Wednesday, October 10, 2012

How to Start Protecting Your Privacy on the Internet

By Sheldon Richman

The Internet is a marvelous tool for easily getting information about virtually anything. But for good or ill, it's also an easy way for people to get information about you.

Unless you do something about it, any Internet activity you engage in has the potential to leave tracks that others can trace. You also inadvertently invite others to leave information on your computer.

It sounds scary—and in some cases it can be. But it's not all bad, and there are preventive measures you can take.

The surest way to protect your privacy on the Internet is not to use it. But for most of us that price is too high. There are too many amenities offered by email, websites, social networking, search engines, online shopping, and more to consider resigning from cyberspace. So we have to resort to second-best solutions—methods that reduce (if not eliminate) what we don't like, while enabling us to take advantage of the Internet features we do like.

The first thing to do is to understand how your privacy can be compromised. For example, as you visit websites, you will unwittingly identify yourself with the IP number assigned to your computer by your Internet service provider (ISP). In turn the sites you visit may leave "cookies" on your computer with which to recognize you when you return. Depending on what sites you visit, this might be used for nefarious purposes, but there are constructive purposes as well. This information enables websites to tailor their ads to your interests and buying patterns. Information can also be sold to advertisers for the same purpose.  

Search engines like Google, Yahoo, and Bing also keep track of what you've been looking for, again to customize their output for the particular user, among other purposes. Controversially, they keep this information for a period of time. According to the Privacy Rights Clearinghouse, "Major search engines have said they need to retain personal data, in part, to provide better services, to thwart security threats, to keep people from gaming search ranking results, and to combat click fraud scammers." The major engines say they keep full IP addresses for a limited time, up to 18 months, after which they delete or "anonymize" them by removing some of the numbers. But things aren't always what they seem. In 2008 Google (which has many other services besides its search engine) said it would reduce the time it held identifying information from 18 to nine months. But Chris Soghoian charged that this was meaningless as long as Google's cookies were still on your computer. A couple of years later Google acknowledged that it only "obfuscates," without anonymizing, your identifier. The implication was that the information could still be traced to users.  

Similarly, one needs to be aware that Google's Gmail—and other free (advertiser supported) web-based email services such as Yahoo—perform "content extraction" on emails in order to (in Google's words) "offer you tailored content—like giving you more relevant search results and ads." Users of Gmail and other services consent to this monitoring when they sign up, but the Electronic Privacy Information Center(EPIC) points out that email to users from nonsubscribers, who have not consented, are also subject to content extraction.

Social networks, such as Facebook, are also places where information about you can be gathered in ways you may not like. "Many people besides friends and acquaintances are interested in the information people post on social networks," thePrivacy Rights Clearinghouse says."Identity thieves, scam artists, debt collectors, stalkers, and corporations looking for a market advantage are using social networks to gather information about consumers.Companies that operate social networks are themselves collecting a variety of data about their users, both to personalize the services for the users and to sell to advertisers."  

While some people won't mind helping Google and other companies to tailor ads and search results to their individual interests, others are offended by this practice and regard it as an invasion of privacy. That's for the individual user to decide. But remember: Accidents happen. In 2006 Time Warner's AOL mistakenly released search data on 658,000 users. If you are among those who don't want your web usage tracked, there are ways to minimize (if not eliminate) it.  

For example, web browsers let you adjust settings to delete and even prevent the setting of cookies. (Disabling the cookie feature will make some websites inoperable.) While Google is criticized for tracking its users, it nevertheless has an extension for its Chrome browser (Do Not Track Plus) that blocks tracking from the websites you visit. It even keeps a count of the blocks.

Microsoft earned the wrath of advertisers recently when it said that its forthcoming Internet Explorer 10 will come preset to block tracking. "This is causing a certain amount of shouting from the advertising side of the internet business: for being able to track a browser's interests (rather assumed by looking at where they've been) is what adds value to ads," Tim Worstall writes at Forbes.com. Of course users are free to turn off the feature, but few are expected to go out of their way to be tracked. Kashmir Hill of Forbes.com reports that "some speculated that it [Microsoft's decision] was an attack on Google making it harder for Microsoft's chief rival to offer premium ads based on detailed profiles of users." Keep in mind that advertises are willing to pay more for a targeted ad than for a blunderbuss.   

Another way to protect your privacy is to use a search engine that won't save your data. The World Privacy Forum says that Netherlands-based Ixquick (or Startpage.com) is a "search engine that has more advanced privacy features than most." It took only moments to make it the default search engine in Google's Chrome browser, and it can be added to Firefox and Internet Explorer. Ixquick says, "Since January 2009 we do not record our users' IP addresses anymore," adding, "Ixquick does not share personal information with any third party search engine or the provider of its sponsored results."  

If you're concerned about privacy intrusions with web-based email, EPIC lists services that do not engage in content extraction: Rediffmail and Aventure-mail.

Anonymous web browsing is promised by a variety of services, including KProxyand Hide My Ass. These sites claim that they do not provide IP addresses or other information when browsing.

Users of social networks like Facebook should check their privacy settings carefully to make sure information is not available to people outside their circle of friends.

Kashmir Hill of Forbes.com offers more tips to protect your privacy.

While perfect Internet privacy is a chimera, individuals can do much to protect themselves. But there is no real alternative to user vigilance and self-responsibility.  One can keep up with the latest threats to Internet privacy by monitoring organization sites such as EPIC, the Electronic Frontier Foundation, the ACLU, and the Center for Democracy and Technology.  

What you don't want to do is rely on the government proactively to protect your privacy. Despite the Fourth Amendment protection against "unreasonable searches and seizures" and warrantless surveillance, the national government shows little respect for our privacy. When the George W. Bush administration was caught wiretapping without obtaining warrants from the rubber-stamp FISA (Foreign Intelligence Surveillance Act) court, Congress simply legalized the practice. The Privacy Rights Clearinghouse states, "The USA PATRIOT Act, passed by Congress after the terrorist attacks of September 11, 2001, and amended in 2006, makes it easier for the government to access records about online activity.In an effort to increase the speed in which records are acquired, the Act eliminates much of the oversight provided by other branches of the government.And it expands the types of records that can be sought without a court order." 

Moreover, the government can obtain "sneak and peak" warrants, which permit searches without the suspect's knowledge or ability to mount a court challenge, andnational security letters, a subpoena issued by a federal agency without the approval of a judge for, say, email addresses used by a suspect.  

All of this adds up to a far lower hurdle for government agencies that demand information about Internet users from ISPs, websites, and search engines. Abuse is to be expected. (Google reports on the requests it gets from the U.S. and other governments for information about its users.) Indeed, the ACLU reports, "Justice Department documents released today [Sept. 27] by the ACLU reveal that federal law enforcement agencies are increasingly monitoring Americans' electronic communications, and doing so without warrants, sufficient oversight, or meaningful accountability." 

The Irish statesman John Philpot Curran was right: "It is the common fate of the indolent to see their rights become a prey to the active.The condition upon which God hath given liberty to man is eternal vigilance; which condition if he break, servitude is at once the consequence of his crime and the punishment of his guilt." 


The above originally appeared at The Project to Restore America and is reposted with permission.  

6 comments:

  1. If you use chrome, try PrivacyFix, it's not perfect, but it helps fix some of the common privacy holes.

    https://privacyfix.com

    ReplyDelete
  2. Cryptohippe - check it out. Secure VPN, email, and more!

    ReplyDelete
  3. There's some helpful tips there, but IMO the first principle for Internet access is don't say anything you wouldn't want your worst enemy to know. And by "say" this includes not just emails and Facebook posts, but also usernames and passwords, websites you visit, anything you upload, anything you put into a form, files you download....

    ReplyDelete
  4. http://www.identitycloaker.com/

    This is a great service I use. Proxy locations around the world. You connect to the proxy encrypted and the proxy IP is what shows up when you hit the website you want to go to. Easy to know its working... when I get emails (and sometimes phone calls) from my banks and credit cards because they think someone from another country hacked into my account. (I have since told them not to worry about it and they have relaxed the calls.)

    $ for service.

    ReplyDelete
  5. First, HideMyAss is a VPN service but HideMyAss will not protect your privacy.

    Second, I wonder why is Tor not mentioned here. No one has control over it, it's open and there are so many people working on the project that governments can't do anything about it. EFF has a handy little interactive graphic.

    ReplyDelete