This post is taking rather longer than I expected to write and is sort of a follow up to both “Internet freedom and you” and more specifically to “Anonymity through generosity“, following in the same general direction to those I doubt I’m going to say anything new. However with laws being proposed to let Councils snoop on phone calls and emails and more worryingly the EC data retention directive coming in to force on 6th April 2009, that revisiting what “normal” users can do to protect themselves might be worth while.
I’m of the opinion that most users would be more careful of their on-line habits if they knew what they were actually doing, and if that information were easily accessible, so the more guides of this kind the better. Leg Iron provides a quick guide on keeping your real and on-line identities separate (something that gets harder the longer you’re on line and the more you communicate) and the truly excellent Hints and Tips for Whistleblowers which is probably far more than most users need. Given all this material all ready available I want to try to look more at some of the other things you can do to make yourself less traceable on a day to day basis and at the same time help those that perhaps need a greater degree of protection.
Whilst data-mining for terrorists as the government claims to intend won’t work it will work quite well as a means to stifle and control general debate. That this is actually part of their intent is I feel made quite clear by the EC’s expressed desire to regulate on line journals, and made far easier the more we all use the same tools (google, facebook, blogspot etc.) as it’s much easier to query one database than to have to collate information from many. So whilst unless you take substantial measures it isn’t possible to be anonymous on the internet (I used to have some gainful employ demonstrating to spammers and the like how findable they were) you can easily make yourself less visible and make life generally harder for those that would monitor everything we say and who we say it to.
Patterns matter – the perils of Google
In many cases exactly what you’re doing and what you’re saying isn’t important at least not initially. What is of interest at first is where you’re going and who you’re talking to, if you’re not already convinced of this read this bbc report on the governments desire to “monitor” social networking sites. This is where the centralisation of tools into a few large companies (mainly Google) becomes a bad thing. If you’re using firefox then with out your knowing it you’re using Google to check every page you visit against their black list, and are potentially agreeing to google’s Safe browsing and general terms of service, both of which they can change at any time. This relationship isn’t mention in the firefox features page, nor is it easily turned off.
To turn off this feature you need to go to:
about:config
Go past the big scary warning message telling you that here be dragons
and then search for:
safebrowsing
I should point out that the data sent is, according to Google, impossible to link to a specific website (at least that’s what the terms of service currently say).
Assuming that you don’t use gmail or any of the other google services that set a uniquely identifiable cookie to link all your habits together, you’re still sending them a lot of data due to the number of sites using googleadservices and googlesyndication for adverts and google analytics for their web site monitoring, all of which is tied to your IP address which your ISP logs (they have to do this), and is now required to keep (they have no need to do this, and didn’t use to).
The problem with avoiding some of these is that it also impacts the web services you want to use and so makes it harder for them to remain viable, as it’s currently very unfashionable to expect anyone to pay for on-line content these days. But installing a plug in such as ad-blocker and blocking these and related domains will reduce the data you leave lying around.
Kurt’s Thoughts has more on How to avoid being tracked by Google. I don’t intend this to be an anti google post but they are unfortunately the biggest problem in this area and so are a good place to start. Even if they are as trustworthy and nice as they claim, they are still a nice single target for governments to go for. Most of the methods to avoid google can also be used for other such data gatherers and the various AD blocking utilities (such as Ad Block plus can be easily co-opted to assist in this endeavour.
This first step reduces the weight of your foot prints, the next step is to add chaff to your traffic so what’s important isn’t so obvious. Sticking to simple mechanisms just run something such as Track Me Not .
Leaving no trace
Having taken a reasonable measures to reduce how easy you make it for all of your activities to be tied together, you might want to at least once in a while leave better gaps in your trail, or even just leave no trace of your going to a particular site at all. Thankfully these days this is actually fairly straight forward as there are tools such as TOR, Xero Bank and Ultra Surf all of which will let you use the web with a fairly high degree of privacy. For a slightly less reliable method but occasionally handy there are still quite a few open proxy servers out there, some of which are deliberately so and some not. Failing that you can go “old school” and use public text only web browsers such as
A related problem is that many sites these days seem to want you to provide a mail address or other form of identification before you can get a login or make a comment or do anything else much, which of course immediately ruins all your attempts to not leave a trace. Fortunately as with so many other things the internet also provides a solution in the form of temporary or throw away mail providers, such as IRCnet Mail and Mailinator (these can obviously also be used to get a more permanent address which doesn’t link back to your normal addresses if you feel such a need). Then there are also anonymous OpenID servers that you can use to for sites that trust that and don’t allow anonymous comments, in fact there’s one here on Anonymong as well as on untrusted.ca (sadly the one on jkg.in seems to have closed).
Alternatives are good
I know it may seem obvious but having choice is a good thing, but if we want to have a choice in who provides our email, search engines and everything else we have to at least consider using the alternatives. Google isn’t the only search engine out there, nor gmail the only mail provider. Have a look at some of the alternatives, you never know some of them may actually work better for you. Also don’t forget that these days usable amounts of be space can be got for free or not much and setting up your own blog software such as wordpress gets easier all the time.
No free lunch
One thing to consider when you block all these adverts, is that the services you’re using do cost someone money and if they can’t be financed through adverts then they won’t survive. So I would urge you to support the websites that you actually use and want to survive, be that by buying stuff through any affiliate links they have or making use of donate buttons.
Other guides
As I mentioned at the start there are lots of other guides out there, most better than this and some probably more relevant to what you may want to do, so here’s a list of those I’ve come across:
- keeping your real and on-line identities separate – LegIron
- Anonymous Blogging with WordPress & Tor – Global voices on line
- sending naked email – The Register
- Hints and Tips for Whistleblowers – SpyBlog
Declaration of interests
Just to be utterly upfront about things, I’m involved in the running of several of the sites linked to above, and have used affiliate program links for the 2 web hosting examples given.
