Absolutely everything you do on the Internet is being tracked and recorded. Everything.
Not only do we know that the NSA wants access to every crevice of your digital footprint, we also know, as a result of a massive leak, a Milan-based company called Hacking Team — which only offers its services to governments — sold hacking software to the CIA, FBI, DEA and the U.S. Army.
With this software, the agencies have been able to access virtually anyone’s emails, photos, listen to and record conversations and even control the camera on nearly any device. Moreover, according to the leaks, many agencies also purchased what’s called “Remote Control Systems,” allowing them to take control of the target’s computer screen.
Point blank: Big Brother is here. And he’s been up and at ‘em for a while. Government agencies, alongside the NSA, help track absolutely everything you do on the Internet. Everything.
Which is why, today, we’re going to dig deeper into ways you can protect yourself online.
Earlier in the year, we suggested using The Onion Router (TOR) as one way to anonymize your online presence. Although TOR’s still a valuable tool and will certainly make the snoop’s job more difficult, it isn’t 100% infallible.
TOR works by running traffic through a variety of servers around the world (fellow TOR users) while encrypting the original identification and location of each bit of information.
But, as the FBI discovered this year, there are ways to deanonymize the more careless — and heinous — users running information through the TOR servers.
[Sidenote: Keep in mind that the biggest reason the FBI has been targeting TOR so heavily as of late is because it works. But, of course, it’s true that it does have its weaknesses. And understanding those weaknesses is crucial for keeping your private information safe. As always, do your own due diligence.]
As you may’ve heard, to put it simply, the FBI learned how to take over the servers of a Dark Web website and “trick” computers into revealing the IP addresses of those downloading child porn through the TOR network.
But even with the FBI’s recent “crack,” TOR is still a valuable tool. Bear in mind, though, it’s far from the ONLY tool you should be using if you want to steer clear of prying eyes.
But, as we’ve seen, if you’re using privacy tools strictly to do disgusting things online, you’re on your own and, sooner or later, in one way or another, you’ll pay for your dastardly deeds. You’re warned.
In other news, MIT is working on a superior version to TOR called RIFFLE, which will, they claim, have fewer vulnerabilities than the TOR network. So keep your eyes peeled on its developments, too.
The absolute basics of keeping yourself private, of course, should already be covered. You must always 1.) use strong passwords, 2.) use 2FA (2-factor authentication) whenever possible and 3.) don’t click on any links or attachments from sites or people you don’t trust or know.
If you’re already practicing these three things, you’re on your way. Now, you just need to go the extra mile and take a few extra steps to turn your laptop into a digital fortress.
We’re in the process of checking out Globus, an all-in-one browser/Virtual Private Network (VPN) which encrypts all of your data as you go. More on whether or not it passes the privacy litmus test in future episodes.
First, courtesy of ExtremeTech, here are 18 different ways to protect your private information online.
Stay safe. Stay private. Read on.
The ultimate guide to staying anonymous and protecting your privacy online
Grant Brunner @ ExtremeTech
Now more than ever, your online privacy is under attack. Your ISP, advertisers, and governments around the world are increasingly interested in knowing exactly what you’re up to when you browse the web. Whether you’re a political activist or simply someone who hates the idea of third-parties snooping around, there are plenty of tools available to keep prying eyes off of your traffic.
In this post, I’m going to highlight 18 ways to increase your online privacy. Some methods are more complicated than others, but if you’re serious about privacy, these tips will help you remain anonymous on the open Web. Of course, Internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology.
The Onion Router (Tor)
If anonymity is what you’re after, The Onion Router (Tor) is what you need. It uses a vast network of computers to route your Web traffic through a number of encrypted layers to obscure the origin of the traffic. Tor is a vital tool for political dissidents and whistleblowers to anonymously share information, and you can just as easily use it to help protect your privacy.
Without a doubt, the easiest way to get started is by downloading the Tor Browser Bundle. This customized branch of Firefox automatically connects to the Tor network, and includes some of the privacy-enhancing browser extensions discussed later in this post. This package has everything you need to use Tor successfully, but you’ll also need to change your web surfing behavior to retain as much anonymity as possible. You need to make sure to abide by the Tor warnings, and remember that this isn’t a magic bullet for internet privacy.
It still has weaknesses. For more information, we have an entire post dedicated to installing and using Tor.
If you’re very serious about maintaining your anonymity, consider investing in a VPN solution like TorGuard or Private Internet Access. These services essentially allow you to disguise your traffic. Your real IP address will be hidden from the world, and your traffic will remain indecipherable to nosy ISPs or governments.
Even if your government is actively on the lookout for VPN traffic, you can still benefit from so-called “stealth VPNs.” TorGuard offers its stealth VPN service at no additional cost, and it will make government detection and interference much harder to accomplish. For those of you being held hostage by your government, VPNs are by far the best bet for bypassing censorship and snooping.
DNS leak testing
Even if you’re using a privacy service (like a VPN) to hide your IP address, it’s still possible to give away clues to your identity via your DNS traffic. Thankfully, it’s easy to detect if your configuration is leaking your DNS information. Simply head over to DNSLeakTest.com, and run the extended test.
If the results show the third-party DNS service you’re using (like TorGuard), you’re set. If your ISP’s DNS info shows up, you have a DNS leak. Follow the steps listed on the “How to fix a DNS leak” page, and then test yourself again to make sure everything is working as intended.
Keep in mind, your browser isn’t the only vector for third parties to invade your privacy. PDFs and other seemingly harmless files can serve as homing beacons, and potentially alert government entities when you’re viewing planted contraband. To prevent any sort of unintended breach of privacy, you should open suspect files inside of a virtual machine.
Load up your favorite Linux distribution inside of VirtualBox, configure it to your liking, and then save a snapshot of your VM. Next, download your desired file (using the protections illuminated in this article), and then shut off your virtual machine’s access to the Internet. Once you’re sure that the VM is cut off completely from the network, you can now open the file safely. Read what you need to read, make notes, and then shut down the virtual machine. Next time you need to view a file inside a VM, you’ll have your snapshot ready to go.
Blocking third-party cookies
Third-party cookies are one of the most common methods that advertisers use to track your browsing habits. If you visit two sites using the same advertising service, rest assured that the advertiser is keeping tabs on that information. Thankfully, every major Web browser offers the ability to turn off tracking cookies. Without third-party cookies, advertisers have to work much harder to monitor which pages you visit. While this is far from a panacea, it shuts down the most common vector used by advertisers to build usage profiles.
Blocking location data
In recent years, many sites have begun using location data to offer specific services, and serve targeted advertisements. Mapping applications obviously have legitimate reasons for gathering location data, but that same technique can be used to help identify who you are. Any legitimate browser should offer the ability to toggle on and off location data, and I recommend leaving it off completely. At the very least, demand that websites prompt you for access before gathering the data.
That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. If you’re browsing the Web without a proxy or a VPN, you’re effectively broadcasting your IP to every server you come across, and that information can be used against you. It’s not necessarily something you have to worry about constantly, but it’s worth keeping that fact in the back of your mind if you’re criticizing your local dictator or blowing a whistle on the NSA.
Do not track
The “Do not track” HTTP header is an optional message that browsers can send to Web servers. You can easily enable it in your browser’s settings, but it’s rather limited in scope. For this to work at all, the Web server needs to be configured to respect this flag. There is absolutely no requirement of any kind that any website needs to obey this setting, so don’t expect widespread protection from trackers.
Still, you don’t have much to lose. The only potential issue here is that it’s an additional datapoint for browser fingerprinting. But if enough people are using it, that shouldn’t be a real issue.
Even if your browser is configured properly to hide your identifying information, plug-ins can still be used to endanger your anonymity. If you’re serious about remaining anonymous, you should avoid running plug-ins altogether. Unfortunately, that can leave a number of popular websites completely unusable. To solve this problem, I recommend a hybrid approach.
First of all, you need to configure your browser to require your approval to run any plug-in. Chrome and Firefox offer this functionality by default, and extensions offer this capability in other browsers. Next, you need to make sure you’re running sandboxed plug-ins.
While this is mostly considered a security issue, a rogue plug-in could certainly be used to gather your personal information by an organization like the NSA. Chrome can be configured to completely disallow un-sandboxed plug-ins, but it can be trickier with some other browsers. Windows users can opt to run their browsers inside of an application called Sandboxie, so even less sophisticated browsers can receive similar benefits.
Ghostery browser extension
If you’re serious about protecting your privacy, consider installing Ghostery in Firefox, Chrome, Opera, IE, or Safari. This adorable little browser extension allows you to block trackers from all over the web in one place. Better yet, it displays just exactly which tracking services are being used on your favorite websites, and allows you to dynamically enable or disable tracking as you see fit. It’s simple to use, and extremely customizable. If you hate the idea of being spied on by advertisers, this is exactly the extension you’re looking for.
Privacy Badger browser extension
If you’re looking for a “set it and forget it” method of blocking trackers online, try out the EFF’s Privacy Badger add-on. Available for Chrome and Firefox, this browser extension monitors when sites try to track your browsing habits, and automatically thwarts future tracking attempts.
While this add-on is built using the Ad-Block Plus codebase, this isn’t really an ad-blocking tool.
Instead, the EFF is only interested in blocking snoops. Best of all, the list of blocked content automatically improves the more you browse — no need to fiddle with filters by hand.
HTTPS Everywhere browser extension
In spite of the infamous Heartbleed vulnerability, SSL is still your best bet for keeping your Web traffic safe from prying eyes. If you want to keep nosy packet sniffers out of your business, your Web traffic should always be going through SSL connections. Sadly, not every website supports SSL. Even worse, many websites that do support SSL still default to unencrypted connections — and the Electronic Frontier Foundation wants to change that.
The HTTPS Everywhere browser extension, provided for free by the EFF, forces SSL connections on countless websites. Chrome, Firefox, and Opera users can all take advantage of this wonderful extension, and keep important Web traffic private and secure.
Did you know that your browser can leak some of your network information to any web server that asks for it? If your browser has WebRTC enabled, your internal IP can be accessed by any given website, and it can potentially reveal your real IP address while using a VPN.
If you’re using Firefox, you can go into about:config, and set media.peerconnection.enabled to “false.”
Alternately, you can use this add-on as a simple toggle. If you’re using Chrome (and its derivatives), the situation is more complicated. Installing the WebRTC Block add-on will help hide your real IP address if you’re using a VPN, but it doesn’t work if you’re using a proxy. Sadly, Google simply doesn’t allow the desktop version of Chrome to turn off WebRTC completely.
BetterPrivacy browser extension
Even if you’re blocking traditional cookies, some sites can still track you using LSOs (Local Shared Objects) — commonly known as “Flash cookies.” If you never use Flash, these won’t be a problem, but that can be incredibly difficult to pull off for some of us.
Of course, you could configure Flash to block all LSOs, but that would break some Flash content. Thankfully, there is a simple plug-in for Firefox called BetterPrivacy that allows you to granularly manage your LSOs just as you would with normal cookies.
Browser leak testing
Is your browser disclosing personally identifiable information? Head over to BrowserLeaks.com, and take a gander at all of the data your browser is giving away. This toolset will never be completely exhaustive, but if you want to verify that your privacy and security precautions are really working, this site is an invaluable asset.
How easy is it for web servers to identify your browser fingerprint? It all depends on how you’ve configured it, really. To see just how unique your fingerprint is, head on over to Panopticlick.
This handy little tool, owned and operated by the Electronic Frontier Foundation, quickly tells you just exactly what your browser is broadcasting to the world. The more information given away, the easier it will be to identify you. And if you want to improve your Panopticlick score, take a moment to read Peter Eckersley’s article on the matter, and adjust your configurations as you see fit.
Use different email accounts
When you sign-up for user accounts across the web, using a different email address for each site is a good way to throw unscrupulous third-parties off of your trail. If you’re merely creating a throwaway account on a whim, consider using disposable email accounts from sites like Mailinator or YopMail.
Anybody can access those inboxes, though, so use discretion.
If you actually want to maintain legitimate accounts on sites like Facebook or Twitter, you can create numerous free email accounts, and then configure email forwarding to funnel all of the messages into a single inbox. It’s a lot of additional work, but it also offers the benefit of being able to easily detect which sites are selling your information to spammers.
Stop Microsoft from storing your WiFi passwords
Windows 10’s WiFi Sense feature tracks your private WiFi passwords, sends them to Microsoft’s servers, and then shares them with your friends when they come to visit. While this could certainly come in handy, it’s potentially a huge security risk if Microsoft’s database is ever compromised. If you want to turn off this functionality, check out this article written by our own Joel Hruska.
You might not think you have anything to hide, but that doesn’t mean you shouldn’t enjoy the benefits of online privacy. Some of these recommendations are a real hassle to live with — I’m well aware. It’s a lot easier to shove your fingers in your ears, and pretend like the NSA and your ISP aren’t watching every move you make. But what you browse is your business, and your business alone. Now is the time to stand up for yourself, and take back your privacy.
[Ed. note: This article originally appeared on ExtremeTech’s website right here at this link.]