Tech Sense: Stay Private
Earlier this month, the legislative branch of our government passed a law repealing FCC Internet privacy rules and allowing Internet service providers (ISPs) to collect and sell information about the Websites each of us visits. The President signed the bill immediately after it passed both houses. It seems that lawmakers figure there is no need to keep our browsing habits private even though we use the Internet to explore things like health issues, finances, and entertainment, all topics that have been deemed to be private matters in other federal laws and court findings.
This month's column is an effort to provide you with some tools to help protect your privacy.
Ever since releases via WikiLeaks and from Snowden made it obvious that people are watching our Internet activities, there has been a movement in Web communities to make sure all of our browsing within a site is secure. This movement is known as "HTTPS Everywhere." HTTPS is the secure protocol for browsing the Web (as opposed to HTTP). When you connect to a Website using HTTPS, all of the Web traffic between your browser and the site is encrypted. Your ISP knows what site you are accessing but can't see the individual pages or the content of the pages. So, for example, the ISO would know you went to WebMD but does not know you searched about Parkinson's disease. You can easily tell on most current browsers if you have a secure connection because a green lock will appear on the left of the address bar. The Electronic Freedom Foundation (EFF) has even created a technology to make it easier for Website operators to receive and deploy the certificates required to make these secure connections. Cloudflare also provides a free, secure proxy that can provide some protection for sites that are unable to secure their pages through other means. Most secure sites will force you to a secure connection if you try to connect using HTTP. If they do not do this, try to use HTTPS in front of the URL to see if you can connect securely.
Virtual Private Networks
A virtual private network (VPN) sits between your browser and the rest of the Web. The VPN encrypts the connection between your computer and the Web. Your ISP only sees the connection to the VPN and is not able to see any of the sites that are visited or data exchanged. VPN technology is popular with travelers so they can browse safely in hotels and restaurants without anyone nearby being able to monitor what they are doing through the network. VPN services typically cost $30 to $60 per year. Not all VPN service providers are secure, so it is a good idea to research VPN providers before choosing one. This may be a topic for a future column.
Tor (The Onion Router) is a special service for those that need extreme privacy on the network. It was originally designed and created to provide a means of private communications for freedom fighters in countries where freedoms are limited. Unfortunately, it has also become a favorite choice of criminals. While it does allow private communication, it is probably overkill for basic Web browsing.
Your ISP sees all of your Internet traffic. Because most people do not have a choice of ISPs (we are a lucky community to have two providers), Internet users have no choice but to be exposed unless they take precautions like the ones we have discussed. However, it is easy to forget that search providers like Google and Bing see not just your searches but also the results that you click on. This is why ads about what you were searching follow you on the Internet. If you have sensitive topics you want to search (like a health issue for example), try using DuckDuckGo (https://duckduckgo.com). DuckDuckGo does not track you and ensures privacy in your search.
Opt-out versus Opt-in
The current law as it is written allows a consumer to opt-out of information sharing instead of the more consumer-friendly practice requiring a customer to opt-in if they want their ISP to share their information with other companies. There are some issues with this. For example, Verizon for many years injected a special Verizon "super-cookie" into each HTTP message allowing customers to be tracked across multiple Websites. Verizon sold access to the customer's identity, but it normally isn't too difficult to uncover the identity without further Verizon help. Verizon did this without informing its customers and only provided an opt-out when the cookie behavior was disclosed through news outlets: http://www.theverge.com/2016/3/7/11173010/verizon-supercookie-fine-1-3-million-fcc.