Staying Private on the internet

Published on 2022-07-07 by Andrei

No, VPNs are not enough at all.

In the age of Google, Microsoft, and government surveilance, online privacy is becoming increasingly more important. Unfortunately, the privacy tools marketed towards the general public are innefective at best, and completely antithetical at worst.

Virtual Private Networks

VPNs are some of the most widely marketed privacy tools out there. Almost every youtube channel out there gets a sponsorship from a VPN conpany at some point in time. Although they are so heavily marketed as being the one stop shop for complete privacy on the internet, VPNs are not private in any sense of the word. Nearly all VPNs log your IP address and store personal credentials on their servers, and use proprietary configurations to proxy your internet traffic. What you're achieving by using one of the mainstream VPNs is just hiding your IP from websites you visit, all while giving all that information to the VPN provider. If you are going to use a VPN, I recommend only mullvad. They accept payment in privacy centric currencies like monero and require no personal information at all for sign up.

Tor

A lot of people regard tor as being the pinacle of privacy on the internet, but that is not true. There are a lot of flaws in the way tor works that can completely de-anonymize you. Furtheremore, tor relies on so-called trusted nodes to work, meaning if only a few of those get compromised, it could potentially lead to the whole network getting compromised. According to Edward Snowden the NSA can de-anonymize a small fraction of tor users, so take that as you will. There has also been several critical exploits found in the tor browser (although admittedly most of these appear to be mozzila's fault).

I2P

I2P is a lot more decentralized than tor, with almost no trusted authorities in the network. It is sometimes regarded to be more anonymous than tor, but you still need to be careful and excercise other privacy practices in order to be truly private.

Good Practices

• Disable JavaScript

  JavaScript can be used to get information about your web browser which can result in serious fingerprinting. Furtheremore there have been a lot of JavaScript-based vulnerabilities in web browsers because of its complex nature, meaning it is a potential security risk.

• Change your useragent to Chrome on Windows

  Websites can see what operating system and web browser you are using through the http useragent. If you're using a lesser used OS, it could potentially be used to identify you across multiple websites with fingerprinting.

• Enable letterboxing

  Websites can also see the resolution of your web browser window. If you have it maximized or set at a very specific resolution, it could potentially be used to identify you.

• Use a content blocker

  Certain websites pull in spyware scripts or junk such as advertizements. Use a content blocker like ublock origin or privoxy to block the origins of such scripts.