Practical Internet Privacy – PostScript

Email Print
FacebookTwitterShare

There are lots of reasons you might prefer not to have every website you visit and email you send logged and recorded for years to come. I can't think of any why you would. In many countries, however, internet providers are required by law to do just that.

According to the London Telegraph, from April 2009 that now includes all European Union countries. For the tech-minded, here are the gory details. You can be sure it is being done elsewhere, legally or otherwise. For a global overview with "heat map," you can check out last year's "Electronic Police State" international rankings here. Surveillance is even more intense in large corporate or government environments, where you may also have trouble visiting certain "unapproved" sites.

At the other end of your internet connection, the same thing may be happening. Browsing and emailing, for example, usually discloses an "IP address" — the equivalent of your internet telephone number — which can be traced to you through your internet provider. Many sites, such as Google, also build up a profile of your activity based upon your IP address, "cookies" (data stored from earlier visits), search requests and other factors, which can be retained indefinitely. Forums and blogs will often record your IP address along with your comments and retain them for years.

This was underlined to me some time ago, when I had a problem with a Google search. In order to proceed, they required verification by typing in random letters, partially obscured in an image. After a couple of failed tries, on the third attempt Google presented me with a word consisting of my name complete with a spelling mistake peculiar to details held by my internet provider (a large multinational). At that moment, I was not using any privacy techniques. Nevertheless, I now have a new provider and often use the powerful, private Ixquick alongside Google.

Individual hackers can be a danger when they identify your IP address: A 17 year old boy was recently jailed for what is known as "Swatting" his online gaming opponents. According to The Register, on multiple occasions, he obtained their IP addresses and hacked their internet provider for their personal details. He then called in armed SWAT teams to their houses by faking ("spoofing") their telephone numbers in emergency calls.

You should note the low to non-existent standards of evidence under which the State will dispatch violent military force against the innocent. In fact, not only did the State effectively assist him, he was much less guilty when compared to the confiscation, tasering, torturing and killing of governments everywhere against their own opponents.

This highlights by far the biggest privacy concern: Accumulated profiling by Big Brother in order to identify dissenters, protesters, whistleblowers, tax escapees and political opponents.

But, there are fairly easy ways to keep "two sets of books" with your internet provider and also to "anonymize" your site visits, posts, chat, voice, video and email. It all starts with a clean computer:

Practical Privacy — Stage 1

Many PCs are riddled with viruses, spyware, toolbars, "helpers" and weighed down with bloated "security" suites. If you have a PC, then do what I have done for many hundreds of customers in recent years: First, get rid of Norton/Mcafee or similar bloat-ware and restart. Next run "msconfig" as in this tutorial (Vista users just type "msconfig" in the Search box). Restart.

The best and leanest antivirus is currently the free Avira Antivir. You will also need weekly or monthly manual scans with Spybot (un-tick all options except Desktop Icon on install). Do a scan with both and that's it. In case of a stubborn problem try a Malwarebytes one off scan. If problems persist, then a backup and system reinstall is needed. Note that you don't need a complicated firewall because your router acts as a double hardware firewall, plus there is an adequate built in Windows firewall anyway.

With a clean, fast computer the first and easiest privacy step is to clear it of data retained from previous activity. This can be available through the internet to others via things like cookies and add-ons like Java or Flash. You can clear it in this way:

On a PC, get the free CCleaner. Un-tick everything except Desktop and Start menu shortcuts on install. Ideally, run CCleaner just before and just after any private browsing is required. The standard settings are fine — except be sure everything is un-ticked under Options>Advanced. Expect the first run to take a while and to be surprised how much junk there was. After that it will usually be instant. For an equivalent, Mac users can use free programs like "Onyx" or "MacJanitor."

With this security setup and a little care about what you click on, you can have years of trouble free computing, with the basics in place for some privacy.

Practical privacy — Stage 2

The next step is to obscure your activity from your internet provider, and to obscure your identity at sites you visit. There are several ways of doing this — most requiring technical knowledge of things like "proxies" and "shell accounts." But there are easier ways:

In an emergency, one obvious way is to drive around with a laptop and find a public or open internet connection. This would normally only reveal your general geographic location. If you are not doing anything to attract, for example, SWAT teams and are not hogging a lot of bandwidth, then you are harming no one. Long range wireless is also an option.

One other way would be to use the TOR anonymous internet system. The only problem here is the unreliable browsing speed. It is quite easy to install and try, though.

For a permanent, reliable solution you need access to a Virtual Private Network or "VPN" service. VPNs are often used by businesses to securely log in to office networks from home. A VPN privacy service can completely obscure your IP address from sites you visit, while obscuring and encrypting the content, sites and servers you visit from your internet provider. Basically, it will tunnel everything you do to another computer in another part of the world of your choice. It does mean trusting the VPN provider to some degree (the best keep no logs) and it does mean paying a subscription. But you will get fast or even full internet speeds — in my own case, reliable enough to do chart based day-trading.

Both Mac and Windows users can easily connect using the basic VPN software already built in. Or, there is a better solution called "OpenVPN." Versions of this on the Mac include "Viscosity" and Tunnelblick. The service provider will supply instructions.

One VPN service I use is Perfect-Privacy, with multiple servers around the world. I also like the very low cost SwissVPN in Zurich. Bear in mind that lag will increase the further away you are from the VPN server. There are many others (metropipe, cryptohippie, xerobank, secretsline etc.).

One technical warning about "DNS leaks": These can bypass your VPN so that although actual content is secure, the names of sites visited could be visible and therefore logged. The fix does require extra steps but is reasonably easy: full instructions and a test here.

Email Privacy

With a VPN setup, you can be less concerned about trusting email providers and using encryption. Just get a free web based email address in another country and always use the VPN to access it. However, be careful not to include identifiable personal info in the email content.

In addition, for moderately sensitive email content, both sender and recipient could use temporary Hushmail accounts. Or, learn to use highly secure PGP encryption with any email provider. Other free options include Mailvault (with easy PGP built in) the secure (but US based) Cryptomail, Privatdemail. Subscription options include Neomailbox and GeneralMail. However, unless you encrypt your own email, remember you are placing trust in an unknown service provider. Rumors abound, for example, that the popular Safe-Mail is a Mossad "honeypot" — though I have seen no real evidence of this.

Voice and Chat Privacy

Because a VPN connection is a secure tunnel (at least, from you to the VPN server) there can be less concern also with voice, video and chat services. However, here are some extra security steps:

For extra Instant Messaging security, try OTR. For voice and video content there is ZPhone (at both ends) in conjunction with Yahoo messenger or Apple iChat. Skype will conceal content from casual eavesdroppers, but many suspect a "backdoor" and your activity is logged by their software. Gizmo5 may be an alternative with its internal encryption, plus it will work with Zphone. SIP Communicator is a one-stop secure video/IM/chat solution with encryption (including ZPhone) built in.

But do be aware that unless you use a VPN, voice and email encryption only prevents wiretapping of content and does not prevent tracking who you are and who your contacts are.

Phone Privacy

For interaction with regular telephones you really need a "SIP" account — which is a bit like an email address for voice/video. These can also be assigned a regular phone number.

Get a free SIP account from IPTel, AntiSIP, SIP2SIP or PBXes. VoipUser will also give you a free incoming and outgoing UK telephone number. You can get a free US incoming number from IPKall. An incoming local number could be forwarded and used in conjunction with an "offshore" outgoing provider (eg. Link2Voip, Switzernet, Peoplefone, Voipgate) for call records privacy.

Note that "IAX" is a better but less common alternative to the SIP standard (see IAXterminator, EuroIAX, Les.net, Voipgate).

The popular but US based CallWithUs offer calls (only) via their own OpenVPN connection, as do Brujula. Link2Voip offer "IPSec" VPN access for calls, useable with some dedicated routers, from computer desktops, with the iPhone/iPod Touch, and with most Windows CE smart-phones and PDAs (IPaq, HTC etc).

If you do not have an incoming phone number for your SIP account, with some providers you can still be called using the free SipBroker service. This service has local numbers in many countries and you are contactable via an "extension" number after the local number has been dialed.

Making calls through a VPN does reduce the need for call encryption. But, on top of that, free software like Qutecom and MiniSIP have end to end encryption built in. SIP Communicator includes encryption not only for SIP calls, but also secure video/IM/chat. XLite does not include encryption, but is very popular and will work with Zphone. Also see Zoiper for both IAX and SIP.

In practical use, there is no need to be bound to computer speakers and microphone: you can easily use USB, wireless "bluetooth" (inc. mobile phones) and other handsets.

A SIP account will also work without the need for a computer via special standalone "IP phones" or with regular telephones via SIP adapters. These plug in to your home broadband router. But if you want them to go through a VPN, there are then two options: You could set up "Internet Connection Sharing" on a dedicated old computer with a VPN connection. Or (for the tech-minded only) here is the setup for a specially modified home router. For offices, the Draytek 2820 looks like a one stop broadband/VPN/SIP solution.

Mobile Call Privacy

When on the move, wi-fi and SIP capable mobile phones, PDAs, or netbooks can offer more privacy than a regular landline or mobile call, even without a VPN connection. But it is possible to use a VPN through public wireless networks from many smart mobiles:

The iPhone and the iPod Touch offer an easy solution by including VPN software. The Apple app store offers SipPhone to make calls. Third party offerings like Fring and Gizmo5 also work, but with less privacy and more lag (search for Youtube tutorials). You will need a microphone or hands-free set for the iPod Touch. "Jailbreaking" the iPhone/iPod Touch opens up other options, including Siphon — obtainable through the alternative "Cydia" download source. 2G iPod Touch models can easily be set free in less than 5 minutes, older models in less than a minute. You can be sure of a solution from the same sources after new updates.

The IPaq and other "Windows Mobile" phones and PDAs include VPN connection software. OpenVPN is also available for some. For making SIP phone calls, SJPhone is popular, PortSip is another.

Nokia or other "Symbian" models need SymVPN — also check that particular models have a SIP dialer inbuilt (eg. Nokia E51).

But overall, a tiny netbook could be the stylish, all in one privacy option for home, office and on the move. For voice calls, it might be most convenient when used with a bluetooth (i.e. wireless) headset/handset or linked to a bluetooth mobile phone. You might consider the Asus EeePC 1000HE with 9.5 hour battery life, or the popular Samsung NC10.

Payment Privacy

Of course, one big problem — and partly the reason I have suggested many free services — is a lack of internet payment privacy. This strengthened the now pervasive custom of demanding personal, private information with every transaction. Here are some solutions to look at:

In the US, you could check out the various over the counter Mall Cards available. While in the UK and Europe, Paysafecard (eg. for Amazon vouchers), UKash, and the Prime Card or Payzone prepaid debit cards are the nearest equivalents to cash online I have found. UnLinq is a worldwide (US based) card option. There are also "virtual card" resellers with varying degrees of privacy. Debitcards4all currently have a good reputation at the talkgold forum, where you can also find other available options.

You could also look at gold or fiat backed e-currencies. However, stability is a concern as is the intrusive information demanded by most exchangers — even if you pay in cash. Of all e-currencies, the soundest may be Pecunix. The most widely accepted — since the fall of e-gold — is probably the fiat based Liberty Reserve.

For lightweight privacy, note that in many countries you can add an additional cardholder name to an existing card account.

Identity Privacy

Under the present system, if you want to avoid identity theft, hacker attacks, profiling and more; you need to be cautious about giving out personal information:

Wherever possible, refuse, confuse or completely separate your name, address, date of birth and any other identifying numbers. Understand that you do not have a moral obligation to help a stranger track you against your will. Legally, at least in common law countries, you can call yourself whatever you like. I also do not recommend you supply, for example, your actual date of birth — just to open a free email account.

Some online privacy suggestions:

Always "enhance" your date of birth; If you must supply your name or, for a delivery, your home address, then not both together; Make use of junk email services like Mailinator or Dodgeit; If possible, don't register — use logins from bugmenot. Create throw away email addresses for minor online registration/confirmation; Maintain separate, completely isolated email addresses for important functions; Use aliases or alternate spellings of your surname and make use of your middle name/s; Google multiple occupancy or serviced office addresses when a verifiable address is demanded; Make sure any supplied address matches the VPN country you are using; Consider setting up a mail-drop — near and/or far; Develop alternate signatures for forms, packages etc. and compartmentalize their use; Incorporating an LLC or using a business name can have privacy advantages; Make special efforts regarding the personal details held by your ISP and/or telco; Consider posting well wrapped cash or money orders for purchases.

Whenever supplying information online, assume it will be incorporated into a database forever. Assume that this will then be incorporated into a bigger search engine that merges multiple databases with all information about you. Assume that this will be available instantly to friend or foe, for free or a small fee.

Data Backup Privacy

Special steps are needed for storing and transporting data privately, including through customs checkpoints, where your laptop could be seized:

Tiny micro SD cards are currently available up to at least 16 Gb. These can be tucked into a lapel, collar, hair clip etc. Or, an ideal, discreet and radiation proof solution would be inside a covert coin. Another option is to encrypt your data and upload it to the very useful, free Stashbox service, which will immediately return a web address to download it from later. Of course, there is always the old, "send it as an email attachment to yourself" method for smaller data backups.

Conclusion

Some might argue that actual criminals or terrorists could use these techniques to hide themselves. Possibly, but more likely they have other ways — like hacking in and controlling other people's computers, using other people's credit cards, and letting someone else take the blame. Either way, why should we all go into slavery, just to be "protected" from them?

Remember that governments are not omnipotent, though they would like to be. In reality, they are relatively few in number and there are many practical, economic and technological limitations. Also keep in mind sheer information overload — there can only be so many watchers.

But there is a real threat, particularly if you are targeted. In these perilous times I hope these privacy techniques will encourage you to speak out more freely and help you maintain more financial and personal security.

Paul Green [send him mail] was born in the UK and currently works from home there as an independent emergency callout specialist for home and small business computer users. He is married with five children – all at home – and the three of school age are homeschooled. Over the years he has also traded the financial futures markets and worked as a one-stop advertising copy writer/ voice-over artist/ music and jingle producer.

Email Print
FacebookTwitterShare
  • LRC Blog

  • LRC Podcasts