This article shows how you can surf the web while keeping your information as private as possible or as private as convenient. The more private you want to be online, the more inconvenient things get. On the other hand, ignoring privacy all-together makes life easy but there is a cost.
Let’s look at the two extremes. You can keep everything private by using TOR (the onion ring) and a VPN and clear your browser history after each browsing session and even disposing of your computer after each browsing session. The last part seems a little over the top but people do it. They use “disposable virtual machines” running on a hypervisor such as VirtualBox on their workstation. Using this combination of evasion techniques will make it impossible for your ISP, the government and your friends and family to know what you’ve been doing online. I said “impossible” but actually, if you log into Facebook or your Gmail account while trying to stay anonymous, you’ve messed up and it would be possible for “resourced” people or organizations to figure out you are you.
At the other extreme we have no effort for privacy. You would use any web browser on any computer, log into your favorite websites such as Facebook and Gmail and your ISP, your browser (the company that makes your web browser) government and your friends and family could figure out what you’ve been doing online.
Here are the facts about who and what is looking at your browsing habits.
Your web browser. Your web browser record your browsing history and favorites. It “can” synchronize those between your devices (your smart phone, laptop, workstation and even your TV if you like) and it can send your browsing habits to the company that makes your web browser for analytics and sale to other parties. Plugins can do the same thing.
Your computer. There is nothing stopping your workstation (laptop, smart phone, workstation, TV) from recording the domains that you visit. After all, it’s your computer that starts the DNS resolution process and while your web browser is the starting point for SSL (https) connections, your computer still knows plenty about what you’re doing, when you’re doing it and for how long.
Your friends and family. Anyone with access to your computer can view your browser history and your favorites assuming they know your workstation password – assuming you have a workstation password.
Governments. Governments pay attention to what you’re doing. Even in Australia (it hurts to say it) is paying attention and even blocking activity it isn’t supporting. For example, some websites are banned which would suggest someone somewhere is enforcing a government sponsored black list. The act of blocking a website would certainly log the event. While the system blocking the attempt may not know your name, it does log your IP address along with the event action (the action being “deny”). So a request to the ISP for the customer assigned that IP address would match the two bits of information to show that a specific person tried to visit a specific website.
Internet Service Provider. Your ISP obviously knows what you’re doing because they are providing the service to you. They know your name and they know the websites that you’re visiting. They even “can” know the content of the websites that you’re visiting unless the session is using SSL (https).
Search Engines. Google, Bing and yahoo are logging what you search for. They have a pretty good idea of who you are based on your habits, the services you’re using (ie, Google knows you’re you if you log into Gmail), your IP address, your browser “agent” description and cookies. We search for intimate topics and your search engine “probably” has a profile on you.
How far should you go to keep your browsing habits private? The following should help you work out what tools you need to achieve the level of anonymity you need for a suitable level of privacy while online.
The Onion Ring. TOR is a system of proxies that help to mask who you are. For example, if you have downloaded the TOR web browser and open it, the first thing it will do it find a proxy to securely connect to. Then that proxy will pass your session onto another proxy (you’re now going through two proxies) and then another and another. You will end up going through several proxies and each may be in different countries. If you then visit the website “www.apple.com” and search for your next smart phone, Apple will not know who you are or which country you live in. If Apple tried to identify your country of origin based on your IP address, they would be mistaken as the “last” proxy that you’re using is likely in a different country to you. The downside to TOR is that because you’re using so many proxies, the speed will be degraded. Sometimes not much but it won’t be as fast as a direct connection between your web browser and the target website.
Duck Duck Go. The website “duckduckgo.com” is a search engine much like Google but they claim not to record anything about you. They know your IP address and they know what you search for but they do not keep that information for any longer than is needed to fulfill your search query. Interestingly, the TOR web browser uses Duck Duck Go as the default search engine.
FireFox. If TOR is too much, consider Firefox with “private browsing”. Private browsing is a feature of many web browsers that simply means the web browser will not record anything about you once the web browser has been closed. This means you can search without a history being recorded on your computer. Why Firefox if many browsers have private browsing options? Because when surveyed, users most often say Firefox is the most private browser on offer. That’s opinion but consider that Firefox is an open-source project that anyone can review the code for. Other web browsers are open-source too and that’s a good thing. However, Chrome is made by Google, Edge and IE are made by Microsoft, Safari is made by Apple and all of these companies have a financial agenda. Information is a valuable currency.
Your computer. You can’t easily change your computer from Windows or Apple to Linux or FreeBSD or any other more trusted operating system. But you can enable privacy options on all modern operating systems. Microsoft and Apple offer options to make your computer and smart phones more private but you are trusting that they’re telling you the truth. I encourage you to research this. There are people out there that monitor what computers are trying to do in the background. The best you can do is enable the privacy options, make sure your computer has the latest updates, remove all unnecessary software from your computer, remove or disable browser plugins and use a reputable antivirus program.
In summary, you’re only as private as your behavior allows If you log into Gmail or Facebook (for example) while you’re trying to stay anonymous, your efforts are for nothing. A profile can be built around your habits. Consider if you’re insurance company found out you’ve been searching for an undisclosed illness that would disqualify you from cover. What you search for is your business. This article is not about keeping your illegal behavior secret but how to keep your private information out of the hands of those who profit form it.