Pages

Subscribe:

Friday, May 11, 2018

Which browser and search engine are the best for privacy?


I get this question all the time. As a privacy advocate I appreciate that most users want to avoid having every interaction on the Internet being tracked and recorded. The truth is that if you really want to avoid all the tracking technology, you will need to take additional steps beyond changing your browser and search engine. Even so, it is an excellent and easy start. The less trail of cookie crumbs that lead back to us the better. 

Here are my suggestions:

Browser

The browser built for privacy is the TOR browser. Because all of your web surfing traffic is encrypted and anonymized, it can be slower than other browsers. Your IP address can be used to identify you, and this browser does address that concern. Even so, you may discover websites that block you from viewing them when using the TOR browser. Chances are you will need to use another browser besides TOR from time to time.

Firefox is a non-profit that creates the browser that TOR uses as its base. If TOR is not for you, then use Firefox. Install add-ons such as HTTP Everywhere, UblockOrigin, Noscript, and Disconnect. These add-ons will make web surfing with Firefox even more private and secure. Unlike TOR, with Firefox your IP address will not be anonymized.

If you love Chrome but want privacy, then you must stop using Chrome and switch to Iridium. Chrome is actually an open source project fork from the Chromium browser but both are funded by Google. That means that Chrome and Chromium track your Internet activity and send the telemetry back to Google. The Iridium browser starts as Chromium but all of the Google tracking is stripped out and what is left is a "Chrome" like browser without Google spying. Like Firefox, your IP address will not be anonymized.

Configuring Firefox and Iridium is also critical. You want to avoid third party cookies and as much browsing history as possible. Go through the settings and allow only those cookies you absolutely need and configure the history to be erased upon closing the browser.

Search Engine

DuckDuckGo and Startpage are both excellent choices for search engines. Neither maintain records of your search requests. They both encrypt your connection so your ISP can't view your inquiries either.

Next Step
 
When you are ready the next step in your journey to better privacy is using a VPN and changing your DNS provider. I will cover that in a future post.

Tuesday, March 20, 2018

Europe Is Far Ahead of US In Data Protection

   On May 25th of this year a shift in data protection practices and policies will be required throughout the business world as the European Parliament regulation known as General Data Protection Regulation becomes enforceable law.  Even businesses operating outside of Europe will be affected if they have customers who live in Europe.  This kind of law has been long overdue in the US.  If businesses in the United States wish to remain competitive they should heed the principals of the General Data Protection Regulation or GDPR.
   In the United States, the ramifications of Supreme Court decisions have severely limited privacy protection. When considering the vast troves of information held by corporations and government, such limited protection means almost nothing is confidential.  Legally, within the United States information has no privacy protection when provided to a third party like Facebook, Google, Yahoo, telephone company and even your bank. There are exceptions for a limited and specific type of information such as Social Security Numbers, Credit Card account numbers, and medical information. Outside those narrow parameters, all other data can be shared with others without requiring your consent.  It doesn’t matter if that breaks the social protocol of confidentiality; it is legal and can be done. What’s more, private information, such as medical conditions, has been determined by someone’s shopping habits, location information, and phone call logs. Internet users lack of awareness of the aforementioned does not mean those users condone having their information, which was provided in confidence, shared with anyone and everyone indiscriminately.
   With a millennium of social protocol, people assume that information shared with an individual or organization means that the receiving party will respect the privacy of the giver of that information.  The collectors of our Internet activities are no longer benign advertisers interrupting our viewing or listening with advertisements.  Our information has been thrown into the oven of massive databases where our activities are analyzed.  That analysis eventually leads to conclusions.  From conclusions come decisions upon which action is taken. There is always a danger when analysis, conclusions, and decisions are done in the dark by mostly large institutions that have power and profit as a motive.
    The openness that is the notable characteristic of the Internet is being subverted by opportunists using that very openness to promote their own interests in secret using expropriated information as a means of control, manipulation, and exploitation, which is at odds with the very reason users are drawn to the Internet. What people know about criminals breaking into databases is just the tip of the iceberg. The privacy invaders that have emerged could be characterized as Virtual Peeping Toms, Cyber Criminals, Spys For Hire, Blackmailers, Data Snatchers, Bait and Snitch Data Sellers, Black Market Data Brokers, and Surveillance Spooks.  They all view information in whatever form - be it text, database, video, audio - as a means to an end.  They collect it, sell it, broker it, and most definitely use it.
   The information that is used always benefits the user of the information, and most notably at the expense of privacy and an individual’s self-determination. Internet users have difficulty imagining how their personal information could be used other than to provide a service. They have no clue as to the multiple uses of information beyond its original intended use.  Some may be devastated to find out the re-purposing of their data by unknown third parties has very real consequences impacting their lives in subtle ways. Others understand that misuse and abuse of information will lead to real harm.  This is why 93% of adults say that being in control of who can get information about them is important according to a Pew Research poll.
  One method to prevent harm is to restrict access to information to only those you trust.  However, in the United States of wild west of data protection common sense has been brushed aside.  The computer security experts tasked with protecting data are often plagued with conflicts of interest. In the parlance of information security, the acronym CIA has been the CYA for computer technicians for decades.  For clarification for the uninitiated, CIA does not stand for the Central Intelligence Agency which admittedly is the more infamous “CIA”.  The acronym is known as the triad of information security: Confidentiality, Integrity, and Availability.  For too long computer security technicians have focused on data integrity and system availability as the CYA for their job security.  After all, end users do notice when systems are down or data is incorrect.  But, violation of confidentiality may only be known when private information falls into the wrong hands, and that information is abused or misused.  Since data is simply copied when an information breach occurs there is no service disruption.  It lacks the immediacy of a system crash and therefore has been treated with a lower priority.
   Given the current political climate in the United States, it appears that the GDPR is our best hope to improve the dismal state of data protection.