‘FREE’ MEANS IT IS ‘DATA-FUNDED’
Life without Facebook, Skype, Google, online games and services that play music, look for people or things, and check spelling seems a little bleak. These apps and websites are free, fun and convenient. We even rebel when we are asked to pay because we’ve become so used to ‘free’ products.
But “There Ain’t No Such Thing As A Free Lunch.” The ‘free’ services aren’t truly free. They’re called ‘data-funded’ services because we pay with information about who we are, what we do, and what we like. Data is currency.
The ugly truth is that the internet term “attacker” nowadays means anyone who harvests data whom you haven’t expressly authorized to collect your private information. This includes corporations, hackers, and even government. Data harvesting is invasive and ubiquitous.
Here are two examples of massive privacy invasion:
Google on your Left Shoulder, Reading your Mail
Not just Google, almost all internet browsers. The Google search engine is fantastic, and they continue to amaze with new features. However, improvements are driven by one thing: the data they are hoovering up from their users. If you use G-mail or Yahoo-mail, they also have complete access to the content of your emails, your contacts, history, and private information.
While using the search engine is perfectly safe, Google’s privacy trackers are inserted by default on almost 87% of the top million websites. These trackers enable marketers – and other agencies – to bombard you with targeted ads that follow in your footsteps. Secure – but not private.
Your ISP on your Right Shoulder, Reading your Mail
Internet Service Providers (ISP’s) belong to a very creepy category on the ‘Big Brother’ scale. Some of them have been caught red-handed directly recording and examining your browser history. They’ve used people’s profiles to divert searches and inject adverts on behalf of ‘advertiser partners.
Some ISP’s have been logging browser history and pocketing a little something on the side for their trouble. AT&T, Verizon, Charter, Cogent, CMA, DirecPC, Wide Open West, Frontier, and many others have been suspected or reported as being less than private.
It gets even worse. Read on to find out exactly what is being tracked, who does the tracking, and then follow our nine steps to defend you against privacy invasion.
HOW ARE WE TRACKED?
It’s annoying to complete web forms every single time, so we allow websites to save our login details, passwords, and even credit card details to make shopping easier. These companies assure us that our details are private, and have elaborate privacy statements to make it seem true. You authorize them to keep this information when you accept cookies from a site. Most cookies are quite harmless and necessary for the website to work properly. Here are a few common types of cookies on the internet:
- Session cookies – (1st party cookies): Restricted to a single website. It tracks what you do on the different pages, so you don’t have to resubmit information as you browse. These are very helpful and usually deleted on exit.
- Persistent cookies – (1st party cookies): Usually restricted to a single website and it remains in your browser to recognize you when you return. Innocuous persistent cookies don’t contain any personal information and don’t actually know who you are; their sole purpose is to remember that you were there before. When you register on a website, the personal information you provide is written into a persistent cookie and usually only that particular website can read the info. Again, these are very helpful as you don’t need to change the language, location, and other preferences every time you visit your favorite website.
- Ad-serving – (3rd party cookies): Many websites allow marketing companies to set persistent cookies on their websites and it’s not as sinister as it sounds. While some marketers can store of all your actions – what you viewed, what you bought – it also helps them to show you adverts for products and services similar to what you are looking for. It eliminates products you are uninterested in and prevents you from being overloaded with useless information.
- Web beacons (Web bugs) – 3rd Party): These are transparent, invisible file overlays on a website which track your navigation through a series of websites. It can make browsing more efficient if users travel between several connected internet sites.
THE DARK SIDE OF COOKIES: COOKIE PROFILING
Companies like Facebook face fierce criticism from privacy advocates because they require private information like your gender, email address, passwords and interests, among others, before you can use them. However, Facebook also uses special cookies that follow you after you’ve logged out, and when you use the “Like” and “Share” buttons, records the date and time of your visit to websites. They’re able to build up a highly accurate picture of your political leanings, religious affiliations, sexual orientation, and a host of other intimate information about you.
On the one hand this is great, because government and security forces use social network sites to track criminals. It also means they can track anyone else they think needs watching.
A ZOMBIE COOKIE TO RULE THEM ALL
Did you know that Verizon Wireless was exposed sneaking ‘super-cookies’ into their customers’ traffic without telling them what the cookies were doing? For two years Verizon’s undeletable cookies tracked every click, whether in Private Browsing or Incognito mode, completely overriding your privacy settings, do-not-track requests, and tracker-blockers.
Only a public outcry forced them even to acknowledge this ‘feature.’ AT&T had a similar project which they quickly ‘disapeared’ when Verizon’s shenanigans hit the news. Verizon’s customers now have the option to disable this feature. If you don’t follow the directions to opt out, you are tracked wherever you go.
The real harm is that their snooping has allowed anyone with access to track you. They inserted a unique identifier (UIDH) into all your unencrypted (HTTP) outbound traffic which laid bare your entire browsing history. Even if you cleared your cache (cookies), the Verizon tracking header could be re-activated by advertisers. Not surprisingly, this type of cookie has been named a “zombie cookie.”
DOESN’T MY ANTIVIRUS PROTECT ME?
Security is not privacy, as Facebook’s activities demonstrate. Your antivirus protects you against malicious software, but not always against privacy intrusion. In fact, sometimes your antivirus can be a part of the problem.
After the dust settled, AVG announced that they would roll out the ability for users to opt out of data collection. There is no guarantee that your information has not already been caught in the net.
Avast also assigns a unique identifier to your computer and collects all the web addresses you visit to find suspicious links and documents. In fact, one must assume that any free antivirus collects data and that even an excellent paid antivirus like Kaspersky may do so too. It’s better to assume the worst. Block cookies set by your antivirus with a separate privacy tool as explained in privacy tip no. 4.
9 STEPS TO TAKE BACK YOUR PRIVACY
- Get A Secure Email Account
Your neighbor’s post box is right there. From seeing their comings and goings, you can guess what it’s likely to contain. Would you stroll over, open and read their mail? No.
Would you read their mail if you thought they didn’t quite fit into the neighborhood or did something you highly disapproved of? Would you do it if they were celebrities and someone offered you money or favors in return? Would you do it if it looked like they were criminals? Your answer may still be no.
But what if they opened their mail and left it lying on your doorstep? Would you still not glance at it out of curiosity? You might not, but others will. Get a secure, encrypted email from Protonmail, or Tutanota.
- Always Use A Paid VPN
It’s hard to avoid using public WiFi and the networks provided by hotels, restaurants, and airports and it’s notoriously easy for cyber-criminals to intercept your data with wireless network sniffers (the man-in-the-middle attack).
Even if there is no criminal lurking about, remember that the ISP providing the WiFi can still see every click you make, and is probably selling it on the side. As we know, ISP’s are hardly paragons of virtue. One good way to control snooping is to use a VPN (Virtual Private Network).
While there are many free VPN’s out there, most are designed to just cover your computer’s IP address superficially, usually for torrenting websites. Remember, if it’s free, it means you are the product! To put it bluntly, free VPN’s collect your data and sell it. Besides, websites increasingly use WEB RTC code to break through the illusion created by weak VPN’s and can easily expose your real IP address without you knowing!
While it seems like overkill, getting a good paid VPN is the one step that will bring the most peace of mind. Pay a few dollars every month for a VPN that will not sell your data, will not leak your IP to advanced probing technology, and is preferably situated in an EU country where they take internet privacy laws seriously.
Advanced VPN’s offer additional features such as tracker blocking and malware blocking and won’t interfere with your antivirus, browsing habits or internet speed. Currently, the most highly recommended VPN’s are BolehVPN, BlackVPN, Hide.me, NordVPN Trust.Zone, Freedome and My Private Network
- Invite A Lot Of House Guests
Divide and confuse! Split up your browser history between different ‘people’ by setting up several guest user accounts on your Windows computer with varying levels of privileges for each user. This is a handy safety feature too because guest accounts usually can’t allow new installations on your computer. This can prevent accidental automatic installations of spyware and malware. You access this feature through your UAC (User Account Control).
Each of these Windows accounts can have its own browser profile on your PC. While your actions can and will still be tracked, it’s a good way to limit the depth of the information which trackers collect. It also helps to prevent accidental logging into sites if you use multiple email accounts.
- Use A Tracking Or Ad-Blocker
Meet the Electronic Frontier Foundation, a nonprofit organization that was founded in 1990 to champion civil liberties such as user privacy. The EFF is an independent voice to fight illegal surveillance, advise policymakers, educate the public and support freedom-enhancing technologies.
They recommend Privacy Badger, a browser extension you can add and forget. It automatically tracks and blocks trackers that violate the principle of user consent, and needs no adjustment or setup. You can block any cookies set by your antivirus program by using the slider when set it up. When you open up a news site and are notified of over 20 privacy trackers, you’ll soon understand the scope of the problem!
uBlock Origin (do not confuse with AdBlock Plus, which has a different business model) is also free and available in the Chrome store and is perhaps even better than Privacy Badger, but requires some customization to achieve perfection.
- Use A Secure Browser
Your browser is a major focus for attackers. Apple’s Safari, Google Chrome, and Microsoft’s Internet Explorer are good, major players, but they all collect data on your browsing habits. Mozilla Firefox does not, and is highly recommended. All browsers, including Firefox, can be made more secure than the default installation.
- Always use the latest version for your browser. Go to settings on your browser and enable automatic updates. Spyware and Malware is everywhere, and hackers watch browser vulnerabilities like hawks as it’s the easiest way to gain access to your computer. Remember the WannaCry disaster? Hackers gained access through outdated Microsoft Internet Explorer browsers.
- Adjust security settings in your browser to always warn you before downloading or installing add-ons. There’s a ‘settings’ tab in every browser – Chrome, Safari, IE, Firefox – where you can increase your protection.
- Use the private browsing mode if you want to access a website you are suspicious about. Private browsing mode prevents the browsing session details from being stored. Firefox has an option always to use private browsing mode: Go to settings – Privacy – enable the block “always use private browsing mode.”
There are a lot of other easy steps you can take to improve security – follow our basic security guidelines to make it harder for hackers to get to you.
- Use DuckDuckGo or Disconnect Search when you use a search engine
You can learn more about this increasingly popular little search engine (a browser extension) by going to the Chrome store. The bottom line is that you use Google just like before, but DuckDuckGo prevents the search from being linked to your profile. You can search for all those embarrassing medical conditions without Google haunting you with equally embarrassing adverts across the web.
Add it as a browser extension in the Google Chrome store. Remember that any website you click on will automatically load it’s own cookies, so when you leave the search area, you will be tracked again.
- Tor – The Onion Network
The best solution for private browsing is TOR, the ‘onion’ browser. It is essential not to confuse TOR with the so-called “Dark Net’ – they are two entirely different things. The stigma attached to TOR is undeserved, harmful, and should be discounted once and for all.
Yes, you can find shocking and illegal websites using TOR, but if you are looking for the underworld, Google can happily take you there, too. Contentious content can be found anywhere – using TOR does not make you a Dark Net user.
Visit the Tor Project website to discover the facts for yourself and get anonymity online.
- Don’t User Browser Extensions
Do you love your new screensaver? It could be spying on you. So could the browser extensions you use to play cards, collect recipes, get weather updates, follow your team’s score …
Browser extensions (add-ons) are small pieces of computer code designed to execute (run) in your web browser. These extensions inject code into your web pages as you view them. They can display adverts, store passwords and private information, and can change your privacy and security settings.
When you add a browser extension, it will usually display a request for various levels of permission, but not all browsers explicitly inform you that you are adding an unknown factor. Perfectly innocent extensions may need invasive permissions to interact successfully with your browser, for example, “access and change your data on all websites.”
Don’t be lulled into false security by the fact that these add-ons are available in the official Google Chrome or Internet Explorer store. They only verify that the code itself is not malicious, but cannot possibly prove that the intent behind the product is on the level.
Your antivirus solution should always include a browser extension which is meant to detect malicious browser extensions, but this is not always the case so you should check before you buy.
The scary part is that you may add a very useful, innocuous extension and forget about it, but the developer may sell the code to someone else who could develop the code further and automatically update the extension to become malware. It may be a free screen saver today and become a key-logger tomorrow. Malwarebytes is a highly regarded tool for cleaning up browser and rootkit invasions.
- Never Recycle Passwords
Despite thousands of massive data breaches, people still recycle passwords. We’ve all come across new forums, services or shops and wanted to find out more, but had to create an account to do so. It’s easy to think that if you like it, you’ll go back and make the password stronger – but we forget. If you’ve been doing this for the past 15 years or longer, you can be sure there’s some private information lying around in an account that is accessible to hackers.
Very few data breaches are ever made public, and the majority of violations are never even discovered. It is certain that somewhere along the line over the past 20 years, at least a few of your accounts have been exposed. Always use a strong password for everything, because if one database gets hacked, it can reveal enough information about you to hack another account, with other accounts following soon.
Most paid antivirus solutions offer password managers, and there are a few freemium options with good feedback, although you need to keep track of their reputations. Have a look at LastPass, Dashlane 4, RoboForm. KeePass is an open source free password manager.
SOME LAST THOUGHTS
You’re unafraid to stand up and be counted for your convictions and won’t let your voice be ignored. You have nothing to hide; it’s a free country. But why should you hand over the name of your soap brand, corn plasters, age of your car and refrigerator, your Aunt Betty’s secret apple pie recipe and your pet’s name voluntarily to the first passerby?
All the steps we’ve outlined are 100% legal, and many are free or very affordable. While most people have been subjected to invasive tracking for years, it is possible to get some of your privacy back.
While some harm’s already been done, we can at least make them work harder for the rest of the loot!