Friday, March 31, 2017

Congress, ISPs, and Your Privacy

I'll be honest.. I haven't really studied the terms of the legislation allowing Internet Service Providers to collect your browsing data and sell it. I suspect the main thrust of the law is not data collection but I have other stuff to do, like type shit for this blog.

IF your ISP is allowed to keep and sell your data, rest assured it will. First suggested step is to call and ask them. Also tell them you don't want it done - perhaps there's an opt-out. At least you've registered your view. Call Congress and tell them no, this is not acceptable.

The fun part comes right after the above. If your response to data collection is "I've got nothing to hide - let them steal my data," you should probably read a different blog. Privacy aside, your provider is making money selling YOUR history. Then there's privacy.. no one really needs to know where you go and what you do, regardless of whether it's private, embarrassing, or not. If you don't do something, data collection will become the norm (almost like it is now, except it's not the providers collecting it).

There are three things we'll discuss to help keep your privacy: HTTPS, Tor, and VPN.

HTTPS is a secure internet connection. It shows up as a lock or something similar in the browser, by the address (URL) up top. Banks and credit card and retail sites use this by default. You should also use this by default. There are many browser add-ons/extensions that will make HTTPS your default. HTTPS Everywhere is very popular and available for most, if not all browsers. Best of all, it's completely free. Some browsers also default to HTTPS.

TOR is a network through which you can travel anonymously. It is also the gateway to The Dark Net, where you can buy stuff that is illegal and/or immoral, which I strongly recommend against. You can go through TOR to get to somewhere else, anonymizing your traffic. The TOR browser runs on all operating systems, including phones. It is based upon Firefox, so it will look familiar. Nothing appears different, although there will be a speed penalty. I would not watch video through it.

VPN stands for Virtual Private Network. It can be a free or paid service, generally paid. You install the software or settings, which magically allows you to browse through a machine that isn't yours, keeping your data free from prying eyes.


HOW DOES IT WORK?

Glad you asked.
We're not going to get too technical, as a service to you and to me, so I can type less.

With HTTP, your ISP (or pretty much anyone) can see where you're going and what you're doing. This is because the data is unencrypted.

HTTPS encrypts the connection, so your ISP can see where you're going but not what you're doing.

With TOR, your ISP will see you're going to an IP address called a TOR entrance node. The connection is encrypted so it can't see the data. Once in TOR, it cannot be traced. **When I say it cannot be traced, I mean nothing is perfect and it is fine to use it for general anonymity. The FBI has already developed attacks for TOR and has arrested Dark Web marketeers. There is also a fair probability the government owns some TOR entrance and exit nodes. Stay paranoid - it's your best weapon.

For privacy, the best thing going would be a VPN. All your traffic goes to the VPN site, through which you browse. The only thing the ISP can see is that you're going to the VPN site. They cannot see what you're doing and that's the last thing they can see. All browsing runs on the VPN server, so it's encrypted and cannot be traced (by your ISP).  **When I say cannot be traced, there are a few ways it can be traced, by law enforcement, after the fact. All VPNs will tell you they're 100% anonymous, including allowing you to pay by Bitcoin to protect anonymity. If you pay by credit card, you're already outed. Some VPNs maintain logs of all traffic. These logs can be subpoenaed and you're outed. Some VPNs don't keep logs - look for these. Also use a VPN that has a presence in a different country, especially if you're in the US. US VPNs are subject to US laws and you're outed. To your destination, you'll appear to be coming from a different country.

The decision is up to you.
Avoid HTTP - always use HTTPS.
TOR will let you surf anonymously at no cost.
A VPN is the least leaky solution and the preferred solution. There are articles with comparisons of VPNs, privacy-wise. Look them up. There are also browser extensions or add-ins that will make you appear to be coming from another country. These are fine for casual browsing but do drop hints as to where you are. They're better than nothing.

I hope this clarifies things. If you have any questions, please don't hesitate to ask. It is imperative that we maintain our privacy, regardless of content.

No comments:

Post a Comment