November 28, 2021

Internet Privacy Basics, by Petr

Editor’s Introductory Notes: This article was authored by the teenage son of a long-time SurvivalBlog reader. It is humbling to see that a second-generation of SurvivalBlog readers is now reaching adulthood.  (SurvivalBlog was launched in August of 2005.)

Properly, the term internet (with a lower case “I”) generally refers to all interconnected computer networks, whereas Internet (with a upper case “I”) refers to the global network associated with the world wide web (WWW). The dark web refers to dead or abandoned web sites. (That is, sites that have “gone dark.”) The deep web refers to sites that are invisible to search engines. The deep web is mostly behind corporate firewalls and is much larger than the sites cataloged by search engines on the mundane public Internet. Also note that some web addresses are only visible and accessible with Tor (The onion router) or other similar deep web browsers, rather than standard browsers.

This article is geared toward users of the mundane public Internet using standard browsers, but who desire greater privacy. That is probably 98% of SurvivalBlog readers. Note that this article is just a primer rather than a comprehensive guide to Internet privacy. It is an article meant for new users, people new to open source, and the Privacy Mindset.

Internet privacy is a relatively new concept. The definition and interpretation of Internet privacy can often be up to the individual. For some, it means to be digitally forgotten and to live in anonymity, whereas others it means complete ownership of your devices and your data. It does not matter what your personal definition is. It all comes down to one thing, you as the user need to be in control. Many corporations and especially the government would be happy to take this responsibility off your shoulders. Yet this leaves you open to being exploited. We see this with Google and Microsoft’s targeted advertising. This exploitation also happens through browser fingerprinting and cross-site tracking. Data has become digital gold. With this newly-valuable resource, companies have been trying ruthlessly to acquire your data.

It is not only companies and governments who want to take advantage of your data, but hackers as well. Many times, we as individuals put ourselves in dangerous situations online without even realizing we are doing so. Hackers love nothing more than our ignorance. We are going to cover three basic steps to take back your privacy from these corporations and to keep yourself secure from hackers and snooping 3-letter government organizations. These are simple and often free or inexpensive.

With Internet privacy and especially security come dozens of buzzwords and false claims. Nothing ever makes you 100 percent secure or can guarantee total anonymity. There is some vocabulary that needs to be gone over.

  • Encryption – The process of making once readable data seemingly random. Encryption can be used in almost everything. When executed correctly is always a good thing.
  • Open-Source – When the source code of the application is readable to the public. This allows the code to be audited by regular people. To make sure there is nothing undesired going on in the background. Open source is often free and more secure than proprietary software. Always go for open source when practical and available.
Get a password Manager:

If you are like most people, you use the same password for as many sites as possible and probably also save your usernames and passwords to auto-fill when logging in on your phone and your computer. When a hacker gains access to one of your passwords, she will immediately use the same information to attempt logins of all major email providers, social media apps, and major online retailers. From there the hacker will determine what banks you use and attempt to gain access to your bank accounts and to make purchases from any sites or apps you use for shopping. In short, it can be disastrous. Saving your passwords within a browser (Google Chrome, Microsoft Edge, Internet Explorer, Safari) or on your phone (whether an apple device or android) is effectively giving your login information to the company that created the browser or the device.

A Password Manager is an application that stores all your passwords for every site and app that you use in an encrypted vault. This may sound a lot like what you are doing when saving your passwords in your browser or on your devices, but one key fact makes all the difference. You have to use a password manager that is “open source” (see definition above). With an open-source password manager we know that the owners of the password manager cannot gain access to your password vault or to your login information for the password manager itself. This also means that the password manager company cannot reset your password if you forget it.

Another benefit of a password manager is that it can be used to generate more secure passwords for you. When generated through your password manager, the password will be for all intents and purposes, unguessable and uncrackable. The password will be a long random string of number, letters, and special characters that would take a password cracker thousands of years to guess. But remember, you don’t have to remember them, you will only need to remember one.

While many password managers are available on the market today, Bitwarden is the one I recommend and the one that I use personally. It is open-source, so we know there is nothing spooky going on behind the scenes and we know it is very secure. At the time of writing, they have yet to have any sort of security or data leak, and the best part is that it’s free. Yes, that’s right, the best password manager is completely free and open source. While Bitwarden is very effective when used correctly there is no guarantee of complete security. Bitwarden has native support for android and ios as well as all major desktop such as Windows, Mac, and Linux. You get access to all these apps with the free package as well. Passwords being insecure is only becoming more of a security risk as time goes on. Fix the problem before it becomes a problem. Also, whenever two-factor authentication is available, use it. Just another layer of security on top of a secure password from an offline security service like Bitwarden or 1Password. There is no appropriate way to store your passwords other than a password manager or a pen with paper. Everywhere your passwords are stored online is a security risk. That is what experts call an attack surface. They have more options to hack you. Offline password managers are a preventative measure. They are designed to keep your passwords safe and secure before they become a problem.

Browsers and Search Engines

A web browser is a portal to the Internet, the icon or applet you click to access the Internet. Many however do not take privacy seriously. Google chrome is a major offender in this regard. Its whole business model is to collect information for targeted advertising. Chrome, although the most popular, is by no means the most private. For privacy-minded users they should be avoided at all costs. There are great alternatives to Chrome. Chromium is an open-source browser that Chrome is actually built on. This a great choice as it is compatible with all chrome addons. Firefox is another browser that is open source and privacy-minded. Brave which is built on chromium is privacy-minded and has even a built-in adblocker, this is especially useful for mobile devices and chromium add-ons are not available.

A web browser is useless without a search engine to navigate the Internet. Google has become the common standard. However, Google also loves to collect and store user data. We must look for alternatives that respect the user’s privacy. DuckDuckGo is a fine alternative. It can deliver great results. It is a default on most browsers and is the privacy standard in most people’s eyes. Startpage is also a great option. Startpage delivers Google quality search results without Google’s data collection.

My personal favorite is a search engine called MetaGer that delivers results from multiple search engines. Brave Search is a relative newcomer. It offers promising policies and innovations and at the time of writing is still being beta tested. With these two steps you have taken a major step in limiting data collection from companies. Browsers are also the main way in which Google servers target advertisements to you. By moving away from Google Chrome and other mainstream browsers and search engines you will start to see ads that are less tailored to you. In addition to increasing your online privacy you will also be helping combat the monopoly that these companies have built. By simply supporting alternate search engines you are essentially providing competition, and competition drives innovation.

Extensions are another fantastic way to enhance your browsing experience and privacy. A list of excellent add-ons include “Ublock Origin” for ad blocking, “Privacy Badger” for blocking trackers that attempt to track you across the web, “HTTPS Everywhere” to keep secure connections as often as possible, and “decentraleye”s for more tracker protection. These not only enhance your browsing experience but also privacy. All of this is free and open source.

Virtual Private Networks

Virtual Private Network (VPN) is a fantastic way to boost your privacy online. It works by connecting your computer to a remote server in a different part of the world. The connection is encrypted allowing for private communication. You can do all your Internet activity and every ad, tracker, and potential hacker will only see the IP address of the VPN server. This comes with some risks and downsides. Many times, it is a single company in control of all their servers, so they can keep logs. These include but are not limited to, time connected, browsing history, DNS history, bandwidth usage, and more. Speed also tends to decrease, as your connection to the VPN server now has to be encrypted and sent to grab the information you want. Limitations aside, the security benefits are numerous.

Browsing on public WiFi is inherently dangerous. Hackers can view all the data being sent as the network is unencrypted. With a VPN running while you are using public WiFi, the network administrator or any potential hackers will not be able to view any of your Internet activity. Likewise, a VPN also has the benefit of keeping your Internet provider (otherwise known as your ISP) from viewing your Internet activities. They can see you are connecting to a VPN server nothing more. VPNs also have numerous other benefits such as safer torrenting, different Netflix libraries (available by using a VPN in a different country), price matching, unblocking geo restrictions, and more.

There are lots of different VPN companies all with their own benefits and disadvantages. When choosing a VPN there are many things that I recommend you look for. However, the two most important however, are jurisdiction and independent auditing. What government jurisdiction does the company fall under. If the company lies in a jurisdiction that is hostile toward Internet privacy such as The United States, Australia, and Great Britain. These countries have organizations that attempt to gain access to information these companies possess. The United States government has been known to coerce companies to get information on a user. This has happened in the past with VPNs such as Hide My Ass, and Pure VPN. The United States, Canada, Great Britain, and Australia are just a few of the countries you want to stay away from.

The next thing you want to look for after determining the jurisdiction of the VPN is what’s called an independent audit. This is where a company that is trusted within the privacy-minded computer community is brought in to view the infrastructure and operations of the VPN company to make sure the company is keeping to their “no logs” policy. Independent audits are always something to look for as they allow trust between the company and its users. My recommendations based on these criteria are Mullvad VPN, IVPN, and maybe AirVPN. These are independently audited and away from US jurisdiction. VPNs are not invincible as some marketers would like you to think. An excellent tool for safety on public WiFi, bypassing geo-restriction, and more. VPNs are especially useful when someone else is running your network. Colleges provide Wi-Fi but also have the potential to spy on their students. When done correctly and with the right company a VPN is excellent tool to increase your safety and privacy online.

With these three simple and inexpensive steps you can take your browser’s privacy to the next level. This is going to be especially valuable as in coming years the encroachment of the right to digital privacy becomes even more prevalent. This is not a guide that you should follow and then forget. This is just the surface of the world of digital privacy and anonymity. Keep current on privacy measures, and stay proactive.

We face a challenge that no other generation of humans has ever had to face. Just as weapons must be given to the people to protect physical safety, information and tools must be given to the people for online and cyber safety.

Original Source