Recent news confirms that AT&T rolls over for the NSA and probably complies with even the flimsiest "law enforcement" requests. This comes as no surprise to those who have been paying attention to security, encryption, and digital freedom.
This post will give you a rough outline of the ways you can protect your privacy online. Different tactics are necessary if you want to protect yourself on a shared pc, on a shared network, or from your ISP. We're going to start with protecting yourself from your ISP. Future posts can be layered or used alone depending on your desire for privacy.
Bear in mind that the techniques listed here will not protect you if someone seizes your PC, or you log into online services that track you, like facebook. The techniques outlined on this page only serve to hide your location and ISP and hide your traffic from your ISP.
Reasons for this might include, but are not limited to:
- Downloading legal, but embarrassing porn. Who wants to get their IP linked to a download of "Ass Bandits 44"? Remember, the internet is forever.
- Hiding your location from online predators. Did you know your IP can be used to locate your city? Geo-location services make it much easier to locate you and harass you with potentially dangerous techniques, like swatting.
- Using bit-torrent on a network that restricts peer-to-peer downloading. You'll find it curios how much quicker your torrents download when your ISP can't read you traffic.
- Circumventing country specific content locks, like netflix or NFL content. With the right VPN service, you can control where your traffic appears to come from.
- etc... (leave your suggestions in the comments)
TOR
Tor is the gold standard for protecting yourself online. It works by diverting your traffic through a series of external hops. Your traffic then exits the Tor network via an exit node, Tor is very effective.
Unfortunately, it has drawbacks:
- It's relatively slow and not suitable for peer-to-peer trafffic.
- It's relatively complicated.
- Exit nodes are easy to determine, and some sites explicitly block Tor exit nodes.
Tor will absolutely hide your traffic. However, if you are a high value target and you expose yourself in other ways, your traffic can be isolated at the exit node and monitored. It's unlikely this will happen to your average user. Advanced users should layer Tor with other techniques that will be discussed later.
VPN
VPN's are the easiest way to consistently protect your traffic from your ISP. You could terminate to your own VPN server on a cloud provider, a trusted ISP, or you can purchase a VPN subscription from a multitude of vendors.
Not all vendors allow peer-to-peer and they have a variety of user policies. The best providers will not cap your bandwidth, will allow multiple connections, and avoid retaining any logs.
While ISP's are often all to eager to log things and hand them , over to whoever is interested. VPN providers do not fall under the same regulations. Their business model is privacy. In the US, they are not required to keep logs of any sort. You can also choose a VPN provider that is outside the US, but if you are using a US endpoint, US laws will still apply.
While ISP's are often all to eager to log things and hand them , over to whoever is interested. VPN providers do not fall under the same regulations. Their business model is privacy. In the US, they are not required to keep logs of any sort. You can also choose a VPN provider that is outside the US, but if you are using a US endpoint, US laws will still apply.
I recommend Private Internet Access (PIA) VPN (affiliate link) I've used them for awhile with great results.
I've also used Air VPN, they are another excellent choice, although more expensive.
I've also used Air VPN, they are another excellent choice, although more expensive.
VPN considerations:
- Many providers support pptp, ipsec, and openvpn. OpenVPN is currently the most secure and cross platform.
- VPN providers often provide software for different platforms. If they support a protocol like OpenVPN, you can use your own software or hardware platform to terminate your VPN.
- A VPN on your phone or PC is by it's nature, not as reliable as a VPN on your router. There are tricks that can be used to force your PC or phone to bypass the VPN and transmit your actual IP address.
- DNS leaks, your searches will usually stilll be contacting your ISP's DNS servers. This can be logged. Be aware what your DNS settings are and redirect them to your VPN providers DNS, or a third party DNS like google (8.8.8.8).
No comments:
Post a Comment