late at night, even your preferences and beliefs. Over time, these fragments are compiled into highly detailed profiles that can be used, sold, and reused in ways that most users never fully understand.
“What that does to your identity is significant,” she added. “Your likes, dislikes, where you live, even who you might vote for, this information is sold for profit time and time again, often with what we think is consent, but in reality, it is uninformed consent.”
Everyday basics
While these structural issues may feel overwhelming, the reality is that a large part of digital safety still comes down to simple, practical habits.
Attorney-at-Law and Delete Nothing Operations Co-Lead Shelani Palihawadana highlighted that even the most basic protections were often missing in everyday use.
“One third of people, even with high internet penetration, do not have the basics of protection,” she said. “Starting from screen locks, many people either don’t have them or use very predictable ones. And sometimes, if they can’t unlock their phone, they simply hand it to someone else and share the password.”
These seemingly minor practices create significant vulnerabilities. Without secure access to devices, all other layers of digital safety become ineffective.
Palihawadana also stressed the importance of foundational measures such as two-factor authentication and stronger password practices. “These basics, like having more complicated passwords or enabling two-factor authentication, are still not widely practised,” she noted, adding that the absence of these habits made people more susceptible to phishing scams, malware, and data breaches.
Another critical but often overlooked aspect of digital safety is the role of relationships. Palihawadana pointed out that many incidents of online harm were not random but deeply personal.
“More often than not, people who know you or used to be one of your most trusted people are the perpetrators,” she said. “Our research shows that the majority of people knew the perpetrator, and it is often linked to intimate partner violence.”
This reality complicates the idea of digital safety as purely technical. It highlights the need for awareness, not just about strangers online but also about boundaries within personal relationships, especially when it comes to sharing devices, passwords, or private content.
“Tech platforms often only exacerbate existing problems,” Palihawadana added. “Issues like lack of trust, entitlement, and disrespect already exist offline, and digital spaces simply make them easier to act on.”
Even when people are willing to take steps to protect themselves, access to information can be a barrier. Palihawadana noted that many platforms were not designed with local users in mind. “Sri Lanka is a Sinhala- and Tamil-speaking country, but most platforms are in English,” she said. “Even the Sinhala versions are not very user-friendly. So when people face issues, especially around privacy or safety, the language itself becomes a barrier.”
This creates a gap between access and understanding. While internet usage is widespread, the ability to navigate complex digital systems safely is not evenly distributed. “There’s no real place in the formal education system where people learn these skills,” Palihawadana added. “Digital literacy, especially around safety and privacy, is still not something that is systematically taught.”
Scams and vulnerability
For many users, the most immediate threat comes not from abstract data concerns but from direct scams. Ameena Hussain shared her own experience of being scammed online, describing how it had changed her perspective entirely.
“After it happened, I’m constantly cautious,” she said. “It made me realise how easily it can happen, and now I worry even more about my parents. They’re not always able to tell what’s real and what’s not.”
Her concern reflects a broader pattern. Scams today are increasingly sophisticated, often designed to mimic legitimate platforms, messages, or even people.
Dr. Misha’ari Weerabangsa outlined some of the most practical steps individuals could take to protect themselves. “Be wary of deals that are ‘too good to be true,’” she advised. “Always look up the market value of items and check if the offer is realistic.”
She also emphasised the importance of verifying sellers and avoiding suspicious links. “Do not click on links sent by sellers to ‘payment portals’ – these are often used to harvest your personal data,” she said. “And never share sensitive information like your ID number, card details, or address.”
Even when using established platforms, caution is necessary. “Check seller profiles, reviews, and ratings,” she added. “But also be aware that reviews can be bot-generated. Look at reviewer profiles and see if there are patterns.”
Digital safety as a mindset
Despite best efforts, incidents can still occur. In such cases, knowing how to respond is just as important as prevention. Weerabangsa highlighted that most platforms offered some form of buyer protection or recovery process, though these could take time.
“From your own side, you should subscribe to fraud alerts from your bank and monitor your transactions closely,” she said. “If you suspect any fraudulent activity, alert your bank immediately and provide all details.” She also noted that credit cards tended to offer better protection than debit cards, as fraudulent transactions were easier to block.
As digital tools evolve, so do the risks. Irugalbandara pointed to the increasing use of Artificial Intelligence (AI) platforms as an area that required more reflection.
“People use tools like ChatGPT for everything now because of convenience,” she said. “But what that also means is that you are feeding a lot of your thinking, ideas, biases, and preferences into systems that you know very little about.”
She cautioned against uncritical reliance on such tools, noting that convenience often came at the cost of deeper awareness. “If it’s just about convenience, then we need to ask what that convenience actually means. Are we just conditioned to avoid even the smallest amount of friction?”
For some, the biggest challenge is simply not knowing where to begin. Harini Wijesinghe admitted that digital safety often felt inaccessible. “I genuinely don’t know what steps to take,” she said. “You hear about data protection and privacy, but it’s not explained in a way that feels practical.”
This highlights the need for clearer, more accessible conversations around digital safety, ones that move beyond technical jargon and focus on real, everyday behaviour.
Ultimately, digital safety is not a single action but a mindset. It is about questioning what you click, what you share, and what you trust. It is about recognising that online spaces, like offline ones, require boundaries, awareness, and responsibility.
It also requires acknowledging that while individuals can take steps to protect themselves, there are larger structural issues – platform design, data economies, and cultural dynamics – that shape the risks we face.
Online safety basics
Within that complexity, the basics still matter. These are not advanced techniques. They are everyday practices. And in a world where so much of life is lived online, they are no longer optional.
- Lock your devices
- Use strong passwords
- Enable two-factor authentication
- Verify before you trust
- Pause before you click