Saturday, November 3, 2012

Privacy on the Internet: an introduction

Security
Each time you surf on the Internet, information is being exchanged. You get a lot of great services, many of them for free, but what about your privacy? Do you check what will happen with the information you provide? Which information do you provide unknowingly? This article gives you an introduction to some Internet privacy concepts.

A big misconception: "your IP address has been exposed!" warning

On the Internet, one comes occasionally across banners with a warning: they know your IP address! These banners encourage you to click through to get better Internet privacy.
However, it is normal that they know your IP address: one could compare it with a letter in which you request information. If you do not give your address, the addressee is unable to send you a reply.
IP stands for Internet Protocol and every packet you send over the Internet has an IP source address (your address) and a destination address, e.g. the address of the webserver where a web page you want to visit, resides. Your computer requests the web page and the webserver needs your IP address to send you that page.
There are some cases in which you want to hide this, since your IP address can be linked to your identity. This is of course true when you are conducting illegal activities, but also some more legitimate reasons exist, just think of the Chinese Firewall, Iran and other oppressive regimes that violate human rights. Usually though, one does not care too much about this information being shared (see the widget below) and most users share e.g. their location voluntarily anyway on many websites like Facebook, Google+, ...
There are ways to hide your IP address, like proxies or The Onion Router (TOR), but they are out of the scope of this article.
The most important thing to remember is that the banner warnings you see on the Internet are often scams and that you should not click on them.


Not edible cookies

Many websites on the Internet create small files on your computer, called cookies. In these cookies they keep certain data that can be useful for you: e.g. the language you chose, your account information, contents of your shopping cart on a web shop, etc. Things you want to be remembered. Many sites would not work without them. A cookie can only be read by a the website that created it, or a website belonging to the same domain.
However, not every cookie is useful, some are also used to track your Internet habits: e.g. You visit site A, which has an image or web bug of site C, and a cookie is created. Afterwards you visit site B, which also has an image or web bug of site C on its pages. The owner of site C can now know that you have visited site A in the past and thus he can track a part of your web history.
A common use for this is advertising, where your surfing behavior is used to show better targeted ads to you. This might be seen as an invasion of your privacy and can be used for that purpose explicitly too of course.
Since you would break many websites by disabling cookies, the only thing you can do is visiting trustworthy websites and use a different browser or disable the use of cookies when visiting more obscure sites.

Encryption

The easiest way to start protecting your privacy is through encryption. If you visit a website, in many cases the web page is transmitted in clear text. Everyone who can listen to network traffic between the webserver and you, can see what you see. This is not what you want for passwords, bank transfers, private e-mails, ... Many websites therefor use HTTPS, i.e. HTTP (HyperText Transfer Protocol, web traffic)  over SSL (Secure Sockets Layer, encryption). Sometimes this does not happen automatically, so make sure that you are using HTTPS (check the address bar in your browser)! The Electronic Frontier Foundation (EFF) has created a plugin for Firefox and Chrome to switch automatically from HTTP to HTTPS if it is available, even when the website does not make the switch by itself. You can find it here.
One remark: to let it work correctly with the Followers widget left on this site (and all other sites using this Google Followers widget), you have to disable the rule for Google Services at the moment. I have reported this as a bug.

Conclusion

In this article I have summarized a few very basic concepts in Internet privacy. In the next articles in this series I will introduce a couple of web services and techniques to protect your privacy online! Do you have comments, hints, idead? Please share them in the comments below.

No comments:

Post a Comment