Monday, 4 May 2015

The ultimate guide to staying anonymous and protecting your privacy online

Binoculars
Now more than ever, your online privacy is under attack. Your ISP, advertisers, and governments around the world are increasingly interested in knowing exactly what you’re up to when you browse the web. Whether you’re a political activist or simply someone who hates the idea of third-parties snooping around, there are plenty of tools available to keep prying eyes off of your traffic.
In this post, I’m going to highlight 12 tools you can use to increase your online privacy. Some methods are more complicated than others, but if you’re serious about privacy, these tips will help you remain anonymous on the open Web. Of course, Internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology.
TOR

The Onion Router (Tor)

If anonymity is what you’re after, The Onion Router (Tor) is what you need. It uses a vast network of computers to route your Web traffic through a number of encrypted layers to obscure the origin of the traffic. Tor is a vital tool for political dissidents and whistleblowers to anonymously share information, and you can just as easily use it to help protect your privacy.
Without a doubt, the easiest way to get started is by downloading the Tor Browser Bundle. This customized branch of Firefox automatically connects to the Tor network, and includes some of the privacy-enhancing browser extensions discussed later in this post. This package has everything you need to use Tor successfully, but you’ll also need to change your web surfing behavior to retain as much anonymity as possible. You need to make sure to abide by the Tor warnings, and remember that this isn’t a magic bullet for internet privacy. It still has weaknesses. For more information, we have an entire story on installing and using Tor.
TorGuard

VPN

If you’re very serious about maintaining your anonymity, consider investing in a VPN solution like TorGuard or Private Internet Access. These services essentially allow you to disguise your traffic. Your real IP address will be hidden from the world, and your traffic will remain indecipherable to nosy ISPs or governments.
Even if your government is actively on the lookout for VPN traffic, you can still benefit from so-called “stealth VPNs.” TorGuard offers its stealth VPN service at no additional cost, and it will make government detection and interference much harder to accomplish. For those of you being held hostage by your government, VPNs are by far the best bet for bypassing censorship and snooping.
DNS Leak Test

DNS leak testing

Even if you’re using a privacy service (like a VPN) to hide your IP address, it’s still possible to give away clues to your identity via your DNS traffic. Thankfully, it’s easy to detect if your configuration is leaking your DNS information. Simply head over to DNSLeakTest.com, and run the extended test.
If the results show the third-party DNS service you’re using (like TorGuard), you’re set. If your ISP’s DNS info shows up, you have a DNS leak. Follow the steps listed on the “How to fix a DNS leak” page, and then test yourself again to make sure everything is working as intended.
Virtual Machine

Virtual machines

Keep in mind, your browser isn’t the only vector for third parties to invade your privacy. PDFs and other seemingly harmless files can serve as homing beacons, and potentially alert government entities when you’re viewing planted contraband. To prevent any sort of unintended breach of privacy, you should open suspect files inside of a virtual machine.
Load up your favorite Linux distribution inside of VirtualBox, configure it to your liking, and then save a snapshot of your VM. Next, download your desired file (using the protections illuminated in this article), and then shut off your virtual machine’s access to the Internet. Once you’re sure that the VM is cut off completely from the network, you can now open the file safely. Read what you need to read, make notes, and then shut down the virtual machine. Next time you need to view a file inside a VM, you’ll have your snapshot ready to go.

Third Party Cookies

Blocking third-party cookies

Third-party cookies are one of the most common methods that advertisers use to track your browsing habits. If you visit two sites using the same advertising service, rest assured that the advertiser is keeping tabs on that information. Thankfully, every major Web browser offers the ability to turn off tracking cookies. Without third-party cookies, advertisers have to work much harder to monitor which pages you visit. While this is far from a panacea, it shuts down the most common vector used by advertisers to build usage profiles.
Geolocation

Blocking location data

In recent months, many sites have begun using location data to offer specific services, and serve targeted advertisements. Mapping applications obviously have legitimate reasons for gathering location data, but that same technique can be used to help identify who you are. Any legitimate browser should offer the ability to toggle on and off location data, and I recommend leaving it off completely. At the very least, demand that websites prompt you for access before gathering the data.
That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. If you’re browsing the Web without a proxy or a VPN, you’re effectively broadcasting your IP to every server you come across, and that information can be used against you. It’s not necessarily something you have to worry about constantly, but it’s worth keeping that fact in the back of your mind if you’re criticizing your local dictator or blowing a whistle on the NSA.
Do Not Track

Do not track

The “Do not track” HTTP header is an optional message that browsers can send to Web servers. You can easily enable it in your browser’s settings, but it’s rather limited in scope. For this to work at all, the Web server needs to be configured to respect this flag. There is absolutely no requirement of any kind that any website needs to obey this setting, so don’t expect widespread protection from trackers. Still, you don’t have much to lose. The only potential issue here is that it’s an additional datapoint for browser fingerprinting. But if enough people are using it, that shouldn’t be a real issue.
plug-ins

Plug-in management

Even if your browser is configured properly to hide your identifying information, plug-ins can still be used to endanger your anonymity. If you’re serious about remaining anonymous, you should avoid running plug-ins all together. Unfortunately, that can leave a number of popular websites completely unusable. To solve this problem, I recommend a hybrid approach.
First of all, you need to configure your browser to require your approval to run any plug-in. Chrome and Firefox offer this functionality by default, and extensions offer this capability in other browsers. Next, you need to make sure you’re running sandboxed plug-ins. While this is mostly considered a security issue, a rogue plug-in could certainly be used to gather your personal information by an organization like the NSA. Chrome can be configured to completely disallow un-sandboxed plug-ins, but it can be trickier with some other browsers. Windows users can opt to run their browsers inside of an application called Sandboxie, so even less sophisticated browsers can receive similar benefits.
No Script

JavaScript blocking

JavaScript is an incredibly powerful language, but it also has the capability of leaking out identifying information. By design, it can deliver detailed information to any Web server about your setup. What plug-ins do you have enabled? What size screen are you using? Those small pieces of information can add up, and make tracking your usage profile easier for advertisers and governments. Worse, unpatched JavaScript exploits could potentially be used to trick your browser into giving up even more identifying information.
If you want to be truly anonymous, you’re going to need to disable JavaScript. Of course, that’s easier said than done. Many websites rely on JavaScript for core functionality, so you’d be effectively knee-capping your Web browser. Thankfully, there is a way to have your cake and eat it too. By using a browser extension like NoScript or scriptno, you can personally manage which domains are given permission to run JavaScript in your browser. This way, you can whitelist domains and webpages that you trust, but you can bypass all of the baggage that comes along with running any ol’ JavaScript that comes along on the web.
Ghostery

Ghostery browser extension

If you’re serious about protecting your privacy, consider installing Ghostery in Firefox, Chrome, Opera, IE, or Safari. This adorable little browser extension allows you to block trackers from all over the web in one place. Better yet, it displays just exactly which tracking services are being used on your favorite websites, and allows you to dynamically enable or disable tracking as you see fit. Can’t live without the Facebook widget on your favorite blogs? Just whitelist it. It’s simple to use, and extremely customizable. If you hate the idea of being spied on by advertisers, this is exactly the extension you’re looking for.
HTTPS Everywhere

HTTPS Everywhere browser extension

In spite of the infamous Heartbleed vulnerability, SSL is still your best bet for keeping your Web traffic private. If you want to keep nosy packet sniffers out of your business, your Web traffic should always be going through SSL connections. Sadly, not every website supports SSL. Even worse, many websites that do support SSL still default to unencrypted connections — and the Electronic Frontier Foundation wants to change that. The HTTPS Everywhere browser extension, provided for free by the EFF, forces SSL connections on countless websites. Chrome, Firefox, and Opera users can all take advantage of this wonderful extension, and keep important Web traffic private and secure.
Panopticlick

Panopticlick

How easy is it for Web servers to identify you by your browser? It all depends on how it’s configured, really. To see just how much identifying information your browser is giving away, head on over to Panopticlick. This handy little tool, owned and operated by the Electronic Frontier Foundation, quickly tells you just exactly what your browser is broadcasting to the world. The more information given away, the easier it will be to identify you. If you want to improve your Panopticlick score, take a moment to read Peter Eckersley’s article on the matter, and adjust your configurations as you see fit.

Justified paranoia

You might not think you have anything to hide, but that doesn’t mean you shouldn’t enjoy the benefits of online privacy. Some of these recommendations are a real hassle to live with — I’m well aware. It’s a lot easier to shove your fingers in your ears, and pretend like the NSA and your ISP aren’t watching every move you make. But what you browse is your business, and your business alone. Now is the time to stand up for yourself, and take back your privacy.

No comments :

Post a Comment