Want privacy online? Incognito doesn’t cut it.

Posted on Saturday, October 7, 2017 and filed under Articles

In today’s world, there’s no such thing as digital privacy. Everything you do using connected devices leaves a trail of information about you that is stored in many places you can’t see.

And while you’ve got a better shot at finding a pot of gold at the end of a rainbow than a simple solution that totally covers your digital tracks, there are many services on the market today that promise to deliver on the value of privacy. So many, in fact, that the word digital privacy has become a diluted buzzword.

Take Google’s incognito browser, for example, or Safari’s Private Browsing. While the value offered is private browsing, the service only covers one angle of a multifaceted system that exposes your data and searches to a variety places and people. Incognito browsing will prevent other people who are using your device from seeing your searches in your browser history. It will also try to prevent the websites you visit from tracking your behaviour online, including storing data about other websites that you visit and what you’re searching for online. And forms won’t auto-fill just because you’ve input information on another page, which means this info won’t be stored on your computer automatically where it can be accessed by another website.

But there are many other places where your searches are visible. As well, simply browsing the Internet makes a lot more information about you visible than you may be aware of. If you take into account that you input all kinds of information and communications into websites too, including social media sites, banking websites, and others, there’s a whole lot of information that private browsing just doesn’t cover.

So while you’re using an Incognito or private browser, what can other people see? And where?

• Your Internet service provider stores a wealth of data about your Internet usage, including almost everything you do online. The data that is collected about you is valuable and can be sold to advertisers. From this data, an Internet service provider knows your shopping habits, health concerns, your political views, and more.
• Your company’s IT department can view the websites you are visiting on the company network. One of the ways to do this is with a filter that gathers data about web usage on that network, usually for the purpose of blocking dangerous sites to protect the network.  This information can be detailed by workstation, so your office computer identifies you as the person who is visiting the websites you browse.
• Your employer, or whomever is hosting your network can also access this information either from the IT department or because they know how to do it themselves.
• The websites you visit know that you’re visiting them. Essentially, every website is hosted on a server that communicates with your computer to make the site appear on your screen. For this to happen, information is exchanged between the two — including your IP address, which is a set of credentials that shows your network location and, in some cases, your identity or your company’s identity. As well, any information you actually input into a website is stored by that site. How your information is used is at the discretion of the site’s privacy policy that you likely didn’t have time to read.
• Cyber criminals can set up something called a man-in-the-middle attack, which means they can route all the information coming from your computer and over the Internet through a device that, in one case, allows them to eavesdrop, including monitoring and recording your browsing patterns, unencrypted communications, and the information you input into sites like passwords.
• A public safety agency with the legal means to access information about your online behaviour can do so by making a request to the appropriate service. Information available will depend on what this service collects and stores about you.
• This list is not exhaustive and who can see what really depends on what services you’re using, how you’re using them, what services collect, how they do it, who they distribute data to, and your computer’s or network’s security among other factors.

Now that you know you’re exposed even while using a private browser, protecting yourself online involves answering these questions:

What do you want to hide? Who do you want to hide it from? What is their motivation and ability to gain access to this information? And what could the damage be if they do gain access?

Privacy is about intimacy and confidentiality. In life, we naturally share select information with select people or audiences of people.

If you’re a business owner or employer, you may not want your employees knowing that you’re searching for new talent online, that you’re researching information about a health condition, or about other searches that could lead people to make assumptions and whisper with others. A bored or disgruntled employee could be motivated enough to seek out this information from inside the tech department and share it.

Or, perhaps, you want to work away from the office and away from home because you want to avoid distractions. Whether you do this at a hotel or coffee shop, different threats to your privacy exist outside the corporate network.

Public wifi makes you vulnerable to man-in-the-middle-attacks (among others). Since a cyber criminal has set up an intermediary connection between your computer and a service you want to connect to, a cyber criminal is able to see all of the information that travels between your computer and the sites you visit. A variety of motives exist here, one of which is putting your info on the dark web for sale.

In this case, it’s not so much what you are browsing that you want to protect, but the information you input into websites and the communications you send using unencrypted services. As well, gathering information means attackers are able to target your computer directly and potentially dig deeper into what is stored on it or infect it with malware.

Taking into consideration that computer systems make it difficult to see all of the audiences than can or could see your digital actions and communications, the best way to protect your information is by choosing a route that covers the most angles.

The best solution for private browsing is a Virtual Private Network (VPN) service in conjunction with your private browser. This prevents certain people or organizations from seeing your Internet activity both on your computer and elsewhere.

A virtual private network is a service that you can sign up for over the Internet. When you’re logged in, it creates an encrypted connection between you and the VPN service provider. All of the traffic coming from your computer, which travels over public wifi through the Internet and all the way to the VPN service, is scrambled and in best practice can’t be read by anyone but you and the VPN service.

As well, some VPN services use additional servers (proxy servers) to surf websites on your behalf, meaning someone with sophisticated skills won’t be able to trace your actions back to you by finding your computer through its IP address that’s visible to the websites you surf. Proxy servers leave their own IP addresses instead.

Note, if you input personal information like an address or a phone number into a form and submit this to a website, the security of your information depends on the policies of that service. A VPN won’t keep private the information you intentionally divulge to a specific site, just the metadata that would otherwise identify you.

Also to note is that you might not be allowed to use a 3rd party VPN service at work. Many companies create their own VPNs for employees to use when working outside the corporate network, which means information is still visible to the company because it hosts the VPN service. In this case, use common sense. Don’t browse websites you wouldn’t want other people to know about. Choose secure, encrypted channels to transmit confidential information. And acknowledge that if you’re checking out the competition on their website, they’ll probably know about it.

When choosing a 3rd party VPN service provider, always do your diligence. For more information on privacy solutions for your Ottawa business, visit NeoLore Networks Inc.

Author Jim Stackhouse is the founder and president of NeoLore Networks Inc., an Ottawa-based technology services company that designs, implements, manages and maintains computer networks for small and medium sized businesses.