Security agencies had expected the adoption of encryption technologies to slowly develop. James Clapper, the former head of U.S. National Intelligence, said that with the revelations made by Edward Snowden the use of encryption jumped ahead by seven years. I wonder if Congress’s overturning of privacy protections proposed for Internet Service Providers (ISPs) won’t do the same for the adoption of technologies like Virtual Private Networks (VPN).
Voluntary vs. Involuntary Disclosure
When we use services such as Gmail and Facebook, we know that these companies are capturing data about us. That is our choice. There are email services, such as ProtonMail or SecureMyEmail, which not only don’t scan our email but even give us the opportunity to encrypt our email end-to-end (that is, from the sending device to the receiver’s device). And, we always have the opportunity to not use sites like Facebook, Twitter, and Instagram. Using them anyway is a deliberate action on our part, even though we realize that they will track what we like, what we choose to read, and who we elect to make our friends.
It is a different matter with our ISP. In most locations, there are limited choices for an ISP. In my area of Philadelphia, our choices are Verizon FIOS and Comcast Xfinity. We do not have a choice of an ISP which will not try to track and sell our browsing history. Given Congress’s new law, then, our privacy is being violated without our consent and it is up to us to protect ourselves.
Use Only HTTPS
In general, when someone uses a WiFi network in their home or office, the WiFi traffic is encrypted between their device and the WiFi router. No one else on the WiFi network can look at what they’re doing. However, whenever we use an open WiFi network (that is, one that does not require a password), the traffic is not encrypted. It is possible for someone else connected to the same WiFi network to use a common piece of software called a sniffer to see what we are doing.
Last year, Google announced that they would raise a site’s priority in search results if they were encrypting traffic between the visitor’s browser and the website. That announcement, as well a group called Let’s Encrypt making free encryption certificates available, has caused many sites, including mine, to adopt HTTPS. There are still many which don’t, however, and traffic to and from these websites can be viewed by a hacker using a sniffer or your ISP.
The Electronic Frontier Foundation has made a plugin available for the Chrome, Firefox, and Opera browsers called HTTPS Everywhere. This plugin forces all traffic possible to use HTTPS. The plugin is free and is easy to install.
Virtual Private Networks
Even with HTTPS, however, you’re not really secure. Your ISP can’t see what you’re doing on websites, but they can see what websites you visit. Sometimes, that can be just as revealing as seeing the actual traffic itself.
For this reason, I used to use Witopia only when using open WiFi networks – such as those found in airports, coffee shops, and hotels. Witopia is a well-established firm and is concerned about Internet security. On my computer, I have had no problems with reliability or downtime.
Since they encrypt all traffic between my computer and the Internet, they do not allow my ISP to see what websites I visit, much less what I’m doing there. I have now started using Witopia full-time on my home computer.
The only downsides I’ve encountered in using Witopia are that they don’t have a kill-switch (that is, the VPN fails silently and, when it is dropped, communication flows unimpeded and unprotected) and that they only support two devices using their service at a time. I have found that the VPN on mobile devices (both iOS and Android) to be more problematic than on a computer. The VPN connection to Witopia seems to fail fairly frequently.
I have started to testing another VPN provider called NordVPN. In my early tests, their computer implementation seems inferior to Witopia, but their support for mobile devices to be superior. With Witopia, one has to configure the mobile VPN settings manually for each server and for each protocol. NordVPN, on the other hand, both allows up to six concurrent connections and also has an app which does three things. The app allows me to connect directly to any server using any selected protocol; it has a kill-switch; and, it will reconnect immediately if the connection is lost. All of these, so far, make me think that NordVPN is a better VPN solution for mobile devices.
So, I have started encrypting all computer traffic using Witopia and all mobile traffic using NordVPN.
See this article for more information on VPNs.
Stop Using Google
Gmail is one thing, but how can anyone possibly give up the Google search engine? Well, my default search engine is now Startpage. Startpage passes your search off to Google and returns the results. Google does the search but has no idea that I’m the person who requested it. Startpage has instructions on how one can make it the default search engine for browsers such as Chrome, Firebox, Safari and Internet Explorer. They also have free iOS and Android apps so you can confidently search anonymously from your mobile device too.
Although Google is still scanning my email, they don’t know what I search for anymore.
Tell your Cable Company to Stop Selling Your TV Viewing Habits
With FIOS, it’s an easy matter to go to your account page and click on a link to indicate that you do not want them to sell your data to outside advertisers any longer. The other cable TV vendors have a similar policy and setting.
Do not connect to open WiFi systems unless you have a VPN; that’s to protect you from hackers. Get a VPN for your home computer and mobile devices; that’s to stop your ISP from seeing which websites you visit. Make Startpage your default search provider to stop Google from seeing what it is that you’re searching for.
Consider switching your email provider from Gmail, Hotmail, Yahoo, etc. to something such as ProtonMail or SecureMyEmail.
As long as we use social networks such as Facebook and Instagram, we can’t protect ourselves fully, but using a VPN will go a long way toward to reestablishing your privacy.
If they troll my connections, I’s consider it evangelizing.
Also see https://www.nytimes.com/2017/04/05/technology/personaltech/vpn-internet-security.html