Originally published at: https://www.myce.com/news/advertorial-are-you-really-anonymous-on-the-web-83973/
3 mistakes that allow users to be easily monitored with the web and how much should one pay for online privacy.
Originally published at: https://www.myce.com/news/advertorial-are-you-really-anonymous-on-the-web-83973/
Put this way your ISP knows who are and where you go even if you use VPN or Proxy - they know you went somewhere. Anything digital can and will have some digital footprint somewhere.
Not with a logless VPN that is encrypted properly. Think of it like hiding a piano under a blanket. They can see you are doing something, just not what.
We assume they are doing it in their best interests not ours. Remember they can change their TOS whenever/wherever.
In other words, you can trust expensive VPN providers to make you 100% invisible because they’re expensive. Yeah, right. I hate to offend anyone, but honestly, this sounds like a load of horse manure to me. The only thing you’re likely to gain from a more expensive VPN connection is more bandwidth, more servers, and the right to connect more devices at a time. Although these are good things, the one thing you actually want (anonymity) often has nothing to do with price.
Here’s how you should REALLY keep your privacy:
Prevent your browser from loading ads. A large amount of surveillance happens via internet advertisements. By installing a blocker, not only are you robbing them of the opportunity to spy on you, you are also speeding up your web surfing experience. On top of which, you are also sending a message to advertising companies, telling them your are not going to put up with their crap anymore. You can block ads with a specially-configured firewall, a custom hosts file, or an ad blocking browser extension (I recommend uBlock Origin). The latter is the easiest, and arguably the most flexible.
Side note: Ads aren’t the only web elements that are used to track you. Social media widgets are also a common source of surveillance. Can you think of any websites off the top of your head that don’t have any “Like us on Facebook” or “Follow us on Twitter” buttons? I can’t! Those buttons are downloaded directly from their corresponding social networks, meaning these networks and follow you across the web (even you’re not logged in, or you don’t even have an account on these networks). This is not hypothetical, as these corporations tend to brag about it to their shareholders. Be sure to 100% block these networks except when your using them. Also, consider not using them. Minds is an alternative network that doesn’t track you across the internet. I’ve also heard very good things about Mastodon, but I’m hesitant to recommend it simply because I haven’t tried it myself, and I don’t like recommending things that I myself haven’t vetted. Still, it can’t be worse than Facebook, Instagram, Twitter, or Google+.
Side note #2: Content Distribution Networks, also known as “CDNs” can also follow you across the web. However, they are a lot harder to block, since many websites are designed in such a way that they need these networks to function. Firefox-based and Chromium-based browsers have an addon that helps reduce this problem, which is cleverly called “DecentralEyes”. DecentralEyes makes a cache on your browser, which stores permanent offline versions of the scirpts, images, stylesheets, etc. stored on these CDNs. (This particular cache is not tied to your browser’s standard cache, so don’t be afraid of wiping your browsing cache along with the rest of your history, cookies, etc.) That way, your machine won’t have to talk to those networks DecentralEyes supports. Unfortunately it probably doesn’t support *every* such network, but at least it’s better than nothing. Like ad blockers, this will also cause some web pages to load faster. Can you say “bonus”?
Harden your browser against browser fingerprinting. I don’t care how good your IP masking service is, if your browser still looks unique, you’ll still be susceptible to finger printing techniques that make you look like the same person with a different IP address. All the money you paid to your VPN provider will be for naught. I don’t care how great (you think) your VPN provider is: they can’t magically disguise the information your browser willingly leaks to every website that asks for such information.
Unfortunately, I’m still somewhat struggling in this area. Here’s what I know you’ll need: a canvas fingerprinting blocker/spoofer, a timezone spoofer (that’s right, your browser will tell websites your operating system’s timezone), a WebRTC blocker (this is especially important, since WebRTC can leak your IP address), and a way to block font-based fingerprinting. I’m sure there are other details that can distinguish you from other users, too. Feel free to use online tools like BrowserLeaks, or EFF’s Panopticlick to see what information websites are getting about you. From there, see what addons are available for your browser to block these fingerprinting techniques. If there are no such addons for your browser, consider using a different browser.
Disable your browser plugins (Flash Player, Silverlight, Java, etc.), since they can leak plenty of additional details about your system, including your IP address.
Install a service that upgrades as many URLs to HTTPS as possible. I recommend HTTPS Everywhere. This will help prevent *someone* from seeing what you’re doing on many websites, and make your connection more secure against man-in-the-middle and man-in-the-side network attacks. When I say “someone”, who that “someone” is depends on how you connect to the internet. So far, you’ve probably noticed everything on this list will help preserve your privacy even without a VPN. If you connect to the internet directly, HTTPS Everywhere will make it a bit harder for your ISP to snoop on you. Your ISP will know what websites you are visiting, but they won’t know what you are doing on a webpage with an HTTPS connection. This is also valuable with VPN and proxy services, since both can often spy on you while claiming to offer you “privacy” (more on that below). Do note, since *someone* can still see what website you’re using, and since HTTPS Everywhere doesn’t work *everywhere* (the name is based on EFF’s long-term social/political goals, not what the addon actually does), your someone still has the ability to monitor what websites you’re using, if not what you’re doing on these sites. Still, HTTPS Everywhere can’t hurt. In fact, it can only help.
If you wish to hide your IP address, make sure you’re not using your ISP’s default DNS. Not only will doing so allow your ISP to monitor every web domain you lookup (if your computer doesn’t look up a website, how will it be able to access it?), but some websites can actually make your web browser reveal its DNS servers. (This usually isn’t a problem if you’re using a SOCKS proxy, since most web browsers can easily be configured to use your proxy server as a DNS server.) However, you actually can use this to your advantage. If you use something like BrowserLeak’s IP fingerprinting tool, you can see if your the address being leaked belongs to your ISP, or your VPN/proxy provider (the VPN/proxy’s DNS address leaks are not a problem). That way, you will know if your ISP can see what internet domains your web browser is looking up.
You are finally ready to consider hiding your IP address. At this point, we’ve all been told that VPNs are the best way to hide your IP address. We’ve all been told that everything else is either “insecure” or a wolf in sheep’s clothing. That is a straight-up lie spread by many of these VPN companies. Here’s the truth of the matter: not only do many VPN providers monitor, mine, and sell data about your online activities, they don’t protect you from any of the other privacy issues I’ve pointed out above. Choose your provider carefully, and make sure to read the fine print.
Please note: I’m not saying *all* VPN services are bad. On the contrary, there are some that are actually quite good, and provide a rather priceless service. However, I’ve said it before, and I’ll say it again: there is no relationship between the price you pay and the protection/loss of privacy. When I say to “read the fine print”, I’m being 100% literal. You should never sign a contract without reading it, regardless of whether you sign via ink or via an electronic “I agree” button.
Pay attention to the encryption algorithm your VPN/proxy provider uses. This can be pretty hard with proxies (which may be why they’re hardly used these days), but VPNs can be a bit easier. At the time of this writing, AES encryption is generally considered the best, so use something that take advantage of AES. Also, avoid old connection protocols like PPTP. PPTP only supports old encryption algorithms that are relatively easy for your ISP and/or Big Brother to crack. I tend to recommend using only OpenVPN, due to it’s flexibility, it’s FOSS nature, it’s popularity with a variety of VPN providers, and it’s rock-solid AES support. Also, I would avoid proprietary protocols (or proprietary implementations of FOSS protocols), since they can’t be peer-reviewed due to their proprietary nature.
Don’t log in to any websites. One mistake many people make after anonymizing themselves is to “anonymously” log in to their favorite websites. There’s generally no such thing as “anonymously” logging in, since the very purpose of logging in is to identify yourself. All of the anonymization tech in the world can’t stop you from unwittingly de-anonymizing your own self. Also, make sure to clear your cookies, site preferences, local storage, and active logins (or use any privacy mode your browser might have, eg InPrivate Browsing, Incognito Mode, Private Mode, etc.), so that any preexisting logins will not expose your identity.
Beware of what programs you have running when you connect to a VPN. Unlike proxies and TOR, VPNs route EVERYTHING through their service. When I say “Everything”, I mean EVERYTHING. On mobile devices and Windows 10 systems, you will still be signed in to your app store, which will de-anonymize you. You should especially be ware of any malware installed on your computer. I personally consider IOS, MacOS, Android, and Windows to be malicious in nature, so there will be malware on such devices, even if anti-malware programs don’t detect ant infections. After all, Apple, Google, and Microsoft are not well-known for caring about you or your privacy, are they? Consider a *BSD or GNU/Linux system. IDK about the former, but the latter can be booted “live” from a CD, memory card, external hard drive, or USB drive, without the need to “install” the system.
Consider using TOR. Many of the problems described above don’t apply if you connect to TOR using the official TOR Browser (a modified version of Firefox), which not only come pre-configured to use the TOR network, it also comes equipped to block many common fingerprinting techniques. It even comes with NoScript pre-installed, although most NoScript settings are disabled, both to prevent websites from breaking, and to give the user a chance to set whatever settings they want. It does not, however, come with an ad blocker, although NoScript can be used to block the scripts that *usually* load ads. If you wish to use uBlock, you should install an older 1.13.x version in order to avoid a known bug. This bug should (in theory) be fixed when the TOR Browser becomes based on Firefox ESR 60.
Do note that you can connect to the TOR network with virtually any browser if you install a TOR background service/daemon. You would need to set your web browser to use a SOCKS5 proxy, with an IP address of 127.0.0.1, port 9050 (by default, you can configure a different port if you want to). However, due to the amount of data most browsers leak, you’re probably better off using the TOR Browser. Also, the TOR Browser is easier to set up, since it’s designed to use the TOR network right out of the box.
I would like to add that because the TOR network is set up to use a local SOCKS proxy server, you don’t need to worry about DNS leaks.
Also, most programs don’t work with TOR out of the box. IMHO, this is a good thing, since programs that reveal information about you will not taint your TOR connection.
For better or worse, when you use a service to hide your IP address (any service, whether it’s the TOR network, a VPN, or a proxy), you are putting a lot of trust in that service. Fortunately, the TOR network is designed in such a way that those routing your traffic can’t know very much about you or your online activities. Consequently, TOR is perhaps a better choice than a VPN when it comes to protecting your online anonymity.
BTW, did I mention the TOR Browser works over many VPN connetions? Even if the VPN provider doesn’t advertise tying there network into TOR, you can still route your connection to the TOR network over the VPN connection. It’s literally as easy as launching the TOR Browser. Now, that’s what I call anonymity!
If you’re on Android, you can set up TOR by installing ORDroid, which runs in the background. You’ll also have to either set your browser up to use tor, or use a browser that is designed to use TOR out of the box. Although the TOR Browser isn’t available for mobile devices (it’s only for Windows, and Unix-like systems, including MacOS), there is a similar program called ORFox, which I VERY HIGHLY recommend. Unlike on desktops/laptops - in which all one needs to do is download the TOR Browser - ORFox (or some other TOR-configured browser) and ORDroid will BOTH need to be installed for TOR to work.
There are downsides to TOR. Because it has been demonized by anti-privacy and anti-anonymity forces, there is a certain amount of paranoia about TOR. Consequently, many of the websites out there (especially those that use CloudFlare’s services) will not let you access the site without completing a Google ReCaptcha. In my own personal experience, those ReCaptchas have been buggy, meaning you can’t pass them because they glitch out. This doesn’t happen 100% of the time, but when it does, it can be very frustrating. On top of which, there are also some websites that won’t let you connect at all. I personally say “to hell with those sites”, but that’s just me.
Also, due to the way the TOR network works, you cannot run apps that are based on P2P protocols (including Bit Torrent) over TOR. Not only will this not work, it may slow down the entire network for everyone.
TOR is also considerably slower than a VPN. This is due to the fact that TOR is not run by profiteers. Rather, it is run by volunteers, who happen to be willing to donate some of their bandwidth to the public. Consequently, few of these people have multi-gigabit connections dedicated to this network, with some people only donating a few megabits, or less.
One way to compensate for this is to donate some of your own bandwidth to the TOR network. I’m not telling you this just to make the TOR network faster (although I do hope you’ll do that as well), but also to give your ISP some background noise to listen to. That way, it will be a bit harder for them to distinguish your traffic from the traffic of others. This is especially true if you become a so-called “exit node”, since all incoming connections will be routed directly to the website a given person is trying to browse. However, you will likely be forced to deal with ReCaptchas all the time, especially if you end up being an exit node.
Avoid using “cloud” services, except ownCloud or Nextcloud, both which are free, open source cloud server programs that you can run on your own machines, which means you can be the one in control. If you need more storage, buying flash drives and/or hard drives is usually cheaper in the long run anyway. (Although using cloud storage is generally not a bad way of storing files if you were planning on publishing said files online anyway.) Needless to say, this goes double when you are hiding your IP address.
So, that in a nutshell is how you become anonymous on the internet. It’s not as easy as “pay money, become anonymous”, because your IP address is NOT the only thing that anti-privacy forces look at when spying on you. I’m not sure it’s even the most significant. After all, there’s so much money to be maid violating other people’s privacy, there will always be incentives to invade or work around any surveillance-evasion means. So, be careful what services, providers, networks, and protocols you trust, avoid using your ISP’s DNS servers, and make sure you harden your browser against it’s many privacy leaks, because there are many. Happy browsing.
- If your online anyone can find you-you leave a digital trail and that never goes away
- VPN or Internet blockers can change TOS to protect them not you - remember that
- Cloud is Cash Cow for poor protection - Keep local is better
- Use hosts blocker - I use one to prevent redirects or popups and adware
- Stop going to PORN site - if you have to go there you should get tied (mostly men here)
- Best Internet usage…Go COMPLETELY OFFLINE and never use the internet… Perfect RIGHT???