Privacy Level 3: Hiding your Traffic

Recently, a PH Senator requested the NBI to open investigations on some online critics, stating that “he was a victim of fake and malicious news.” (Vice, GMA News Online, ABS-CBN News, Rappler). His intention is to file a libel case under the cybercrime laws of the PH. Since then, the NBI has also cited that libel complaints have been on the rise (CNN Philippines).

Crackdowns on media entities that are seen as critical to the government are well underway: Rappler’s Maria Ressa has been sentenced to at least six months in jail for “cyber libel.” ABS-CBN’s Franchise Renewal request has been denied by congress, putting most of 11,000 employees out of a job.

These recent events should have convinced you to take your privacy more seriously. You never know when a flippant retweet leads to a review of your internet traffic that eventually brands you a dissident. This is when hiding your traffic or at least understanding how it works becomes necessary.

The tips I shared previously in Privacy Level 2: How To Keep Your Data Private talk about some of the more “generic” privacy concerns. Mainly, how can you make sure that FB, Google, and other ad networks are not privy to your online activities. Using the extensions and privacy-focused browsers I shared, doesn’t keep your ISP from knowing which sites you’re visiting, for example.

In this article, we’ll learn how to keep your activities private and how to keep hiding your traffic or activities from your ISPs (or anyone else who might be watching your traffic).

Social Media And Your Name

Social Media is a powerful tool. It gives anyone a platform that allows them to shine a light on whatever they want to shine a light on, mental health, political issues, social injustice, the latest online shopping sale, or their child’s latest prank. Originally, though, it was seen as a way for people to keep in touch with their social circles. Mostly, that’s still how people view social media so they usually use their real names and pictures on these networks.

There’s nothing inherently wrong with doing that, of course. However, on the internet, everything is forever. Everything you post, including the most cringe worthy mistakes or the most politically charged accusation, is permanently recorded. This is, not consistent however, with being human. Being human inherently involves making mistakes, learning, and changing – that permanent record paints a picture of a human that is static: You are as good as your worst mistake. I believe this is a big reason why people’s political choices are so intertwined with their identity — they can’t change their mind simply because it’s not consistent with the identity they have built, recorded for posterity, on social media. The effect: they don’t change their mind because they can’t — doing so involves a destruction of the ego that most people don’t even realize is there.

Anonymous Selfies?
Photo by Cristina Zaragoza on Unsplash

I digress, sorry. We’re talking about privacy after all. From a privacy POV, the posts you share, the tweets you retweet, they can all, easily and obviously, be traced to you. Simple as that.

Now, it’s important to note that just because you use a different username, doesn’t mean it can’t be traced to you. Hiding your traffic or the posts that you create is a lot more complicated. The backup email you enter so that you can reset your password, and the phone number you use for the two factor authentication allows the social media channels to associate different accounts with one real person.

Aside from that, if you are a target of a Man in the Middle attack, you may be unintentionally allowing attackers who embed themselves in your network to see that you’re the person posting from that anonymous twitter account.

Hiding Your Traffic: What is a VPN

This is a simplified view of what the flow of your data looks like:

“Normal” Traffic without a VPN

When your data is encrypted, via an https site, for example, the ISP can’t read the actual data that’s being sent. However, your ISP can see what sites you visit. How is that dangerous? Let’s take 2 user profiles: Person A spends most of their time on Rappler, Twitter, Wikileaks, and Protonmail. Person B spends most of their time on Facebook, Lazada, and TikTok. Who of these two is probably a dissident? The woke answer, we can’t say. For a bureaucrat that has a deadline to stamp out some online comments, Person A.

With a VPN, this is what happens:

Traffic with a VPN

With a VPN, assuming the VPN has end to end encryption, the ISP sees that you are visiting the VPN. They don’t know what domains you’re visiting. They only know you’re visiting the VPN.

Pass the message
Photo by Ben White on Unsplash

A VPN also protects your anonymity when you visit the site. The site won’t know where you’re visiting from – not your location and not even what ISP you’re using. It will just know that requests are being made from the VPN’s ID address.

Your VPN sees everything you send through it. As such, it is vital that you choose the RIGHT VPN. Not all VPNs are created equal. Hola Better Internet, for example, which is a popular choice because it’s free and used via a chrome extension, was found to be selling users’ bandwidth. Basically, if anyone wants anything to look like it was sent from YOUR computer, they can do that. Yikes.

Choosing the right VPN is ultimately up to you. You can setup your own VPN or you can subscribe to a paid VPN. You can read more about how to choose the right VPN here: That One Privacy Guy’s – Guide to Choosing the Best VPN (for you)

Anonymizing Your Traffic: The Onion Router

You can think of The Onion Router as a series of nodes/sites/servers that pass your data between themselves before sending them on to the final destination.

How TOR Works

Instead of sending your data to the target server/host directly, it is first encrypted in 3 layers of encryption and then sent to the guard/entry relay. The guard relay then decrypts that first layer of encryption and passes your data over to a middle relay. The middle relay, in turn, decrypts another layer of encryption and then passes on the data to the exit relay. The exit layer, decrypts the final layer of encryption and sends it over to the target server. Each layer is peeled, much like an onion.

Because of this process, your ISP does not see who you’re sending the data to – they just know you’re sending data through TOR. On the server/host side, your target doesn’t know where the data is coming from also, just that it’s coming from a TOR exit relay. This is how hiding your traffic is done.

Since there’s more than 1 user going through each relay, your data is effectively anonymized – it looks like everyone else’s data that’s passing through the same nodes.

The main intent of TOR is to make you look like everyone else using TOR.
Photo by Paul Williams

Of course, this means that if you’re logging into your official Gmail account or your personal Facebook account via TOR… then there’s no point being anonymous. You are logging on to an identifiable account, after all. So TOR is really best used in activities where you need to keep your anonymity.

The passing on of data, and the multiple decryption steps also make TOR slower so there are certain activities for which TOR is not recommended – this includes streaming and torrenting.

Also, take note that the exit relay technically sees your data in it’s original pre-TOR form. If you’re sending unencrypted data through TOR, the exit relay will see that unencrypted data. This is a volunteer network of nodes and relays after all, which means one non-well meaning exit relay can read the data that goes through them.

The easiest way of using TOR is by using the TOR Browser. Simply download it and start surfing. Note that any other traffic that doesn’t go through that particular browser won’t be sent over TOR though. It is possible to set-up your network configuration so that all traffic goes through TOR, but the steps are a bit more involved: Windows, Mac OSX.

Another way of using TOR is by using the TAILS Operating System. TAILS is designed to be run off of a bootable USB stick or external drive. Install it to the USB stick via the instructions on the TAILS website, then restart your system and boot from your USB stick. Once running, setup your WIFI and TAILS will automatically connect to TOR. Interestingly, the “A” in TAILS stands for “Amnesic” which means that everytime you but up TAILS, it’s like the first time it’s booted. It doesn’t remember any files nor any sessions.

Whew, hiding your traffic sounds like a lot of work

Yup, hiding your traffic is a bit of work, certainly more than just installing an extension. Once you have it setup though, turning on the settings to protect your privacy becomes super easy.

Think of it as starting a new job. On your first day, you come in to your empty table and you start setting it up the way you want to set it up. Put up pictures of your family, and the little cactus at the corner. Maybe setup your laptop stand so that it’s more ergonomic. It’s a lot of work at the start, but it’s mostly just at the start. You also have to setup your bank account, provide NBI clearance, and all that fun stuff. After all of that, however, everyday, you simply just press your laptop’s power button, get a cup of coffee, and you’re good to go. Most of the work is in setting up your office. Once you’re set up, keeping your data private is as easy as just opening an app.


EJ Arboleda is a guest writer for MommyGinger.com. He is the CEO of Taxumo Inc, an avid fan of technology, a paranoid android user, an influencer’s chubby hubby, and proud dad to a whip-smart little girl. The opinions he shared in this article are not shared by Ginger Arboleda, MommyGinger.com, nor by Taxumo Inc.

Credits: Icons used above made by Freepik from www.flaticon.com

Nope, I Don’t think I Can. Wait, I Think I (actually) Can!

In the Philippines, as a woman in business, I don’t feel much of the gender bias that we often talk about. In my travels in the past though and through my interaction with women from all over the world (especially during Network Leader calls for Lean In), there is still a lot of judgement and discrimination going around in other parts of the world. As a Filipina, we are actually quite lucky that we are given equal opportunities as men in the Philippines when it comes to business. In our country, there are actually more women (based in data from DTI) who are opening businesses.

Well, I can’t say the same is true with the other aspects such as politics, etc. We still need to see more improvement in that area. We don’t have much female leaders (based on the 2020 PSA Fact Sheet on Men and Women).

But even if we are “all good” in the aspect of business, this does not mean that we don’t need support and we don’t need to talk about it. We still do.

This is the reason why Frances and I started a Lean In Network in the Philippines. It’s called Lean In PH (https://leanin.org/circles-network/lean-in-ph). Just to backtrack a little, Lean In is an organization started by Sheryl Sandberg, the COO of Facebook. She started this organization to encourage women all over the globe to start “circles”.

What are circles? Circles are get togethers or calls online where women can talk “life REALNESS” with other women who will lend a listening ear and who will support you. Lean In Circle sessions are safe spaces. Anything you say inside the circle is kept within the circle. We value trust.

In the Philippines, we ran two Circle Sessions so far since we started two months ago. For those who’d like to join us for a Circle Session, we’d love to meet you. You can sign up here: https://www.eventbrite.com/e/113194888960

For ladies who have your own groups and communities, we are looking for circle leaders, too. If you want to start your own circle, feel free to reach out to Frances and yours truly via the Lean In PH group on Facebook: https://www.facebook.com/groups/leaninph

Now, how do I feel about women in business? In my vlog and as COO of Taxumo, I’ve talked to a lot of women CEOs, women Sole Proprietorships, women founders, etc. and I am always amazed when I see what they have accomplished. And I see a lot of aspiring women entrepreneurs who I really have great potential and ideas.

Just this morning, I talked to a single Filipina mom who is based in Australia. She raised 4 kids on her own and owns this amazing virtual assistance / outsourcing company. After the call, I was so astounded and kept repeating to my husband how I was so inspired and amazed by her.

Just like what I mentioned in this video…

When I wanted to start my business, the question that I had in my mind was “Could I do it?” And this was something that really stopped me from starting right away. I imagine that some women may feel the same way, too.

And looking back, what I realized is that what helped me decide was my support system. EJ (my husband) was very supportive. He encouraged me to just try it out… and I did.

So to you reading this, you can do it! Even if I don’t know you or even if you’re miles away, I truly believe that you have what it takes. You are reading this for a reason. I really do believe in you!

Privacy Level 2: How to keep your data private

The anti-terror bill introduced language that authorizes surveillance of individuals, and not just members of organizations declared by the courts as terrorist. This surveillance includes a way for law enforcement to compel ISPs to provide all the data and metadata they collect that can be attributed to you. We’ve seen how this plays out in dystopian science fiction novels, although I would argue it’s more Brave New World versus Nineteen Eighty-Four.

Given that context about the anti-terror bill, it is important that you know this: the data you send over the internet can be read by anyone. It doesn’t even have to be someone with criminal intent. If you’re working from the office, your office IT probably logs which sites you visit. If you’re working from home, your ISP has access to your data because you’re sending it over their servers.

Some people would argue that the anti-terror bill is okay “because they have nothing to hide.” I believe though that this argument stems from a mix of a lack of understanding on how information can be used and hopeful naivete.

How can information be misused: let’s say that you are bothered by the truly horrifying fact that sex crimes exist. With the intention to help, you search for known sex traffickers on the internet. You eventually stumble on to a site that purveys said illicit materials. Congratulations! Your ISP (or whoever is listening in, cue anti-terror bill) now has you on a list of people with searching behaviors consistent with sex criminals.

I also said hopeful naivete because the “I have nothing to hide” argument is based on the fact that you trust EVERYONE around you implicitly. As I said, your data can be read by anyone. If you believe that everyone on Earth has everyone else’s best interests at heart, then let me greet you a belated happy birthday – seems you were just born yesterday.

As I have said in the previous article, if you hand over all your information, you are simply enabling a power imbalance with you on the losing end. Why participate in creating such a power imbalance at all?

Anyone can see my data?

The internet is insecure by default. When the internet was starting out, only universities, the US military, and giant conglomerates had access to it. You needed room sized computers to communicate with other room sized computers.

Eventually, the prices and sizes of the components needed for computers shrank. Computers eventually became personal computers. Everyone and their (geeky) uncle had access to one. The internet grew not only in size, but also in functionality — new ideas were introduced that expanded on its original functionality. Instead of just sending someone a random greeting, I could now send instructions to my bank to transfer money from my account to another account. This lead to unscrupulous individuals who saw how they can make money off of that insecurity.

simplified image showing how traffic is sent between computers on the internet
Sending unsecured messages over the internet

The simple design of how the internet worked led to its rapid growth but it also has innate vulnerabilities that you would now need to compensate for if you wanted to make sure you were secure.

In the previous article, Privacy Level 1: Know What You’re Sharing, I wanted to educate you on the data you inadvertently shared to social media companies and friends. In this article, I will now show you how to make sure your traffic is secure.

What you can do

Step 1: Install these extensions

https everywhere

Download https everywhere here: Chrome Desktop, Firefox Desktop, Firefox on Android

SSL encrypts the traffic between your computer and the website, server, or computer you are talking to. Sites that have “https” automatically does this encryption for you so you can be fairly certain that your data is only visible to you and whoever your computer is talking to.

The same conversation over SSL.

“https everywhere” is an extension that you install that changes the URL of the site you’re visiting to its “https” version (if supported).

Note that though your messages/data are encrypted, your ISP, your office, or whoever is watching your traffic still knows the website you visited. They just can’t read what you talked about.

uBlock Origin

uBlock Origin

Download uBlock Origin here: Chrome Desktop, Firefox Desktop

When you visit websites, they usually include some code that helps them understand you more. An unfortunate side effect of this is that you are likely sending your data through big companies such as Google and Facebook.

uBlock Origin is a content blocker. It not only blocks ads, but it also disables any tracking software that may be on the websites. It also removes any content that comes from known malware domains — sometimes websites do get hacked and, because of that, they inadvertently serve malware sometimes.

Privacy Badger

Download Privacy Badger here: Chrome Desktop, Firefox Desktop, Firefox on Android

Privacy Badger is usually described as “where uBlock Origin ends, Privacy Badger starts.”

So how the usual content blockers work (uBlock origin included) is that they have a list of blacklisted content providers/IPs. They would then block from content/traffic from these providers on the list. How about for ones not on those lists? Privacy Badger basically monitors your traffic and watches if there’s any source that provides content across different websites (think ads that follow you around after you added something to your shopping cart). If it sees anything like that, it automatically blocks that content for you.

Hmm… not a lot of options for iOS?

Noticed that too, huh? The app store’s walled garden has meant that a lot of innovative applications and extensions such as the above don’t get approved. Fortunately, there is still a recourse: install a new browser!

Step 2: Try a different browser

In this step, I’m going to list a couple of browsers. You don’t need to install all of them though, just choose one and you’re good to go.

Brave Browser

Download it here: Brave Browser

Brave is an interesting new experiment. It’s built on top of the Chromium Engine, the same engine that Chrome uses. It’s developed completely in the open so anyone can inspect their code. Here’s Brave browser’s github repo (i.e. where they store their source code) if you want to inspect it. It also introduces a completely new way for publishers to earn. Publishers earn via BAT tokens – yup, cryptocurrency. You can read more about what BAT Tokens are here and you can see how much 1 BAT token is worth here.

So everytime you visit MommyGinger.com, for example, Brave browser (on your local device, not sent anywhere else) will tally how many times you visited her. The people at Brave don’t see this user-specific data, what they get instead is the total visits from all Brave browser users to MommyGinger.com. Ginger is then rewarded BAT tokens based on that number.

As a user, instead of being served ads without a choice, you OPT-IN to their rewards program. When you see the ads, you accumulate BAT tokens as well. From being just an eyeball looking at ads, you are now also earning from your views. Users receive 70% of the ad revenue share as a “reward for their attention.” The ads served are personalized BUT all the data lives on your local device only, your device “calls” for relevant ads but the server doesn’t see your individual data profile.

Aside from that you can also give tips to your favorite content creators. Similar to how it works on Twitch.

Personally, I’m excited about this truly innovative use of blockchain and crypto.

Disclosure: Brave browser was involved in some controversy a while back. If you visited binance.com, they would add their affiliate link. You can read more about it here. They’ve since said sorry and have removed this auto-affiliate thing.

TOR Browser

Download TOR Browser here: iOS App Store (Onion Browser), Android Play Store, Desktop

The TOR Browser forces all your traffic over The Onion Router. Basically, it’s a series of servers that bounce your traffic around, each adding a layer of encryption. The main intent here is anonymity. You are bounced around with millions of other users on TOR so traffic that reaches a server can’t be traced back to your location. I’ll talk more about TOR in my next article.

Aside from that, the TOR Browser also disables certain functionalities normally present in other browsers: Javascript, Flash, Quicktime, and Realplayer. These functionalities may be exploited by some parties so it keeps them turned off by default.

Note that the TOR Browser for iOS, named Onion Browser, will show that it’s published by a guy named Mike Tigas. As per his bio: Mike Tigas is a software engineer and journalist. He works at ProPublica and is a core contributor to the Tor Project. Regardless, however, the browser is free and open-source. You can see Onion Browser’s source code here. The other main contributors are Benajmin Erhart and the Guardian Project, the latter known for creating apps used by, to quote their website “any person looking to protect their data from unjust intrusion, interception, and monitoring.” I would personally trust these developers but, of course, the ultimate decision is up to you.

The Anti-Terror Bill

The anti-terror bill was probably created with the best of intentions at heart. Best intentions, however, can’t stop unintended consequences from rearing its ugly head. For example – one can argue that Metro Manila traffic worsened BECAUSE of the color coding scheme. How? Let’s take my family as an anecdote. Before, we only had 1 car, my dad would bring us to school then drive my mom to work, then go to work himself. When the color coding scheme was implemented, my dad wanted another car for that one day because he wasn’t about to let his family take the woefully bad public transport system here. So now we have a car that was being used 4 workdays out of 5, and 1 for that 1 day. Now looking at that car — what a waste. A car used just once a week? So my mom learned how to drive. Now there were 2 of them on the road instead of just 1 car.

Now, I’m not saying that the anti-terror bill will actually cause terrorism, but I’m wary of the new behaviors particularly from law enforcement because of this. For this bill to work properly, we need to have an impartial watchdog that keeps track to see whether the anti-terror bill is truly being used for its intended purpose. Impartiality, unfortunately, seems to be in short supply nowadays, with dissenting opinion being characterized as either stupid or downright seditious.

MommyGinger.com and Privacy

Ginger earns mainly from the ads that she has on her blog — some of these ads are served by Google and Facebook. However, Ginger believes in your right to privacy and she respects your choice to turn on your content blocker. Understandably, it does leave her in a bit of a pickle. So instead, Ginger would like to request 3 things:

  1. Download a free copy of her book, Building a Business in the Philippines, by signing up when the pop up appears,
  2. Actively engage with her blog by leaving comments when you read her articles,
  3. Engage with her via her social media presence: Instagram, Facebook, YouTube, Twitter.

Please do tell her what you think, what you like, what you don’t like, and what you’d want to see – she would love to hear from you as a person versus as an anonymous data point on her analytics platforms.


This is the second article in my series about Privacy. With the rise of social media and authoritarian governments, privacy has slowly changed from becoming a right to a privilege. This series aims to help people understand how to keep a more private profile online.

EJ Arboleda is a guest writer for MommyGinger.com. He is the CEO of Taxumo Inc, an avid fan of technology, a paranoid android user, an influencer’s chubby hubby, and proud dad to a whip-smart little girl. The opinions he shared in this article are not shared by Ginger Arboleda, MommyGinger.com, nor by Taxumo Inc.

The Essential Guide To Heading Off The Beaten Track

With coronavirus forcing us to adapt to a new normal, we have had to revolutionize many different aspects of our lives. Travel is no different. Less than six months ago you could have hot-footed it to wherever you wanted on the planet without a care in the world. Fast forward to today and you need to check out quarantine legislation, R rates, and temperature checks.

Travel has become more daunting for the ardent backpacker and the holiday-maker. This doesn’t mean that travel is off the cards forever. For the foreseeable future, we may be planning our trips rather than embarking on them, but in the near future, you will be able to take a jaunt overseas again. However, you may not want to be among the tourist crowds and the busy hotspots. Instead, you might want to venture somewhere off the beaten track to stay safe and reduce your risk of catching Covid-19. Take a look at this essential guide to help you head off the beaten track.

Photo by Porapak Apichodilok from Pexels

Look At A Map

When you plan a travel adventure overseas, the chances are you have an idea of where you want to go in the world. You might want to trek the Inca Trail in Peru, do some temple hopping in Kyoto, Japan or take a drive along Route 66 in the United States. To head off the beaten track successfully, you need to be close enough to activities and sites without being smack bang in the middle of them.

Our trip to Japan last 2017

If you are heading to Japan, Hiroshima is a must-see city. Where the atomic bomb dropped at the end of the Second World War, this city is full of history and optimism. It’s also busy. Instead of staying here, why not hotfoot it to the neighboring island of Miyajima. Beautiful, picturesque and idyllic, you are just thirty minutes away from the city, but you can stay in a traditional Japanese ryokan far away from the crowds. The floating shrines are stunning and there are some wild deer and monkeys to get to grips with. You might even want to scale Mount Misen to see the temple on the peak.

If you fancy Thailand, don’t head to the hustle and bustle of Bangkok, and take a jaunt to Nonthaburi instead. The city is rarely visited by tourists, yet it’s not far from the stunning temple-laden Lat Phrao. You could even save money by finding a cheap house for rent in Nonthaburi rather than staying in an expensive hotel in the region. You can be somewhere less dense, stay for a longer period of time, and enjoy a quieter pace of life.

GPS

If you are planning on heading off the tourist trail, make sure that you have safety as your top priority. While you might love the idea of being free from the shackles of social media and off-grid, it is still prudent to have a smartphone and GPS device on you. If traveling solo is your thing, a GPS device is vital if your set of wheels breaks down or if you get lost. A quick lookup of your coordinates can help emergency services locate and rescue you.

Smartphones are also necessary for those just in case moments. You don’t have to be scrolling through Facebook every hour of your travels, but posting photos now and again and staying in touch with family is important to many travelers no matter where they are in the world.

Image by Jonathan Valencia from Pixabay

Follow The Locals

If you are keen to see the authentic side of a destination, it’s not a good idea to go on tours set up for foreigners. You’ll see the bland and expensive face of a nation. Instead, follow the locals. If you want a great bowl of pasta in Rome, go where the Italians go. If you want some incredible dumplings in Beijing, forget following the Americans and venture where the Chinese go. They may not look the most salubrious of restaurants, but the best and most authentic eateries rarely are. 

To help you stay off the beaten track, you need to converse with the locals. This means you need to commit to learning a little bit of language. Doing this will help you earn the respect of the locals. There’s nothing more embarrassing than shouting slowly in English, expecting a local to understand you. It’s arrogant. Don’t do it. Instead, be a responsible and caring traveler, learning some of the lingo, making friends with the locals, and finding some hidden gems.

Heading off the beaten track can be exciting. Follow this guide and you can stay safe while traveling in a post-pandemic age.

Any other tips? Share it with us!