Privacy - Concepts Of Private Internet Use

Common Attempts at Private Internet Use

Most people who want some privacy when browsing the internet will use "private browsing" or "incognito" mode, but that just means that those pages won't be saved in the browser history, it doesn't mean you are getting any privacy from your internet service provider, or Google. In order to not be snooped on by those guys (and others) you're going to have to take additional steps.

One option is to use a Tor browser or even a privacy focused operating system distribution called Tails, which is a very good option, with one glaring issue; a lot of websites don't work very well using Tor browser or Tails. The very anti-tracking features that are being used to protect you will also break essential functions of these sites (essential because tracking you is a core part of their business, of course.)

So what is there to do? Well that all depends on how private you want to be. Start with the assumption that you should be comfortable shouting out of your window the contents of any email, social media post, or the website you visit. If you're cool with all of it, you don't need to do anything, if not you need to do some thinking.

How You Are Being Tracked

It's important to know the ways that one is being tracked and profiled if one wants to have any chance at avoiding it. These are many of the ways we are being tracked, but there may be more, I'm but a lowly Sysadmin and don't know all.

Phones: Unfortunately most of us carry a smartphone. I do, and I give up a ton of privacy by doing so. It is used to track your movements and it can also be used to determine your network of friends and family based on who you call and send messages to. This clip from Edward Snowden's appearance on the Joe Rogan Experience podcast, explains how phone surveillance works. It's 24 minutes long, but like the entire podcast episode, it's worth watching:

DNS Requests: This is a method of profiling that has been overlooked by many in the past, but which is starting to become more widely known. Most people don't even know what the Domain Name System (DNS) is and even fewer understand how it works in any depth, but it's quite important from a privacy perspective.

If you have no idea what DNS is, here's the basic idea; every server on the internet has an IP address, which is a numeric string, like 172.217.12.132. In order for a browser to take input like www.google.com and know what IP address to go to it uses DNS by sending a request to your DNS server. That server is generally run by whoever is providing your internet (your ISP, work IT dept, whoever runs that internet cafe you use, you get the idea.)

That DNS server records your IP and the website you requested, which is very interesting information to say the least. It's essentially a copy of your browser history, even when you surf "incognito." If the person running your DNS server knows your identity, then they can now combine that with your browsing history and sell it.

Search history: This is a big one, and it stands to reason that even when not signed into Google, your searches are being roughly associated with you by your IP address. Your search history gets used to direct advertising your way, and to further build profiles on you that can be sold to advertisers or worse.

Email: Email is for the most part sent unencrypted, and it goes through a lot of servers before arriving at its destination. While the technology to encrypt email is at this point fairly easy to set up, the problem is that very few people want to use it. Google scans the contents of email to profile you (I only suspect that they do so for the paying customers, but they definitely do for gmail customers) and since so many people use Google hosted email, they're getting to access a lot of your email.

Social Media Messaging: Facebook Messenger, WhatsApp, Twitter DMs all collect information on you and who you communicate with, there is no privacy on those platforms.

What You Can Do About It

Phones: If possible don't have a smart phone. There's a reason a lot of celebrities are using flip phones, and it's not for the cool retro styling. If you need a smartphone, then you can look into open source privacy focused phones. There have been some products in the works and I think at least one is on the market by now. Those phones are not going to be uber-sexy and will probably not run all your favorite apps, but they will have better privacy.

Let's say you want a regular smartphone, then I suggest that you carefully look into the privacy features, and only allow the access you need to give apps for the functionality that you want. You can look into "rooting" your phone and improving the privacy as well (if you are willing to risk breaking it.)

Browser Plugins: You can install privacy oriented browser plugins like Privacy Badger and/or Ghostery to defeat tracking. Doing so will give you insight into how much you are being tracked as you will have to enable some tracking to get your favorite sites to work. Don't just install the anti-tracking ones, but look into social media plugins as well, like F.B. purity for Facebook or Facebook Container. Getting everyone to move to a privacy respecting, open source social media platform like Mastodon is probably too much to hope for, but you can connect with me on Mastodon by clicking the link at the top right of this page if you like.

Browser Choice: Your choice of browser will have a large effect on your privacy. Chrome is not a good choice for privacy, however there is an open source version of Chrome called "Chromium" and another based on it that is privacy focused called Brave Browser which are an option when some desired feature only works with Chrome. Firefox is very privacy focused and there are many other options worth looking into.

Browsing Habits: You make a lot of choices when you go online that affect how much information you are giving out about yourself, and some of these choices are more obvious than others. One example is that it's fairly common for people to use the same or similar usernames across web forums and sites like Reddit. This is unwise, because someone trying to gather information about you online will be able to cross reference the postings from a variety of places in order to profile you.

For an added layer, consider usernames that don't relate to your name, birth year, hobbies, etc. To take things further, on sites like Reddit which allow multiple accounts, it's wise to maintain separate accounts based on interest, and having each account only subscribe to the reddits related to that interest. A tool like Reddit Enhancement suite will allow you to switch accounts easily.

Email: For the most part, keep conversations out of your email that you don't want public, but if you want to have privacy with email, you should either use GPG/PGP encryption for your message, or have both you and your recipient use the same encrypted email service, like Protonmail.

Messaging: This is one that I find very important and also very frustrating, as I have many friends who are not privacy conscious in their messaging habits. Messaging with end to end encryption is extremely important for the protection of privacy, and tools like Facebook Messenger and WhatsApp are designed to spy on the users. I suggest the use of one of the many secure platforms; Signal, Keybase, Wire, Telegram, and probably others. My info for Keybase is in the panel on the upper right hand side of this page if anyone wants to communicate with me directly.

DNS Requests: This one is being addressed by Firefox, who by default will be encrypting DNS traffic and sending it to a privacy conscious DNS service but that may not be the case at your work, as many employers have chosen to block this (which is legitimate in some cases, but that's not something we need to get into right now.)

In my opinion this is a good thing that Firefox is doing, but really, a privacy concious person should be setting their router or at least their computer and phone to be using a privacy conscious DNS service. A VPN is a good way to get past DNS snooping, but you have to trust your VPN service as they're the ones with your data at that point, so as always do your homework. Note the default encrypted DNS for Firefox is Cloudflare, and some privacy advocates are concerned about Cloudflare's intentions. Always do your own research.

Search History: Now we're getting into the more difficult stuff. Yes you can use a search engine like Duck Duck Go, but you might not find what you are looking for and you might want to use Google. One option is to use Tor browser to access Google, but unless you're just performing a quick search Tor browser is a bit tedious (try it, you'll see) but what can you do?

VPNs are good and there are some that you can pay for anonymously by using gift cards that can be purchased with cash. They are a good starting place, but let's take it farther, there are other steps one could take.

Virtual Machines (or VMs) are very easy to work with these days, so one idea is to bring up a VM connected to a VPN just for certain browsing. That idea can be extended in a similar way to my suggestion of creating multiple accounts for Reddit, by segregating each topic or interest to a separate VM, with each VM connecting to a different VPN endpoint. That way one could have a fairly normal browsing experience. The traffic would be snooped on and cross referenced, but it would only be connected to the other users of the VPN service using that endpoint, making the data far less useful.

Purchase plans from multiple VPN providers for those VMs for more privacy. Vary the operating systems you use for the VMs, and the browsers you use. Do all of that on a laptop and then connect from various internet cafes, libraries, etc. if you want even more privacy. I am taking this to an extreme to make a point; that privacy is very hard to get these days, and maybe we should be upset about that. The most important thing is that you aware of what is being collected, how it being used, how it is being cross referenced. , and you choose what you share and how you share it appropriately.

Here's the full Snowden JRE episode for those who are interested in hearing more from him. I like the JRE because the combination of Joe being an (admitted) moron who needs everything explained clearly to him, and the long format makes for a good way to really learn about someone. The Bernie Sanders, Tulsi Gabbard and even Ted Nugent episodes are great as well:

Additional Reading: If I have managed to get you interested and you want to dig into the topics outlined here, check out the Wiki for Reddit's /r/privacy subreddit, the Electronic Privacy Information Center, or my favorite, the EFF.