Difference between revisions of "Protecting your Privacy"

From TMB Wiki
Jump to: navigation, search
(More on router configuration)
 
(6 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
''"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks"''
 
''"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks"''
  
…there are any number of reasons you might wish to improve the security and way in which you use the Internet. Its a big topic, so I've made these notes as I fumble my way through the process in the hope they are useful to others.
+
… and many countries already ban freedom of speech by censoring the websites you can access (e.g. [https://en.wikipedia.org/wiki/Great_Firewall The Great Firewall of China]).  There are any number of reasons you might wish to improve the security and way in which you use the Internet. Its a big topic, so I've made these notes as I fumble my way through the process in the hope they are useful to others.
  
 
== Overview and Definitions ==
 
== Overview and Definitions ==
Line 12: Line 12:
  
 
* [https://en.wikipedia.org/wiki/Authorization_certificate Certificates] documents issued by VPN providers to users allowing them to connect securely to their network.
 
* [https://en.wikipedia.org/wiki/Authorization_certificate Certificates] documents issued by VPN providers to users allowing them to connect securely to their network.
 +
* [https://en.wikipedia.org/wiki/HTTP_cookie (HTTP) Cookies] small text files that reside on your computer and detail your preferences on a website and what you have looked at there.
 
* [https://en.wikipedia.org/wiki/Free_and_open-source_software Free Open Source Software (FOSS)] software that anyone is freely licensed to use, copy, study, and change in any way and for which the source code is available.
 
* [https://en.wikipedia.org/wiki/Free_and_open-source_software Free Open Source Software (FOSS)] software that anyone is freely licensed to use, copy, study, and change in any way and for which the source code is available.
 
* [https://en.wikipedia.org/wiki/Gateway_(telecommunications) Gateway]] a server through which you connect from one network to another.
 
* [https://en.wikipedia.org/wiki/Gateway_(telecommunications) Gateway]] a server through which you connect from one network to another.
Line 20: Line 21:
 
* [https://en.wikipedia.org/wiki/Tor_(anonymity_network) TOR] is a network that anonymoises your browsing by routing it through a network of public servers.
 
* [https://en.wikipedia.org/wiki/Tor_(anonymity_network) TOR] is a network that anonymoises your browsing by routing it through a network of public servers.
 
* [https://en.wikipedia.org/wiki/Virtual_private_network Virtual Private Network (VPN)] is a private network that you can connect to over the internet.  Traffic then passes between you and the private network without anyone in between being able to see what is passing between you.  This in essence means you appear to be located wherever the VPN server is physically located.
 
* [https://en.wikipedia.org/wiki/Virtual_private_network Virtual Private Network (VPN)] is a private network that you can connect to over the internet.  Traffic then passes between you and the private network without anyone in between being able to see what is passing between you.  This in essence means you appear to be located wherever the VPN server is physically located.
 +
 +
'''BEFORE PROCEEDING'''
 +
 +
There are two very good resources that it is recommended you use as references, much of the information below is based on these...
 +
 +
  * [https://prism-break.org/en/ Prism Break]
 +
  * [https://www.privacytools.io/ Privacytools.io]
  
 
== Virtual Private Networks (VPN) ==
 
== Virtual Private Networks (VPN) ==
  
This should be your first step in improving your internet security.  Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides.  As of writing there are [https://www.gov.uk/government/publications/draft-investigatory-powers-bill proposals in the draft Investigatory Powers Bill] by the UK Government to force ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news).  By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN.
+
This should be your first step in improving your internet security.  Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides.  The [https://www.gov.uk/government/publications/draft-investigatory-powers-bill Investigatory Powers Bill] came into force in late 2016 in the UK and forces ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news) and make them available to a [http://telegra.ph/Who-your-internet-browsing-history-is-viewable-by-under-the-Investigatory-Powers-Act-11-25 huge swathe of Government bodies].  By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN since data between you and the VPN you are connected to is encrypted.
 +
 
 +
 
 +
=== Protocols ===
 +
 
 +
There are three main protocols you might encounter when using VPN
  
 +
^ Protocol ^ Encryption  ^ Description ^
 +
| PPTP    | MPEE 128 BIT | Oldest and most widely used, built into a lot of software making it simple to use. |
 +
| IPSec  | 128 BIT      | Designed for OSX/iOS its heavy on you CPU but is built into the OS and therefore simple. |
 +
| OpenVPN | 256-bit      | The strongest encryption and very widely used. **Recommended** |
  
 
=== Choosing a VPN service ===
 
=== Choosing a VPN service ===
Line 36: Line 53:
 
...but read the TorrentFreak article and the current policies on the providers website and decide for yourself, as prices and policies can vary over time.
 
...but read the TorrentFreak article and the current policies on the providers website and decide for yourself, as prices and policies can vary over time.
  
== Router Configuration ==
+
== Configuration ==
 +
 
 +
There are a plethora of options when it comes to connecting to VPNs, the most accurate resource for information will be from the VPN service you choose to use so please read their documentation carefully and contact their customer support if you have problems.  What follows is a very broad overview.
 +
 
 +
=== Router Configuration ===
  
 
If you configure your router/modem to use the VPN then any device connected to your home network automatically will have everything routed through the VPN. This has Pros and Cons, on the up side it means you don't have to mess around enabling the VPN connection on each device and starting/stopping it. On the downside it might mean you can't view certain geographically restricted services such as BBC iPlayer if the VPN gateway you use is outside the UK, but on the flipside this might be an advantage if for example you wanted to view films that are only available on US Netflix and not on UK Netflix.
 
If you configure your router/modem to use the VPN then any device connected to your home network automatically will have everything routed through the VPN. This has Pros and Cons, on the up side it means you don't have to mess around enabling the VPN connection on each device and starting/stopping it. On the downside it might mean you can't view certain geographically restricted services such as BBC iPlayer if the VPN gateway you use is outside the UK, but on the flipside this might be an advantage if for example you wanted to view films that are only available on US Netflix and not on UK Netflix.
Line 47: Line 68:
 
* [https://www.dd-wrt.com/wiki/index.php/OpenVPN DD-WRT Wiki : OpenVPN]
 
* [https://www.dd-wrt.com/wiki/index.php/OpenVPN DD-WRT Wiki : OpenVPN]
 
ToDo At present the modem/router I use is pretty crap and doesn't allow you to do this configuration so I am not covering how to do this at present.
 
ToDo At present the modem/router I use is pretty crap and doesn't allow you to do this configuration so I am not covering how to do this at present.
 +
 +
=== GNU/Linux Configuration - NetworkManager ===
 +
 +
ToDo
 +
 +
=== Android ===
 +
 +
=== M$-Windows ===
 +
 +
== TOR ==
 +
 +
ToDo
 +
 +
== Web Browsing ==
 +
 +
You've gone to all this bother of setting up and using a VPN so that your ISP can't see what you are browsing and/or the sites you are viewing think you are in a different location than you are, but there is a key step in staying anonymous on the web that most overlook and can be strongly argued gives away more information about you than anything else....the web browser.
 +
 +
Web browsers are the interface to the vast majority of peoples uses of the internet and as such the way in which they are used has a huge impact on your security and privacy. All browsers have some default security built-in, but they almost all allow the use of [https://en.wikipedia.org/wiki/HTTP_cookie cookies] which websites/services use to not just enhance your browsing, but also keep track of what you do.  Thankfully there are innumerable add-ons/plugins that can be used to improve your security and some suggestions are listed below, but they are by no-means exhaustive.
 +
 +
ToDo - Insert table
 +
 +
=== Synchronising ===
 +
 +
If you use a web-browser that syncrhonises your passwords, bookmarks and browsing history to the internet then this means to a large extent that your attempts to mask your browsing from your ISP are redundant since the details are held in the synchronised account. There are obvious advantages to using such services, but an informed choice of whether to do so is something only you can make. If you're bothered about Governments snooping on your activity then it would be logical to think that you would have similar problems with sharing such information with companies who very often see their users as a commodity and may, or may not, take your privacy seriously.
 +
 +
=== Adverts and Tracking ===
 +
 +
My view on advertising and tracking of browsing habits to “improve” this experience is that I pay for my internet connection so I should choose what passes over it. I appreciate many sites rely on advertising for revenue, but I've never really paid attention to adverts anywhere and the internet is no different, so why should my browsing experience be hampered by having to wait whilst a load of mostly irrelevant adverts that I wouldn't be interested in load. Thus I use the plugins listed above and in addition I have a Raspberry Pi set up and running as a [http://pi-hole.net/ Pi-Hole] to block requests for adverts from ever leaving my local network, further reducing unnecessary bandwidth usage.
 +
 +
For some time there have been browser add-ons that block adverts, recently however some of these have become something of an oxymoron because things like [https://adblockplus.org/acceptable-ads Adblock Plus allow "acceptable ads"] as a means of generating revenue for themselves. Quite how someone else can decide what I consider to be an “acceptable ad” I've no idea, that would require input from me rather than payment from the advertiser to the supposed ad-blocker. Thankfully for now [https://github.com/gorhill/uBlock/ uBlock Origin] (NOT ublock.org) blocks all adverts and uses less memory resources in doing so, thus it gets my recommendation if you're not going to setup [http://pi-hole.net/ Pi-Hole] to block adverts for you.
 +
 +
= User Setups =
 +
 +
Detailed below are some TMB Members setups, they're not necessarily exhaustive in protecting privacy but are provided to hopefully reassure that its not overwhelming to make a few changes gradually to protect your privacy.
 +
 +
== Windows ==
 +
 +
== GNU/Linux ==
 +
 +
== Android ==
 +
 +
== Router ==

Latest revision as of 07:44, 6 December 2016

Internet Security

Its a big deal these days, whether its companies tracking your browsing habits to serve up adverts or the government trying to snoop on your activity under the bullshit pretense that it protects you from 'terrorists', when in reality its an infringement on Article 12 of the UN Universal Declaration of Human Rights which states…

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks"

… and many countries already ban freedom of speech by censoring the websites you can access (e.g. The Great Firewall of China). There are any number of reasons you might wish to improve the security and way in which you use the Internet. Its a big topic, so I've made these notes as I fumble my way through the process in the hope they are useful to others.

Overview and Definitions

A lot of new terms…

  • Certificates documents issued by VPN providers to users allowing them to connect securely to their network.
  • (HTTP) Cookies small text files that reside on your computer and detail your preferences on a website and what you have looked at there.
  • Free Open Source Software (FOSS) software that anyone is freely licensed to use, copy, study, and change in any way and for which the source code is available.
  • Gateway] a server through which you connect from one network to another.
  • Internet Protocol Security (IPsec)] is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each communication session.
  • Internet Service Provider (ISP) is who you pay for an internet connection. Sometimes this will be whoever you have your mobile phone with.
  • OpenVPN Free Open Source Software (FOSS) implementing Virtual Private Network (VPN).
  • Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks.
  • TOR is a network that anonymoises your browsing by routing it through a network of public servers.
  • Virtual Private Network (VPN) is a private network that you can connect to over the internet. Traffic then passes between you and the private network without anyone in between being able to see what is passing between you. This in essence means you appear to be located wherever the VPN server is physically located.

BEFORE PROCEEDING

There are two very good resources that it is recommended you use as references, much of the information below is based on these...

 * Prism Break
 * Privacytools.io

Virtual Private Networks (VPN)

This should be your first step in improving your internet security. Your ISP is capable of logging all of the internet traffic that passes in/out of your house, whether you are browsing the web, torrenting sites, making SSH connections to remote servers, it all passes through your modem and the connection your ISP provides. The Investigatory Powers Bill came into force in late 2016 in the UK and forces ISPs to log a years worth of customers browsing habits at the level of the domain you visit (i.e. http://www.bbc.co.uk/ but not http://www.bbc.co.uk/news) and make them available to a huge swathe of Government bodies. By using a VPN your ISP only sees you making a connection to the VPN and not what you then subsequently browse whilst connected to the VPN since data between you and the VPN you are connected to is encrypted.


Protocols

There are three main protocols you might encounter when using VPN

^ Protocol ^ Encryption ^ Description ^ | PPTP | MPEE 128 BIT | Oldest and most widely used, built into a lot of software making it simple to use. | | IPSec | 128 BIT | Designed for OSX/iOS its heavy on you CPU but is built into the OS and therefore simple. | | OpenVPN | 256-bit | The strongest encryption and very widely used. **Recommended** |

Choosing a VPN service

There are lots to choose from, I'm no expert, so read this detailed article (2014 version) on TorrentFreak who asked a whole host of VPN services to describe their approach to anonymity. A few shortlisted ones to check out are...

...but read the TorrentFreak article and the current policies on the providers website and decide for yourself, as prices and policies can vary over time.

Configuration

There are a plethora of options when it comes to connecting to VPNs, the most accurate resource for information will be from the VPN service you choose to use so please read their documentation carefully and contact their customer support if you have problems. What follows is a very broad overview.

Router Configuration

If you configure your router/modem to use the VPN then any device connected to your home network automatically will have everything routed through the VPN. This has Pros and Cons, on the up side it means you don't have to mess around enabling the VPN connection on each device and starting/stopping it. On the downside it might mean you can't view certain geographically restricted services such as BBC iPlayer if the VPN gateway you use is outside the UK, but on the flipside this might be an advantage if for example you wanted to view films that are only available on US Netflix and not on UK Netflix.

There is a lot of variation in router hardware, most people use those provided by their ISP and are quite likely to find that the supplied router does not support establishing VPN connections (e.g. VirginMedia's SuperHub). You'll most likely need to buy a new router and relegate the ISP one to modem (although choose wisely and you can replace the ISPs router completely). Even then the firmware on the router might not support VPN connections, but all is not lost since FOSS alternatives are available in the form of OpenWRT and DD-WRT that you can flash your router with. If either of these supports a router you have lying around your in business, follow their installation instructions for the model of router you have. If not and you are buying a new router you might want to consider whether it is supported by either of these distributions.

Both distributions have a lot of information on VPN written by people who know far more about networking than this author. You will want to read sections on setting up the router as a client rather than a server since you are unlikely to want to setup your own VPN (unless of course you wish to establish a secure and private connection to your home network whilst away from home).

ToDo At present the modem/router I use is pretty crap and doesn't allow you to do this configuration so I am not covering how to do this at present.

GNU/Linux Configuration - NetworkManager

ToDo

Android

M$-Windows

TOR

ToDo

Web Browsing

You've gone to all this bother of setting up and using a VPN so that your ISP can't see what you are browsing and/or the sites you are viewing think you are in a different location than you are, but there is a key step in staying anonymous on the web that most overlook and can be strongly argued gives away more information about you than anything else....the web browser.

Web browsers are the interface to the vast majority of peoples uses of the internet and as such the way in which they are used has a huge impact on your security and privacy. All browsers have some default security built-in, but they almost all allow the use of cookies which websites/services use to not just enhance your browsing, but also keep track of what you do. Thankfully there are innumerable add-ons/plugins that can be used to improve your security and some suggestions are listed below, but they are by no-means exhaustive.

ToDo - Insert table

Synchronising

If you use a web-browser that syncrhonises your passwords, bookmarks and browsing history to the internet then this means to a large extent that your attempts to mask your browsing from your ISP are redundant since the details are held in the synchronised account. There are obvious advantages to using such services, but an informed choice of whether to do so is something only you can make. If you're bothered about Governments snooping on your activity then it would be logical to think that you would have similar problems with sharing such information with companies who very often see their users as a commodity and may, or may not, take your privacy seriously.

Adverts and Tracking

My view on advertising and tracking of browsing habits to “improve” this experience is that I pay for my internet connection so I should choose what passes over it. I appreciate many sites rely on advertising for revenue, but I've never really paid attention to adverts anywhere and the internet is no different, so why should my browsing experience be hampered by having to wait whilst a load of mostly irrelevant adverts that I wouldn't be interested in load. Thus I use the plugins listed above and in addition I have a Raspberry Pi set up and running as a Pi-Hole to block requests for adverts from ever leaving my local network, further reducing unnecessary bandwidth usage.

For some time there have been browser add-ons that block adverts, recently however some of these have become something of an oxymoron because things like Adblock Plus allow "acceptable ads" as a means of generating revenue for themselves. Quite how someone else can decide what I consider to be an “acceptable ad” I've no idea, that would require input from me rather than payment from the advertiser to the supposed ad-blocker. Thankfully for now uBlock Origin (NOT ublock.org) blocks all adverts and uses less memory resources in doing so, thus it gets my recommendation if you're not going to setup Pi-Hole to block adverts for you.

User Setups

Detailed below are some TMB Members setups, they're not necessarily exhaustive in protecting privacy but are provided to hopefully reassure that its not overwhelming to make a few changes gradually to protect your privacy.

Windows

GNU/Linux

Android

Router