How To Protect Your Privacy Online

Though the U.S. Congress voted to roll back privacy rules, broadband customers can still opt-out of targeted advertising from Comcast, Charter, AT&T, and T-Mobile. But an anonymous reader explains why that's not enough: "It's not clear that opting out will prevent ISPs from putting your data to use," reports The Verge, adding "you're opting out of seeing ads, but not out of providing data." Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, tells NPR that consumers can also "call their providers and opt out of having their information shared." But he also suggests a grass roots effort, calling this "an opportunity to pressure companies to implement good practices and for consumers to say 'I think that you should require opt-in consent and if you're not, why not?'"

To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations.
I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?

VPNs aren't all that great

[Geoffrey.landis]

Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing: https://motherboard.vice.com/e... [vice.com]

and some sites won't load [Re:VPNs aren't all that

[Geoffrey.landis]

To summarize the article linked by the parent: "Wahh, encryption slows down my 100GB connection and evil Republicans broke the Internet. I shouldn't have to use encryption because it's inconvenient and makes it harder for me to watch Netflix."

More or less accurate. You missed "and some sites won't load at all."

Re:

[Marxist Hacker 42]

If they grew up, they'd have to recognize that browsing history by default is public information. And that in fact, NOTHING ON THE INTERNET IS ANONYMOUS!

Re:

[slashrio]

If you grew up you'd have understood that some people don't like it and that it shouldn't be a 'take it or leave it' proposal.

Re:

[Marxist Hacker 42]

It isn't a proposal. It's a fact. You can't have a generally available cyberspace without all the information on it being public.

It doesn't matter what people "like" or "dislike". Real growing up is learning that emotions are irrelevant criteria.

Re:

[slashrio]

I can, on an air gapped computer, encrypt a message sufficiently strongly to not be decrypted by brute force during the coming 100 years, send that over to my friend, who decrypts it on his air gapped computer. After reading, both computers are utterly destroyed.
This message will never (in the coming 100 years at least) become public.
Hence your statement ("...all the information on it being public.") is false.
QED

Re:VPNs aren't all that great

[Kernel Kurtz]

I have my VPN on most all the time with no issues at all. My regular PC only tests around 30 Mb/s on my 150 Mb/s connection, but that is shared with several other computers anyway. They also may or may not use VPNs and I can still saturate my connection if they are all busy. Just can't do it on one machine.

Ironically I mostly turn off the VPN for online banking, since banks and CC companies often flag connections from random geographic locations as suspicious.

Re:

[bmk67]

I get 25 down / 36 up. That's fine for browsing AFAIC.

VPNs can be good if you DIY

[Anonymous Coward]

If you roll your own VPN via a VPS not only can you optimize the settings for maximum throughput, you're the only one consuming all the bandwidth so you aren't competing with other users. And, in many cases VPS cost less than a VPN service! With the latest OpenVPN 2.4 add this to the server.conf for increased throughput, you'll be pretty surprised. My tests show on a 30 Mbit connection, with compression I get 28 mbit, and without I get 16 mbit:

proto udp
fast-io
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf

Re:

[Anonymous Coward]

When the publc vpn gets broken into they just bury it because it could bury them as a business. When it happens to your own DIY vpn, you just burn that bridge and start over. And, hopefully learn from it and close that hole in the future node. Also, with your own, you control the level of security and performance. The point of the ops post and link is that most vpn (especially cheap ones as you describe that "just work") have piss poor performance. They also happen to be using pretty weak hash, ciphers, pro

Re:

[Lord Flipper]

Sorry for the rant.

Hey! No apology necessary. Thanks for all the info!

Re:

[tatman]

Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing: https://motherboard.vice.com/e... [vice.com]

All its doing is moving your identifable traffic from the IPS to the VPN provider. The VPN provider can still sell your browsing habits.

Re:

[Lord Flipper]

Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing

Motherboard.. LOL

They say they got 5% of their normal speed w/PIA... Gee, using an NYC server, how could that happen? /s

I get 85-95% of my cable speed with PIA, and that's while using a crowded Silicon Valley server... Drops to 75% when I use Southampton (UK) for BBC-related. London server would be considerably worse. I think I see a pattern here...

Again... Motherboard? Please.

Re:

[Hoban Washburne]

Just another PIA user that almost saturates my 75/75 FIOS connection, I would estimate about 60/60 bandwidth from PIA. Apparently that motherboard needs a firmware update BAD!!

"Don't be online"

[Anonymous Coward]

The only real way...

Re:"Don't be online"

[Rick Schumann]

This AC is being an AC, but he/she/it isn't completely wrong either. The Internet is becoming increasingly unusable. No matter what precautions you're taking, you're putting yourself at an unknown level of risk just by using it at all. Sadly I don't expect this situation to improve, I expect it to get worse. Even the most egalitarian and benign governments are monitoring the Internet to one extent or another, and personally I don't trust any corporation in any country to obey privacy laws if they think they can get away with it, and if they think there's money to be made from collecting and using your personally identifiable data.

Re:"Don't be online"

[DogDude]

The Internet is completely usable. It was never designed to be anonymous or private. You may not think that it's usable for what you want to use it for, that doesn't mean it's unusable.

Re:"Don't be online"

[Kjella]

This AC is being an AC, but he/she/it isn't completely wrong either. The Internet is becoming increasingly unusable. No matter what precautions you're taking, you're putting yourself at an unknown level of risk just by using it at all.

Except that it's a really big boat and a lot more prominent people than you do stupider shit without being snuffed out by black ops teams. And if it's Titanic heading for the iceberg, well then Hitler 2 will have dirt on the 99% of the population that don't care enough that Facebook and Google and everyone else is profiling them. Sure, you can opt out of the Internet. But when the information everyone else leaves is used to turn the country into a new totalitarian state you can't opt out of that.

What lots of people do will in practice make decisions for you too. Not just votes in an election, though obviously the majority rules there too. People vote with their wallets and when they don't vote for the same as me those services shut down because of lack of business. If people don't care about pollution or littering or killing off the local environment or the planet then the result will be the same for everyone. If the public doesn't care about privacy, well the expectation of privacy will cease to exist.

Re:

[Marxist Hacker 42]

How cute, you believe that voting is still based on the majority.

Re:

[Marxist Hacker 42]

Because there are better ways to resist than voting or blowing stuff up.

Re:"Don't be online"

[Rick Schumann]

If the public doesn't care about privacy, well the expectation of privacy will cease to exist.

"For YOU", as the meme goes.
Privacy is not decided by the majority, it is decided by the individual. If you fall prey to the troll/meme that privacy is dead and stop protecting your own, then you only have yourself to blame -- and you're helping perpetuate the troll/meme that social media, government agencies, and law enforcement would have you fall for. Keep protecting your private life from the prying eyes of whoever would pry into it. Even if you're not 100% successful, you'll still have some parts of your life that are yours and yours alone, as it should be. Otherwise, do you not see that you'd be living like a convict in a prison, or an animal on a farm, or like a perpetual child, watched and monitored 24/7/365? That's where things are headed if people don't come back around to the basic truth that 'privacy' is a normal, natural, healthy human need, not a sickness or a sign of criminal activity.

Exactly -- we instead need to make the most of it!

[Paul Fernhout]

As I wrote here: http://web.archive.org/web/201... [archive.org]
"Now, there are many people out there (including computer scientists) who may raise legitimate concerns about privacy or other important issues in regards to any system that can support the intelligence community (as well as civilian needs). As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about

Re:

[RotateLeftByte]

And all the businesses that use VPN's for their remote access will be on that list as well.
Those businesses will not be best pleased with undue attention from the TLA's.

Re:

[Sloppy]

So, get on a "list," then. After all, it's a list of what?

And if you don't get on that list, then they'll just put you on the other list.

You can get even, though, by putting them on your list!

You can be online, just don't use:

[jimboinsk]

Any browser that doesn't completely anonymize and secure browsing, social media, hosted email, any other applications that don't encrypt their communications, any network connection that isn't anonymous, any device you don't plan to ever re-use and that wasn't purchased with a traceable payment. I think that covers it, if you accept a couple dozen more assumptions that aren't listed in addition to the above.

Re:

[gnick]

For a few limited cases, those precautions aren't over-reaching. For the rest of us, though, it's a matter of "good enough." Personally I use a VPN, but in many other situations I could be described as lax on avoiding tracking. There's some common sense, and then there's trading convenience for privacy.

Re:

[rtb61]

That is not enough. You must also do exactly what they do in spy vs spy, scenarios, misinformation should be core for protecting your privacy as well as everyone else's. Two tools https://adnauseam.io/ [adnauseam.io] to create a plethora of fake clicks to poison data bases and http://www.cs.nyu.edu/trackmen... [nyu.edu] to copy search data miners.

Never ever forget email, now it is wide open in the US and unfortunately you should never ever use ISP provided email any more, no mention of that and for good reason because yes the new

There's nothing you can do with your own ISP

[DogDude]

There's literally nothing you can do if you're paying an ISP for connectivity.

The only way you can begin to have any kind of privacy is to connect through somebody else's connection (public or otherwise). From there, you can encrypt and all that good stuff. But with this new law passed, there's quite literally nothing you can hide from your own ISP.

Re:

[Anonymous Coward]

But with this new law passed, there's quite literally nothing you can hide from your own ISP.

In other words, it's the same as it's been since the beginning of the Internet.

Re:

[terbeaux]

You must be using the new definition of "literally" because otherwise what you wrote doesn't make any sense. There are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all.

Re:

[DogDude]

here are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all.

You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!

Re:

[sacrilicious]

You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!

The person replying to you, telling you that encryption nullifies the point you're attempting to make, is completely right. Not just vaguely right, completely right. You therefor are either trolling, extremely misinformed, or somehow connected to a govt push to dissuade people from encrypting.

Re:

[terbeaux]

Not sure if trolling or genuinely naive...
Looking through DogDude's post history, I'm going to go with the latter.

Re:

[swillden]

here are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all. You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!

Fine. So my ISP will know that I send a large stream of encrypted packets to one host that is a known Virtual Public Network service provider. My ISP can know nothing about the sites those packets are ultimately destined for, nor anything about their content. My ISP can see how much data I'm sending and receiving, but that's all... and if I really want to it's even possible to hide that by sending/receiving lots of meaningless packets. With a little work (I suspect I'd have to write some custom software, si

Re:

[slashrio]

You're thinking too local. The ISP maybe can not see what sites you visit, but your VPN-SP can. And the NSA totally can see both, and connect the dots.

Re:

[swillden]

You're thinking too local. The ISP maybe can not see what sites you visit, but your VPN-SP can. And the NSA totally can see both, and connect the dots.

Well, the whole point of having a VPN SP is to find one that will not keep track of information about you, sell it to other parties, etc.

As for the NSA, bah. What interest would they have in me? We're talking about ISPs selling user data to parties unknown for profit, which can lead to all sorts of actual badness that impacts normal people. While I think it's very important to reign in the NSA as a matter of principle, in practice whether or not they have our data sitting in a secure database somewhere ha

Re:

[slashrio]

As for the NSA, bah. What interest would they have in me?

As of now, nothing, but with the right monkey at the helm that might change in a moment.
I remember (the story) that one year before WW II broke out, the Dutch government suddenly became interested in registering religion of its people.
A few years later it was found out that this whole anti-jew thing of the Nazi's was planned, and the (people in) Dutch government agreed with it on beforehand.
At that time people probably also will have said the same

Re:

[swillden]

Sigh. I wasn't trotting out the old "I have nothing to hide" argument. Yes, that argument is flawed, and those flaws are the reason why it's important in principle to reign in the NSA.

My point was that that isn't the proximate risk. There's a much bigger and entirely non-theoretical risk in allowing ISPs to monitor connections that doesn't depend on the government deciding that middle-aged white guys need to be watched, and that's the risk that this thread is about, because that's the change that's in pro

Re:

[slashrio]

Ok, ic u. But now your ISP buys that VPN-SP and suddenly the dots are connected, and sold.
Or both sell their data to a commercial third party which connects the dots...

Re:

[swillden]

Ok, ic u. But now your ISP buys that VPN-SP and suddenly the dots are connected, and sold. Or both sell their data to a commercial third party which connects the dots...

Again, selecting the VPN provider is an important part of the process. You need to find one that cares about security and privacy. Luckily, unlike with ISPs you can shop VPN providers worldwide and aren't limited to the small set that happen to operate in your neighborhood.

Re:

[Trax3001BBS]

There's literally nothing you can do if you're paying an ISP for connectivity.

The only way you can begin to have any kind of privacy is to connect through somebody else's connection (public or otherwise). From there, you can encrypt and all that good stuff. But with this new law passed, there's quite literally nothing you can hide from your own ISP.

Actually you can, I found this out by accident meaning it wasn't meant for this reason. I used OpenDNS and by doing do became a ghost to my ISP.

TrackMeNo

[sphealey]

I thought TrackMeNot was a good approach to poisoning big data analysis, but it does not appear to be receiving any updates and Google apparently figured out a way to detect it.

sPh

Re:

[Anonymous Coward]

Do what instead? Most of us are not photogenic.

Re:

[GuB-42]

And what if you watch porn?
Many porn sites actually care about your privacy.
And if you are watching porn... well, it just means you are normal... 75% of American people do at least monthly.

Re:

[slashrio]

Why, since when is it a crime?

I know this is off topic but...

[epyT-R]

I hate the color orange.

Re:

[WaffleMonster]

Before everyone loses their shit over these "rollbacks to privacy", let's
remember that these rules that are being rolled back didn't exist until fucking October. So it's not like we're losing some sort of magic protection that we've
always had. If you weren't losing your shit over your ISP tracking you six months ago, there's no reason to lose your shit over it today.

CISA seems like a good enough new reason to "lose your shit" over ISP tracking.

The fact protections are being retracted due to lobbying by telecom industry might cause people concerned with such an egregious example of regulatory capture to "lose their shit".

Since previously I "lost my shit" on the topic of ISP cyber stalking when it was made public what AT&T and crew were doing to their customers I am entitled to "lose my shit" regardless.

Re:

[fafalone]

Before, ISPs had the expectation that if they did something too outrageous, like say sell your browsing history, they could expect problems from the FCC, and that kept it from happening for a while until they started pushing things too far and the regulations got passed. Now they have the green light to go ahead and explicitly do that without fear of consequences. It's a pretty big difference.

Neema Singh Gulani is female.

[Anonymous Coward]

"But he also suggests a grass roots effort..."

Neema Singh Gulani is female.

Re:

[yuvcifjt]

Hosts file (and your solution) won't protect you against your own ISP storing your browsing history and possibly selling it to a third-party.

Would this work ?

[Anonymous Coward]

Change you user agent to something like this:

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 Copyright2017@"

Then tell your ISP that your queries are copyrighted and they have to negotiate with you (and perhaps pay you) to use them.

secure on line

[Anonymous Coward]

TAILS, baby, TAILS..

Use LOTS AND LOTS Of Microsoft Cloud Products =)

[dryriver]

Windows 10, Edge, Office 365 and the Microsoft Cloud are BRILLIANT for your privacy. Nobody will ever know who you are or what you do online. Nobody. =)

Re:

[slashrio]

This interference isn't arbitrary, its comprehensive.

Charter 60 days

[Anonymous Coward]

Entered my email address at the Charter opt-out site. Got this response:

"Targeted Digital Marketing Ads
Your Privacy Preference has been submitted successfully.

Please note that it may take up to 60 days for this request to take effect."

Relevant links

[MrL0G1C]

More VPN providers than you can throw a bucket of sticks at:
https://thatoneprivacysite.net... [thatoneprivacysite.net]

TorrentFreak 2017 survey:
https://torrentfreak.com/vpn-s... [torrentfreak.com]

I've moved from PrivateVPN (seem incompetent) to CyberGhost premium (slow, dodgy untrustworthy they essentially log), NordVPN next.

Valve/Steam f**ks over VPN users, downloads go at 40KB/s whilst using VPN, they seem to think it's up to them whether I use a VPN, like fuck you valve, that isn't your choice to make.

Re:

[Dupedupeshakur]

More VPN providers than you can throw a bucket of sticks at: https://thatoneprivacysite.net... [thatoneprivacysite.net]

TorrentFreak 2017 survey: https://torrentfreak.com/vpn-s... [torrentfreak.com]

I've moved from PrivateVPN (seem incompetent) to CyberGhost premium (slow, dodgy untrustworthy they essentially log), NordVPN next.

Valve/Steam f**ks over VPN users, downloads go at 40KB/s whilst using VPN, they seem to think it's up to them whether I use a VPN, like fuck you valve, that isn't your choice to make.

Over my 50mb/s connections I've seen 9-30 mb/s with steam using expressvpn

Re:

[MrL0G1C]

Do you use a VPN server whic has an IP that has the same geolocation as your country? (when getting good steam speeds)

It might just be that cyberghost are idiots and use the same IP address ranges for the free service as they do for the paid service which is why I see so much evidence of abuse reports for the IP addresses I'm using.

Re:

[Dupedupeshakur]

yes - it allows for the selection of server by geolocation or performance (there is a utility to ping/bandwidth test all of their servers and compare). I'm near Seattle, picked the Seattle server, and have steam d/l server set to Seattle. Sometimes I trace back to New Jersey for some reason, but I'm getting ~150 ping times worst case for gaming.

libreswan

[h4ck7h3p14n37]

If you're interested in rolling your own VPN I can recommend libreswan [libreswan.org].

I got both L2TP over IPSec and IPSec with XAUTH and PSK configurations working with the native VPN client (racoon?) in macOS Sierra (and presumably iOS). I'm still trying to get Android 6.0 working with XAUTH and PSK (establishes tunnel, but doesn't route properly), but L2TP works ok. My *NIX hosts just use libreswan as the client.

Amazon offers 1,000 free hours to new AWS users and the pricing on their EC2 instances is very good, so

Re:

[Kernel Kurtz]

VPN sounds alright when you're on your PC/laptop at home, but what about mobile?

I'm using Private Internet Access and they have clients for Android and IOS. They also let you connect 5 clients simultaneously.

Live in the wilderness

[Tony Isaac]

If you want privacy, you'll have to go find a wilderness hideout somewhere, not connected to the grid. It's an arms race. The more we try to protect our privacy, the more ways corporations will find ways to circumvent our protections.

While you're out there, you might run into some people who think Y2K destroyed civilization...

How To Screw with ISP Ads

[n329619]

Step 1: Create a Macro / Script to auto click every 3 seconds
Step 2: Search for cat videos and set to auto click them
Step 3: AFK for 1/2 the day
Step 4: All your ads are now nothing but cats regardless of whatever you searched (search pizza -> get cat ads)

First step: don't use google and Facebook?

[mveloso]

If you want to protect your privacy, the first step is to not use use google services or Facebook. That includes google DNS!

top trending

[saidsanka]

alltoptrending.com

pfSense - Device specific routing

[ninthbit]

My pfSense firewall has an alias (group of IPs) that it routes via VPN. Originally it was only my OrangePi torrent server, but with the new legislation, I've moved my phone and PC into the group. My 6 Rokus go out unprotected, but I have to imagine for security Netflix and Hulu use HTTPs for all their control signaling, so short of throttling by the ISP, I don't see them being rewarded for trying to read that data.

Re:

[Kevin by the Beach]

The insidious part is that Netflix and Hulu will be able to horse trade with your ISP.
-- ninthbit Just channel surfed from channel 5 to channel 10 (hey .. watchers.. .0003 cents for this information)
-- Public Utility ... we noticed that his smart power meter registered a 25 watt increase in power usage (maybe a refrigerator light came on)
-- ISP ... we see an increase in encrypted traffic from (IPv6 address for home access point)

Computer Fingerprints

[Kevin by the Beach]

Don't forget that your computer has fingerprints.

1. Operating System
2. Browser
3. Browser Plugins
(versions and possibly installation dates of above)
4. Cookies
5. Tracking Files (1x1 invisible image isn't just to fill in a small hole in the picture)

Mix all of that together, and add in the IP addresses these fingerprints are observed at and you are very well known. It doesn't matter if you use a VPN or not... The one time that you forget to login to the VPN, you've just left a calling card. On top of t

Confusion here...

[martinfb]

It seems to me that there is a bit of confusion regarding the issue of ISPs and privacy.

According to a US Rep, Costello, (R) PA, it is the FTC, and NOT the FCC, that is to regulate privacy concerns here.
Here's a link to his explanation: https://iqconnect.lmhostediq.c... [lmhostediq.com]

Seems to me that we, the People, have allowed too much confusion and B/S from our political parties, such that it allows them to get away with too much.

I say we start purging the system of band-aid laws and get serious about being FOR

Re:

[slashrio]

If the government had been interested in preventing crime, 9/11 and Boston wouldn't have happened.