It turns out your browser’s privacy features aren’t as anonymous as you think. Although Ingonito mode on Chrome, InPrivate with Edge and Private browsing with Safari make it harder for someone to view your browser history on your device, they don’t hide your browser habits completely.
Whenever your computer visits a website, that traffic can be recorded and linked back to you directly. So, what can you do to be totally private on the web?
A project that was presented at the decent DefCon conference highlighted how easy it was to access someone’s browser history. Although the data was supposedly anonymised, the researchers showed it was trivially easy to reconstruct the identity of someone accessing specific content.
There are plenty of reasons someone might want to obscure their history. Aside from the obvious desire to hide one’s access to questionable sites, journalists, whistleblowers, dissidents and activists may want to ensure they protect sources and communication channels.
For example, a few years ago I was researching the government’s proposal to introduce a mandatory web filter. Part of that research led me down some pretty dark tunnels. There was content that might have been considered a red flag had law enforcement decided to investigate me.
In other words, covering your browser tracks is not all about porn and bomb recipes.
Watch the links
One of the tactics used by the researchers was looking at your Twitter analytics page. Links there are only accessible to you so traffic from that site can be easily traced back to you. Similarly, many mass mailings use customised URLs so who accessed each link can be identified.
The simple solution to this is to not click links in email messages, social media posts and other mass communications.
If you need to open a link and remain anonymous, visit the website directly and find the page you’re looking for.
VPN
VPNs are important. As well as encrypting all your traffic, they can anonymise your movements.
[referenced url=”https://www.lifehacker.com.au/2016/12/five-best-vpn-service-providers-for-2016/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2016/05/VPN-410×231.jpg” title=”The Five Best VPNs For 2017″ excerpt=”We last updated our list of best VPN providers in 2014, but a lot has changed since then. With Netflix blocking VPNs and privacy becoming more of a concern than ever, the parameters of a good VPN for Aussie users have shifted. Some popular choices have fallen out of favour of late, so we’ve had a look at what VPN users in Australia are recommending now and for the year ahead.”]
Choose a VPN provider that does not retain your browsing history. For example, we looked at a number of iOS VPNs a while ago. One, Wangle, specifically made mention that they retained your browser history because they believe they are subject to Australia’s mandatory data retention laws.
While it’s laudable that they are upfront about retaining that history, it’s why I prefer to use NordVPN. As well as being multi-platform, NordVPN’s policy specifically states they do not retain any browser history.
In other words, if someone can access your computer, all they should get is that your traffic is being routed to a VPN provider. From there, the trail will go cold.
Private browsing
Although the researchers did say private browsing was not perfect, it is still useful.
[referenced url=”https://www.lifehacker.com.au/2017/06/how-to-safely-delete-private-data-forever-read/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/lymxuaguhlouxjgkw7iz.jpg” title=”How To Safely Delete Private Data Forever” excerpt=”If you’re erasing sensitive files from a computer, you probably want them gone forever and far beyond the reach of data recovery tools. Unfortunately, that’s not what happens all of the time. Here are some simple steps you can take to make sure your files are deleted permanently.”]
As most security professionals will tell you, once someone has physical access to your gear, pretty much all security bets are off. With time, most local security can be beaten. We saw that last year when the FBI allegedly purchased a hack to circumvent the security on the iPhone 5c used by the San Bernardino terrorists.
It’s hard to access a piece of data that was never stored on your device.
However, it’s not perfect. It’s possible some other device on your network, particularly if your on a corporate LAN, is recording all of your network traffic. So while that history might not be on your computer or mobile device, it could be stored elsewhere.
Tor
Tor’s raison d’être is to protect the privacy of web users so they can’t be traced or tracked in any way. It’s also gained a reputation as the network of choice for people wanting to engage in all sorts of shady activities.
[referenced url=”https://www.lifehacker.com.au/2017/03/how-to-anonymise-your-browsing-with-a-tor-powered-raspberry-pi/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/ajc5ecmx2bbxlymatzxg.png” title=”How To Anonymise Your Browsing With A Tor-Powered Raspberry Pi” excerpt=”If you’ve been thinking about trying out Tor to anonymise all your web browsing, you could just download a browser and give that a spin, but it’s much more fun to make your own highly portable proxy that you can easily connect to on a whim. Enter the Raspberry Pi.”]
As traffic passes through each relay, as you use the network to browse to a site, it is encrypted so that only the next relay can decrypt and move the request along.
It’s not perfect – users have been traced across Tor and prosecuted for criminal activities (which is a good thing!). A recent interview with security expert Jeff Blatt discussed how two child-porn networks were brought down and many people were prosecuted despite using Tor to obscure their criminal activities.
It’s becoming increasingly difficult to be truly private online. And despite the government’s constant rhetoric about the need to catch terrorists, shut down child-porn networks and break up international criminal syndicates, there is a strong case for us to retain personal privacy when online.
Our browsing habits can be hidden, or at least made very hard to trace. That’s not about protecting ourselves from government plots. It’s about ensuring our data doesn’t land in the hands of those who might use it nefaruiously.
We saw the consequences of the Ashley Madison data leak apparently leading to the suicides of some men who didn’t want to face the consequences of their infidelity. The impacts of our browser histories being used inappropriately are myriad.
You might not want to hide all your online activity but there are steps you can take to make some of it harder to find.
Comments