How to stay even safer online
Online privacy is something we should all be paying attention to – in particular, what information we’re revealing about ourselves without knowing it.
Assuming you’re not doing anything you shouldn’t be, there’s nothing inherently wrong with guarding your personal details and browsing habits. Privacy isn’t just an issue for celebrities.
In fact, it’s far more likely that your privacy is compromised by advertising agencies than anyone else. From a simple Google search, to pretty much any ad-funded website, your browsing behaviour can be tracked to establish which adverts you’re most likely to click on.
Fortunately, there are plenty of ways to prevent this monitoring. We’ll show you some of the best options, from simple tricks to more hardcore solutions that can shield you from almost any surveillance.
Online privacy tends to make headlines with stories of governments spying on citizens. But while state surveillance is undeniable, the first invasion of your privacy is more likely to come via a Google search. Although apparently anonymous, Google has a habit of tracking your searches in order to bombard you with personalised adverts.
By contrast, a search engine such as DuckDuckGo generates unbiased search results without the added user profiling or tracking.
Switching to a less commercially driven search engine will certainly help you on the road to anonymity, but visit a few websites and inevitably you’ll receive cookies.
These tiny text files are usually perfectly legitimate ways for websites to record things, such as frequently viewed items, so they’ll appear on your next visit. But, cookies can easily turn on you…
Tracking cookies are more invasive and compile records of browsing habits and personal details in order for the cookie host to target you with specific adverts.
Since 2011, EU and US law has increased cookie awareness by requiring websites to display homepage notification banners that you can’t miss, but it’s really just a token nod at respecting privacy.
A more promising attempt at keeping your browsing less trackable is the Do Not Track HTTP header, now integrated into all common web browsers. When activated, websites are requested not to use tracking cookies.
However, the key word there is “requested”, as while Do Not Track may be great in theory, the feature can’t actually prevent websites and advertisers from tracking you.
There’s no law to say they can’t completely ignore a DNT request.
Clear the slate
So, the bottom line is, it’s up to you to stay anonymous. Simply clearing your browser cache and cookies through your browser’s settings is a good start.
Alternatively, you can use clean-up software such as CCleaner to delete cookies, temporary internet fi les and various other web leftovers from multiple browsers in one go.
Once you’ve got a clean slate, keep it that way by using private browsing modes to keep your interests under wraps. This could be Microsoft’s InPrivate feature, Firefox’s Private Browsing mode or Incognito in Chrome.
They all do a pretty good job of preventing nosey tracking cookies from setting up camp on your computer. But even without going into full-on secret browsing mode, the big browsers also allow you to block third-party cookies, and while this doesn’t create an impenetrable barrier, it’s more eff ective than a Do Not Track request.
Another easy way to regain control of your internet anonymity is by exploiting browser extensions to close privacy loopholes. Active web content such as Java, Flash and Silverlight can be used to obtain system information without your knowledge and piece together various browsing habits.
Automated scripts can also be potential security risks, so controlling exactly what web content can and can’t run is a good thing.
Browser extensions such as NoScript for Firefox and ScriptSafe for Chrome allow you to do exactly that, blocking all active web content and asking for your approval before letting it run. At first these extensions can be annoying, but the more you use them, the smarter and less intrusive they get.
Spot the spies
The problem is, even when web tracking is legitimate, the fact it happens without your knowledge provokes lack of trust.
Wouldn’t it be great if you could see exactly who’s trying to sneak information about you so you could stop them in their tracks? Well, that’s exactly what extensions such as Ghostery and Disconnect do. Both are available for IE, Firefox and Chrome.
With a simple browser button, you can see a list of active advertising, analytics and social media tracking organisations on a current webpage. You’re even able to control which ones can collect information about your browsing session. Both extensions are easy to use and far less troublesome than script-blockers.
Plus, unlike private browsing modes, which simply stop tracking organisations from leaving cookies, these extensions can actually prevent them from monitoring you. Far more effective. However, just because your browser is locked down, this doesn’t necessarily mean your system is secure.
Any malware already present on your PC may still be snooping on you, and carelessly downloading the wrong zip, executable or even PDF file can transmit your personal details to unintended recipients.
Email attachments aren’t the only way in which your privacy can be compromised. Your actual written email correspondence is also far from anonymous.
Way back when Google launched Gmail with a 1GB storage limit, it wasn’t keen to market how this capacity was funded. Google did, and still does, scan email content in order to target you with personalised adverts, and Yahoo is up to the same tricks.
Thankfully, there’s no shortage of ways to keep your email correspondence safe and secure. If you’re serious about email anonymity, providers such as Hushmail offer built-in PGP email encryption and no advertising.
Email another Hushmail user and your message is automatically encrypted when sent and decrypted when read.
Email a non-Hushmail recipient and you can still use encryption, but require them to answer a secret question before the message can be read. Clever stuff , but you’ll need to part with $35 a year for it, or there’s a free version if you can stick to a 25MB storage limit and log in frequently.
Alternatively, you can also encrypt mail sent via webmail accounts such as Gmail, Outlook and Yahoo, simply by using a desktop email client like Mozilla Thunderbird, plus a few other tools.
With Thunderbird installed and configured as your email client, download and install the free GNU Privacy Guard encryption software, and then download the Enigmail Thunderbird extension and follow the configuration wizard.
If that sounds like overkill for sending a couple of anonymous messages, then consider a disposable email address instead. Guerilla Mail and Mailinator both fit the bill, letting you quickly send and receive anonymous mail with no incriminating sign-up processes or content scanning.
The wonders of encryption can also keep instant messaging secure. Apps such as Cryptocat will integrate with Chrome, Firefox or Opera, giving you an encrypted chatroom to converse with other Cryptocat users.
To minimise traceability, there are no static user accounts, so you create a dynamic username each time you connect. Once in, you can start your own conversation or type the title of one that’s already active to join in. No group conversations are private though, so anyone who requests your conversation name is free to participate.
However, you can select an individual for a private chat, as well as sending encrypted files and photos.
Paranoid or Prudent?
In 2013, Edward Snowden was revealed to have downloaded and leaked up to 1.7 million classified documents, revealing the extent of mass surveillance in the US and around the globe.
Key revelations from these leaks include the existence of PRISM: a partnership between the NSA and at least seven major internet companies, including Google, Apple, Microsoft, Yahoo and Facebook. PRISM enables the NSA to access the emails, documents, photos and personal details of any non-US citizen from its participating companies (which have immunity from possible ramifications), en masse, without having to specify an individual target or communications method.
The only crumb of comfort is the NSA apparently has to request the information, rather than having direct server access.
Snowden’s leaks also revealed the UK’s Government Communications Headquarters (GCHQ) taps around 200 fibreoptic cables carrying global internet and telephone data amounting to up to 600 million daily communications.
Intelligence is then shared with the NSA and can be stored for up to 30 days for analysis. Snowden’s leaks also detailed the NSA had collected over 200 million global text messages per day and stored details in a database accessible to GCHQ. The really scary bit? This surveillance was able to gain information on individuals who were not under any criminal suspicion.
The big bad world
Exposing and blocking advertisers or encrypting email can help you take back some control of your privacy, but it’s not enough to keep you and your location hidden.
Whenever your computer is connected directly to the internet, you’re still within radar unless you’ve taken some measures to conceal your IP address.
There are many ways to hide your IP address – but consider if you really need to? The gatekeeper of your identifiable details is your internet service provider. But in the UK and the US, at least, they’re unlikely to have the time (or the money) to want to snoop on you themselves.
Both the Creative Content UK alert programme and the US Copyright Alert System are more lenient than you might imagine. If you’re found illegally downloading a copyrighted file by the rights holder, they can record and submit your IP address to ISPs in the alert program. If one ISP happens to be your provider, then you’ll be sent a copyright infringement notification letter informing you of ways to avoid future breaches.
The UK system allows you to receive four such letters or emails a year. After that, well, not much happens, as it stands. In the US, you get up to six warnings. By the fifth or sixth warning, ISPs can start throttling bandwidth or using other measures to make subscribers play ball. Even then, however, US ISPs are not required to disconnect subscribers or even disclose personal details to the copyright holders.
This all sounds forgiving, but relying on your ISP to protect your identity isn’t advisable. Even when most providers are reluctant to divulge your details, sooner or later they will have to give into the law. Take the recent case of Voltage Pictures identifying and attempting to sue thousands of individuals in the US, Singapore and Australia for illegally downloading the film Dallas Buyers Club. It’s doubly risky when you consider that, even when the threat of legal action and fines may not stand up in court, fighting your corner won’t be cheap.
Tor of duty
One way to get closer to complete anonymity on the cheap is to use Tor, aka The Onion Router. If there’s an element of the internet that divides opinion it’s Tor. Tor has the same effect as a proxy server, fooling monitoring systems by faking your computer’s location.
But it considerably boosts your anonymity by passing your internet data packets through multiple encryption servers (nodes) before they emerge on the open internet (clearnet) and scoot off to your requested website.
As your IP address is concealed by so many encryption servers, you get multiple layers of protection rather than just a single proxy server barrier, and the result is, well, like the layers of an onion.
However, like its veggie namesake, Tor can also be eye-wateringly annoying. The numerous encryption servers that relay your data within the Tor network create speed bottlenecks, and, being volunteer-run, demand usually outstrips available bandwidth.
You can’t just access the Tor network via any old web browser either, as Tor requires its own modified, standalone browser, though this is a derivative of Firefox. What’s more, while Tor makes it difficult for agencies to perform traffic analysis, it’s not completely safe.
The final Tor node that a packet is relayed through before exiting onto the clearnet is known as the exit node. There are more than 1,000 of these active at any one time, and though unlikely, it is still possible to eavesdrop on an exit node, as the data emerging there is unencrypted.
An alternative anonymous network without this weakness is Freenet. This is different to Tor in that it’s not a means of accessing the clearnet anonymously, but rather a secure network in which to communicate and share files with trusted circles of contacts.
Freenet uses a peer-to-peer model and allocates a portion of your hard drive to store Freenet data and serve it to the network. This is encrypted, as is all the data passed around Freenet, and thanks to such comprehensive end-to-end encryption, Freenet is almost impossible to penetrate and is ideal for anonymous communication and file sharing.
Users are also able to create and host Freesites, which are static websites hosted within, and only accessible from, the Freenet. There are also plug-ins for anonymous email, social network-style communication and forum contact. However, as with other peer-to-peer file-sharing systems, transfer speeds are seed-dependent, and don’t expect the overall speed of the network to be lightning-fast either.
Though networks such as Tor and Freenet are useful for protecting privacy, their slow and limited functionality hardly makes them ideal for everyday anonymous internet usage.
To go totally incognito with the fewest possible restrictions or drawbacks, you need a VPN (Virtual Private Network). Where services such as BTGuard will hide torrent traffic, and Tor can keep web browsing anonymous, a VPN will hide the entirety of your internet traffic inside an encrypted tunnel.
Traditionally, VPNs have been used by companies to securely connect employees working off -site to a private corporate network, but now they’re increasingly popular for the average Joe wanting to preserve their privacy.
To exploit a VPN, firstly you’ll have to come up with at least $5/month to subscribe to one of the huge number of personal VPN providers out there, and you’ll also need to install that provider’s client software so you can access your VPN tunnel.
Inside the tunnel, data is encrypted to various degrees, depending on the quality of VPN you choose, but that’s not the only aspect of anonymity to consider.
In and out
Similar to the potential Tor exit node vulnerability, the weakest links of a VPN tunnel are its entry and exit points.
The VPN server is able to see all data that goes into and out of the tunnel, so if you want to sleep at night leave no stone unturned in ensuring your VPN provider doesn’t log any user details or monitor traffic. It’s also a wise move to select a company that accepts payments by Bitcoin, to avoid any potential privacy breach that could occur if paying by credit card or PayPal.
For more information on VPN providers, as well as comprehensive reviews, check out the Best VPN website.
With this amount of privacy protection in place, you’ll now be well and truly under the radar. If you’re still paranoid your every move being logged, it could be time to hone those secret agent skills and go completely off the grid.