back to article Defend yourself against ISP tracking in an Trump-era free-for-all

ISPs in the US have regained to power to snoop on your internet browsing and sell the results to the highest bidder. Congress has passed news rules under President Donald Trump rolling back earlier restrictions on internet service providers - Verizon, AT&T, Comcast and so on - from selling or otherwise sharing your web browsing …

  1. Anonymous Coward
    Anonymous Coward

    Tor will be even slower than a VPN

    this is not the main issue, the issue is that to get to an alarmingly increasing number of websites via tor, you have to waste your time and give it to google, when you come up again the human v. bot click the street sign tabs shit. And again. And again. Every little helps, said google...

    1. chasil

      Re: Tor will be even slower than a VPN

      This is one of many reasons for us to wean ourselves off of Google.

      We will have to use DuckDuckGo, which has outsourced much of their search infrastructure to Bing (try parallel searches and you will see that they match).

      Our traffic to non-Tor-friendly sites should be the exception, not the rule. They do not observe the consensus.

      What's a consensus?

      http://www.linuxjournal.com/content/tor-security-android-and-desktop-linux

  2. JimmyPage Silver badge
    Boffin

    Ensure your *router* is doing your VPNing ...

    that way there's less danger of forgetting when each device connects.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ensure your *router* is doing your VPNing ...

      The trouble with VPNs is they ironically deanonymise you. Effectively making your traffic stick out like a sore dick. You can use usage patterns to make educated guesses as to whom a traffic belongs to. Or simply go after the VPN provider. A company inherently has less rights than a person does so using a VPN could inadvertantly make you easier to track and open up the possibility of more data about you being uncovered since the network they need to sniff to get the goods doesnt belong to you.

      Unless everyone uses a VPN its not a great way to hide yourself.

      1. Paul Crawford Silver badge

        Re: Ensure your *router* is doing your VPNing ...

        A VPN is not about hiding yourself. They (ISP, gov, etc) already know you so very well. Its about making it harder for the bar stewards to spy on you.

        The other top tip is to go with a VPN provider in another country, ideally not one with odious spying laws like the UK obviously. That way your own gov has to make a proper request to another countries legal system to spy on you. It won't help at all if you are considered a high-value target, but for most people it raises the bar to spying as they can't just lean on the provider using their own secret courts, etc. Sure it won't stop NSA/GCHQ level spying via network compromises, etc, but it sure will stop every jumped up petty bureaucrat or advertising slime-ball from seeing your history in case you have something like the UK's Snopper's Charter giving world+dog access without judicial oversight.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ensure your *router* is doing your VPNing ...

          I disagree.

          A lot of VPN providers out there provide badly configured clients.

          Ive seen many that don't hide your DNS traffic and even more thst fail to set the VPN tunnel as the default route.

          These two flaws alone render the privacy benefits flakey at best.

          Sure, as techies we can easily resolve those issues. But Granny can't. It's largely a false sense of security. Unless some homework is done.

          I test network security for a living and have done for years and I can tell you first hand that theres an awful lot of VPN providers and clients that are weak as fuck rendering the standard "get a VPN in a different country" advice generally very poor because it is incomplete advice.

          If purchasing a VPN service you must ensure the following:

          1. Does the VPN use a cryptographically secure cipher?

          2. Can you use a VPN client of your choice? Can you keep the connection open permanently?

          3. Is your default gateway the VPN tunnel?

          4. Is DNS being sent entirely over the tunnel? (check www.dnsleaktest.com makre sure your ISP DNS servers arent showing up) can the DNS provider the VPN provider uses be trusted?

          5. Can you use DNSCrypt over the VPN?

          6. Don't enable flash.

          7. Disable location tracking in your browser.

          8. Disable WebRTC in your browser. (www.whoer.net to see the info your browser is giving away).

          9. Install uBlock and HTTPS everywhere plugins.

          10. Install noscript.

          11. Disable all browser pre-fetching features.

          Follow these steps and you're on your way. This should minimise the amount of leakage.

          Or

          Just get a VPN in another country!

          Choose your advice wisely.

          1. Paul Crawford Silver badge

            Re: A lot of VPN providers out there provide badly configured clients.

            As with any system, test it. Test it again. FOR FSCK SAKE, TEST IT! These are a start:

            https://www.ipleak.net/

            https://www.dnsleaktest.com/

            No doubt many more exist. The point is, don't use anything important without regular testing. Oh and please don't use PPTP either as its known to be poor security.

    2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    DNSCrypt

    Can reduce the amount of info youf give to ISPs where DNS leakage is concerned.

    https://dnscrypt.org

    Couple that with an SSH tunnel (with DNSCrypt at the other end as well) and you become that much harder to profile.

    Use the Cryptostorm DNS servers (because they don't log anything) and you'll be a pain in the ass to track and follow.

    1. 1Rafayal

      Re: DNSCrypt

      +1 for DNSCrypt

  4. A Non e-mouse Silver badge

    Ars Technica has just published an article about setting up your own VPN server.

    arstechnica.co.uk/gadgets/2017/05/how-to-build-your-own-vpn/

  5. Anonymous Coward
    Anonymous Coward

    Hmm

    Not sure the elites have thought this through.

    Most ad networks don't count views from VPNs / Cloudservers as valid impressions or clicks. Given that ad slinging is the new land grab for fat cats (who probably had a hand in this), they've scored a fantastic own goal here.

    A lot of VPNs and DNSCrypt services have ad blocking built in. Therefore you're forcing people to go down tje road of ad blocking unwittingly.

    So they appear to be swapping highly targeted advertising for vague non-specific ISP data that can't accurately be tied to a specific individual.

    Am I the only one here that can't see the logical business case here?

    1. Your alien overlord - fear me

      Re: Hmm

      So advertisers will have to adopt the TV approach whereby they push adverts for Saga holidays/funeral costs to sites used by OAPs, baby cough medicine on mums.net etc.

      I just wish companies wake up and realise web advertising often harms their business/reputation rather than driving customers to them.

    2. PerlyKing
      Big Brother

      Re: Hmm

      As usual with this stuff, people who read this type of article are in a tiny minority. The "elites" don't care if 0.01% of users wise up and start trying to defend their (illusion of?) privacy - they're after the ad revenues from the vast majority who either don't care, or don't know enough to care.

      If the minority gets big enough, they'll outlaw VPNs "for our own good".

      1. Steve Davies 3 Silver badge

        Re: Hmm

        quote:-

        If the minority gets big enough, they'll outlaw VPNs "for our own good".

        And all the businesses that use VPN's to get to their corporate networks? What of them then?

        Banning all VPN's would not work. The French tried it back in the days of Dialup.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hmm

          "And all the businesses that use VPN's to get to their corporate networks? What of them then?"

          Hmm...let me check the standard Tory "what to do in a crisis manual"

          In the case of......blah blah....beligerent peasants...blah...small businesses...blah...take the view...

          It says "Fuck em"...page 782, paragraph 18...right there...between the "disableds", "over 70s" and "middle class" section...where it also says "fuck em".

          Interestingly the section on fox hunting has "fuck em" crossed out.

      2. Phukov Andigh Bronze badge

        Re: Hmm

        it's mainly when Whatever that the People use to protect themselves becomes Trendy or Big News enough to get the attention of our "leadership".

        as long as not enough congresscritters hear the term "vpn" we're okay.

        But as soon as CNN carries a "VPN: is it killing our children?" story, we're done for. You'll be purchasing "80% router kits" and your Media will carry stories about people being arrested for "a large cache of IPs". And of course before each legislative subtraction of your technological rights, will be a prominent "incident" where some ne'er-do-well committed some crime and that technological privacy was either helping in the crime, incidental, or happened to be in possession of the crook, any possible FUD connection.

        When I first turned 21, I finally had enough money to take one of two choices-buy a handgun or a computer. I chose the most dangerous one, and made a career out of it, and I fear I will tell kids of the days when computers were once mail order items and required no waiting periods, registrations, special training or age limits.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hmm

          "I will tell kids of the days when computers were once mail order items and required no waiting periods, registrations, special training or age limits."

          Them crazy kids will be 3D printing their own VPNs in their bedrooms by then then tje plans will leak online.

          Im looking forward to telling my grandkids what it was like to use airtravel without being in a straight jacket, inside a metal container and getting a hand up your arse at passport control.

          Like smoking on a Zeppelin, I think laptops in flight will one day be laughed at.

          1. asickness231
            Gimp

            Re: Hmm

            'I will tell kids of the days when computers were once mail order items and required no waiting periods, registrations, special training or age limits.'

            "Them crazy kids will be 3D printing their own VPNs in their bedrooms by then then tje plans will leak online."

            I'll be 3d printing a fully automatic VPN for my cyber brain by then.

    3. asickness231
      Gimp

      Re: Hmm

      I think the business case here is additional data being made available. It ironically a similiar line of thinking that drives R&D budgeting. They don't know the exact application yet, but they know that all data can be used for something. Data is a ridiculously valuable commodity right now. A few $100,000 to a handful of politicians is a paltry sum considering the possible reward. Would it be hard to believe a company like Comcast throwing down a few million for the chance to sell data like this?

  6. Anonymous Coward
    Anonymous Coward

    StartPage and ixquick proxy

    StartPage and the ixquick proxy claims to not store information about you. (is that true?) As long as you don't want cookies or javascript then it will allow you to browse pages anonymously.

    1. Anonymous Coward
      Anonymous Coward

      Re: StartPage and ixquick proxy

      Since scripts are disabled and most sites won't work without them, Startpage only really secures your searches etc. But they're EU based and safer than DuckDuckGo, whose Yahoo partnership is unacceptable considering they let hackers in and bypassed their own security teams just to please US Govt Inc!

  7. Anonymous Coward
    Anonymous Coward

    Are the ISPs allowed to do a MITM using their own certificates like an intranet does? In that way they could see your HTTPS traffic content.

    1. LDS Silver badge

      They would need a CA installed on your systems to accept the fake certificates it generates for the sites you visit. I wouldn't be surprised if an ISP attempted that, as part of the contract rules...

      1. Anonymous Coward
        Anonymous Coward

        "as part of the contract rules..." in the tinest small print, then shoving the certificate in with the installer for the router software you don't need. 90% of victims sorted, now if we can just get these techies too.

  8. Anonymous Coward
    Unhappy

    I think the battle has been lost

    The only way to be not tracked on the internet is to not use the internet. Oh well, it was fun while it lasted.

    1. Anonymous Coward
      Anonymous Coward

      Re: I think the battle has been lost

      Or use some other person's computer and let them get bombarded with the porn ads later on.

      1. Charles 9 Silver badge

        Re: I think the battle has been lost

        "Or use some other person's computer and let them get bombarded with the porn ads later on."

        No, because of home LANs, they've found ways to distinguish two or more users using the same external IP, using things like behavioral analysis.

        1. Kiwi Silver badge
          WTF?

          Re: I think the battle has been lost

          "Or use some other person's computer and let them get bombarded with the porn ads later on."

          No, because of home LANs, they've found ways to distinguish two or more users using the same external IP, using things like behavioral analysis.

          Er, and if you don't even know that I am using your network, how the hell can you tell your ISP who I am hmm? How can they know who I am when you tell them "Nope, no one else uses the internet here, just me" hmm? How the fuck is "behavioural analysis" going to tell them who I am if you're telling them only you use the connection" All their BA BS is going to tell them is that you visit those sites.

    2. Anonymous Coward
      Anonymous Coward

      Re: I think the battle has been lost

      I don't surf the internet!

      *Cough*

      Oh wait...

      Fuck!

  9. Anonymous Coward
    Anonymous Coward

    Good ideas, but...

    .... there could be downsides.

    If you ever become of any interest to the security or immigration services then extensive use of VPN and TOR could make for a difficult meeting.

    For some levels of security clearance you will be asked if you have ever browsed via VPN (they will almost certainly know the answer beforehand) and if you have they don't like it.

    1. Paul Crawford Silver badge

      Re: Good ideas, but...

      "For some levels of security clearance you will be asked if you have ever browsed via VPN (they will almost certainly know the answer beforehand) and if you have they don't like it."

      Really? I would have though that knowing how to protect your privacy and security (more so when using dodgy "free wifi" on the move) would be a definite advantage for someone they don't want leaking information or being blackmailed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Good ideas, but...

        Paul , they want to know who you message, what sites you use, whether your browsing reveals blackmail potential like gambling or risky dating. If they can't see your browsing history other than the connection times to a VPN then there's a huge hole in their knowledge about you. The vetting people are suspicious enough as it is and being this anonymous online would heighten the suspicion that you're hiding something. I think it would make UK clearance of DV and above problematic.

        1. Paul Crawford Silver badge

          Re: Good ideas, but...

          Hmm, I wonder how they ever managed to vet people before they spaffed everything on line?

          1. Anonymous Coward
            Anonymous Coward

            Re: Good ideas, but...

            "Hmm, I wonder how they ever managed to vet people before they spaffed everything on line?"

            Many years ago someone told me that they had been quite amused when the Saturday market stall - on which they worked way back in their teens - was approached as part of a vetting.

            In those days some of the questions were things like whether he had shown any interest in having boyfriends rather than girlfriends. Apparently they didn't actually care about his predilections - as long as they knew what they were. If that sort of thinking still pertains then VPNs or TOR usage could make them twitchy.

        2. 1Rafayal

          Re: Good ideas, but...

          Again, corporate use.

          How could an ISP in the UK find a good reason for banning VPN connections when a large part of our office workforce uses them either to connect to services at work, or to connect to work from home?

          Or is this "elitism"?

          1. Charles 9 Silver badge

            Re: Good ideas, but...

            Sanctioned VPNs with key escrow, then.

          2. Roland6 Silver badge

            Re: Good ideas, but...

            How could an ISP in the UK find a good reason for banning VPN connections when a large part of our office workforce uses them either to connect to services at work, or to connect to work from home?

            Short memory 1Rafayal?

            It was only a few years back that many 'residential' ISP's eg. Sky, Virgin etc. either did (and probably still do) block or made it difficult to use the sorts of VPN/RDP technologies commonly used by business. If you questioned them, they would point to their residential service T's&C's which excluded business usage...

            1. 1Rafayal

              Re: Good ideas, but...

              @Roland,

              ISP's typically dont block VPN connections.

              Same goes for RDP, they can block the standard port, but that doesnt stop you from connecting on a different port, one that ISP's have no clue about.

              As far as I know right now, the only ports blocked by UK ISP's are for email.

              1. Sixtysix
                Alert

                Re: Good ideas, but...

                1Rafayal: "ISP's typically dont block VPN connections... Same goes for RDP..."

                Now, maybe (monitoring comments aside), but going back a good few years, yes they most certainly DID.

                And would do all they could to make life awkward for people who knew what they were doing "it only works if you use our kit". And would stonewall you if you had the temerity to actually be *able* to talk intelligently about multiplexing, interleaving, connections strings, proxy and DNS settings and etc..

                Heaven help those poor fools who wanted to use their own modems/servers/networking/routing, because the only way to make it work was to pretend that you didn't and wrinkle the information out of unsuspecting support staff, hacked kit, or of a BBS somewhere. There was another option - switch to one of the very few, pricey, ISPs who knew that techies took longer to set up, but then only needed help if something had really gone wrong (Demon FTW).

        3. Anonymous Coward
          Anonymous Coward

          Re: Good ideas, but...

          >> whether your browsing reveals blackmail potential like gambling or risky dating.

          I make my living by punting on the horses and I have met my wife via the HorseyHotties* dating site so I really wonder if there is any scope for blackmail remaining.

          *This may explain why I have gone all AC.

  10. jason.bourne
    Big Brother

    New markets

    People weren't willing to use windows without being logged in as an admin account, so we created anti-virus.

    People weren't willing to enable a simple S25R regex to their mail servers, so now we have anti-spam.

    People didn't force ISP's to enable ingress / egress filtering of IP space they own, so now we need CDN's to mitigate DDoS.

    People weren't willing to build their own VPN's and force websites to encrypt everything and sue ISP's that tamper with their traffic, so now we will have a new VPN market.

    What is the root cause?

  11. Bill Gray

    Is this true?

    OK, go easy on me; this is well outside my realm of expertise :

    "...[Even with HTTPS, your ISP] can still learn a heck of a lot about your request such as the base domain. It can see that you've requested, for example, wikipedia.org, even if it can't see which page <strikeout>your</strikeout> you're connected to"

    I interpret this to mean that, when I ask for https://www.xyz.com/randompage.html?etc,

    the ISP will know I've requested something from xyz.com, but won't know it was randompage.html?etc.

    If my ISP knows that I access Wikipedia, DuckDuckGo, etc., _but not what exactly I was after_, I don't mind all that much. I suppose what I'd then wish to have is the ability to tell my browser that certain sites go through my ISP, and everything else through a VPN.

    I'd even be willing to fork over money to my ISP if they would, internally, VPN any of the traffic I _did_ send through them. That is to say, Google, etc. would know that a page had been requested, but not that the request had come from me. Seems to me the ISPs might wish to do that anyway, since they are now (in theory) competitors with Google for learning everything about you. (Though I suppose they may set up deals: "we'll tell you who asked for that page if you'll tell us which page they asked for.")

    1. cbars

      Re: Is this true?

      Well, you might not mind if they only know the domain. But the joy comes with the definition of ICRs (speaking from the UK - and haha, there is no definition). If they know the domain, and the exact time of the connection, they can shifty off and demand further info for the "Internet Connection Record" from the domain in question for your IP, e.g. from the HTTPS log - which will have the page, url parameters etc all sat in there.

      And because they can, I expect this will all be automated, queue the following (wild speculation) web service conversation:

      Random gov department > ISP : Give me domains accessed in the last 24 hours of citizens in the range 1 - 500,000

      Random gov department > Common Domains A-X : Give me the page and parameters and anything else you've got

      Ta dah, HTTPS is now pointless for any domains under the jurisdiction of Random gov Department (so probably all sites within 5-Eyes countries).

      vs. using a VPN. Exactly the same as above for VPN providers within 5 Eyes states, but a VPN company who sticks fingers up to 5-Eyes authorities will mean you will only get that info handed over if you are an actual person of interest and Random gov Department are really motivated - as opposed to me: a person. I think for a democracy to function properly, and to avoid some nut job getting a list of people who disagree with them (who may or may not be May), lists/categories of people/opinions should not be accumulated.

      1. Bill Gray

        Re: Is this true?

        "...If they know the domain, and the exact time of the connection, they can shifty off and demand further info"

        True enough. I'm thinking in terms of protection from marketing of data by my ISP and other large corporations. If my government really takes that level of interest in me, I'm not sure there really is a defense. (Though I agree, it should be made as difficult as possible for them. Personally, I lead a boring life and can't think of anything I've done on-line that needs to be private. But it's my duty, as a patriotic American, to help my country (and yours) not slide further into totalitarianism.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Is this true?

          There was an El Reg article recently that said even encrypted pages have a dynamic "signature" that makes it possible to determine which page was being accessed on a domain.

    2. Olivier2553 Silver badge

      Re: Is this true?

      "I'd even be willing to fork over money to my ISP if they would, internally, VPN any of the traffic I _did_ send through them."

      If your ISP does the VPN for you, that means they see all your traffic in clear and the can monetize that information (which is the point of the article).

      To be effective, VPN must start at your computer (or at the gate of your house).

  12. frank ly Silver badge

    What is metadata, exactly?

    "It can see that you've requested, for example, wikipedia.org, even if it can't see which page your connected to."

    I searched for 'peanut butter' on Wikipedia and my browser address then contained the following text:

    "https://en.wikipedia.org/wiki/Peanut_butter"

    Doesn't that text get sent to the ISP, in plain? Similarly for Goggle searches, eBay searches, etc?

    1. User McUser

      Re: What is metadata, exactly?

      With HTTPS, your ISP will know:

      * A computer with the IP address they assigned to your endpoint did a DNS lookup for "en.wikipedia.org"

      * That computer then connected to port 443 of the IP address returned from the DNS query.

      * The amount of data that was exchanged between the two and the amount of time it took.

      But that's pretty much all they get with HTTPS; the rest of the connection info, including the requested URI, is encrypted.

      1. GloomyTrousers
        Big Brother

        Re: What is metadata, exactly?

        "the rest of the connection info, including the requested URI, is encrypted." - not quite true: SNI (Server Name Indication) leaks the hostname you're requesting as part of the TLS (HTTPS) handshake. As you say they can also infer it via the DNS lookup, but in practice they probably wouldn't do it that way.

      2. Bill Gray
        Pint

        Re: What is metadata, exactly?

        @User McUser :

        "...But that's pretty much all they get with HTTPS; the rest of the connection info, including the requested URI, is encrypted"

        Thank you; that's what I was looking for in my query above.

        It sounds as if using my ISP directly to access Wikipedia, Google, etc. tells my ISP I'm pretty much like any other Internet user. If I want to access a site associated with sedition, blasphemy, pornography, and acts contrary to the laws of Dog and man, I should go through Tor or a VPN and accept the slowdown implicit in that.

    2. Anonymous Coward
      Anonymous Coward

      Re: What is metadata, exactly?

      "Doesn't that text get sent to the ISP, in plain? Similarly for Goggle searches, eBay searches, etc?"

      StartPage has a user option that by default sends your search request as an HTTPS request as a POST rather than a GET. The POST method sends the search parameters as a block of encrypted data - not as part of the request URL.

      1. Anonymous Coward
        Anonymous Coward

        Re: What is metadata, exactly?

        "StartPage has a user option that by default sends your search request as an HTTPS request as a POST rather than a GET. "

        However - a quick test with WireShark suggests that the GET on HTTPS isn't visible on the wire?

        Not that I am confident about my setting the right options for WireShark to do that. Basically I just switched off TCP decode - and then did a "find" on a "string".

        Did StartPage use to be an HTTP connection where GET and POST did make a difference to visibility on the wire?

        1. Olivier2553 Silver badge

          Re: What is metadata, exactly?

          POST like GET are encrypted when using HTTPS:

          1) HTTPS connect to the server

          2) establish the encryption

          3) start asking for a page and providing additional parameters

          But because of it's design, there is no virtual hosting with HTTPS, so the IP address corresponds to one and only one server.

          1. Charles 9 Silver badge

            Re: What is metadata, exactly?

            Oh? What about SNI?

          2. Kiwi Silver badge
            Boffin

            Re: What is metadata, exactly?

            But because of it's design, there is no virtual hosting with HTTPS, so the IP address corresponds to one and only one server.

            There isn't? Quick, someone tell all those places with shared HTTPS hosting that they can't do that! And tell Apache and Nginx that they have it wrong as well! </sarc>

            I have my own domains on HTTPS thanks to LetsEncrypt, on one machine, with no problems. I know a number of other providers including "free" hosting services manage this. My systems are done via virtual hosting (even says so in the conf files) and I assume the others are as well.

  13. Anonymous Coward
    Anonymous Coward

    you're probably waaay too late

    if only now are you getting serious about security because of partisan FUD-ery and think that your government respected your privacy until suddenly in November "everything changed", well, privacy left the barn and all your shouting and concern is not bringing that horse back.

    Still, better that people start doing something now that it's politically correct to be paranoid again, I suppose. good on Chump for bringin' "don't trust the government" back.

    Tho sadly when party balance changes, most are gonna start singing hosannahs again and follow the official "Everything is Fine Now" (tm) line and let their security AND privacy concerns lapse-in spite of many more whistleblowers being silenced or marginalized by "their guy". Which then leads to all the open holes that need to be patched when the Fear Cycle begins again.

    Never complacency. Never let Someone Else do what you can and must do yourself. No matter what Brand is advertised as "leadership".

    Tinfoil is overrated. Mine's the one with the Faraday cage lining and the wide brim...not looking up! :P

    1. Anonymous Coward
      Anonymous Coward

      Re: you're probably waaay too late

      Then they just "accidentally" send a gas that dazes you for long enough to slip up. Remember, the bad guys only have to be lucky ONCE.

      Oh, and that wide brim? Useless against ground-level cameras.

  14. tiggity Silver badge

    Tor

    Is often not a great panacea - depends what sites you visit

    So many sites blacklist access from well known tor endpoints.

    Although Tor is in theory a great solution for people under oppressive regimes to have a less risky way of accesing the internet (not risk free, as there have been plenty of tor deanonymize methods used in the past) it is too often used by attackers. I have websites that block known tor IPs, not to be nasty to someone in dodgy country X wanting to browse the site avoiding the regime knowing, but to protect from attackers hiding behind tor.

    1. Anonymous Coward
      Anonymous Coward

      Re: Tor

      I sort of agree. For the most part though the deanonymising methods are largely theoretical. Most people caught doing dodgy stuff on Tor were caught using offline means or just solid policework.

      As long as you have no daft compulsions, delusions of grandeur and you know hownto harden a browser, Tor is still pretty solid.

      1. Anonymous Coward
        Anonymous Coward

        Re: Tor

        "Most people caught doing dodgy stuff on Tor were caught using offline means or just solid policework."

        The favoured method seems to be to capture a server - or even set up an undercover operation that does the dodgy business itself. Then zero-day exploits can be used to plant a trojan on the TOR user's PC - which can then leak information.

        IIRC There have been several cases of USA undercover operations turning out to be the biggest suppliers of something illegal once they established their credibility.

  15. Amorous Cowherder
    Big Brother

    You literally are a number, not a free person.

    The saddest truth of all is that the ISPs don't care and the Gov really don't care about 99% of what we do, the only people who care are the scumbag ad-men. Everything you do can be sliced and diced to provide lots of useful info that can be used to direct ad campaigns. That's it, the value comes from having real data about real people's habits, they don't even need to have any sort of names attached, just the data.

    They don't want to know you as you're name is irrelevant, they'd be happy to have your data anonymised 'cos all they need is a constant stream of real data from real people to fill their huge data warehouses in order to make sure the ad campaigns are worthwhile and costs effective. All you are is just a stack of stats and nothing more. Once collection is part of the status quo, the Gov will go quiet they've won, they'll be able to pick you out of a stream of thousands of others simply by your habits.

    Want to stop it? Log off now, stop using the internet...oh wait you can't because all the services you need, Gov, local Gov, banks, utilities, shopping, it's all online and it ain't going offline ever again.

    We're 100% screwed, so get used to it!

    1. Anonymous Coward
      Anonymous Coward

      Re: You literally are a number, not a free person.

      "[...] the only people who care are the scumbag ad-men."

      Democratic governments often deliberately tie their own hands with checks and balances in areas of collecting personal data. They are well aware that a future government could misuse that collated data to winkle out anyone who might oppose their ideology. It has happened in the past - consider Godwin's Law invoked.

      1. Anonymous Coward
        Anonymous Coward

        Re: You literally are a number, not a free person.

        And those governments soon get attacked. Face it. The very freedoms you cherish WILL be the ones that destroy you: part and parcel. Which basically leaves you two choices: the police state or anarchy. Anything in between will simply gravitate towards one or the other, long-term, whether you like it or not.

      2. Anonymous Coward
        Anonymous Coward

        Re: You literally are a number, not a free person.

        Democratic governments? I've read about them in the history books (ancient history). I remember once seeing such thing in a museum. These days ...

  16. Anonopzz

    Next to VPN I would suggest also switching search engine. I don't think I have to explain that Google is a privacy disaster. I use Startpage.com, gives me perfect results (same as Google) AND complete anonymity.

    By the way, I really dont like Tor Browser and I hope they will be more user friendly in the future. Will be stuck to Brave for a little while

    1. julian.smith

      Defending ....

      There is another significant benefit in using a properly configured Startpage - you get the unfiltered Internet search you requested rather than the Google "filter bubble" - it's well explained on the Startpage, er homepage.

    2. Alumoi

      gives me perfect results (same as Google)

      Wow, Google giving perfect results? That's a new one. Google is giving what they think you are looking for, not what you are looking for.

      Do a simple comparison: sign off Google/Facebook/whatever, clear cookies, data and storage, search for the same term in Google vs. Duck and see for yourself.

  17. Jimmy Cohen

    Compromising in speed is still better ha comprising the data. Even, speed does not decrease much. I am using Ivacy VPN for more than two years and I never felt a major difference in speed with and without VPN.

  18. privacychair

    Official Senate Bill

    If anyone is interested in the exact Senate bill, here is a link to it.

    https://www.congress.gov/bill/115th-congress/senate-joint-resolution/34

    For the record, Jeff Flake says he wants privacy rules, just not these ones. :( When asked which ones, he replied that he wanted fair ones, but he failed to articulate what fair meant.

  19. David_Michaels

    Experience with Pure VPN

    This article is surely an alarming situation for all the Internet Users, their personal info and all other details related to them are being watched, sold, being used in many ways.It was main concern for me also few months back as I don't want to share details be it with Banks, Office or ISP. I researched about the ways to secure the data and found multiple options among which using VPN was recommended to be the most effective one, did the research again about the best available options for VPN that would be more effective and cheap, so took a step and started using pure vpn. Its effective and cheap in my point of view and also from feedback of its users

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019