As I’m sure you know, Congress recently decided to roll back FCC rules that would have required ISPs to protect the privacy of their users. Now the new regulations hadn’t gone into effect yet, so nothing has changed, except now people are thinking about their privacy in ways they hadn’t before and are worried about what will happen to the information culled by providers. As eSecurity Planet shared:
Nathan Wenzler, chief security strategist at AsTech, told eSecurity Planet by email that while many websites leverage users' browsing history to deliver targeted advertising, they can only do that for what the user does on their own site. "An ISP, being the means to connect directly to the Internet for a user, would be able to gather every single [bit] of usage data for a user, including every site ever visited," he said.
I recently had an email conversation with GreyCastle Security executive Mike Stamas to discuss the different options we users have to keep our personal information from being sold and shared. Here is part of that conversation.
Stamas said there are three primary options to keeping information private:
- Only visit websites with HTTPS in the link. This will ensure providers can only see that you’re on a certain site. The specific info itself will be encrypted.
- Set up a Virtual Private Network (VPN), creating an encrypted tunnel for your internet traffic.
- An additional step would be to use a browser called Tor, which makes your IP address anonymous.
Let’s take these options one by one.
HTTPS makes it difficult for third parties to see the traffic inside your conversation because it adds a layer of encryption on top of the standard HTTP protocol; however, it is by no means 100 percent anonymous, Stamas explained. If you don’t have IT support to add all of this security, he recommended that, when they can, users should browse using an online alias.
VPNs are gaining a lot more attention because of the ISP privacy change. Both businesses and consumers are more interested in using VPN connections more regularly, which is a good thing, but, as Stamas pointed out, VPNs do not provide complete anonymity and privacy. Also, VPN providers are collecting your data. Stamas added:
I recommend using a VPN that guarantees they are not collecting your information, but there are only a few that have been proven to not store your information, like Private Internet Access VPN, or PIA VPN, which has a strict no-logging policy.
Finally, Tor is an advanced internet browser that routes your internet traffic through its network. This prevents your ISP and people monitoring your local network from viewing your browsing history. So for example, if you visit Amazon.com through Tor, your ISP can't see you accessing that site; they'll just see encrypted traffic.
Stamas made one other important point in our conversation:
The only surefire way to protect your online identity is to opt-out of the internet, which is not practical and virtually impossible with the amount of information third parties already have about us. It’s also important to note that with more security comes more cost and usually less convenience.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba