Recently, a PH Senator requested the NBI to open investigations on some online critics, stating that “he was a victim of fake and malicious news.” (Vice, GMA News Online, ABS-CBN News, Rappler). His intention is to file a libel case under the cybercrime laws of the PH. Since then, the NBI has also cited that libel complaints have been on the rise (CNN Philippines).
Crackdowns on media entities that are seen as critical to the government are well underway: Rappler’s Maria Ressa has been sentenced to at least six months in jail for “cyber libel.” ABS-CBN’s Franchise Renewal request has been denied by congress, putting most of 11,000 employees out of a job.
These recent events should have convinced you to take your privacy more seriously. You never know when a flippant retweet leads to a review of your internet traffic that eventually brands you a dissident. This is when hiding your traffic or at least understanding how it works becomes necessary.
The tips I shared previously in Privacy Level 2: How To Keep Your Data Private talk about some of the more “generic” privacy concerns. Mainly, how can you make sure that FB, Google, and other ad networks are not privy to your online activities. Using the extensions and privacy-focused browsers I shared, doesn’t keep your ISP from knowing which sites you’re visiting, for example.
In this article, we’ll learn how to keep your activities private and how to keep hiding your traffic or activities from your ISPs (or anyone else who might be watching your traffic).
Social Media And Your Name
Social Media is a powerful tool. It gives anyone a platform that allows them to shine a light on whatever they want to shine a light on, mental health, political issues, social injustice, the latest online shopping sale, or their child’s latest prank. Originally, though, it was seen as a way for people to keep in touch with their social circles. Mostly, that’s still how people view social media so they usually use their real names and pictures on these networks.
There’s nothing inherently wrong with doing that, of course. However, on the internet, everything is forever. Everything you post, including the most cringe worthy mistakes or the most politically charged accusation, is permanently recorded. This is, not consistent however, with being human. Being human inherently involves making mistakes, learning, and changing – that permanent record paints a picture of a human that is static: You are as good as your worst mistake. I believe this is a big reason why people’s political choices are so intertwined with their identity — they can’t change their mind simply because it’s not consistent with the identity they have built, recorded for posterity, on social media. The effect: they don’t change their mind because they can’t — doing so involves a destruction of the ego that most people don’t even realize is there.
I digress, sorry. We’re talking about privacy after all. From a privacy POV, the posts you share, the tweets you retweet, they can all, easily and obviously, be traced to you. Simple as that.
Now, it’s important to note that just because you use a different username, doesn’t mean it can’t be traced to you. Hiding your traffic or the posts that you create is a lot more complicated. The backup email you enter so that you can reset your password, and the phone number you use for the two factor authentication allows the social media channels to associate different accounts with one real person.
Aside from that, if you are a target of a Man in the Middle attack, you may be unintentionally allowing attackers who embed themselves in your network to see that you’re the person posting from that anonymous twitter account.
Hiding Your Traffic: What is a VPN
This is a simplified view of what the flow of your data looks like:
When your data is encrypted, via an https site, for example, the ISP can’t read the actual data that’s being sent. However, your ISP can see what sites you visit. How is that dangerous? Let’s take 2 user profiles: Person A spends most of their time on Rappler, Twitter, Wikileaks, and Protonmail. Person B spends most of their time on Facebook, Lazada, and TikTok. Who of these two is probably a dissident? The woke answer, we can’t say. For a bureaucrat that has a deadline to stamp out some online comments, Person A.
With a VPN, this is what happens:
With a VPN, assuming the VPN has end to end encryption, the ISP sees that you are visiting the VPN. They don’t know what domains you’re visiting. They only know you’re visiting the VPN.
A VPN also protects your anonymity when you visit the site. The site won’t know where you’re visiting from – not your location and not even what ISP you’re using. It will just know that requests are being made from the VPN’s ID address.
Your VPN sees everything you send through it. As such, it is vital that you choose the RIGHT VPN. Not all VPNs are created equal. Hola Better Internet, for example, which is a popular choice because it’s free and used via a chrome extension, was found to be selling users’ bandwidth. Basically, if anyone wants anything to look like it was sent from YOUR computer, they can do that. Yikes.
Choosing the right VPN is ultimately up to you. You can setup your own VPN or you can subscribe to a paid VPN. You can read more about how to choose the right VPN here: That One Privacy Guy’s – Guide to Choosing the Best VPN (for you)
Anonymizing Your Traffic: The Onion Router
You can think of The Onion Router as a series of nodes/sites/servers that pass your data between themselves before sending them on to the final destination.
Instead of sending your data to the target server/host directly, it is first encrypted in 3 layers of encryption and then sent to the guard/entry relay. The guard relay then decrypts that first layer of encryption and passes your data over to a middle relay. The middle relay, in turn, decrypts another layer of encryption and then passes on the data to the exit relay. The exit layer, decrypts the final layer of encryption and sends it over to the target server. Each layer is peeled, much like an onion.
Because of this process, your ISP does not see who you’re sending the data to – they just know you’re sending data through TOR. On the server/host side, your target doesn’t know where the data is coming from also, just that it’s coming from a TOR exit relay. This is how hiding your traffic is done.
Since there’s more than 1 user going through each relay, your data is effectively anonymized – it looks like everyone else’s data that’s passing through the same nodes.
Of course, this means that if you’re logging into your official Gmail account or your personal Facebook account via TOR… then there’s no point being anonymous. You are logging on to an identifiable account, after all. So TOR is really best used in activities where you need to keep your anonymity.
The passing on of data, and the multiple decryption steps also make TOR slower so there are certain activities for which TOR is not recommended – this includes streaming and torrenting.
Also, take note that the exit relay technically sees your data in it’s original pre-TOR form. If you’re sending unencrypted data through TOR, the exit relay will see that unencrypted data. This is a volunteer network of nodes and relays after all, which means one non-well meaning exit relay can read the data that goes through them.
The easiest way of using TOR is by using the TOR Browser. Simply download it and start surfing. Note that any other traffic that doesn’t go through that particular browser won’t be sent over TOR though. It is possible to set-up your network configuration so that all traffic goes through TOR, but the steps are a bit more involved: Windows, Mac OSX.
Another way of using TOR is by using the TAILS Operating System. TAILS is designed to be run off of a bootable USB stick or external drive. Install it to the USB stick via the instructions on the TAILS website, then restart your system and boot from your USB stick. Once running, setup your WIFI and TAILS will automatically connect to TOR. Interestingly, the “A” in TAILS stands for “Amnesic” which means that everytime you but up TAILS, it’s like the first time it’s booted. It doesn’t remember any files nor any sessions.
Whew, hiding your traffic sounds like a lot of work
Yup, hiding your traffic is a bit of work, certainly more than just installing an extension. Once you have it setup though, turning on the settings to protect your privacy becomes super easy.
Think of it as starting a new job. On your first day, you come in to your empty table and you start setting it up the way you want to set it up. Put up pictures of your family, and the little cactus at the corner. Maybe setup your laptop stand so that it’s more ergonomic. It’s a lot of work at the start, but it’s mostly just at the start. You also have to setup your bank account, provide NBI clearance, and all that fun stuff. After all of that, however, everyday, you simply just press your laptop’s power button, get a cup of coffee, and you’re good to go. Most of the work is in setting up your office. Once you’re set up, keeping your data private is as easy as just opening an app.
EJ Arboleda is a guest writer for MommyGinger.com. He is the CEO of Taxumo Inc, an avid fan of technology, a paranoid android user, an influencer’s chubby hubby, and proud dad to a whip-smart little girl. The opinions he shared in this article are not shared by Ginger Arboleda, MommyGinger.com, nor by Taxumo Inc.
Credits: Icons used above made by Freepik from www.flaticon.com