Online Anonymity

You have no idea how little privacy you have online!

There is also a pretty good chance you don't care too much. The average person does not comprehend what information can be easily collected and how much can be easily inferred from as little as an logging an IP address across multiple sites.

For the sake of clarification, I am not trying to scare anyone or cause a panic. Some of what I am about to write about is only a possibility and a large amount of the concern you should have about the lack of privacy online brings up the questions of security and intent. Data about you is being gathered all across the Internet and you should be aware of how easy it is to collect, what it can be used for, and consider the possibility of it being either accessed by somebody else or used for new purposes.

At this point, a significant amount of people would be wondering, Why should I be concerned if websites track me a little, I have nothing to hide. Without knowing the magnitude of information that is collected or the ways that it can be applied, you shouldn't be so quick to feel at ease.

Most websites (admittedly including mine, unless I detect a DNT header) use Google Analytics. A majority of them also have a Facebook Like button. Quite a few contain ads. And if a website includes an image from somewhere else, that host can now track you as well. Simply knowing which websites you visit reveals a lot more than you'd think, especially with large databases containing people with similar browsing habits and applying a little statistics. If you want to see for yourself how much you're being tracked, you could try out the Lightbeam add-on for Firefox or Collusion for Chrome.

Lightbeam add-on for Firefox shows a graph of sites that track you

A few companies have a decent sense of my browsing habits, so what?

Well, for starters, don't you find that to be at least a little bit creepy? I mean, these companies could be said to be stalking pretty much everyone on the Internet. Doesn't that make you wonder at all why so much data is being collected?

As for the main reason this should concern you, it isn't so much for what the data collected about you is being used for, but rather what it could be used for. It's important to know that the data isn't only available for a few hours, and the fight for online privacy seems to be a battle we're losing. Remember not too long ago when companies were trying to force employees to give them access to their Facebook accounts? Need I remind you of what we discovered about the NSA? How concerned you are about this is up to you, I just wanted to point out the fact that the general attitude about a person's information is that it's ripe for the taking. Maybe someday a page you visited that isn't exactly politically correct will be used against you in some way. Maybe reading an article about the new Corvette could raise the cost of your car insurance. The possibilities are endless, and I truly hope that we never see them become reality, but some of them could still affect us today.

Unfortunately, I don't have all of the facts when it comes to the tracking that takes place online. I don't know what companies do with their databases of data, and I don't know how many of them have employees who might want to make a little money on the side by selling some of that data. Nor do I know that their security is enough to keep black hats (the malicious kind of hackers) from gaining access to all of that glorious data. I do, however, know how easy it is to collect that data and have a pretty good idea of the dangers it could pose to even law abiding citizens.

$_SERVER['REMOTE_ADDR'] – that's how easy it is to get your IP address. From that I could figure out your location and Internet provider. And if I run multiple websites or can work with someone else, I can follow you around the Internet. With a database and some statistics, I could even reach the point where I predict your next breakup before you know it's going to happen.

$_SERVER['HTTP_USER_AGENT'] – now I know your browser and Operating System as well. Usually, this is a good thing because it means I can adapt my website for better compatibility with your browser (even though that's not the correct way of doing that), but it also means that I now know a little bit more to make you distinguishable and if I'm feeling malicious I could see if there are any known vulnerabilities in your browser to use against you.

Also, Verizon and AT&T now add in a uniquely identifying tracking code which is injected into all of your non-encrypted traffic. Not only are they using this to track you, but they are altering your online traffic without your knowledge. Plus, you are paying them to track you and sell your data! Click here to see if they are tracking you ->

And now for the big question … What can you do about it?

I'm sorry to tell you that there isn't much you can really do without several changes to your online habits and a bit of effort. Ideally, we would have a right to opt-out of online tracking and the laws would be updated to create a DNT policy which was enforced (description here). It really is a tough issue to decide on though because sites like Facebook would have to either charge users or shut down if strict privacy laws were put in place. After all, data is the currency of the Internet.

The first and best thing anyone should do is cut back on the information that they volunteer, and this is important for privacy as well as security. For privacy, it is impossible to not be revealing personal information when you are outright giving away every detail of your entire life. And as an example of security, did you know that listing your mother publicly on Facebook is a great way to have your account compromised if your security question is, What is your mother's maiden name? I'm just saying… Think before you share!

Another thing you should really be doing anyways is giving a little thought before you click on a link. The difference a single click makes to your privacy is pretty minor, but learning to not give in to click-bait is a good idea anyways, especially when registration is involved for viewing the content. This one really applies more to good advice and practice than to privacy, but it does relate and falls under the category of changing your online habits. Next time you see a flashy link saying you might win some shiny new whatever, think about whether or not you should trust it.

And now, for the more effective but difficult part – how to use software to protect your privacy.

Privacy settings in Firefox

If you're willing to sacrifice the functionality of some websites for a fairly significant amount of privacy, you could start by disabling third-party cookies in your browser. The way to do this varies between browsers, and some sites that rely on them will simply not work anymore, but this is probably the most effective thing that the average person can do if they want to protect their privacy.

If you want to be annoyed a bit by prompts frequently in exchange for some finer control, you might be able to selectively allow or block third-party cookies, or you might be able to only allow them from websites you visit.

You could also choose to opt for more privacy and clear cookies every time you close your browser, or you could disable cookies entirely. Be aware, however, that you would experience difficulties and annoyances, as cookies are important to the usability of most websites.

For the rare person who wants to be truly anonymous and is willing to deal with the headaches required, there is Tor.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Tor Project

To simplify perhaps a little too much, what Tor does is encrypt your traffic and send it though a random series of computers connected to it, and finally to its destination via some random computer somewhere in the world. While not impossible, it does make it extremely difficult to trace any traffic between your computer and its destination. It should be mentioned that one of the consequences of all of this bouncing around is things take noticeably longer. Also, because you might be connecting to a website though a computer in Russia, don't be too surprised if and when you see a Russian version of the page you are visiting.

You could also use a VPN, but they leave open the possibility of a false sense of privacy, and it is difficult to be able to tell which ones are good and which are not.

And, if you're going to be doing any sort of financial transaction while using Tor, you'll probably want to do so using Bitcoin.

Bitcoin – Open source P2P money

I've written about Bitcoin before and there are many other places to learn about it, so I'll not go into too much detail here, but Bitcoin can be used to send money anonymously. It is a cryptocurrency and can use a different address with every transaction, making it nearly impossible to trace a transaction back to either party. Think of it as a pre-paid credit card that uses a different account number for every transaction and that you do not have to register for.

At this point, some of you might be thinking of the illegal things you could do if you could be anonymous online. Some of you might be familiar with the Silk Road, which was an online store selling drugs and other illegal things using Tor and Bitcoin. The fact that such a thing could exist and last for so long is evidence of just how difficult it is to identify someone paying with Bitcoin on a hidden service on Tor, but it also show that it is still possible to do so. I choose not to discuss such matters, but I will say that it is extremely unfortunate that such things only fuel arguments and laws against privacy.