For our first post of the semester, it’s a pretty slow news week. Yes there is always something going on at thehackernews.com or Security Week (two sources we like to use), but nothing is really earthshaking at the moment. Thus, this week, after a brief look at a news item, we’ll dig into some tools for online privacy.
Google Busted
This, however, it at least noteworthy, Google has been busted! Note this is the company who used to have a slogan, “Do No Evil,” that they abandoned years ago.
More recently, they lost a suit over their abuse of incognito mode in Chrome. It turns out, even when you were using Chrome in incognito mode, Google was still tracking your activity.
Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’
Incognito Mode
Now me, I tend to use incognito mode only to see what a site looks like when I’m not logged in. I’ve never assumed any real privacy results from using incognito mode, and it doesn’t. It’s just the browser that doesn’t (in theory) save data about your incognito session. The URL requests to whatever site you’re browsing still go through your ISP. So how much do you really trust Verizon, or Spectrum, or Google, or some local ISP, not to snoop on your data? Of course they snoop and resell your data!
So for me, being on Google Fiber, it’s a double whammy. When I use Chrome (purely for development, I’m a Firefox guy), I’m giving Google my data in the browser, and again as it passes through my router into Google Fiber-land.
First Step – Use a VPN
The way to really get some privacy is to use a VPN, hopefully one that really is telling the truth when they say “no logging.” In theory, simplistically, a VPN tunnels your traffic over a secure encrypted connection to some server at the VPN company, where the traffic is finally dumped on the Internet. In theory the VPN doesn’t keep logs, and no one can track your IP back to your router, they will see the VPN company’s endpoint as the source of the traffic.
The problem with a VPN is some sites (like Google) make you jump through Captcha hoops just to do a simple search over a VPN. Who would have guessed, the same VPN IP you’re using to hide your tracks on the Internet is being used by some slimy people too! The IP of any VPN endpoint is almost certainly on some bad IP list somewhere.
Which VPN Should I Use?
If you want to get an idea of which VPN to use, I can’t help you. I can’t recommend one, probably, per some obscure GA Tech rule. Also, I’m not gonna tell you which VPN I use. But CNET has a nice list of VPNs. I will recommend you take a look at Proton VPN as their choice in free/open-source VPNs. Having said that, I’d go with a paid plan, then maybe they really won’t log/track/resell your browsing habits. My VPN isn’t on their list.
One tip, if you’re really privacy paranoid, Private Internet Access (PIA) takes Wal Mart gift cards for payment. But then, your transaction at WalMart is on video, so there’s really no privacy in the world. Sigh. PIA is also open-source, which is a plus in the world of security and cryptography.
A real concern about companies like PIA is that, for all their features, despite the fact that their no-log policy has been tested and and proven, they are a US-based company fully subject to warrants and other pressure from the US Dept. of Justice and other law enforcement entities.
I’d say, if you really plan to be a revolutionary, use an offshore VPN. If you’re just trying to protect your viewing habits from being tracked by your ISP, then a US company is probably fine.
Next is Tor.
Tor — The Onion Routing
https://www.torproject.org/ — The Tor Project
The next level of privacy is using Tor. Tor is definitely used by some shady characters, sites that are banned off the respectable domain registrars, or ones that could never be there in the first place, are living on the “dark web” at .onion sites. The “onion” metaphor is the idea of peeling back the layers of an Internet request, trying unsuccessfully to find its source.
A simple, outdated explanation of how Tor actually works is that it routes all your traffic through a maze of Tor servers, encrypting the traffic at each step, such that by the time your traffic hits the Internet, all sources of personal info such as device type and IP address are wiped away. Tor claims to “make all user look the same.”
You can read more at the linked website above. Tor is really slow, while VPNs can run really fast, probably faster than your home internet connection.
When Should I Use a VPN?
The bottom line, Tor is probably overkill for protecting your privacy, unless you’re really paranoid. Using a VPN, assuming they are really log free, will give you the privacy you’re looking for. But it’s a pain, many sites pay attention to the “bad IP” list and will either block you, or worse, make you go through Captchas and other challenge puzzles to access the site. Some sites just don’t appear to allow it at all.
I recently tested accessing X (Twitter) on a VPN connection and it just put me through an endless series of very interesting captcha-like puzzle. Every time I would pass, I would get to a page on X, and the next thing I knew, I was being challenged again. Me, personally, just my opinion, this really sucks if they are truly blocking VPNs. I was using a brand new account, I didn’t want to mix any of my existing accounts up with attempts to use a VPN. Perhaps it was just extra security on a new account.
If you have any relevant experience with VPNs or any recommendations, please make a comment on Ed in the Week 1 post, thanks.
What About Browsers?
One thing we’ve glossed over so far is which browser should you use for private browsing? Think about it, for all the VPN protection, if you’re using Chrome, you’re effectively running approved spyware on your computer. If you’re in Linux, it’s easy, use Chromium, which is the stripped down non-spyware version of Chrome.
Firefox? They’re certainly collecting data on how their browser is used, especially if you enabled the data sharing.
Brave. Now we’re talking. Brave is a good choice for private browsing. With a built-in ad blocker and other anti-tracking features, you’ll be shocked at how many trackers are blocked.
One last item worth mention for those who use Firefox or Chrome, you can install Ghostery. I don’t know that it’s any better than the other leading ad blockers, but I have liked its features for years.
OK that’s it for this week, hopefully next week there will be some more noteworthy news to talk about.