Privacy is a human right and anyone who says otherwise is an enemy of humanity, period. Strong words, yes, but that doesn’t make them untrue. It doesn’t matter how honorable their motives are, be it stopping criminal activity, terrorism, or other abhorrent behavior, anyone who claims you have to give up your privacy for any reason, is in effect making a claim that you are their property and that you are subservient to them. I do not abide by this and neither should you. To that end, I want to show some of the tools I use to keep invasive eyes out of my life and business when interacting with the web.
Before we go any further, I need to state up front that I am in no way a privacy or security expert. My knowledge is completely derived from my readings and discussions on various websites and social media platforms, no formal education. If any information I have provided is incorrect, it is not done so with any malicious intent, and I strongly urge anyone with more knowledge than me to inform me of any mistakes I may have made. The information I present is simply my best effort at helping you improve the privacy of your online presence and does not put any sort of legal responsibility on me. As in all things in life, you are the final arbiter of what information you choose to use or reject.
Privacy starts with your connection to the internet. If you are using an open connection, anyone with some basic technical prowess can intercept and scrutinize all of your activity. The first and most important step you can take to stop this data snooping is to use a VPN (Virtual Private Network). A VPN does essentially two things to protect your privacy: it encrypts all of the data coming and going to your computer, and routes your connection through a proxy server in order to mask your IP address. By encrypting your data, even if it is intercepted, it can’t be read, and by routing it through a proxy server, your connection can’t be traced back to you. Which VPN service you choose is very important as you have to trust the VPN service to not log your data or allow government agents to insert tracking tools into their service. Up until now I have been using Private Internet Access as they don’t keep logs, have a history of standing up to the government, allow for anonymous accounts, and generally provide a quality service. However, they have one very major flaw - they are based in the US, and since the United States government has zero respect for the privacy of its citizens and egregiously uses the color of law to coerce all manner of businesses into turning over data or into allowing them to intercept all traffic, I cannot recommend a VPN service based in the US. Because of this, when my current subscription runs out, I will likely be switching to a VPN provider located in a more privacy friendly country. Also, when choosing your VPN, don’t choose a free one. As the saying goes, if a service is free, you’re the product. An interesting option that is in early development is Mysterium. It’s a blockchain based decentralized VPN. I don’t know much about it yet but it’s definitely something to keep an eye on. Lastly, it’s important to note that using a VPN will negatively affect your internet performance. You’ll generally take a 20% speed reduction and you’ll find that some websites won’t work properly when using a VPN. In my opinion though, the performance hit is worth the privacy gains.
A free and easy step you can take to improve your online privacy is to change your DNS resolver from your ISP to Freenom’s DNS service. The Domain Name System is like the phonebook of the internet; in order to visit a website, you first have to look up the address of the website via a DNS service. The DNS looks up the name of domain, such as www.procryptix.com, and then directs you to the IP address that the domain name resolves to. This service is typically provided by your ISP but unfortunately ISP’s have a terrible track record of protecting their customer’s privacy. By using a DNS service like Freenom’s, your ISP will have less ability to tell which websites you are visiting. To change your DNS service, you simply need to go to your network connection settings and change the DNS option to 80.80.80.80 and 80.80.81.81. Please see Freenom’s website for more detailed instructions if needed. An added bonus of using Freenom is that your lookups will most likely be faster than using your ISP’s service.
If you really want to maximize your privacy, you can use the TOR network. TOR stands for The Onion Router and its job is to route your network connections through a series of anonymous and decentralized nodes. It’s important to note that while the data moving between TOR nodes is encrypted, the entry and exit points (the connection between you and the TOR network, and the connection between the TOR network and the website you’re visiting) are not encrypted. Because of this, you should still use a VPN even when using TOR. While there are a few methods to access the TOR network, the easiest way is to simply use the TOR browser. The TOR browser is a modified version of Firefox that is pre-configured to route all of your web traffic through the TOR network. That being said, I don’t use TOR on a regular basis, only when I need an extra level of privacy, as I find the speed hit and the general inconvenience to not be worth it for typical browsing.
Speaking of browsers, if you’re using Internet Explorer or Chrome, you need to ditch them ASAP and switch to a browser that respects your privacy. The fact that IE and Chrome are products of Microsoft and Google should tell you all you need to know about how concerned they are about your privacy (ie, they’re not). The most capable and full featured browser that does respect your privacy is Mozilla’s Firefox. Firefox is open source, fast, reliable, and has a multitude of privacy enhancing extensions and configuration options. Another browser to check out is Brave. Brave is a new project by one of the founders and original developers of Firefox, but has an even stronger focus on privacy. Brave is basically an ad blocker with a browser built in, and because of this, is by far the fastest browser I’ve ever used (you’ll be surprised at how much bandwidth advertising uses). However, Brave is still in beta and has a very small set of available extensions which unfortunately precludes me from adopting Brave as my default browser at this time. Currently I use Firefox but I keep checking in on Brave and plan to switch to it once it meets all of my needs. Since Firefox is open source, a number of other projects have taken its code and released their own browsers but with some added privacy tweaks. Two of the most popular alternatives are Pale Moon and Waterfox. The advantage of these two browsers over Brave is that many of Firefox’s extensions are compatible with them. I’ve been playing around with Pale Moon recently but since it’s based on an older version of Firefox, not all of the extensions I need are compatible with it. For me, Firefox is currently the best choice as I get a fully featured browser with all of the extensions that I could ever need while still having the ability to greatly improve my privacy.
Now I want to talk about the extensions you can use to improve your browsing privacy. I’m writing specifically for Firefox from this point moving forward; you’ll have to do your own research into how to extend and configure your browser if you chose something different than Firefox. There are six extensions you should install: uBlock Origin, Privacy Badger, Decentraleyes, Disable WebRTC, HTTPS Everywhere, and Cookie AutoDelete.
- uBlock Origin is the best wide-spectrum ad blocker available. It has light memory footprint, is open source, and has a much bigger filter list than other ad blockers.
- Privacy Badger stops advertisers from tracking where you go and what websites you look at. It is a learning application so the more you use it, the better it gets at protecting your privacy. It is open source and developed by the the EFF.
- Decentraleyes forces your browser to use local resources for Content Delivery Networks instead of “free” hosted libraries. In order to save bandwidth, development costs, data storage, etc, many websites use centralized shared libraries to host some of their content. Because these libraries are free, in order for them to generate revenue, when you visit a webpage that uses CDN’s, your web usage history and habits will be tracked and then sold to advertisers and government agencies. Decentraleyes updates your browser so it instead uses a local copy of these libraries, thus enhancing not only your privacy, but the speed at which you interact with these web pages as well.
- Disable WebRTC. WebRTC is a new communication protocol that unfortunately can leak your IP address even when using a VPN. Disable WebRTC disables this protocol and prevents your IP address from being exposed.
- HTTPS Everywhere Many websites offer both an unencrypted connection (http) and an encrypted connection (https) to their website. HTTPS Everywhere forces your browser to use the encrypted connection even when you don’t specifically navigate to the encrypted channel. HTTPS Everywhere is another project by the EFF.
- Cookie AutoDelete automatically deletes all cookies when no longer being used but still allows you to whitelist the ones you need on a regular basis.
The last aspect of online privacy I want to discuss in Part 1 is password management. Proper password management may actually be the most important step you can take to keeping you secure online. If you have the horrible habit of using a single password for all of your online accounts, when a site you have an account with gets compromised, you can find yourself in a world of hurt because the hackers will attempt to find your other online accounts, and if you’ve used the same password, they will have unlimited access to those accounts as well. Do NOT re-use a password. Ever. Obviously, you can’t keep track of large number of highly complex passwords in your head so you’re going to need a password manager. I use and recommend LastPass. LastPass is a cloud based password manager that allows you to use unique passwords for all of your online accounts while only having to remember a single master password. It uses SHA256 encryption to keep your passwords private and only you have the keys to your account. In other words, do NOT lose your master password because if you do, not even the LastPass team can recover your account (though there is a way to set up a recovery option with someone you trust). When setting up your passwords, make sure you use at least 15 characters and include upper case, lower case, numbers, and symbols. I typically use between 30 and 50 characters but some sites won’t allow passwords that long. Do the best you can in those scenarios. Also, don’t set LastPass to log in automatically, set it to so that every time you close your browser, LastPass logs out. Yes, it’s a bit of a pain, but an ounce of prevention is worth more than a pound of cure. Another option to set for your most sensitive accounts, such as your banking sites, is the "Require Password Reprompt", located on the site's respective LastPass entry. This way, if someone gains access to your computer while your LastPass session is active, they still won’t be able to get those passwords without knowing your master password.
As we’ve already surpassed three pages in length, I’m going to stop here. In the upcoming part or parts, I plan on covering operating systems, multi-factor authentication, and various security centaric data storage and communication platforms. As always, thanks for reading and I look forward to your feedback.
Author: Chris Webb
thanks, very helpfull!
Nice, detailed article. Very useful into.
Thank you for your research