The tech crowd is up in arms and they should be. Congress has effectively eliminated your ability to control your privacy online. All of your data, history, browsing preferences, conversations, etc. are now a commodity to be sold when the Republican-lead Congress repealed FCC Privacy Rules and passed SJ 34, legislation that gives free reign to corporations to mine your internet data. Trump still needs to sign and the legislation is scheduled to cross his desk in the coming weeks. It’s highly unlikely he’ll veto.
As a noob in the information security arena, I’ve not seen so much chatter and noise about one particular issue like this one. Many folks are speaking in terms and ideas that are far above what the general internet user knows. But I’m here to help you make it understandable. In a nutshell this repeal allows your Internet Service Provider (ISP), ala Comcast, Century Link, etc., to sell your internet browsing history to anyone they choose without your permission. And it doesn’t necessarily mean that it will be a money-making corporation that will be buying said information. Think 1984 meets Animal Farm meets The Man in the High Castle meets A Handmaid’s Tale. In the words of John Perry Barlow, “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”
So, I’m going to give you the Noob’s Guide to Regaining Your Internet Privacy.
Why should you be worried about this change to internet privacy?
The first risk is that Internet providers already have a track record of not keeping your information secure. It’s kind of like handing out your personal sensitive information right on a billboard for any one to find — hacker, criminal, thieves, etc.
Another risk is that currently your internet provider can only monitor a small slice of your browsing that isn’t encrypted. Allow me to explain a bit more, whenever you visit a site that starts with https (instead of just http), your ISP can’t see the contents of what you’re browsing. With this repeal, that goes away. They will be able to spy on all of it.
Third, the risk is that the ISP can follow up that monitoring by analyzing it and then inserting ads into your browser, which in turns opens up vulnerabilities, which hackers will easily find and exploit. And this is beyond what you see on Facebook, which only shows when you are in that application. This will appear no matter where you click, browse, and view on the ‘net.
In order to do the above — inserting ads into your browser — your ISP can also put in spyware, which we all know opens the door for malware. Malware can erase your entire internet presence as well as steal your sensitive personal information. Additionally, it can disable your hardware.
Now if all the above is not convincing you that you should be making plans to change how you exist in the cyber world, there’s still another risk you need to be aware of and that is Zombie Supercookies. Yes, it’s as scary as it sounds.
In order for the noobs in us to understand Zombie Supercookies, you have to understand what Web Cookies are and then understand Zombie Cookies. Once you get that, just reading the words Zombie Supercookies should strike the fear in you that it should. In short, Zombie Supercookies allow hackers to track you wherever you go. Wherever. Zombie Supercookies would work like this: the ISP tags your internet traffic with a unique ID. Then they can sell this information to others. Tools you’ve used in the past to avoid Zombie Cookies won’t work because this tracking tag is added after the data leaves your computer. And if the data exists, hackers can find it; they won’t necessarily have to buy it from the ISP.
In short, this repeal will not only mean your privacy is invaded, but that your security is at risk, since the two go hand in hand. ISPs storing more data, much of it sensitive, will become giant targets for hackers.
Cybersecurity disaster, right?
So how can you #resist against this?
If you’re not already making sure that the sites you visit have the “https” prefix in the URL, well, you’re already behind the power curve. So start there. With the repeal you won’t be invisible to ISP, but they will be able to see less of what you’re doing on a particular site.
Next, and likely the most powerful, but not a cure all to push back against this repeal is a little thing called Virtual Private Network, VPNs for short. When it was up for a vote I tweeted, then deleted, because I’m angsty like that, to get your investments in VPN services in place because people are going to need them. VPNs are on the front lines of mitigating the new reality once this repeal is the law of the land (just a few weeks from now), until, of course, we can vote in more reasonable people into office (more on that later). Therefore ,your first step is to invest in a Virtual Private Network service. A VPN will route all your traffic in a manner that makes it appear that you’re only ever connecting to one particular server — and the information gathering for your ISP stops there. Here’s a list compiled by PC Mag of the “best” VPN services. The service that I’m using is in that list.
Next you may want to consider using a couple of tools when browsing. I love the convenience of Google and all their well-loved and used bundled apps, but they are not above the threat of potential abuse, as they are a corporation that has shown they already have quite a bit of data on you and me, much like they do on Facebook. You can continue to use Google and Facebook, but then you may want to consider using something like the Electronic Frontier Foundation’s Privacy Badger I have been using that honey of a badger for a few months now. Google and Facebook’s ads are now very random. But, if you want to take your internet browsing to yet another level of privacy, you may consider using Tor to browse. This service dispenses your internet traffic through a conglomerate of tubes/tunnels, making it confusing and downright hard to track said traffic. It was a tech first developed by the Navy, but is now available to anyone. You can download Tor, by using this link here.
There’s a great article, too, from the folks at CloudWards on how to encrypt your hard drive if you want to really go into hardcore privacy protection. This is a comprehensive guide about not only how-to, but best practices whether you do Windows, mac, or Linux. Thanks to Laura from CloudWards for turning me onto this!
Lastly, and likely even more important, is the political moves you can make to regain your internet privacy. Start by calling your state congressional representatives and see if they can’t fight back against the federal lawmakers who sold out our privacy so a few corporations can make a few extra dollars. Minnesota has already decided to fight back, voting to bar internet service providers from selling their users’ personal data without express written consent. Today I heard rumblings in the Washington state #resist channels that my state is not far behind my Northern Great Lakes compatriots. Also, in the mid-term elections in November of 2018 you can call to task the reps and senators that voted for this repeal by voting them out of office. Between now and then you can work with or donate to groups like the Electronic Frontier Foundation, Fight for the Future, Access Now, the Center for Democracy and Technology, Public Knowledge, Free Press, and the ACLU.
Well, there you have it, your Noob’s Guide to Regaining Your Internet Privacy Back. From one noob to the other: here’s to getting our internet privacy back.