You are being tracked, right now, as you read this post. Your browser probably has an abundance of tracking cookies checking which websites you visit, what products you’re interested in and what adverts you respond too. You also probably visit sites that check and record your IP address and geographic location regularly without your knowledge. In this article I’m going to highlight some straight forward methods for obfuscating yourself online.
Note: I have written a continuation of this guide in light of the NSA/Prism revelations entitled Post PRISM and NSA super spying dragnet thoughts on privacy.
Block those trackers
Tracking cookies and scripts are everywhere, literally, everywhere. But what do they do? They track how you interact with websites, but to what end?
Well the intent behind the tracking can vary, but generally they are used to analyse consumer trends, both on a large scale, tracking what people are buying and reacting too in general, but also on a personal scale, tracking what sites you visit, what content you’re reading, what products you’re checking out, what adverts you respond to and all that stuff, this is so you can be directly targetted by advertising and content. It’s very similar to consumer analyses and tracking in the real world, only far more intrusive and subtle.
So why is this a bad thing? Well on the surface it may not sound so bad, I mean what’s wrong with a little personalised content? Well it goes further than this unfortunately, as time goes on the companies behind the tracking cookies and scripts are coming up with ways to discover more and more information about website visitors. For instance some of these trackers can be integrated with the site they are hosted on and can record your email address, location and other bits of personal information. This information can be used for innocent, yet annoying purposes such as sending you lapsed emails and advertising, but this data will also be sold on to other third parties, who in turn will sell it on again. I for one do not like the idea of details like this being sold to who knows who without my knowledge.
So how do we stop these annoying trackers? Well luckily there are several solutions available and they are pretty easy to get to grips with.
This feature is built into most browsers, in FireFox you can simply hold ctrl+shift+p to activate it and it can be turned on permanently if you wish.
Individual browsers may vary slightly on what exactly private browsing blocks, but I believe that they all treat cookies in the same way, which is to only store session cookies. Session cookies are fine to store, as they expire and are discarded at the end of the session, all other types of cookies are not stored at all and hence tracking cookies will have no effect.
The only issue with private browsing is that whilst it does block tracking cookies it also disables lots of other useful browser features such as history, stored passwords and other useful bits, so its not so useful for everyday browsing.
Tracker blockers are a better solution
If you find private browsing a bit too extreme then the alternative is to use a plugin that will actively block known tracking cookies and scripts. My favourite example of this is Ghostery which is available as a plugin for several major browsers. One feature that I really like is that it will tell you exactly what trackers it has blocked on each page that you visit, so you can see exactly who and what is trying to track you across the web.
To use Ghostery simply install the version of the plugin for your browser, tell it to block everything and you’re good to go. There are other tracker blockers out there but I’ve found Ghostery to be the most comprehensive, it’s list of trackers is also updated regularly.
Even though you are now blocking tracking cookies, websites that you visit can still store information about you such as your IP address. But the main issue is with ISPs, which monitor and often record everything that you do on the Internet and block you from visiting certain websites. IPSs are coming under increasing pressure to make this information transparent to governments and block websites that contain information that they do not agree with, this is a very bad thing for the everyday Internet user, as we are forced to adhere to freedom curbing laws that are aimed at a small percentage of ne’er-do-well Internet users.
You can get around this however by using a proxy server, the idea is that you access the Internet via a proxy server, so as you browse the Internet you actually make a request to the proxy server which retrieves the website for you and then returns the data to you, so all an ISP see’s is someone accessing a proxy server over and over again. Using this technique you can hide your IP address and access sites that are normally blocked by your ISP. Different proxy servers provide different levels of security and anonymity, however even a super secure proxy server will never be as secure as a VPN (which I detail below).
There are many proxy server solutions out there, let’s examine a few of the options.
Hide My Ass
Does exactly what it says, that is, hiding your arse on the internet. The Hide My Ass project provides an easy to use web proxy, which allows you to browse anonymously directly through the website itself, this is useful for on the fly anonymous browsing if you cannot alter any settings or install any software on the machine that you are on.
Hide My Ass also provides a list of proxy servers that you can use, if you go to the proxy list page you can browse and filter a huge list of proxy servers, once you find one that has your desired settings simply setup your browser to use the proxy by using the settings provided on Hide My Ass.
There are also browser extensions available for Chromeand FireFox (and possibly other browsers) these provide a button and a context menu option that enable you to access sites via Hide My Ass’s web proxy in one click.
Ultrasurf is a desktop app, when launched it searches through a list of proxies and finds the closest and fastest one for you, it then creates a local proxy through which you can route all your traffic. It integrates with IE out of the box, and also integrates with any other browsers or applications that use system wide proxy settings (such as Chrome). To use it with FireFox you have to install the Ultrasurf Firefox plugin, once installed make sure the ultrasurf app is running and then click the ultrasurf plugin to force all of FireFox’s traffic through Ultrasurf’s local proxy.
Ultrasurf has the advantage of being easy to use, but as many will tell you it doesn’t provide full protection, it’s more of a mid level solution and won’t provide the same level of protection as a VPN.
VPNs will really hide your ass
Whilst proxy servers do provide some security, they are not as effective as VPNs. A VPN (Virtual Private Network) is essentially a distributed private network, similar to a home network, where multiple computers access the internet via a single access point, such as a router. To the outside world each computer within the private network appears to be the same, with the same IP address and whatnot, a VPN does the same thing but any computer in the world can connect and use a VPN, you don’t have to be within the networks physical sphere of influence.
If you are really concerned about security then a VPN is definitely the way to go, both your IP address and geographic location will be hidden when using a VPN, and ISPs and third parties will be unable to monitor what content you view whilst browsing the internet.
There are many VPNs available, some are free and some are paid for, the best thing to do is to search around and read up on what VPNs people are using as new ones appear all the time. The key point is to look for VPNs that do not record or track its users in any way.
Free VPNs sound like a great idea, but many question whether they are entirely trustworthy or not. A service has to be monetised in some way right? Either you put ads in the users face or you make money in some other way, such as selling on data to interested parties. Despite this you might want to check out some of the free ones, a search will turn up plenty of free VPNs. I have heard good things about Hotspot Shield and Expat Shield but they should both be approached with caution as I don’t doubt that you will still be tracked in some way via these free services.
A better option is to pay for VPN access so the provider won’t need to make money in some other way. There are plenty of options out there, some good ones which I’ve heard do not keep logs on it’s users are SurfBouncer, Hushy, BTGuard and PrivateInternetAccess.
Onion Routing – Tor
No discussion about internet anonymity would be complete without mentioning Tor, one of the most well known internet security solutions out there.
Tor is based on the concept of Onion routing, where requests and responses are encrypted and bounced around multiple servers so the start and end points are obfuscated from one another. While certainly popular, many question whether or not Tor will provide enough protection. I’m not going to regurgitate all of the discussion here, you will find it easily enough if you search around, I can however summarise some of the main issues that people raise with Tor:
- Big drop in speed
- Reliance on the people that maintain the various Tor servers
- Popularity of service makes it a big target for cracking
- Vulnerability of Tor end points
Personally I prefer a private VPN from a lesser known company over Tor, of course this costs money, whereas Tor is free to use. Read up on it, gather some opinions and see what you think.
The anti tracking story doesn’t end here, there are even more steps you can take to secure your privacy.
Check how anonymous you are
You can use sites like TraceMyIP to check how you appear on the internet, if you’re setup correctly you should appear under a different IP address and in a different country or city.
Most internet browsing takes place over the HTTP protocol, which is unencrypted, any traffic over HTTP can be inspected by a third party. The HTTPS protocol is encrypted and hence is much more difficult for a third party to inspect. HTTPS Everywhere is a browser based plugin, it has a list of websites that are HTTPS capable and will switch to HTTPS whenever it encounters a HTTPS capable website.
Adblock will prevent any ads from appearing on any sites that you visit, it works in a similar way to Ghostery in that it has a list of known ad providers, blocking any requests by these providers.
Flashblock does exactly what you’d expect, it stops flash movies on a page from loading (the flash player plugin is still loaded by your browser however), you can still view flash movies though by clicking on them, so you can still watch cat videos on Youtube without too much fuss.
JonDoFox is a modified version of firefox designed to keep you hidden, if the solutions above aren’t secure enough for you then it might be worth giving it a go.
Tails is a security focused, Linux based OS built around Tor. It is designed to be installed on external media (such as a USB stick or a DVD) so it can be live booted. It is read only, so no information is saved about you and your activities whilst you use it.