Protecting Your On-line Privacy
20 Friday Nov 2015
No tags :(
Submitted by Jenn – AsAMom.org Tech Admin
Privacy and the Internet are two words which often don’t go well together. Everything which you do on-line may be traced by someone at some level, but there are steps which you may take to improve your privacy. In a previous article, I briefly mentioned how your IP address, cookies, and even opened e-mails can be used to track your movements, and today I will elaborate on these concerns, as well as what you may do to eliminate some of their hazards.
What Does Your IP Address Say About You?
Every device which connects to the Internet has an IP address, which is basically a number which allows other computers to know who you are and where to send your requested information. Just like your home address lets the mail man know where to deliver your packages, your IP address lets computers know where to send your e-mails and the Web pages you view. While you would not disclose your home address to just any stranger, your IP address is another story. Every time you download an e-mail, view a Web site, stream a video, instant message, or do anything else on-line, your IP address is necessarily revealed because the other computers need to know where to send the information. What does this mean in terms of your safety and privacy on-line?
First, you should know that while only your Internet Service Provider (ISP) knows your physical address, your IP address does still reveal some information about you, including your Internet service provider and a rough idea of where you live. If you’re interested, you can see what the Internet instantly knows about your location by visiting WhatIsMyIPAddress.com and clicking the “Lookup IP Address” button. While this information, by itself, may not be much to go on, over time and across multiple people, it does allow patterns to emerge. For example, if a Web site sees that a lot of people are coming from a certain city or country, then it might decide to focus its advertising accordingly.
Second, if your IP address does not change very often, then Web sites and companies which run analytics may be able to track your on-line activities. For example, if you repeatedly run Internet searches through Google.com, or if you visit Amazon.com, even if you are not logged in, the companies will still know who you are based on your IP address, which they could theoretically associate with your user account (if they know that you have logged in using a certain IP address multiple times in the past, then the next time you visit, even if you do not login, they can still see your IP address and know that it is most likely you).
Third, while I mentioned that only your ISP knows your physical address, they can share this information when necessary. For example, if a terrorist makes a threat, or if someone writes a suicidal e-mail, they can often be tracked down.
Fourth, if a malicious person knows your IP address, then they can potentially compromise your computer if it is not properly protected. This is one reason why changing the default password on your router (if you have one) and protecting your computer with a firewall is so important.
Protecting Your IP Address with Tor
While most people do not attempt to hide their IP address, there are steps which you may take if you’re concerned about it being tracked. The easiest option is to use a Web browser such as Tor, which “was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications.” The way it works, to use an analogy, is a lot like you leaving home to go to the grocery store. While there are many routes which we can take, we usually attempt to take the most direct path (this is how most people use the Internet). If, however, we want to make sure that we aren’t being followed, we might make a lot of normally unnecessary turns, route changes, and maybe even switch cars a few times along our way. This is roughly how Tor works, by routing your data through multiple computers and multiple IP addresses. For example, rather than Computer A talking directly to Computer E, Tor might route the connection as follows:
Computer A encrypts the data and sends it to Computer B.
Computer B then sends the encrypted data to Computer C.
Computer C then sends the encrypted data to Computer D.
Computer D then unencrypts the data and sends it to Computer E.
In this case, Computer E knows that the data came from Computer D, but it cannot see Computer C, and it has no way to trace the data all the way back to Computer A. In this scenario, any number of computers may be used to make up the chain, the computers may be located anywhere in the world, and the path to get from Computer A to Computer E changes every ten minutes or so (if you’re interested, Tor has some great images which demonstrate this on its Web site). While the encryption algorithm can theoretically be broken, this is more in the realm of the NSA or FBI, rather than your average Web site, which allows you to browse the Web fairly anonymously.
Tor does, however, have its limitations. The process for encrypting and routing your data through multiple computers does cause the connection to be a bit slower than normal. In order to remain anonymous, it will be important for you to not login or provide personal information to any Web sites, and your ability to use third-party plugins, such as Flash (which is often used for viewing videos on-line), will also be limited as doing so could potentially reveal your real IP address or identity.
While Tor may be seen as overkill for the average person’s day to day browsing, it can be useful if you want to go incognito for any reason.
Protecting Your IP Address with Virtual Private Networks
An alternative to Tor, which is growing in popularity, is called a Virtual Private Network (VPN). This is a third-party service which acts as a middle man between you and the rest of the Internet, but unlike Tor, you are only routing through a single additional computer. VPN’s are often paid services, though free ones with ads are also available. If you’re interested, HotspotShield (a VPN service) has a fair write-up of the advantages and disadvantages between Tor and VPNs.
Another way in which you might be tracked on-line without your knowledge is by opening your e-mail. Often, the images contained within e-mail messages are not stored within the e-mail, but rather, are stored on another computer and then downloaded over the Internet to your computer when you open the message. The danger here is that the URL used to download the images may contain extra encoded information which could allow the sender to know who opened their messages. While this allows legitimate retailers to know which subject lines are most enticing, it also allows spammers to confirm that your e-mail address is valid, making them more likely to send you additional messages in the future. Fortunately, many e-mail clients today block the automatic downloading of images, which helps to protect you from these types of messages.
In addition to images, it is also important to be careful with any e-mailed links which you open, as these links can also include additional encoded information. While the encoded information does have some completely innocent uses, such as allowing you to confirm your e-mail address, or being able to automatically log you in to your favorite Web site, it can also be used to associate your e-mail address with everything you view on the site.
Another thing to watch for is that some scammers will write an e-mail in such a way that while an URL looks legitimate, in reality, it sends you to a completely different Web site from the one which you were expecting. For example, while this text says www.google.com, if you click on it, you’ll see that I actually sent you to Amazon! While my link switch was fairly benign, someone more malicious could have easily sent you to a Web site with malicious code and computer viruses. Alternatively, a scammer could make an illegitimate copy of a real Web site, such as your favorite shopping site or even your bank. Any information which you enter on a fake site, such as your username and password, or your credit card information, will be sent directly to the scammers!
The lesson here is that if you are ever in doubt, then the safest thing to do is to not open the message. If you accidentally open an e-mail which you suspect might be a scam, then don’t download the images or click on the links. It is also important to never reply to a spam message, not even to “unsubscribe”, as doing so will simply confirm your address and ensure that you receive additional ones in the future (unsubscribing from legitimate companies is generally safe – you’ll need to use your best judgment on whether or not the person sending the message is from a legitimate company or a fake one).
Another thing to consider is that many e-mail services are known to scan your e-mail messages for data. Google is probably the most well-known provider to do this (here is an article about them scanning your bills, and another on adding things to your calendar). If you are interested in keeping your e-mail private, then you may want to consider registering for a service who guarantees that they will not scan your e-mail, or if you are more technically inclined, you may want to host it yourself.
Many, if not most, Web sites today use Internet cookies, which are small text files used to store information such as the last time you visited a Web site, what you search for, your username, and so forth. Some cookies are necessary for basic on-line shopping (session cookies), while others may be used by third party companies to track your browsing history over an extended period of time and possibly over multiple Web sites (persistent cookies and Web bugs). If, for any reason, you decide that you would rather not be tracked through Web cookies, what can you do about it?
Many Web browsers have a private browsing mode which avoids cookies and does not save any of your browsing history. In Firefox and Safari this is called “private browsing”; in Chrome, it is called going “incognito”; and in Internet Explorer there is the “InPrivate” option.
Additionally, there are also browser plugins which you may use to automatically block cookies from certain Web sites, such as those which are known to track users. These applications include Ghostery, AdBlock Plus, AVG Do Not Track, and Blur (formerly DoNotTrackMe). I highly recommend checking them out.
Searching the Web
Using Encryption and SSL
If you look at the URL’s which you visit most, you may notice that some begin with “http” while others begin with “https“. The ‘s’ in “https” stands for “secure” and means that the connection uses SSL to encrypt your data. In plain English, this means that Web sites using https are more secure and make it harder for third-parties to eavesdrop on your communications. Whenever you view or submit private information on-line, such as checking your bank accounts or entering your credit card information, it is important to make sure that the connection is encrypted by checking the URL to ensure that it says “https” and not just “http”.
Watching What You Type and Where You Click
Your Social Media Privacy Settings
My mother always told me, “don’t write anything you wouldn’t want to see on the front page of a newspaper,” and this is even truer in today’s digital age. While you should never write anything which you’d be embarrassed if the world saw, it may still be a good idea to limit your audience where possible. Many social media Web sites, such as Facebook, allow you to limit who can see your family photos, track your vacations, and gain more information than we might normally feel comfortable sharing with total strangers. Once your privacy settings are set to a comfortable level, it will then be important to watch who you’re friends with, as scammers have been known to create fake accounts (sometimes using the names and photos of your real friends!) and even debt collectors have been known to use Facebook to track down and harass debtors (as well as possibly their friends and families).
As a side note, Facebook will be updating their terms and policies on January 1, 2014, and this post helps to explain some of the data which they’re collecting (with a positive spin, of course).
Below are a few additional articles which may be of interest:
How to Muddy Your Tracks on the Internet by Kate Murphy at the New York Times
How Google, Not the NSA, Sold Out America by Brandon Webb at The Blaze
Two of the Largest Mobile Carriers Could Be Trading Your Privacy fo… by Jon Street at The Blaze