The U.S. Congress’ recent legislative move – to kill an internet privacy law that was due to go into effect in late 2017 – has spiked interest in keeping online activity private. The ways to protect your online activity haven’t changed but you may not be aware of what digital exhaust you’re leaving behind.
What You Leave Behind
When you’re in your Web browser, open up your browsing history (usually CTRL H). That’ll give you an idea of what you’re leaving behind. And, no, deleting or clearing your history doesn’t impact what your ISP and others have collected. Your history just shows you what they can potentially capture.
Similarly, a visit to your Google Web search results may show you a calendar of all of the searches you’ve run on Google. If you haven’t already, you may want to pause capture of this information under your activity controls. Google tends to anonymize your searches so that the site you visit doesn’t know what you searched, but I expect it’s only so they can keep the benefit to themselves.
The ways to avoid having your online activity tracked are limited and hardly foolproof. One basic thing to do is primarily use sites that provide an encrypted, HTTPS connection. You’ll notice that I’ve even secured this blog. In part that’s because I wanted to understand how to do it, but also because I wanted to be part of the encrypted half of the internet. But HTTPS only protects you from your ISP, not the site you visit who may be harvesting your clicks on their pages (and the multitudes who may be looking over their shoulder, as at the Nationalpost.com site).
The Ars Technica column and others mention Tor, but I don’t think it’s practical. As Sadiq Saif says nicely in his piece on using VPNs, it’s a technical workaround but not for everyone. My kids know how to use our virtual private network provider – Hide My Ass or HMA – on their desktops and portable devices. But even this is stop gap, as you’re only creating an encrypted pipe out to the HMA endpoint, which dumps you out onto the web. And, in some cases, they’re nothing if your chosen VPN doesn’t actually encrypt anything. #YouHadOneJob If you decide to use a VPN – which I’d recommend – you should pay for one after doing some research and avoid the free services. As the Wired article suggests, though, paid isn’t a guarantee; the VPN owns the endpoint that you leave the web. Just like Tor endpoints, traffic from that point on can be captured.
One alternative to running the VPN software on each device is to put the entire network behind the VPN. You can get network hardware for homes and small offices that include VPN support; alternatively, if you’re like me, you can get a DD-WRT compliant router and use it with your VPN provider. Here’s a how-to on the router preparation and, as an example, the information your VPN provider might offer. But this is getting in the weeds for most people. Better to buy something that comes with
Like most things that relate to security – digital or otherwise – the end result will depend on your ability to automate part of the process and then be vigilant about actually doing it. Preferring HTTPS sites to unencrypted ones, blocking extraneous capture of your browsing by using uBlock origin and NoScript, and so on.
You might think you hear the crinkle of tin foil! But the pressure for the ISPs to satisfy shareholders is likely to make customer data lucrative and necessary to bottomline financial success. And the tools available – VPNs and HTTPS browsing in particular – are not that difficult to use so long as you’re mindful about actually using them. Once you’re aware of the digital traces you’re leaving behind, you may be more motivated to try to protect and limit access to it.