Prison guards are looking at your Internet traffic
I cannot stress enough the fact that you should encrypt your traffic as much as possible.
This includes web browsing, e-mail, instant messaging and so on.
You see, unencrypted traffic is like letters sent from prisons. People are looking at it. It can be the police monitoring criminal activities, but also the police monitoring the regular John Doe that did nothing wrong, your Internet provider or your boss.
It's how the Internet works. Packets gets routed from router to router until they reach their destination. Along the way anyone can look at the data if it is sent in clear.
How to protect against these spies
HTTPS
There are several ways (that can be combined) to make your browsing more secure.
Number 1 is HTTPS. While "sniffers" can still know who you are contacting (and block the communication), they don't know what your are sending.
The traffic is encrypted so that only your computer and the final server (such as your banking web application) can see the data in clear.
BEWARE: if you are using a company computer, there are chances that they installed their own certificate and that what you believe is encrypted is actually not. There are ways to check this.
The problem with HTTPS is that not all websites offer it.
Some sites are HTTP-only. You will need something more complicated, but you are basically screwed.
Some sites are HTTPS-only. These are the best kind.
Some sites offer HTTPS but you have to ask for it explicitely. For these sites I strongly suggest using HTTPS Anywhere, a browser extension that connects you to the HTTPS version when one is available.
Proxies
While proxies won't encrypt unencrypted traffic, they can be effective when some firewall is blocking you access to a website. You see, the biggest concern for your network provider, for instance your school WiFi network or the McDonald's WiFi is not really that you are visiting a website they don't like. It's because they know the government is spying on them, and if the spies find something then the company is accountable and will in the newspapers or maybe even involved in a trial.
The idea is that the connection must seem to come from another point on the Internet. This can be achieved using proxies. There are lists of proxies that you can use for free as well as paid solutions providing a greater bandwidth.
However they are easy to detect because then all your traffic will go to one IP address, and some proxies even show your real IP address to the receiver.
If you have a SSH connection to a remote host, you can simply use it to redirect your traffic:
ssh -L 1234:the-website.com:80 user@host
Then you can access the website with http://localhost:1234/
But that sometimes doesn't work because many websites use fully qualified links and use other domains.
Tor
Tor is a very complex network / technology that is not only secure but hides your traffic, making it hard to detect, provided you follow other rules and pay attention to your Internet activity.
The same goes for...
I2P
Another technology, probably even better as it uses different paths for the packets sent and received and this network path can change for every packet if needed.
Tor is the older project. Both protocols / networks are associated with the DarkNet. Until recently a website known as Silk's Road on Tor made millions of drug transactions. Buying weed was as simple as ordering the new iPhone online. You would receive your package at home no question asked in a discrete typical business package.
And this is nothing compared to other things you can do on the dark net: hire hackers, hitmen, buy guns, fake ID cards, stolen credit cards and other info.
Because of course these transactions would be detected with PayPal for instance, all these websites use the Bitcoin peer-to-peer money. (It's peer to peer but there is a log file storing all transactions, but even if the user IDs are supposed to be anonymous, it isn't hard to analyze the data and associate people with the transactions.)
Don't take me wrong, I think Bitcoin is a great idea! But it's a shame it's used like this though...
But they are very effective because the connection is untraceable and encrypted along the way (except if the website at the end is on the regular open Internet and doesn't use HTTPS).
To use Tor all you need is to download the Tor browser.
In another article I will explain you how you can achieve secure e-mail.
In another article I will explain you how you can achieve secure e-mail.
No comments:
Post a Comment