Privacy Level 3: Hiding your Traffic

Recently, a PH Senator requested the NBI to open investigations on some online critics, stating that “he was a victim of fake and malicious news.” (Vice, GMA News Online, ABS-CBN News, Rappler). His intention is to file a libel case under the cybercrime laws of the PH. Since then, the NBI has also cited that libel complaints have been on the rise (CNN Philippines).

Crackdowns on media entities that are seen as critical to the government are well underway: Rappler’s Maria Ressa has been sentenced to at least six months in jail for “cyber libel.” ABS-CBN’s Franchise Renewal request has been denied by congress, putting most of 11,000 employees out of a job.

These recent events should have convinced you to take your privacy more seriously. You never know when a flippant retweet leads to a review of your internet traffic that eventually brands you a dissident. This is when hiding your traffic or at least understanding how it works becomes necessary.

The tips I shared previously in Privacy Level 2: How To Keep Your Data Private talk about some of the more “generic” privacy concerns. Mainly, how can you make sure that FB, Google, and other ad networks are not privy to your online activities. Using the extensions and privacy-focused browsers I shared, doesn’t keep your ISP from knowing which sites you’re visiting, for example.

In this article, we’ll learn how to keep your activities private and how to keep hiding your traffic or activities from your ISPs (or anyone else who might be watching your traffic).

Social Media And Your Name

Social Media is a powerful tool. It gives anyone a platform that allows them to shine a light on whatever they want to shine a light on, mental health, political issues, social injustice, the latest online shopping sale, or their child’s latest prank. Originally, though, it was seen as a way for people to keep in touch with their social circles. Mostly, that’s still how people view social media so they usually use their real names and pictures on these networks.

There’s nothing inherently wrong with doing that, of course. However, on the internet, everything is forever. Everything you post, including the most cringe worthy mistakes or the most politically charged accusation, is permanently recorded. This is, not consistent however, with being human. Being human inherently involves making mistakes, learning, and changing – that permanent record paints a picture of a human that is static: You are as good as your worst mistake. I believe this is a big reason why people’s political choices are so intertwined with their identity — they can’t change their mind simply because it’s not consistent with the identity they have built, recorded for posterity, on social media. The effect: they don’t change their mind because they can’t — doing so involves a destruction of the ego that most people don’t even realize is there.

Anonymous Selfies?
Photo by Cristina Zaragoza on Unsplash

I digress, sorry. We’re talking about privacy after all. From a privacy POV, the posts you share, the tweets you retweet, they can all, easily and obviously, be traced to you. Simple as that.

Now, it’s important to note that just because you use a different username, doesn’t mean it can’t be traced to you. Hiding your traffic or the posts that you create is a lot more complicated. The backup email you enter so that you can reset your password, and the phone number you use for the two factor authentication allows the social media channels to associate different accounts with one real person.

Aside from that, if you are a target of a Man in the Middle attack, you may be unintentionally allowing attackers who embed themselves in your network to see that you’re the person posting from that anonymous twitter account.

Hiding Your Traffic: What is a VPN

This is a simplified view of what the flow of your data looks like:

“Normal” Traffic without a VPN

When your data is encrypted, via an https site, for example, the ISP can’t read the actual data that’s being sent. However, your ISP can see what sites you visit. How is that dangerous? Let’s take 2 user profiles: Person A spends most of their time on Rappler, Twitter, Wikileaks, and Protonmail. Person B spends most of their time on Facebook, Lazada, and TikTok. Who of these two is probably a dissident? The woke answer, we can’t say. For a bureaucrat that has a deadline to stamp out some online comments, Person A.

With a VPN, this is what happens:

Traffic with a VPN

With a VPN, assuming the VPN has end to end encryption, the ISP sees that you are visiting the VPN. They don’t know what domains you’re visiting. They only know you’re visiting the VPN.

Pass the message
Photo by Ben White on Unsplash

A VPN also protects your anonymity when you visit the site. The site won’t know where you’re visiting from – not your location and not even what ISP you’re using. It will just know that requests are being made from the VPN’s ID address.

Your VPN sees everything you send through it. As such, it is vital that you choose the RIGHT VPN. Not all VPNs are created equal. Hola Better Internet, for example, which is a popular choice because it’s free and used via a chrome extension, was found to be selling users’ bandwidth. Basically, if anyone wants anything to look like it was sent from YOUR computer, they can do that. Yikes.

Choosing the right VPN is ultimately up to you. You can setup your own VPN or you can subscribe to a paid VPN. You can read more about how to choose the right VPN here: That One Privacy Guy’s – Guide to Choosing the Best VPN (for you)

Anonymizing Your Traffic: The Onion Router

You can think of The Onion Router as a series of nodes/sites/servers that pass your data between themselves before sending them on to the final destination.

How TOR Works

Instead of sending your data to the target server/host directly, it is first encrypted in 3 layers of encryption and then sent to the guard/entry relay. The guard relay then decrypts that first layer of encryption and passes your data over to a middle relay. The middle relay, in turn, decrypts another layer of encryption and then passes on the data to the exit relay. The exit layer, decrypts the final layer of encryption and sends it over to the target server. Each layer is peeled, much like an onion.

Because of this process, your ISP does not see who you’re sending the data to – they just know you’re sending data through TOR. On the server/host side, your target doesn’t know where the data is coming from also, just that it’s coming from a TOR exit relay. This is how hiding your traffic is done.

Since there’s more than 1 user going through each relay, your data is effectively anonymized – it looks like everyone else’s data that’s passing through the same nodes.

The main intent of TOR is to make you look like everyone else using TOR.
Photo by Paul Williams

Of course, this means that if you’re logging into your official Gmail account or your personal Facebook account via TOR… then there’s no point being anonymous. You are logging on to an identifiable account, after all. So TOR is really best used in activities where you need to keep your anonymity.

The passing on of data, and the multiple decryption steps also make TOR slower so there are certain activities for which TOR is not recommended – this includes streaming and torrenting.

Also, take note that the exit relay technically sees your data in it’s original pre-TOR form. If you’re sending unencrypted data through TOR, the exit relay will see that unencrypted data. This is a volunteer network of nodes and relays after all, which means one non-well meaning exit relay can read the data that goes through them.

The easiest way of using TOR is by using the TOR Browser. Simply download it and start surfing. Note that any other traffic that doesn’t go through that particular browser won’t be sent over TOR though. It is possible to set-up your network configuration so that all traffic goes through TOR, but the steps are a bit more involved: Windows, Mac OSX.

Another way of using TOR is by using the TAILS Operating System. TAILS is designed to be run off of a bootable USB stick or external drive. Install it to the USB stick via the instructions on the TAILS website, then restart your system and boot from your USB stick. Once running, setup your WIFI and TAILS will automatically connect to TOR. Interestingly, the “A” in TAILS stands for “Amnesic” which means that everytime you but up TAILS, it’s like the first time it’s booted. It doesn’t remember any files nor any sessions.

Whew, hiding your traffic sounds like a lot of work

Yup, hiding your traffic is a bit of work, certainly more than just installing an extension. Once you have it setup though, turning on the settings to protect your privacy becomes super easy.

Think of it as starting a new job. On your first day, you come in to your empty table and you start setting it up the way you want to set it up. Put up pictures of your family, and the little cactus at the corner. Maybe setup your laptop stand so that it’s more ergonomic. It’s a lot of work at the start, but it’s mostly just at the start. You also have to setup your bank account, provide NBI clearance, and all that fun stuff. After all of that, however, everyday, you simply just press your laptop’s power button, get a cup of coffee, and you’re good to go. Most of the work is in setting up your office. Once you’re set up, keeping your data private is as easy as just opening an app.

EJ Arboleda is a guest writer for He is the CEO of Taxumo Inc, an avid fan of technology, a paranoid android user, an influencer’s chubby hubby, and proud dad to a whip-smart little girl. The opinions he shared in this article are not shared by Ginger Arboleda,, nor by Taxumo Inc.

Credits: Icons used above made by Freepik from

Privacy Level 2: How to keep your data private

The anti-terror bill introduced language that authorizes surveillance of individuals, and not just members of organizations declared by the courts as terrorist. This surveillance includes a way for law enforcement to compel ISPs to provide all the data and metadata they collect that can be attributed to you. We’ve seen how this plays out in dystopian science fiction novels, although I would argue it’s more Brave New World versus Nineteen Eighty-Four.

Given that context about the anti-terror bill, it is important that you know this: the data you send over the internet can be read by anyone. It doesn’t even have to be someone with criminal intent. If you’re working from the office, your office IT probably logs which sites you visit. If you’re working from home, your ISP has access to your data because you’re sending it over their servers.

Some people would argue that the anti-terror bill is okay “because they have nothing to hide.” I believe though that this argument stems from a mix of a lack of understanding on how information can be used and hopeful naivete.

How can information be misused: let’s say that you are bothered by the truly horrifying fact that sex crimes exist. With the intention to help, you search for known sex traffickers on the internet. You eventually stumble on to a site that purveys said illicit materials. Congratulations! Your ISP (or whoever is listening in, cue anti-terror bill) now has you on a list of people with searching behaviors consistent with sex criminals.

I also said hopeful naivete because the “I have nothing to hide” argument is based on the fact that you trust EVERYONE around you implicitly. As I said, your data can be read by anyone. If you believe that everyone on Earth has everyone else’s best interests at heart, then let me greet you a belated happy birthday – seems you were just born yesterday.

As I have said in the previous article, if you hand over all your information, you are simply enabling a power imbalance with you on the losing end. Why participate in creating such a power imbalance at all?

Anyone can see my data?

The internet is insecure by default. When the internet was starting out, only universities, the US military, and giant conglomerates had access to it. You needed room sized computers to communicate with other room sized computers.

Eventually, the prices and sizes of the components needed for computers shrank. Computers eventually became personal computers. Everyone and their (geeky) uncle had access to one. The internet grew not only in size, but also in functionality — new ideas were introduced that expanded on its original functionality. Instead of just sending someone a random greeting, I could now send instructions to my bank to transfer money from my account to another account. This lead to unscrupulous individuals who saw how they can make money off of that insecurity.

simplified image showing how traffic is sent between computers on the internet
Sending unsecured messages over the internet

The simple design of how the internet worked led to its rapid growth but it also has innate vulnerabilities that you would now need to compensate for if you wanted to make sure you were secure.

In the previous article, Privacy Level 1: Know What You’re Sharing, I wanted to educate you on the data you inadvertently shared to social media companies and friends. In this article, I will now show you how to make sure your traffic is secure.

What you can do

Step 1: Install these extensions

https everywhere

Download https everywhere here: Chrome Desktop, Firefox Desktop, Firefox on Android

SSL encrypts the traffic between your computer and the website, server, or computer you are talking to. Sites that have “https” automatically does this encryption for you so you can be fairly certain that your data is only visible to you and whoever your computer is talking to.

The same conversation over SSL.

“https everywhere” is an extension that you install that changes the URL of the site you’re visiting to its “https” version (if supported).

Note that though your messages/data are encrypted, your ISP, your office, or whoever is watching your traffic still knows the website you visited. They just can’t read what you talked about.

uBlock Origin

uBlock Origin

Download uBlock Origin here: Chrome Desktop, Firefox Desktop

When you visit websites, they usually include some code that helps them understand you more. An unfortunate side effect of this is that you are likely sending your data through big companies such as Google and Facebook.

uBlock Origin is a content blocker. It not only blocks ads, but it also disables any tracking software that may be on the websites. It also removes any content that comes from known malware domains — sometimes websites do get hacked and, because of that, they inadvertently serve malware sometimes.

Privacy Badger

Download Privacy Badger here: Chrome Desktop, Firefox Desktop, Firefox on Android

Privacy Badger is usually described as “where uBlock Origin ends, Privacy Badger starts.”

So how the usual content blockers work (uBlock origin included) is that they have a list of blacklisted content providers/IPs. They would then block from content/traffic from these providers on the list. How about for ones not on those lists? Privacy Badger basically monitors your traffic and watches if there’s any source that provides content across different websites (think ads that follow you around after you added something to your shopping cart). If it sees anything like that, it automatically blocks that content for you.

Hmm… not a lot of options for iOS?

Noticed that too, huh? The app store’s walled garden has meant that a lot of innovative applications and extensions such as the above don’t get approved. Fortunately, there is still a recourse: install a new browser!

Step 2: Try a different browser

In this step, I’m going to list a couple of browsers. You don’t need to install all of them though, just choose one and you’re good to go.

Brave Browser

Download it here: Brave Browser

Brave is an interesting new experiment. It’s built on top of the Chromium Engine, the same engine that Chrome uses. It’s developed completely in the open so anyone can inspect their code. Here’s Brave browser’s github repo (i.e. where they store their source code) if you want to inspect it. It also introduces a completely new way for publishers to earn. Publishers earn via BAT tokens – yup, cryptocurrency. You can read more about what BAT Tokens are here and you can see how much 1 BAT token is worth here.

So everytime you visit, for example, Brave browser (on your local device, not sent anywhere else) will tally how many times you visited her. The people at Brave don’t see this user-specific data, what they get instead is the total visits from all Brave browser users to Ginger is then rewarded BAT tokens based on that number.

As a user, instead of being served ads without a choice, you OPT-IN to their rewards program. When you see the ads, you accumulate BAT tokens as well. From being just an eyeball looking at ads, you are now also earning from your views. Users receive 70% of the ad revenue share as a “reward for their attention.” The ads served are personalized BUT all the data lives on your local device only, your device “calls” for relevant ads but the server doesn’t see your individual data profile.

Aside from that you can also give tips to your favorite content creators. Similar to how it works on Twitch.

Personally, I’m excited about this truly innovative use of blockchain and crypto.

Disclosure: Brave browser was involved in some controversy a while back. If you visited, they would add their affiliate link. You can read more about it here. They’ve since said sorry and have removed this auto-affiliate thing.

TOR Browser

Download TOR Browser here: iOS App Store (Onion Browser), Android Play Store, Desktop

The TOR Browser forces all your traffic over The Onion Router. Basically, it’s a series of servers that bounce your traffic around, each adding a layer of encryption. The main intent here is anonymity. You are bounced around with millions of other users on TOR so traffic that reaches a server can’t be traced back to your location. I’ll talk more about TOR in my next article.

Aside from that, the TOR Browser also disables certain functionalities normally present in other browsers: Javascript, Flash, Quicktime, and Realplayer. These functionalities may be exploited by some parties so it keeps them turned off by default.

Note that the TOR Browser for iOS, named Onion Browser, will show that it’s published by a guy named Mike Tigas. As per his bio: Mike Tigas is a software engineer and journalist. He works at ProPublica and is a core contributor to the Tor Project. Regardless, however, the browser is free and open-source. You can see Onion Browser’s source code here. The other main contributors are Benajmin Erhart and the Guardian Project, the latter known for creating apps used by, to quote their website “any person looking to protect their data from unjust intrusion, interception, and monitoring.” I would personally trust these developers but, of course, the ultimate decision is up to you.

The Anti-Terror Bill

The anti-terror bill was probably created with the best of intentions at heart. Best intentions, however, can’t stop unintended consequences from rearing its ugly head. For example – one can argue that Metro Manila traffic worsened BECAUSE of the color coding scheme. How? Let’s take my family as an anecdote. Before, we only had 1 car, my dad would bring us to school then drive my mom to work, then go to work himself. When the color coding scheme was implemented, my dad wanted another car for that one day because he wasn’t about to let his family take the woefully bad public transport system here. So now we have a car that was being used 4 workdays out of 5, and 1 for that 1 day. Now looking at that car — what a waste. A car used just once a week? So my mom learned how to drive. Now there were 2 of them on the road instead of just 1 car.

Now, I’m not saying that the anti-terror bill will actually cause terrorism, but I’m wary of the new behaviors particularly from law enforcement because of this. For this bill to work properly, we need to have an impartial watchdog that keeps track to see whether the anti-terror bill is truly being used for its intended purpose. Impartiality, unfortunately, seems to be in short supply nowadays, with dissenting opinion being characterized as either stupid or downright seditious. and Privacy

Ginger earns mainly from the ads that she has on her blog — some of these ads are served by Google and Facebook. However, Ginger believes in your right to privacy and she respects your choice to turn on your content blocker. Understandably, it does leave her in a bit of a pickle. So instead, Ginger would like to request 3 things:

  1. Download a free copy of her book, Building a Business in the Philippines, by signing up when the pop up appears,
  2. Actively engage with her blog by leaving comments when you read her articles,
  3. Engage with her via her social media presence: Instagram, Facebook, YouTube, Twitter.

Please do tell her what you think, what you like, what you don’t like, and what you’d want to see – she would love to hear from you as a person versus as an anonymous data point on her analytics platforms.

This is the second article in my series about Privacy. With the rise of social media and authoritarian governments, privacy has slowly changed from becoming a right to a privilege. This series aims to help people understand how to keep a more private profile online.

EJ Arboleda is a guest writer for He is the CEO of Taxumo Inc, an avid fan of technology, a paranoid android user, an influencer’s chubby hubby, and proud dad to a whip-smart little girl. The opinions he shared in this article are not shared by Ginger Arboleda,, nor by Taxumo Inc.