Friday, February 17, 2012
The Key to Staying Private When Big Brother is Watching
“For the first time ever, it will become technologically and financially feasible for authoritarian governments to record nearly everything that is said or done within their borders – every phone conversation, electronic message, social media interaction, the movements of nearly every person and vehicle, and video from every street corner.”
This was from the opening paragraph of a Brookings Institution report (PDF).
Does that send chills up your spine? If so, don’t read the rest of this article: you might not touch your computer for a week.
As I discussed in the case for e-mail diversification, planting your electronic flag is certainly an important part of the “online privacy equation”, as it gets the storage and routing of your e-mail messages out of jurisdictions which are not respectful of your privacy.
However, there are additional concerns that you should be worried about.
Many Internet Service Providers (ISPs) in the western world are required by law to track nearly everything you do online. While the US government has been trying to hide their electronic wiretapping program as a state secret, the EU made theirs public by passing the Data Retention Directive of 2006. Article 5, under “Categories of data to be retained”, lists the gory details of what is tracked. This is required for home phones, mobile phones, Internet telephony and e-mail. And depending on the country, this information will be kept for 6 months to 2 YEARS.
Under the Data Retention Directive, here is what is being tracked in every e-mail sent:
- Your name and address
- The name and address of everyone you send e-mail to
- The time and date you logged on and off of your Internet service, along with your IP address and username
- The time and date you sent your e-mail
- Your computer’s operating system, hardware, and other identifying information
Other EU countries are taking electronic surveillance even further. Denmark, for instance, passed a law in 2007 tracking all Internet access, not just e-mail and VoIP calls. And Sweden, while delaying implementation of the Data Retention Directive, passed a law in 2008 to record all Internet and phone communications which cross their borders.
Forget about authoritarian governments, democratically elected ones are tracking your every move online.
So how do you gain some manner of privacy in this environment?
By creating your own private network across the Internet.
How to make the Internet your own private network
A virtual private network (VPN) allows users to access private networks (like the corporate network of your employer) by creating an encrypted “tunnel” across the Internet between the user’s computer and the private network. The encryption ensures that any information shared between the user and the private network is kept safe from prying eyes. It is similar to the encryption between a secure website and your web browser, except it protects all the traffic sent over that network (including things like e-mail, instant messaging, and Skype) and not just web traffic.
A number of service providers are taking this to the next level. They allow users to connect to their networks via a VPN “tunnel”, then access the Internet through their private network.
How does this give you more privacy?
- Over your regular ISP network, all of your traffic is being monitored. The ISP can see what sites you are connecting to, who your e-mail provider is, what chat services you are using, and so forth. When you enable your VPN “tunnel” to access the Internet, the only thing your ISP can see is your connection to your VPN service provider, not anything else. (Your connection to the VPN service provider is highly encrypted, so your ISP cannot see what is happening “inside” the tunnel.)
- A VPN also provides protection when using unencrypted “free Wifi” networks that you may use at coffee shops and airports while traveling. It is much easier than people expect for hackers to break into these networks and steal your usernames and passwords. But if you are using your VPN “tunnel” to access the Internet, hackers will not be able to see where you are going online, and all of your information will be protected.
Also, most Internet sites and services you connect to are monitoring your connections to their servers.
Google, for instance, records the IP address with every search you make in their search engine. Most websites also record the IP address of your computer when you browse their web pages. Chat networks, e-mail providers, all record the IP addresses of those who are accessing their network. When your Internet connections pass through the provider’s network, these sites will not see your computer’s IP address. Instead, it will only see your VPN service provider’s address. Many times, this IP address will even be in a different country from your own!
So, by using a VPN, your Internet Service Provider cannot track where you are going (other than seeing you connect your VPN), and remote services like Google, Amazon or whatever do not know where you are coming from.
An interesting side benefit: some VPN providers let you choose the country from which websites will think you’re visiting from.
How is this useful?
Well, let’s say you’re an international traveler who is also a Hulu addict. You are in a location where Hulu has yet to negotiate viewing rights (e.g. Canada). So you fire up your VPN and choose to have your traffic appear as if it’s coming from a computer in the USA. Voila! Now you can watch recent US-based TV shows on Hulu through your VPN connection in whatever far off land you may find yourself in.
Not all VPN providers are created equally
For those less interested in Internet entertainment and more interested in privacy, we should discuss different aspects of VPN providers that differentiate them from each other…
- As discussed in my last article about how the US Patriot Act affects people in other jurisdictions, it is important that your VPN provider is not located within the US or be owned by a US company. While you might gain protection from hackers sniffing traffic at a coffee shop, the US government could still access your information as it transits your US-based VPN provider’s network.
- An “anonymous proxy” is not the same as a VPN. Most anonymous proxies provide privacy for web browsing only. A proper VPN service will provide privacy for ALL of your Internet traffic, including Operating System updates, VoIP calls, chat networks, and other non-web traffic.
- Some VPN providers are focused on allowing you to choose your own “exit point” (where your traffic appears to be coming from) while others are focused on mixing and “anonymizing” your traffic within their networks to provide the highest levels of privacy. While having a VPN is better than no VPN, you often have to make a decision between convenience and privacy.
Start investigating what other international travelers and privacy-inclined individuals are using for their VPN services. Find out what their primary needs were and how their chosen VPN service “scratched their itch”. There are three different threads regarding VPNs going on right now in the Technology and Personal Privacy section of the International Man Forum. Become a free member of the International Man Network, and you can join in to discuss this topic and many others.
Special Thanks to Paul Rosenberg from CryptoHippie for his feedback while writing this article. Paul was interviewed by International Man back in July 2011 and you can find that conversation here.