How to (actually) stay private on the internet

Despite what most governments would lead you to believe, if your country guarantees a right to privacy, it probably includes the right to privacy on the Internet as well. This, along with the right to free speech, forms the backbone of a democratic society.

However, exercising these rights is no easy task, especially in countries in the Middle East, China, and Russia with limitations on free speech. Of course, this is not helped in any way by the so-called ‘privacy-focused’ products who confuse the users into believing they give a magical, blanket immunity to all cyberstalking. So, I think it is very important to discuss the examples of products and services which are not as private as their advertising would lead you to believe:

  • Private Window/ Incognito Mode: This is worthless in most cases. Incognito mode simply hides your browsing history from your device. This is useful, for example, if you have very paranoid and very bigoted parents who check your browser history to make sure you don’t have access to information they don’t agree with. It is less useful when trying to hide your identity online, because your usage is still visible to your internet service provider (ISP), your university/ workplace (if applicable) and the actual website being accessed (along with any ads/ trackers which get loaded).

What can my ISP see? If you are using HTTPS (which is used on most websites nowadays), your ISP can see what domain names you are connecting to (in https://domain.name/webpage, the bold portion is visible to them), along with the time you accessed the domain. However, if the site you are using is still using the older HTTP, your ISP can see everything you receive from and send to the site.

ISPs are usually required to share this data with the government on demand for legal cases, and some ISPs are known to sell this data to advertisers directly.

  • Virtual Private Networks(VPNs): From a privacy standpoint, VPNs are also mostly worthless, because most VPNs keep logs of user data which they may be forced to share in legal cases. [1] Therefore, in most cases, all you are doing by using a VPN is shifting the weakest link in your privacy chain from your ISP to your VPN provider.
  • This is not related, but Protonmail was unfortunately recently forced to reveal some data to Swiss authorities in a much publicised case.

What does my IP address reveal? In India and several other countries where ISPs shuffle their IP address range among customers, someone knowing your IP address is essentially worthless for cyberstalkers and hackers. Government agencies may be able to get your personal info from the ISPs with just your IP address, though. Because the IP addresses are shuffled, a bad actor can mostly extract only your country of origin or, rarely, city within a few hundred kilometers.
However, this is not always the case, especially in countries like the USA where IP addresses are mostly static. Due to this, there are entire websites whose business is to sleuth out the physical location of an IP address and sell this information.

But then what should be used? The answer is that it depends. There is a distinction between the privacy needed by, say, journalists and whistleblowers working in hostile nations, in comparison to that which a normal layman on the internet would need.

So obviously, the choice for the most secure or the most private solution is highly subjective, as such a service needs to carefully tread the line between user convenience and not becoming a weak link. In my opinion (Reminder: I am not a cybersecurity expert), one of the best options is the peer-to-peer network Tor, along with the Tor browser. Tor routes your web requests through several internet peers to mask your IP address and reduce traceability to a great extent. It is mostly run by like-minded volunteers who are privacy enthusiasts. However, due to this routing process Tor is often excessively slow and is therefore not suitable for daily use. Tor is probably the best available choice for journalists and whistleblowers (or anyone else in need of similarly life-and-death level privacy.)

Of course, you should never depend on just one layer of protection between you and your possibly hostile government. Even with Tor, you should continue regular privacy-respecting practises. If you as a regular internet user want to increase your internet privacy, using Tor for daily use is probably impractical for you. So my suggestions to maintain a borderline level of privacy are:

  • Firefox, (with telemetry off) is a must in my opinion due to its strong add-ons support and privacy settings. Firefox on mobile is simply a delight to use anyway as I had never realised how stupid not having the address bar on the bottom of the screen was till I started using it. It is also the only mobile browser to support add-ons, including ad blockers, and after this year Firefox will be the only desktop browser to support ad blocking. Also, reducing Google’s monopoly on browser engines is always a plus.
  • uBlock Origin, which is an all-inclusive ad, tracker and script blocker is an essential on both desktop and mobile.
  • Search engines like DuckDuckGo, Brave search or Searx should be used as these aren’t run by massive advertising companies.
  • For information on why you should prefer free and open-source software, see my post FOSS without Fuss.
  • For information on why you shouldn’t use social media, see Facebook, Instagram are Evil, and Here’s Why and its follow up, About surveillance and social media.

Rants

[1] In India, VPN services which do not keep data for a minimum of 5 years and do not share this data with the government upon request are banned, making them useless except for accessing content only available in certain countries. People not being able to watch certain shows on their country’s version of a streaming site probably form the majority of all VPN users. Certain VPN providers have moved their physical servers from India to elsewhere to provide VPN access to Indians without having to share data, however it is uncertain whether even this is allowed under the new regulations.

4 thoughts on “How to (actually) stay private on the internet”

  1. Excellent coverage of the topic with in depth analysis while still keeping it readable for average reader.
    Keep writing…wish u the very best

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.