Protecting your Privacy
From TMB Wiki
Its a big deal these days, whether its companies tracking your browsing habits to serve up adverts or the government trying to snoop on your activity under the bullshit pretense that it protects you from 'terrorists', when in reality its an infringement on Article 12 of the UN Universal Declaration of Human Rights which states…
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks"
… and many countries already ban freedom of speech by censoring the websites you can access (e.g. The Great Firewall of China). There are any number of reasons you might wish to improve the security and way in which you use the Internet. Its a big topic, so I've made these notes as I fumble my way through the process in the hope they are useful to others.
Overview and Definitions
A lot of new terms…
- Certificates documents issued by VPN providers to users allowing them to connect securely to their network.
- (HTTP) Cookies small text files that reside on your computer and detail your preferences on a website and what you have looked at there.
- Free Open Source Software (FOSS) software that anyone is freely licensed to use, copy, study, and change in any way and for which the source code is available.
- Gateway] a server through which you connect from one network to another.
- Internet Protocol Security (IPsec)] is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each communication session.
- Internet Service Provider (ISP) is who you pay for an internet connection. Sometimes this will be whoever you have your mobile phone with.
- OpenVPN Free Open Source Software (FOSS) implementing Virtual Private Network (VPN).
- Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks.
- TOR is a network that anonymoises your browsing by routing it through a network of public servers.
- Virtual Private Network (VPN) is a private network that you can connect to over the internet. Traffic then passes between you and the private network without anyone in between being able to see what is passing between you. This in essence means you appear to be located wherever the VPN server is physically located.
There are two very good resources that it is recommended you use as references, much of the information below is based on these...
Virtual Private Networks (VPN)
This should be your first step in improving your internet security. Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides. The Investigatory Powers Bill came into force in late 2016 in the UK and forces ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news) and make them available to a huge swathe of Government bodies. By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN since data between you and the VPN you are connected to is encrypted.
There are three main protocols you might encounter when using VPN
^ Protocol ^ Encryption ^ Description ^ | PPTP | MPEE 128 BIT | Oldest and most widely used, built into a lot of software making it simple to use. | | IPSec | 128 BIT | Designed for OSX/iOS its heavy on you CPU but is built into the OS and therefore simple. | | OpenVPN | 256-bit | The strongest encryption and very widely used. **Recommended** |
Choosing a VPN service
There are lots to choose from, I'm no expert, so read this detailed article (2014 version) on TorrentFreak who asked a whole host of VPN services to describe their approach to anonymity. A few shortlisted ones to check out are...
...but read the TorrentFreak article and the current policies on the providers website and decide for yourself, as prices and policies can vary over time.
There are a plethora of options when it comes to connecting to VPNs, the most accurate resource for information will be from the VPN service you choose to use so please read their documentation carefully and contact their customer support if you have problems. What follows is a very broad overview.
If you configure your router/modem to use the VPN then any device connected to your home network automatically will have everything routed through the VPN. This has Pros and Cons, on the up side it means you don't have to mess around enabling the VPN connection on each device and starting/stopping it. On the downside it might mean you can't view certain geographically restricted services such as BBC iPlayer if the VPN gateway you use is outside the UK, but on the flipside this might be an advantage if for example you wanted to view films that are only available on US Netflix and not on UK Netflix.
There is a lot of variation in router hardware, most people use those provided by their ISP and are quite likely to find that the supplied router does not support establishing VPN connections (e.g. VirginMedia's SuperHub). You'll most likely need to buy a new router and relegate the ISP one to modem (although choose wisely and you can replace the ISPs router completely). Even then the firmware on the router might not support VPN connections, but all is not lost since FOSS alternatives are available in the form of OpenWRT and DD-WRT that you can flash your router with. If either of these supports a router you have lying around your in business, follow their installation instructions for the model of router you have. If not and you are buying a new router you might want to consider whether it is supported by either of these distributions.
Both distributions have a lot of information on VPN written by people who know far more about networking than this author. You will want to read sections on setting up the router as a client rather than a server since you are unlikely to want to setup your own VPN (unless of course you wish to establish a secure and private connection to your home network whilst away from home).
ToDo At present the modem/router I use is pretty crap and doesn't allow you to do this configuration so I am not covering how to do this at present.
GNU/Linux Configuration - NetworkManager
You've gone to all this bother of setting up and using a VPN so that your ISP can't see what you are browsing and/or the sites you are viewing think you are in a different location than you are, but there is a key step in staying anonymous on the web that most overlook and can be strongly argued gives away more information about you than anything else....the web browser.
ToDo - Insert table
If you use a web-browser that syncrhonises your passwords, bookmarks and browsing history to the internet then this means to a large extent that your attempts to mask your browsing from your ISP are redundant since the details are held in the synchronised account. There are obvious advantages to using such services, but an informed choice of whether to do so is something only you can make. If you're bothered about Governments snooping on your activity then it would be logical to think that you would have similar problems with sharing such information with companies who very often see their users as a commodity and may, or may not, take your privacy seriously.
Adverts and Tracking
My view on advertising and tracking of browsing habits to “improve” this experience is that I pay for my internet connection so I should choose what passes over it. I appreciate many sites rely on advertising for revenue, but I've never really paid attention to adverts anywhere and the internet is no different, so why should my browsing experience be hampered by having to wait whilst a load of mostly irrelevant adverts that I wouldn't be interested in load. Thus I use the plugins listed above and in addition I have a Raspberry Pi set up and running as a Pi-Hole to block requests for adverts from ever leaving my local network, further reducing unnecessary bandwidth usage.
For some time there have been browser add-ons that block adverts, recently however some of these have become something of an oxymoron because things like Adblock Plus allow "acceptable ads" as a means of generating revenue for themselves. Quite how someone else can decide what I consider to be an “acceptable ad” I've no idea, that would require input from me rather than payment from the advertiser to the supposed ad-blocker. Thankfully for now uBlock Origin (NOT ublock.org) blocks all adverts and uses less memory resources in doing so, thus it gets my recommendation if you're not going to setup Pi-Hole to block adverts for you.
Detailed below are some TMB Members setups, they're not necessarily exhaustive in protecting privacy but are provided to hopefully reassure that its not overwhelming to make a few changes gradually to protect your privacy.