appnext

Kamis, 30 Maret 2017

Ask AC: How can I protect my browsing history from my ISP?

There's no foolproof way to be 100% anonymous, but you don't have to just give away your data without a fight.

You ISP has been given free reign to record 100% of what you do online and sell that information to the highest bidder. An FCC rule designed to at least get your permission was voted away by the people elected to represent us, and an existing FTC suggestion to allow us all to opt out will continue to be ignored.

Your personal information and data is no longer yours or personal once your ISP gets ahold of it.

There just isn't anything you or I can do to change the fact that we pay for a service and the people who collect our money every month can sell everything they know about us and they have no obligation to anonymize any of it. To the companies that provide internet access, we are cattle. Moo moo buckaroo.

We don't have to give them any useful information, though, and there are a few things you can do to make some of the data about where, when and how you use the internet nothing more than wasted hard drive space if you'd rather decide for yourself how it gets spread around.

Not all data collection is terrible

First, let's be clear on a couple things. Your ISP, whether it's Comcast or Time Warner or AT&T or whoever (including the people you pay for data on your phone every month) collecting data isn't always a bad thing and that's not what has a lot of people upset about the recent changes. Any company that provides a service can provide a better service when they know how people are using it, and there's probably not someone in a basement office watching you use the internet. Trading data for a better service is something most of us do all the time, even if we don't know it.

A service can become a better service if the people offering it know how we use it, but selling it off is a different matter.

Google, Facebook, Microsoft, Apple and plenty of other companies also offer services that use your data as currency instead of charging actual cash. What they collect is every bit as intrusive as what your ISP is collecting and we all need to remember that. The difference is that we aren't paying every month and we can say no and not use their services. We're also told up front what is being collected and what is being done with it all and even your Android phone gives you the option to just say nope and not use anything from one of these data-thirsty companies. Incidentally, the companies who make the phones we love to buy don't have a similar opt-out. You either say yes to letting Samsung or HTC or whoever collect your data or you put your brand new phone back in the box and sell it on Swappa because it's now used. Another post for another time.

So if you need internet service — and we think internet service is now a need the same way electricity and potable water are — you have no option other than paying someone who will handle your personal information with zero regards to your privacy.

Your best protection

We can't stop them from harvesting our data then using it in a way that raises security and privacy concerns, but we can try and make the data worthless as possible by changing how you use the internet. There are two ways to go about this, and luckily both are pretty easy to use with our Androids. Both involve intercepting the web traffic to and from your phone.

Use a VPN

Most people are familiar with the term VPN, but not everyone knows what exactly a VPN is. Think of it as a computer on the internet that lets you connect and use its connection to send and receive web traffic. It's more complicated than that, and if you're curious how they work and why Cisco's Internet Protocol Journal will tell you everything you ever wanted to know about them and then some.

Using a VPN means a look at the data collected by your ISP will show when you connected to your VPN, what VPN you used and where you were when you used it. That sounds like the easy fix, right? Not really. There are some issues with relying on a VPN to keep you completely anonymous, and they can't be ignored.

  • Using a VPN only changes the "area of attack." You need to make sure the VPN you are using doesn't keep any records and is in a location where they aren't required to do anything extra to fulfill a request for user data. There is nothing keeping a VPN company from selling your data back to your ISP other than their own policies.
  • A VPN won't block data collection from apps and services that are probably already installed on your phone. If you bought your phone from a carrier, they probably have something in the software to tell them exactly how you are using it. They can now sell that data.
  • Not everything can use a VPN and those fancy internet-of-things gadgets can create a nice little profile about you for your ISP to sell to someone with enough cash to afford it. Many of those gadgets have an app that can collect extra data from your phone itself.
  • A VPN can't stop an evil company from injecting evil data packets to track your every move while you're online. Yes, this is what Verizon got caught doing. But don't think Verizon is any eviler than anyone else.

You can find companies who sell VPN service and provide an Android app to make using it on your phone easy. I hesitate to list the best of them because that depends on your needs. Look for a company that doesn't collect data, is in a country that doesn't require them to enable collection when asked, and has no censor in place. Right now I'm using Privateinternetaccess' VPN Tunnel service and have also had great results with BlackVPN. But am always on the lookout for something better.

You can also get super hardcore and set up your own VPN on a remote server as well as run a tunnel through your router. Those are outside of the scope of this "easy" talk, though.

Use TOR

The TOR project is a volunteer-based group of people and companies who maintain servers that route encrypted internet traffic through a randomized and complex path of tunnels. From a user perspective, it's a proxy that we point our network traffic at, and the software used by folks who keep it up and running handles the rest.

TOR is recommended by organizations like Indymedia and the EFF to help keep anonymous and safe while online. U.S. Naval intelligence, as well as hundreds fo law enforcement offices, use it when they need to hide their tracks online and so do millions of people like you and me. Using TOR means your ISP will see a connection to one of a pool of random servers instead of a connection to a particular website. But it also has some drawbacks that keep it from being the perfect solution.

  • TOR won't block data collection from apps and services that are probably already installed on your phone. If you bought your phone from a carrier, they probably have something in the software to tell them exactly how you are using it. They can now sell that data.
  • Not everything can use a TOR client and those fancy internet-of-things gadgets can create a nice little profile about you for your ISP to sell to someone with enough cash to afford it. Many of those gadgets have an app that can collect extra data from your phone itself.
  • Your ISP will see a connection to a random TOR node and know you're connected to a TOR node. Unfortunately, that can be a red flag. The U.S. Government is highly suspicious of everyone who uses TOR and considers users as a foreign national and a "cause of concern" by default. People and companies hosting exit relays are always at risk of being shut down and having equipment seized. Feel that freedom wash over you.
  • TOR can be slow. As in very slow.

On the plus side, TOR is easy to set up on Android. FireOnion is a preconfigured TOR proxy and browser you can get from Google Play that just works. OrBot is a preconfigured TOR proxy for Android that can be used with any app that allows you to use a proxy service. The OrFox Browser pairs well with OrBot, and both are official products from the TOR project themselves. They too are available from Google Play.

Every little bit counts

Neither of these options is foolproof. Outside of leeching from someone else's Wi-Fi and having your browser history connected to them (don't you dare) nothing is a 100% way to hide from a greedy ISP. But every little bit counts and this is what can be done in the now while people work on better ways to protect yourself in the future.

Stay safe.

Tidak ada komentar:

Posting Komentar