Internet Use

Anonymizing the Internet:

  • There’s a lot of fantastic resources on tools to use this, especially at https://ssd.eff.org but we’re going to do a quick and dirty overview of some of our favorites.
  • We recommend using a VPN (virtual private network). It’s a pretty standard security practice and it can do a lot to anonymize you from both the state and any prying individuals. Without a VPN, everywhere you go on the web is visible to your internet service provider (ISP) and to your mobile network provider. Additionally, your home IP address (a semi-unique identifier that can let someone know your geographic region or, with collaboration from the ISP as the state can compel, your home address and name) is visible to whoever’s on the receiving end of your traffic. VPNs essentially create a “tunnel” that means all your ISP can see is you going to the VPN’s server and all the site on the other end can see is traffic coming from the VPN’s server & traffic within the VPN is encrypted.
    • Because of the way VPNs work, the more people using a given network, the more anonymous it is. If an agent is looking for someone in Wisconsin who accessed the site fuckcheese.com using a VPN and only one person in all of Wisconsin was using that particular VPN at that time, the anonymity factor can drop way down. So using VPNs with a large user base gives greater protection and anonymity.
    • You are trusting an outside organization with your browsing history. Make sure you pick a VPN that is trusted to be “no logs” – this means that by and large it doesn’t keep a record of what various users were doing at a given time. It’s also good to look for one that is “two hop” or greater – this means it routes your traffic through more than one server, giving further obscurity because the server you connect to is different from the one a site receives from.
    • For a free VPN, we recommend Riseup. There are two options – the Bitmask client “Riseup Black” which enables you to create an account separate from your regular riseup services but is still working through some operability kinks, and an OpenVPN option “Riseup Red” which is connected to a regular riseup email. We have had far better luck using the “Red” VPN across multiple platforms. If you choose to use “Red”, at https://account.riseup.net you can set a separate password to be used on the VPN by going to “service passwords”, helping to protect your mail account if your computer is somehow compromised.
    • We also recommend the paid VPNs NordVPN and Private Internet Access, both of which are broadly used, giving additional anonymity, and are currently believed to be fairly solid as far as not logging information. Depending on location and context, these may draw less attention or give greater regional anonymity through group use than the riseup network.
    • Some sites block VPNs (like amazon) – you can either cycle through newer servers that might not be blocked yet on a larger provider or turn it off to go to the site. Understand that you are visible while the VPN is off. We strongly recommend closing other internet applications and opening a fresh browser window for the duration of use in order to prevent any other active sites from inadvertently gaining a real connection to your information.
    • Your vulnerability with a VPN is essentially a trust vulnerability – you give an external entity access to all of your traffic. Additionally, VPNs are vulnerable to subpoenas.
  • Using Tor is another common, solid recommendation. Tor is a browser that works similarly to a VPN in that it routes your traffic through several different server locations (called “nodes”). We’re also realistic about it – it can be pretty impossible to get things done on at times. As a practice, the more it is used for day-to-day activities, the less notable using Tor is as a practice to ISPs, cops, etc. and the more incentive companies that effectively block Tor are to introduce support for it. So we do recommend using it as often as possible.
    • Tor has two main drawbacks – the first is that the use of Tor is still considered potentially suspicious in and of itself, especially depending what region you are located in. The second is around what is called an “exit node” – after your traffic gets routed through multiple Tor nodes, it leaves one and passes the data you sent along to the website on the other end. Because Tor functions off volunteered nodes, one can be configured to listen in on the information you are sending – anything you type into an unsecured site may be accessed and read. Tor network has a reporting protocol for bad nodes and try and purge them, but it is a possibility. Additionally, this is not something that can be targeted but is a broad data scoop of all traffic passing through the node without any information on the point of origin attached. For this reason, we cautiously recommend minimizing the amount of unsecure logins and personal information given out while using the Tor browser.
    • Tor is also susceptible to the same kind of “only one person using it” risk as VPNs – use with an understanding of whether your activity will be traceable to a given region and how likely other Tor users in that region are.
  • We’re not going to cover I2P or “garlic routing” here but want to briefly mention it. I2P has similar benefits to Tor while engaging within internal hidden websites (like onion sites on Tor). It is not a recommended tool for regular internet browsing, however.
  • Your computer has an identifier called a MAC address. It’s how routers keep track of different devices, and can be discovered and tracked on the internet, especially when on public networks. This guide includes a quick overview and guide to randomizing MAC addresses and to double checking that your tools are working on linux: https://riseup.net/en/security/network-security/mac-address Later builds of Windows and Apple natively support MAC randomization (enable “random hardware addresses”) Take this with a grain of salt, as it may help with low-intensity tracking but flaws in hardware mean there may be hard limits to the amount of protection it offers from dedicated trackers.
  • Use firewalls and antimalware programs. Anonymity isn’t security and if you download a worm or a virus of the internet, no amount of anonymous browsing will counteract that.

Browser Security and Tools:

  • It’s an oldie but a goodie – Firefox is still one of the best browsers for the intersection of ease of use and privacy. We recommend going into the settings and enabling Tracking Protection as well as setting your browser to “Never remember history”. This means when you close the window, it clears out all recent history – this doesn’t completely remove all record of your behavior from your system but makes it harder to chase down. This will also clear out active logins on exit.
  • Use browser extensions! These are basically little apps for your browser that can make your web activity safer and more private.
    • HttpsEverywhere is an excellent tool! Basically if there’s an “s” after the “http” in your address bar, it means you’re using a more secure way of talking to the site that you’re on. Not every site has https and if you give your information to an untrustworthy endpoint, it doesn’t matter how secure the communication is. But Httpseverywhere will force the https connection on a site if one is available.
    • NoScript is a solid security tool that stops scripts that haven’t been given permission from running on a given page. It can get in the way of regular functioning at times, so know if you are experiencing trouble loading elements of a trusted site, you may need to temporarily disable it on the page.
    • Privacy Badger will help stop trackers on websites from monitoring your behavior – it provides limited adblocking but is a fairly unobtrusive tool that is less likely to disrupt regular browsing than more intensive blocking tools.
    • uBlock Origin does more comprehensive ad blocking and can be configured to block an array of intrusive services, including external fonts, large media, link prefetching, and supports filtering out of individual elements on a page.
  • On phones, you can elect to use Firefox Focus, which comes preconfigured with decent privacy settings and does not save history or logins. We are less familiar with DuckDuckGo browser, Epic, Brave, and other “privacy browsers” and encourage anyone who wants to use one to find tests and reviews as to how much they keep to their promises.
  • We encourage the use of alternative tools to large corporately tracked services – use a riseup pad instead of a google doc, etc. Some of these tools may be found here https://prism-break.org/en/ but we additionally suggest looking into privacy and security concerns for any service you are giving data to.