A new law allow ISPs to sell your data without your consent. Here's how to shield your privacy - Technical.ly

Civic

Apr. 5, 2017 12:58 pm

A new law allow ISPs to sell your data without your consent. Here’s how to shield your privacy

Security researcher Nima Fatemi outlines the pros and cons of several options.

How to close the blinds on your internet activity.

(Blinds Home Catching the Sunlight by CBCK via Shutterstock)

Editor’s note: This post is a companion piece to this guide on how to take action and protect your privacy in light of the bill that President Trump recently signed into law that allows internet service providers (ISPs) to sell consumers’ browsing data.


Picking a good, secure VPN even for tech-savvy people can be difficult.

I’m not a lawyer and someone with legal background should examine this, but something people need to understand is that VPN providers can also be classified as ISPs as they’re providing an internet service. And if they’re based in the U.S. or their servers are in the U.S. or in a country with similar anti-privacy laws, they may still be able to monetize your browsing habits. So basically by picking a bad VPN service, you might make the problem in hand even worse.

There are very very few service providers whom I know and trust that don’t have any interest in the users’ data and take active measures to either not to have access to it in the first place or secure it if they have. Riseup.net and Calyx.net are two of them.

For more technical users,  here are some tools I recommend. Each have their own pros and cons.

Tor Browser

To be perfectly clear, Tor is NOT a VPN and is not even remotely comparable. Apples and oranges. But it’s probably your best shot at protecting your privacy. Tor Browser is a hardened browser built on top of Firefox. It makes it harder for sites and adversaries to track you by anonymizing your path to the website you visit. If this is the first time hearing about Tor, I encourage you to watch this short animation.

While Tor Browser is my primary browser these days, I don’t use it for my banking, for example. They might freak out as your IP address changes from one country to another roughly every 10 minutes. Using Tor makes it extremely difficult for anyone to see or collect your online behavior.

Advertisement

Full disclosure, I’m a volunteer and core member of The Tor Project.

Pros

  • It’s free!
  • You don’t depend on any service provider. The Tor network is being run by  about 7,000 volunteers.
  • Tor provides privacy by design, meaning even Tor itself can’t see which website you browse.
  • Advertisement companies can’t follow you around in every website you visit.
  • Supports Windows, MacOS and GNU/Linux.
  • Bypasses all kinds of censorship.
  • Constantly being audited by numerous developers and academics around the world.

Cons

  • Not every website allows anonymous access. Some choose to block Tor users.
  • You might see a Captcha or two or three while visiting different websites. These website want to make sure you’re a human and not a robot.
  • While there are some versions of it available on mobile — Orbot for Android and Onion Browser for iOS, it has a long path to go to compete with other browsers on mobile.
  • Hasn’t been designed to protect all the traffic on your device. Only the things you do inside Tor browser are private. Not in your Safari or Chrome or any other browser or application.

[Related: A beginner’s guide to Tor.]

Algo VPN

Once setup, Algo is probably the easiest and one of the most secure way to get a VPN up and running to be used on MacOS or iOS. If you’ve ever used the command line, setting up an instance of Algo should be fairly easy for you. Just be mindful, if you’re using Algo for your privacy against the recent deregulation in the U.S., you might want to pick a data center that resides in a privacy- friendly jurisdiction. Another thing you might want to consider is that Algo uses Google DNS by default. If you’re worried about this recent deregulation, you should as well be worried about the visibilities the Silicon Valley companies such as Google have on your traffic.

Pros

  • Software is free! (But you still have to pay for the servers.)
  • Doesn’t require installing a new software on your computer or phone. MacOS and iOS have IPSec VPN built in.

Cons

  • You need to be familiar with command line in order to setup the service.
  • The defaults aren’t considering U.S.-based companies as a threat to your privacy and need to be changed.
  • Not really a con of Algo, but enabling Windows support makes it less secure.

Bitmask

The design of Bitmask is based on OpenVPN and you can easily hook it up with Riseup or Calyx servers. In fact, they’re both already two of the built-in service providers. I hear from the developers that the MacOS version is on it’s way, but if you’re like me and can’t wait to see it, you could chip in with your money or skills to speed up the development process.

Also find it here.

Pros

  • It’s free!
  • The default providers aren’t interested in your data and have vowed to protect it.

Cons

  • Currently not available for MacOS, iOS and Windows.
  • Needs more testing.

Tails

A separate operating system housed on a USB stick, DVD or SD card that includes a suite of privacy-ninja applications built in. Everything runs over Tor. Tails is built and maintained by a mostly anonymous, international collective of highly respected developers (yes, all of those things). It can be tricky to set up the USB stick, but once you have it set up, Tails is easy to use. The best part about Tails is that it doesn’t touch your currently running operating system. Whether you have Windows or MacOS or Linux, you can install Tails on a USB, reboot and do your work in Tails and when you’re done, reboot and unplug the USB stick.

Neither your computer nor Tails would have any memory of what articles you read online or which newspaper you leaked documents to.

Pros

  • It’s free!
  • Just like Tor Browser, no service provider is involved. It takes advantage of the currently available Tor network.
  • It’s amnesiac. It won’t remember your browsing history or the files you might have downloaded to temporarily read, which also means if you accidentally get a malware with the first reboot, it’s gone.

Cons

  • Preparing the USB stick has a learning curve. Although with their new website it won’t take you more than 15 minutes to figure out how to set it up.
  • It’s amnesiac. Which means it won’t remember your settings either unless you setup a persistent volume, which isn’t as easy.

Subgraph OS

This new operating system, currently in alpha release, is based on Debian and not only sends all of your traffic over Tor by default, but also protects you from zero-day attacks by taking advantage of “grsecurity” patches. And on top of that, it has some amazing sandboxing features. If you’re a little more savvy and want to try things at the bleeding edge, definitely give it a shot. Imagine Tails but built to be your primary OS.

Pros

  • Encrypts all of your traffic by default.
  • Protects you from zero-day and unknown attacks.

Cons

  • Still in alpha phase.
  • Needs more testing.
-30-
Nima Fatemi

Nima Fatemi is an independent security researcher and core member of Tor.

Profile   /   @mrphs   /   Send an email
  • Will Moore

    Very nice summation of tools that one can use to keep online privacy safe. I am not Tor user myself, because it worked really slowly, so I would rather recommend a good VPN service. Some of them, like TracelessVPN, are really easy to set up and coming with many security features that one can easily utilize.

  • Small Noize

    Great article!

    You however forgot two of the main pros of Tor:

    1) By using it you not only protect yourself but also help protect others, more users = more noise = more privacy.

    2) The Tor Browser protects against fingerprinting.

  • JaXoM

    I wonder if non-for-profit ISP could emerge, as in France with “French Data Network”. They also provide VPN services on top of existing connections, and they guarantee full privacy from commercial interest. It is (for me) the most obvious way to protect oneself from this new law, and it relies upon building a new community of interests. Or does that already exists ?

Advertisement

Sign-up for regular updates from Technical.ly