Take Control of Your Online Privacy (1.1) (2014)
Keep Your Internet Connection Private
Whether you’re on a Wi-Fi, cellular, or wired connection, keeping your link to the Internet itself private is an important step that affects all the other traffic your devices send and receive—Web, email, video, and everything else. In this chapter I discuss some of the ways in which another person or company could eavesdrop on your Internet activities or even misdirect you into connecting to bogus sites in order to steal information from you. Then I describe steps you can take to reduce the most serious of these risks.
Understand the Privacy Risks of Your Internet Connection
The connection between your device (computer, smartphone, set-top box, etc.) and a server (Web server, email server, streaming video server, etc.) may involve numerous steps. For example, your laptop may connect to a wireless router via Wi-Fi, which then connects to a cable modem via Ethernet, and then to your ISP over coaxial or fiber-optic cable. Your ISP, in turn, sends requests for data through a series of routers and network operators until they reach the desired destination. Sometimes the simple act of visiting a Web page can involve requests going back and forth between dozens of routers and servers all over the world.
So, although you may have the impression that your computer is talking “directly” to a server somewhere, that’s almost never the case. Internet connections, by their nature, are indirect. And at any point between your device and the remote server, the data could potentially be monitored or intercepted.
To get the bad news out of the way first, let’s look at some of the likely trouble spots:
· Wi-Fi connections: If your device connects to the Internet wirelessly, as most do, someone nearby (even in another building) could “sniff” the Wi-Fi signal and watch or record all the data transmitted and received. This is easy to do when Wi-Fi connections are open, or unencrypted, and if a connection uses WEP, an older security method, it’s only a tiny bit more challenging. Newer Wi-Fi security protocols, such as WPA, offer protection that’s much better—although still not foolproof (especially if the network’s password is weak or can be guessed by brute force).
A compromised Wi-Fi connection can lead to not only to passive snooping but also active attacks. For example, a man-in-the-middle attack is one in which two parties think they’re communicating directly but are instead manipulated into channeling their data through a third party, who can monitor and alter it in transit. (A man-in-the-middle attack can occur anywhere, but it’s especially easy to perpetrate on an open Wi-Fi network.) If I used a man-in-the-middle attack on an instant messaging conversation, I would see what each party types, but they would see only what I relay—which may or may not be what the other person said.
· Cellular connections: The cellular data connection between your phone or tablet and your ISP can also be monitored and intercepted. Unless you work for the carrier (which can presumably monitor anything that’s not encrypted), doing so requires the use of specialized equipment and skills. It’s not something a kid in a coffee shop is likely to pull off, but it’s certainly within the capabilities of law enforcement and sophisticated criminals.
· DNS disruptions: DNS (Domain Name System) servers translate domain names (such as apple.com) into IP addresses (such as 126.96.36.199). But if your device were tricked into using the wrong address for a server, you could end up at a fake but look-alike site designed to steal your password or other personal data—or perhaps just display ads. Several types of DNS attacks exist, including DNS hijacking, which often takes the form of malware that modifies your computer’s DNS settings; and DNS spoofing (also known as cache poisoning), which inserts false information directly into a DNS server.
· ISP monitoring: Your ISP can (and likely does) monitor and log any data that flows through its routers—including your IP address, the addresses of any servers you connect to, and the quantity and type of data you transfer. Logs may be kept indefinitely and could be inspected by your ISP’s employees, law enforcement, or (potentially) hackers. Besides monitoring data, your ISP could censor data—for example, blocking access to certain domains or the use of certain protocols.
But, your ISP can’t see the contents of encrypted data you send or receive, but it knows how much data was transferred, and who was on each end of the exchange.
· Router monitoring: What’s true of your ISP is also true of any other router between your ISP and the servers you want to reach—and there may be many of these. For example, numerous countries have national firewalls that prevent anyone within their borders from reaching sites or services deemed to be unsuitable.
· Malware: If you have the misfortune to download a virus, worm, Trojan horse, or other malware, any number of privacy risks could exist. Some malware logs every keystroke you type in order to capture passwords, credit card numbers, and other personal data. Other malware may alter your DNS settings (as described earlier in this list), turn your computer into a spam-sending robot, or display an endless series of pop-up ads.
· Location discovery: I’ve mentioned how your IP address can give away your location and sometimes even your identity—and your IP address is known to every site and service you connect to. Even if you use methods (discussed ahead in Prevent Snooping) to disguise your IP address, your computer or mobile device may determine and transmit your location using other methods, including the names of nearby Wi-Fi networks, triangulating on cellular radio signals, and using GPS coordinates (for suitably equipped devices).
Pretty grim, right? Could be, but fortunately, many of these privacy threats are easily overcome, as I explain in the rest of this chapter.
If you take steps to secure the connection between your computer (or other devices) and the Internet, you eliminate one of the easiest methods available to an attacker who might want access to your private data—or who might simply be searching randomly for low-hanging fruit. Depending on your situation, you may use any or all of several techniques.
Note: In later chapters, I’ll talk specifically about additional steps you can take to Browse the Web Privately and Improve Email Privacy, among other things.
Here are some of the ways you can keep outsiders from snooping on your Internet connection.
Encrypt Your Wi-Fi Connection
Even if your main computer uses a wired Ethernet connection, you’re bound to have some device—a laptop, smartphone, or tablet, for instance—that can connect only using Wi-Fi. Without any encryption at all, your Internet connection might look something likeFigure 1.
Figure 1: Without encryption, your Wi-Fi connection—the most local and most vulnerable portion of the path to other computers on the Internet—could easily be “sniffed” by someone nearby.
Assuming that you own or control the Wi-Fi router or base station, you should take immediate action to make certain no one else can eavesdrop on your communications—see the documentation that came with your router or refer to the manufacturer’s Web site for specific instructions:
· Use WPA. Wi-Fi Protected Access (WPA) is the most secure standard for Wi-Fi encryption currently in widespread use. It comes in several flavors, so you may see options like “WPA/WPA2 Personal” and “WPA2 Enterprise” (Figure 2). I can’t get into the details here, although I’ll mention that if you use an Apple AirPort base station or Time Capsule for wireless networking, you’ll find lots of good information in Glenn Fleishman’s ebook Take Control of Your 802.11n AirPort Network.
Figure 2: Wireless security options for an Apple AirPort base station. Choose any of the options including “WPA” and you should be fine.
Choose any variety of WPA, but do not use WEP (Wired Equivalency Protocol)—it’s trivially easy to crack. And do not skip wireless encryption. You could choose “None” as the wireless encryption type, but don’t; that’s ridiculously insecure and never the right choice if you can avoid it.
Note: If WEP is the only option available on your base station, it’s probably an old one. Now is a good time to think about replacing it.
With WPA-encrypted Wi-Fi, your connection looks like Figure 3
Figure 3: With encrypted Wi-Fi, you protect the local portion of your Internet connection from sniffing.
· Use a good wireless network password. The password you create to connect to the Wi-Fi network should be long, random, and complex to avoid automated attacks in which a computer systematically tries likely passwords until it finds the right one.
· Use a good administrative password. In addition to the password for your wireless network, your base station or wireless router has an administrative password, which you must enter in order to modify its settings. Be sure to change the default password—it’s often “password” or something else similarly insecure. Ideally, the administrative password should be different from, but just as strong as, the password for your wireless network.
Tip: In my book Take Control of Your Passwords I talk about the risks of bad passwords, how to choose and remember great passwords, when and how to use a password manager, and more.
What if you’re on someone else’s Wi-Fi network? If it happens to use WPA, that’s good, but since other people will know the password, your connection is somewhat more vulnerable to hacking than your own network would be. If the network uses no encryption or WEP—or if you want extra insurance on a public WPA network—you need to take matters into your own hands by using a VPN, as I describe next.
Use a VPN
A Virtual Private Network, or VPN, is a special type of network connection that encrypts all Internet traffic flowing between your device and a VPN server somewhere on the Internet. Think of a VPN as a tunnel running through your physical (Wi-Fi, cellular, or wired) Internet connection that’s impenetrable from the outside but open on both ends (Figure 4). Since VPNs encrypt everything, they even make it safe to use an unencrypted Wi-Fi connection.
Figure 4: Using a VPN encrypts the entire Internet connection between your device and your VPN provider, protecting a greater portion of your data’s path than encrypted Wi-Fi alone.
With a VPN, your computer or other device appears to be on the same local network as the VPN server. So, for example, if that server is located in your company’s data center, connecting to it gives your computer the same access to your corporate network that it would have if it were in the same building—access that would otherwise be blocked from the outside by a firewall. And your IP address will be assigned by the VPN, so if the VPN server is in, say, France but you’re physically in Los Angeles, your IP address will most likely appear (from the perspective of any server you connect to) to be in France.
Large corporations often run their own VPNs, and if you work for such a company, your IT people can explain how to get up and running. But ordinary citizens can also take advantage of VPNs by signing up for any of numerous commercial services. Some (such asHotspot Shield) offer free, ad-supported VPN service, while others (such as Cloak and my personal favorite, WiTopia) require paid subscriptions. A quick Web search will turn up numerous other options.
Macs, Windows PCs, and most mobile devices have built-in VPN software, so in many cases, all you have to do is sign up for a service, enter a few settings (including your username and password), and click or tap a button to activate the VPN (Figure 5). In cases where a VPN requires custom software, it’s nearly always a free (or free-with-purchase) download. In any case, the VPN service you select will provide detailed online instructions for setting up each of your devices.
Figure 5: iOS (shown here on an iPad) offers built-in support for three common VPN types—L2TP, PPTP, and IPsec.
VPNs are great, and I use them all the time on public Wi-Fi networks, and sometimes even with my iPhone over a cellular connection. However, I should mention a few qualifications:
· In general, VPNs are active only when you explicitly turn them on. If your device goes to sleep, switches physical networks, or loses its connection, you may have to manually restart the VPN. In fact, even when you stay on the same physical network, VPN connections have a way of flaking out—sometimes without any obvious sign that you’ve lost your secure connection—just when you need them most. Pay attention to make sure you’re connected when you need to be.
· VPNs protect your local Internet connection but not the entire path to a remote site or server; I say more about this in the sidebar The Problem of End-to-End Privacy, just ahead.
· Certain types of VPNs (typically used in enterprise and education settings) split the traffic such that only data traveling to and from the institution’s network is encrypted, whereas access to the outside Internet remains unprotected.
· Because of the overhead required to encrypt and decrypt data, VPNs are always slower than unencrypted connections. Whether that’s noticeable will depend on your hardware, software, VPN type, and the location of the server you connect to. But it could cause problems for activities that require lots of bandwidth or low latency, such as streaming video or fast-paced games.
· In general, a VPN connection must be made individually from each device—and you may have devices (such as set-top boxes) that can’t use VPNs. A brilliant, if somewhat pricey, solution to this problem is the CloakBox Pro VPN Router from WiTopia. It’s a router that makes a permanent VPN connection to any of numerous servers around the world, and then passes that encrypted connection to any devices you connect to it via Ethernet or Wi-Fi. I used one of these myself for a few years, and can vouch for its effectiveness. But bear in mind the impact on bandwidth and latency (above), which can be substantial and will affect your whole network.
The Problem of End-to-End Privacy
When you use a VPN, your Internet connection is encrypted only between your device and the VPN server. Whatever site or service you connect to may be several steps beyond the VPN server, and for that portion of the journey, your data is not protected unless you use SSL (discussed next).
The same phenomenon exists with encrypted email (see Encrypt Your Email, a bit later in the book) and most other online communication. The steps you can take to protect your privacy may be both powerful and effective within a certain scope, but once your data is in someone else’s hands, your privacy depends on the recipient.
None of this should put you off using VPNs, which are quite effective at securing the most vulnerable part of your Internet connection; I’m only saying that VPNs alone can’t guarantee end-to-end privacy.
I’ll mention another, related option here: proxy servers. A proxy server, like a VPN, can disguise your physical location by routing your Internet connection through a device somewhere else in the world. Some proxy servers do additional tricks, such as filtering or caching data. But proxy servers don’t offer the encryption of VPNs, so although they might keep your identity private from the server on the other end, they are less likely to improve privacy in your immediate vicinity.
Use SSL If Possible
I’ll come back to this in several later chapters, but I want to mention it here, too: whenever possible, use encrypted connections to the servers you visit. For Web sites, that means preferring sites that use HTTPS (discussed in Browse Securely); for email servers, that means using SSL/TLS (see Transfer Email Securely); for remote terminal sessions, it means using SSH instead of Telnet; for file transfer, it means using SFTP, FTPS, or WebDAV HTTPS instead of FTP (read Share Files Privately). All these types of communication offer end-to-end encryption between your device and the remote server, whether or not your Internet connection is encrypted (Figure 6). That limits your potential privacy exposure considerably.
Figure 6: Using SSL encrypts an entire communications channel between your device and a particular remote computer. But other insecure connections may be active at the same time.
SSL Implementation Bugs
Although using SSL is much better than not using it, numerous bugs and vulnerabilities have been found in various SSL implementations over the years (and some may even have been planted deliberately to facilitate government surveillance).
To take a recent example, a bug in iOS 6 and 7, OS X 10.9 Mavericks, and Apple TV that affected SSL connections meant that under certain conditions, an interloper could eavesdrop on Internet data that should have been encrypted—including email passwords and message data, Web traffic, calendar syncing, and FaceTime calls. Apple fixed this bug in iOS 7.0.6, OS X 10.9.2, and Apple TV 6.0.2 in late February 2014. To learn more about this bug, read Dan Moren’s Macworld article What you need to know about Apple’s SSL bug.
Although this particular problem has apparently been solved, it’s a cautionary tale: Don’t rely entirely on any one type of security, because things can (and often do) go wrong.
Avoid DNS Mischief
I mentioned threats such as DNS hijacking and DNS spoofing that can lead you to a server that looks real but is only impersonating (inserverating?) the one you want to reach. How can you prevent this?
The best place to start is to change your DNS provider. Your ISP provides DNS services automatically, but you’re free to connect to any DNS server you like. Some third-party DNS servers offer much better performance than your typical local ISP, and if you choose one with a good security reputation, you’ll reduce the risk of DNS mischief too.
I’ve long been a fan of OpenDNS; Google Public DNS and Recursive DNS from UltraDNS are also good choices. All these services are free; you have merely to change the network settings on your computer or your router, and your DNS queries will be processed by the new server. (All three providers include detailed configuration instructions.)
OpenDNS goes a step further by offering a free download for Mac or Windows called DNScrypt. This app not only configures your computer to use the OpenDNS servers, it encrypts all your DNS requests, which prevents DNS spoofing and man-in-the-middle attacks.
Recent versions of Mac OS X and Windows are highly resistant to malware, especially if you keep up to date with all security updates and turn on the built-in firewalls. If you practice common sense—don’t click links in email messages when you aren’t absolutely certain of the message’s authenticity, don’t download pirated movies and suspicious software, stay away from sketchy Web sites, and so on—you have a reasonably good chance of avoiding viruses, worms, and other nasty programs that could compromise your privacy.
Installing third-party antivirus software, of which (as I’m sure you’re aware) there are a gazillion choices, will improve your odds even more. However, I urge you not to put your entire trust in any anti-malware program. Even the best ones aren’t perfect, and malware authors are always finding clever ways to defeat them. You still need to compute with both eyes open.
The vast majority of malware is designed to affect Windows, and thus you should use anti-malware software with Windows; however, a number of prominent security experts—including TidBITS Security Editor Rich Mogull—feel that anti-malware apps are currently unnecessary for most Mac users (see Rich’s article Do You Need Mac Antivirus Software in 2013? for details). Having tested many Mac anti-malware apps myself, I tend to agree—Mac anti-malware software rarely identifies genuine threats while often imposing performance and usability penalties—but if you think it’s a good idea for you, I won’t try to talk you out of it.
Anti-malware is less crucial on mobile devices—and is irrelevant on iOS, as Apple implements security measures that reduce the risk of malware to near zero.
Turn Off Unnecessary Services
Your computer has a number of built-in features that enable other devices to connect to it over the Internet—file sharing, screen sharing, printer sharing, location services, Find My Mac, and so on (Figure 7). In most cases, these services are good and valuable, and if you actively use them, by all means, keep them turned on.
Figure 7: Windows lets you share files, printers, and other resources (as does Mac OS X). Turn off sharing services you don’t actively use.
However, any service that lets other devices connect to your computer also represents a potential privacy concern (as well as a security concern). What if someone unknown to you guesses your password and connects to your computer without your permission? All sorts of damage could occur.
So, I’ll simply give two pieces of advice:
· Turn off any sharing or location services you don’t use. (And, if you use a service only rarely, consider leaving it off until it’s needed.)
· Be sure your computer has an excellent login password. For advice on creating, remembering, and storing highly secure passwords, pick up a copy of my book Take Control of Your Passwords.
Set-top Boxes and the Like
Computers, smartphones, and tablets aren’t the only devices that connect to the Internet. My television, Apple TV, TiVo, Blu-ray player, telephone, and home alarm system all have Internet connections too. So it’s worth asking to what extent you need to worry about online privacy for those devices.
Such products can tell providers and advertisers a lot about your tastes and interests. For example, if you stream videos from Amazon or Netflix to your TV, the provider will know what you watch and at what time of day; from this, they can probably deduce facts like your age, gender, political persuasion, and whether there are any children in your home. Furthermore, your privacy controls are limited—you may not be able to configure settings or install extra software as you can on a computer or mobile device, and using a VPN is generally out of the question. (One exception is WiTopia’s CloakBox, described previously under Prevent Snooping—it can provide a VPN connection to all your devices, albeit with a speed penalty. But video providers still know who you are and what you watch because you must log in, so you’re not gaining much privacy that way.)
As privacy concerns go, I have trouble working up much anxiety about this one, and there’s not much I could do about it anyway (other than to stop using these devices). But you should at least be aware of the sorts of data you may be giving away.
What about devices like thermostats, light bulbs, light switches, and door locks, all of which could be Internet-accessible? Other appliances—such as refrigerators, washers, and dryers—and home automation systems are also increasingly connected. (Everyday objects like these with Internet connections are often referred to collectively as “the Internet of things.”) These are more concerning—what if hackers (or even advertisers) could use these objects to determine when you are and aren’t home, for example, or even what room you’re in? Time will tell what privacy choices may be available to users of such devices.
Use a Firewall
A firewall is a program that monitors all inbound Internet activity and selectively allows or blocks connections based on a series of rules applied to particular ports, protocols, or IP addresses. Firewalls are usually designed to protect your computer from malicious access over the Internet, although they can also censor data and perform a variety of less-helpful activities.
Mac OS X and Windows both include built-in firewalls; you can activate them with a couple of clicks, and then customize them later if you want to allow or block certain types of access. A firewall can only help you, so I suggest you check to see that yours is turned on right now (Figure 8). You can find instructions to do this in the Help menu or by using your favorite search engine. For the vast majority of users, sticking with the default settings is just fine.
Note: If your computer uses NAT (as is the case for most computers that connect to the Internet via a home broadband router), you already have a certain amount of protection against outside access, but it’s not foolproof—and it doesn’t hurt to use your computer’s firewall too.
Figure 8: Built-in firewalls in Windows (top) and Mac OS X (bottom).
If for any reason you find your computer’s built-in firewall inadequate, you can install any of numerous third-party firewalls instead or in addition. I’ll leave that research to you.
Use an Outbound Firewall
I said a moment ago that a firewall monitors inbound Internet traffic, which is generally true. However, some firewalls monitor outbound traffic (instead of, or in addition to, incoming traffic). The main reason is to make you aware of—and enable you to block—software that might be sending out private information invisibly in the background.
Lots of software connects to the Internet without a visible interface, and it’s nearly always perfectly legitimate. Your email program downloads your messages in the background, many apps check periodically for software updates, Dropbox syncs newly changed files, and so on. These activities are fine, but if you downloaded malware that secretly logs your keystrokes and tries to connect to a server somewhere to send them to an attacker, that’s a problem. And, while some software “phones home” to validate licenses or send registration data, a few unscrupulous developers have been known to collect and send personally identifiable information without users’ consent, and that’s totally uncool.
I’ve tried a few outbound firewalls, and I’ll be the first to admit that they’re annoying—given default settings, they’re constantly popping up alerts about outgoing connections, most of which are innocuous but all of which (thanks to the firewall!) now require attention. (To be fair, you can approve any outgoing connection so you’re interrupted only the first time it appears—but I still find this happens often enough to be irritating.) But if you are worried about data being sent from your computer without your knowledge, you might want to give one a try.
On the Mac, the best-known outbound firewall is Little Snitch. On Windows, you might try ZoneAlarm or Windows 7 Firewall Control. (There are many other options on both platforms, too.) I can’t say that you’ll like using them, and for most people they’re overkill, but they can in some cases be useful in protecting your privacy.
Beware Analog Snooping, Too
I frequent coffee shops that are full of people with laptops, sometimes seated quite close to other customers. I’d have little difficulty positioning myself such that I could watch over someone’s shoulder as they type a password. An incautious person could also have private information stolen while entering a PIN at an ATM or retail counter, scanning a passport at the airport, using a smartphone on the bus, or even talking loudly on a mobile phone.
When it comes to online privacy, this sort of low-tech analog snooping is just as much of a threat as hackers hunched over keyboards in dark rooms far away. Be prudent when using your electronics in public—always keep an eye out for people keeping an eye on you!