Search TQA Weekly
Log into your TQA Weekly

Extreme Privacy, Failing

A Reality Check into the Lack of Internet Privacy

Steve Smith talks about privacy, and the lack there of. Also mentions methods of transmitting messages more securely, and how some methods fail, because of ISPs.

Episode #4-08 released on November 2, 2013

Are you tired of being tracked by governments around the world? Do you want to take your privacy back? Sure, you do, bad news though, someone else is tracking you, and this agency is known as an internet service provider.

Now for the reality check.

Your internet service provider, also known as an ISP, knows more about your internet usage and history than most governments around the world. They don't just get the meta data, they transmit the actual data to you. They know exactly what you want online, and they can have, if they already don't have, the ability to record everything you do on the internet. Governments and Police agencies after this can easily have a warrant to get your data, and the entire notion of privacy dies right there and then.

Using SSL helps, but the meta data is still passing through the ISP, and there isn't anything you can do about that. They could even act as a man in the middle agent that purposely forces the security for SSL web-sites to be weaker, or worst still, non-existent.

Don't trust your ISP anymore? neither do I. Any solutions? Nope. You can use a VPN, but that VPN passes through, your ISP. They know that you are connecting to a VPN, the can record the traffic, even if they can't decode it right now, but someone may be able to decode it in the future. They do, however, only get one set of meta data, that you use a VPN over SSL, and that is the fact that you are using a VPN.

Now, since it is possible to find the exit node, we can follow your traffic outside the VPN, and the VPN's ISP does know what passes back and forth, even though they can't see the traffic content because of the SSL encryption. However, origin IP is known, and possible content requests are known.

This is when using Tor may help, but you need to be using a VPN service that allows Tor to work. Tor allows users to have packets sent further away without the packets necessarily knowing exactly where they will end up, however, like anything else, if there isn't enough Tor type traffic, it can be detected. And, still, the meta data may be picked up by an ISP.

If you are starting to see a trend, you are not alone, this exists because of the way the internet was designed. There is always a way to be tracked, and always a way to trace it back. In recent history, various Tor onion web-sites like Silk Road, have been taken off line, even though users where following every precaution possible to make their connections as anonymous as possible. On the internet, there is no anonymous, only relocated users. If you wish to have some privacy, keep in mind the meta data will be track, and start using encryption whenever possible.

For e-mail, use PGP encryption to encryption the contents of your message. You may want to refer to the The OpenPGP Alliance before using a commercial PGP service.

Need to see a file online to another person, use Truecrypt, and send the encrypted file to the person of interest, and send the password through another communication method, maybe even in person. You can send an encrypted file, within an email that has been encrypted with PGP, just so you know.

If the thought of sending something over the internet bothers you, or you just don't trust the internet anymore, the sneaker net approach is, also, valid. Far more social, this requires the transition of information or data to be made from a person to a person, until the data reaches its destination. It bypasses all detection, however, what you gain in privacy, you lose in timeliness. If sending data over a USB, please encrypt it, so only the destined receiver can decode the files.

After all this, does a VPN still have a valid use? Yes, it protects you from being the victim of Firesheep, Wireshark, and other inception methods. It allows you to bypass blocked web-sites, and communicate with people you normally couldn't. And you can access all the content you want, that would normally be blocked, just by changing the end point you get your internet from.

Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources