As the attacks on Wikileaks, and the response from Anonymous has developed, I’ve begun to think again about the issue of privacy on the web.
As a generation, it’s something that we often scoff about – privacy? When your whole life is available online in a handy profile format via somewhere like Facebook, questions of privacy seem a bit trivial.
It’s here already. Who cares if people know what I’ve done today or not?
However, I’m not going to go into the arguments about voluntary offerings of private information such as on social networking sites, as that’s a debate for other people to blow off a whole load of steam about elsewhere. Instead, I’ll focus on the involuntary or more subtle ways in which information is gathered and could be used that you may not know, expect, or pay much attention to.
This does also include those that choose to divulge details of their life in certain online locations, for reasons which will hopefully become clear.
Why should you be concerned?
Every time you access the internet, the sites you visit and data you transfer is subject to logging and monitoring. If you use the web at university or work (including connecting in from home via VPN, this is a bit of a no-brainer, but network staff can and do have access to everything from your email accounts to what sites you’ve visited. There are almost always policies in place to guide how and when that data should be used, but when are these followed strictly in practice? I’ll let you take a guess. This information can and probably will be given up to the police if they have any sort of interest in you at all. Most people’s computer systems will reveal a hell of a lot about them that may be misrepresentative.
To use a topical example: If you were one of the semi internet literate people who were angry about Mastercard’s decision to suspend transactions to Wikileaks, you may well have downloaded the appropriate DDoS tool which was plastered all over every media outlet in the Western world and engaged in ‘cyber terrorism’ without really knowing what the legality of that action might be.
You might also simply have clicked to join and read in the IRC chat where the attacks were being discussed, or followed the Anonymous account on Twitter, which are unquestionably being monitored and recorded.
Would you really want this information shared with whoever cares to look at it? Probably not. Whilst you may not even have committed any crime, how will narrow sighted future employers and law enforcement agencies look upon your visits to dubious websites?
So what can you do to protect yourself?
Proxies: One of the oldest, and most beautifully simple of tactics for internet privacy. We all are familiar with the basic web proxies that let us circumvent the web filters at school to get onto blocked websites, but they were often slow, often unreliable, and almost always blocked themselves.
How does it work? Simple. Instead of directly connecting from your computer to the website you want to visit (or any other type of traffic), you route your connection through somewhere else on the internet. The result is that it looks as if you are actually accessing the site from somewhere else on the internet. Genius.
With new technology and much faster web connections, coupled with the proliferation of laptops, we have far more control over this now, and the Tor Project is one of the best pieces of proxy software that’s ever been created.
By connecting to the Tor network, you are routed through one of hundreds of other Tor users, bypassing all restrictions on the current network by tunnelling your connection through theirs. Not only does it give anonymity, but plausible deniability, since a page accessed by a computer connected to the Tor network could in effect have come from anywhere.
SSL: What it stands for isn’t important, but it’s something you’ll be familiar with already for things like PayPal and credit card payments online. You can tell if the connection is secured by the familiar ‘padlock’ in the browser, or by the ‘https://’ at the start of a web address.
What this does is encrypt your connection to the website you’re trying to access, so that if anybody should log or try to monitor that traffic, all they would see is garbage. Whilst people may see the URL you are accessing, only you and the end user know exactly what is being said or done. Couple this with a good proxy and you’ve got a good wall of protection against anyone trying to misrepresent or misinterpret what you’re up to online.
What you might want to think about is moving from using SSL simply for financial information to normal web browsing where possible. GMail recently switched all of its email connections to SSL – remember the case of the Chinese emails accounts being compromised?
What if you’re not a human rights activist? Not too long ago there was a bit of software released on the net called ‘FireSheep’ that gave people the ability to snoop other users’ login details who were connected to the same network.
What’s that mean in English? If you signed in to Facebook (or Twitter, or Youtube, or..) at work or university or any other network where lots of people connect (even your home wireless with two or more people on it), this tool gave them complete access to your account.
There are more and more sites springing up with SSL for regular browsing also. Google has a little-known encrypted version of its search engine here. Even Facebook itself has got a secure version accessed by adding https:// here. To save you having to input a different address manually every time you want to use a site securely, there are plugins for Firefox users such as Force-TLS.
This is only really the beginning, and only really applies to the web. For actual computer related security, there are completely free tools such as TrueCrypt which allow you to encrypt whole chunks of your hard disk to keep sensitive information – be it private pictures or passwords or anything else. All this can be done in 256 bit encryption – that’s the same kind that the Wikileaks ‘Insurance File’ uses. The same kind that would take an uncalculable number of years to decode.. all for free, on your laptop.
Does it seem a bit extreme? Possibly. For those that are relatively new to living with such huge personal amounts of information in a cyber world, it can be difficult to understand, but as the tech increases, it’s becoming more and more important for people to understand this sort of thing, or else there will be bigger and bigger losses in the so called ‘infowar’