Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Chapter 2 Understanding Browsing
- Loading branch information
Showing
7 changed files
with
333 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| Basic Tips | ||
| ========== | ||
|
|
||
| In Brief: | ||
| --------- | ||
|
|
||
| * When you visit a website you give away information about yourself to the site owner, unless precautions are taken. | ||
| * Your browsing on the Internet may be tracked by the sites you visit and partners of those sites. Use anti-tracking software. | ||
| * Visiting a website on the Internet is never a direct connection. Many computers, owned by many different people are involved. Use a secure connection to ensure your browsing can not be recorded. | ||
| * What you search for is of great interest to search providers. Use search anonymising software to protect your privacy. | ||
| * It is wiser to trust Open Source browsers like Mozilla Firefox as they can be more readily security audited. | ||
|
|
||
| Your browser talks about you behind your back | ||
| --------------------------------------------- | ||
|
|
||
| All browsers communicate information to the web server serving you a web page. This information includes name and version of the browser, referral information (a link on another site, for instance) and the operating system used. | ||
|
|
||
| Websites often use this information to customise your browsing experience, suggesting downloads for your operating system and formatting the web page to better fit your browser. Naturally however, this presents an issue as regards the user's own anonymity as this information becomes part of a larger body of data that can be used to identify you individually. | ||
|
|
||
| Stopping the chatter of your browser is not easily done. You can, however, falsify some of the information sent to web servers while you browse by altering data contained in the *User Agent*, the browser's identity. There is a very useful plugin for Firefox, for instance, called *User Agent Switcher* that allows you to set the browser identity to another profile selected from a drop down list of options. | ||
|
|
||
| Web sites can track you as you browse | ||
| ------------------------------------- | ||
|
|
||
| Small files, called *cookies*, are often written onto your computer by web sites. Cookies present certain conveniences, like caching login data, session information and other data that makes your browsing experience smoother. These small pieces of data however present a significant risk to your right to anonymity on the web: they can be used to identify you if you return to a site and also to track you as you move from site to site. Coupled with the User-Agent, they present a powerful and covert means of remotely identifying your person. | ||
|
|
||
| The ideal solution to this problem is deny all website attempts to write cookies onto your system but this can greatly reduce the quality of your experience on the web. | ||
|
|
||
| See the section **Tracking** for guides as to how to stop web servers tracking you. | ||
|
|
||
| Searching online can give away information about you | ||
| ---------------------------------------------------- | ||
|
|
||
| When we search online using services like Bing or Google our right to privacy is already at risk, vastly more so than asking a person at an Information Desk in an airport, for instance. | ||
|
|
||
| Combined with the use of cookies and User Agent data this information can be used to build an evolving portrait of you over time. Advertisers consider this information very valuable, use it to make assumptions about your interests and market you products in a targeted fashion. | ||
|
|
||
| While some customers may sing the praises of targeted advertising and others may not care, the risks are often misunderstood. Firstly, the information collected about you may be requested by a government, even a government you did not elect (Google, for instance, is an American company and so must comply with American judicial processes and political interests). Secondly there is the risk that merely searching for information can be misconstrued as intent or political endorsement. For instance an artist studying the aesthetics of different forms of Religious Extremism might find him or herself in danger of being associated with support for the organisations studied. Finally there is the risk that this hidden profile of you may be sold on to insurance agents, provided to potential employers or other customers of the company whose search service you are using. | ||
|
|
||
| Even once you've ensured your cookies are cleared, your *User Agent* has been changed (see above and chapter **Tracking**) you are still giving away one crucial bit of information: the Internet Address you are connecting from (see chapter **What Happens When You Browse**). To avoid this you can use an anonymising service like Tor (see chapter **Anonymity**). If you are a Firefox user (recommended) be sure to install the excellent *Google Sharing* add-on, an anonymiser for Google search. Even if you don't consciously use Google, a vast number of web sites use a customised Google Search bar as a means of exploring their content. | ||
|
|
||
| With the above said, there are no reasons to trust Google, Yahoo or Bing. We recommend switching to a search service that takes your right to privacy seriously: DuckDuckGo ([http://duckduckgo.com/](http://duckduckgo.com/)). | ||
|
|
||
| More eyes than you can see | ||
| -------------------------- | ||
|
|
||
| The Internet is a big place and is not one network but a greater network of many smaller interconnected networks. So it follows that when you request a page from a server on the Internet your request must traverse many machines before it reaches the server hosting the page. This journey is known as a *route* and typically includes at least 10 machines along the path. As packets move from machine to machine they are necessarily copied into memory, rewritten and passed on. | ||
|
|
||
| Each of the machines along a network route belongs to someone, normally a company or organisation and may be in entirely different countries. While there are efforts to standardise communication laws across countries, the situation is currently one of significant jurisdictional variation. So, while there may not be a law requiring the logging of your web browsing in your country, such laws may be in place elsewhere along your packet's route. | ||
|
|
||
| The only means of protecting the traffic along your route from being recorded or tampered with is using *end to end encryption* like that provided by TLS/Secure Socket Layer (See chapter **Encryption**) or a Virtual Private Network (See chapter **VPN**). | ||
|
|
||
| Your right to be unknown | ||
| ------------------------ | ||
|
|
||
| Beyond the desire to minimise privacy leakage to specific service providers, you should consider obscuring the Internet Address you are connecting from more generally (see chapter **What Happens When You Browse**). The desire to achieve such anonymity spurred the creation of the *Tor Project*. | ||
|
|
||
| *Tor* uses an ever evolving network of nodes to route your connection to a site in a way that cannot be traced back to you. It is a very robust means of ensuring your Internet address cannot be logged by a remote server. See the chapter **Anonymity** for more information about how this works and how to get started with Tor. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| Fears | ||
| ===== | ||
|
|
||
| Social Networking - what are the dangers? | ||
| ----------------------------------------- | ||
|
|
||
| The phenomenon of Internet based Social Networking has changed not just how people use the Internet but its very shape. Large data centers around the world, particularly in the US, have been built to cater to the sudden and vast desire for people to upload content about themselves, their interests and their lives in order to participate in Social Networking. | ||
|
|
||
| Social Networking as we know it with FaceBook, Twitter (and earlier MySpace) are certainly far from 'free'. Rather, these are businesses that seek to develop upon, and then exploit, a very basic anxiety: the fear of social irrelevance. As social animals we can't bear the idea of missing out and so many find themselves placing their most intimate expressions onto a businessman's hard-disk, buried deep in a data center in another country - one they will never be allowed to visit. | ||
|
|
||
| Despite this many would argue that the social warmth and personal validation acquired through engagement with Social Networks well out-weighs the potential loss of privacy. Such a statement however is only valid when the *full* extent of the risks are known. | ||
|
|
||
| The risks of Social Networking on a person's basic right to privacy are defined by: | ||
|
|
||
| * The scope and intimacy of the user's individual contributions. | ||
|
|
||
| * A user posting frequently and including many personal details constructs a body of information of greater use for targeted marketing. | ||
|
|
||
| * The preparedness of the user to take social risks. | ||
|
|
||
| * A user making social connections uncritically is at greater risk from predators and social engineering attacks. | ||
|
|
||
| * The economic interests and partners of the organisation providing the service. | ||
|
|
||
| * Commissioned studies from clients, data mining, sentiment analysis. | ||
|
|
||
| * Political/legal demands exerted by the State against the organisation in the jurisdiction(s) in which it is resident. | ||
|
|
||
| * Court orders for data on a particular user (whether civilian or foreigner). | ||
| * Surveillance agendas by law enforcement or partners of the organisation. | ||
| * Sentiment analysis: projections of political intent. | ||
|
|
||
| With these things in mind it is possible to chart a sliding scale between projects like Diaspora and Facebook: the former promises some level of organisational transparency, a commitment to privacy and a general openness, whereas Facebook proves to be an opaque company economically able to gamble with the privacy of their users and manage civil lawsuits in the interests of looking after their clients. As such there is more likelihood of your interactions with a large Social Network service affecting how an Insurance company or potential employer considers you than a smaller, more transparent company. | ||
|
|
||
| Who can steal my identity? | ||
| -------------------------- | ||
|
|
||
| This question depends on the context you are working within as you browse. A weak and universal password presents a danger of multiple services from Social Networking, Banking, WebMail etc being account hijacked. A strong and universal password on a wireless network shared with others (whether open or encrypted) is just as vulnerable. The general rule is to ensure you have a strong password (see section on **Passwords**). | ||
|
|
||
| ### Wireless networks | ||
|
|
||
| Here we find ourselves amidst an often underestimated risk of someone listening in on your communications using *network packet sniffing*. It matters little if the network itself is open or password secured. If someone uses the same encrypted network, he can easily capture and read all unsecured traffic of other users within the same network. A wireless key can be acquired for the cost of a cup of coffee and gives those that know how to capture and read network packets the chance to read your password while you check your email. | ||
|
|
||
| A simple rule always applies: if the cafe offers a network cable connection, use it! Finally, just as at a bank machine, make sure no one watches over your shoulder when you type in the password. | ||
|
|
||
| ### The browser cache | ||
|
|
||
| Due to the general annoyance of having to type in your password repeatedly, you allow the browser or local mail client to store it for you. This is not bad in itself, but when a laptop or phone gets stolen, this enables the thief to access the owner's email account(s). The best practice is to clear this cache every time you close your browser. All popular browsers have an option to clear this cache on exit. | ||
|
|
||
| One precaution can justify you holding onto your convenient cache: disk encryption. If your laptop is stolen and the thief reboots the machine, they'll be met with an encrypted disk. It is also wise to have a screen lock installed on your computer or phone. If the machine is taken from you while still running your existing user session, it cannot be accessed. | ||
|
|
||
| ### Securing your line | ||
|
|
||
| Whenever you log into any service you should always ensure to use encryption for the entire session. This is easily done due to the popular use of *TLS/SSL (Secure Socket Layer)*. | ||
|
|
||
| Check to see the service you're using (whether Email, Social Networking or online-banking) supports TLS/SSL sessions by looking for `https://` at the beginning of the URL. If not, be sure to turn it on in any settings provided by the service. To better understand how browsing the World Wide Web works, see the chapter **What Happens When I Browse?** | ||
|
|
||
| Can I get in trouble for Googling weird stuff? | ||
| ---------------------------------------------- | ||
|
|
||
| Google and other search companies may comply with court orders and warrants targeting certain individuals. A web site using a customised Google Search field to find content on their site may be forced to log and supply all search queries to organisations within their local jurisdiction. Academics, artists and researchers are particularly at risk of being misunderstood, assumed to have motivations just by virtue of their apparent interests. | ||
|
|
||
| Who is keeping a record of my browsing and am I allowed to hide from them? | ||
| -------------------------------------------------------------------------- | ||
|
|
||
| It is absolutely within your basic human rights, and commonly constitutionally protected, to visit web sites anonymously. Just as you're allowed to visit a public library, skim through books and put them back on the shelf without someone noting the pages and titles of your interest, you are free to browse anonymously on the Internet. | ||
|
|
||
| How to not reveal my Identity? | ||
| ------------------------------ | ||
|
|
||
| See the chapter on **Anonymity**. | ||
|
|
||
| How to avoid being tracked? | ||
| --------------------------- | ||
|
|
||
| See the chapter on **Tracking**. |
Oops, something went wrong.