How to avoid being tracked online
The government wants to know what you're doing online. Nicole Kobie reveals how you can avoid such snooping
Every time the government talks about online surveillance or blocking sites, there’s a stock response from tech-savvy activists: there’s no point, it’s easy to dodge. Indeed, the day a court ordered five of Britain’s biggest ISPs to block The Pirate Bay, the site reported a surge in traffic – and used the opportunity to promote ways to circumvent the ban.
While the government is yet to reveal its full web surveillance plans, it already has access to our phone conversations and online activity. ISPs and web services such as Google and Facebook are required to keep data on users, such as sites visited and searches made. With a court order or warrant, it’s easy to access such information or tap into real-time conversation. However, it’s also possible to use simple – often free – tools to keep them from seeing too much.
We reveal how to dodge online censorship and prevent digital wire-tapping – and warn about the limits of the VPNs, encryption and other tools in our arsenal.
The first step is to encrypt your browsing, which should prevent anyone tapping the line from reading your data. Sites such as banks and Gmail do this by default – a reaction to the Chinese hack that saw Google’s search pulled from that country – but others require users to switch it on.
Find out more
While it’s easy to type HTTPS ahead of the URL, or tick the box in the settings of Facebook or Twitter, extensions such as HTTPS Everywhere force the browser to use the secure version of a site (if there is one).
Google’s search offers a secure version.
“Normally anyone with access to the network – anyone on the same network as you, or the ISP, or a government that’s tapping things – would be able to see exactly what you’re searching for and the results that come back,” says Seth Schoen, senior technologist at the Electronic Frontier Foundation (EFF). Using the encrypted version, this information is protected.
Encryption isn’t perfect. It depends on the security of certificate authorities – not guaranteed after a run of hacks targeting Comodo and DigiNotar last year – and anyone with access to your PC could alter certificates without your knowledge.
However, encryption does prevent snooping over Wi-Fi networks and keeps ISPs from seeing the content of your communications, if not where they’re headed to. “If people are concerned about the content of their communication, then they need to make sure they’re using HTTPS,” says Schoen.
VPNs & proxies
Those who are worried about revealing their IP address and browsing destinations need to look to tools such as proxies or VPNs. Proxies mask an IP address: type in the site you’d like to visit – say, The Pirate Bay – and it re-routes traffic, letting it dodge censorship such as country-specific site-blocking, and prevents others from seeing your IP address. Free proxies are widely available on the web, as are free and paid-for VPN services, which offer further protection via an encrypted tunnel for your traffic.
Widely used to access content with geographical restrictions or simply for added security, VPNs don’t offer perfect protection. Any company can be subpoenaed for data – as an alleged LulzSec hacker found out, after the UK firm HideMyAss passed over data on his logs last year.