PrivacyGirl.com

Internet Privacy

Please excuse the mess while this site is under construction

Purpose

The purpose of this site is to address issues and offer possible solutions as they pertain to maintaining one's privacy on the Internet. The information contained in this site comes from personal research, experience and best practices that I've acquired over the last several years. It is my hope that you will find this site informative and useful in obtaining the level of privacy you are seeking.

That being said, I want to make it very clear... I do not condone or engage in any illegal activity. I'm not a lawyer, but to the best of my knowledge, nothing suggested on this site is illegal. If you are being pursued by law enforcement or otherwise involved in criminal activity... please go somewhere else. This site is not what you're looking for.

	If you feel you are in physical danger or just wish to extend your privacy beyond the Internet... Please drive to a major bookstore in a town where no one knows you and pay cash ($23.95US) for the book How To Be Invisible by JJ Luna. This book really helped me with my situation and I highly recommend it.

Why Internet Privacy

There are many reasons for wanting to keep your privacy. For some, it's the principal... big-brother or corporate marketing doesn't need to keep a dossier on my Internet activities. For others, it might be preventing identity theft. Even others might be hiding things (not recommended) from their husband, wife, boss or IT department. My own reasons have to do with a crazy ex-boyfriend that scared the crap out of me. Whatever the reason just remember... there is no such thing as true privacy on the Internet. Given sufficient desire and resource, anyone's Internet activities can be tracked.

Before we get started... here are a few questions you should ask yourself

1. Do my actions (or inactions) make me an easy target?
2. What personal information (if any) am I willing to give up?
3. What am I willing to do in order to meet my privacy goals?

Do my actions make me an easy target?
People are creatures of habit and as such we tend to repeat things that are familiar or easy to us. Things like using the same password for everything or leaving your computer unattended without locking the screen or giving out "real" personal information when it's not absolutely necessary. If you really want to keep your privacy... you need to toss all your old "bad habits" and establish new "good habits". Then execute on those good habits --EVERY SINGLE TIME-- no exceptions! It only takes one mistake one time to undo every thing you've worked so hard to accomplish.

What personal information (if any) am I willing to give up?
The ideal answer is none, but that's not practical. Every time you send an email or visit a site, you give away some personal information. Click on the Browser Info tab at the top of this page and you'll see what I mean. The goal is... unless absolutly necessary, never reveal any "true" information, but instead give false or misleading information that will direct the interested party in the wrong direction until they:

1. Are satisfied the information is correct.
2. Have expended more time and resource then it's worth and they go away.

What am I willing to do in order to meet my privacy goals?
As I previously said, I'm not interested in assisting criminals. It is however, becoming routine to read about the FBI or NSA or whoever using technology to track ones activities. I'm not here to debate the right or wrong, there are watchdog organizations like EFF that do a fine job. However, for the purpose of this discussion, I'll assume you're not scanning the skies for black helicopters and you're not inclined to wear an aluminum hat so they can't read your thoughts. If your worried about one of those agencies coming after you... real, imagined or mistakenly... I can't help you. For everyone else... Internet privacy is obtainable. But it will take a moderate investment and a good deal of your time and effort. Maintaining your privacy is a lifestyle change, not an event.

Components of Internet Privacy

Before talking about the solutions... it's important to talk about the threats.

Internet privacy can be broken down into 5 parts

1. Who are you and what is your location
2. With whom are you communicating with
3. What information is being exchanged
4. What history are you leaving behind
5. Computer and user attacks

Who are you and what is your location
Every time you browse a website or send an email, you're giving private information about yourself and your location. At a minimum, your IP address and ISP's Domain Name is revealed in every email you send or webpage you visit.

Every computer connected to the Internet is assigned a unique IP address. If you're behind a firewall or router, you may be assigned a private IP address, but you're still revealing the IP address of the NAT or Proxy you're connected to. ICANN is the organization that manages IP addresses as well as Domain Names (such as privacygirl) and Top Level Domains (such as .com). A Fully Qualified Domain Name (FQDN) such as privacygirl.com is a combination of (sub-domain), Domain and TLD. The FQDN is a convenient way of identifying a computer the same way an IP address does. Using either one will get you to the same place. Try entering 64.233.187.99 as a URL in your web browser and you'll see that it takes you to Google.

Geolocation databases have been developed through information that ICANN provides and through data mining techniques, that map Domain.TLD's to a geographical location. Click on the Browser Info tab at the top of this page to see what I mean.

Additionally, each Network Interface Card (NIC) is assigned a unique MAC address. The MAC address is hard to detect outside of your Local Area Network (LAN)... that is unless you are running wireless, then it's easy. However, unlike the IP address, the MAC address won't directly reveal you're location. But it can be used to profile your computer. Turning off scripting languages like Java and ActiveX will effectively hide your MAC address, but for the very paranoid... you can always change or "spoof" your MAC address.

If you are hiding from someone, then you don't want to connect your true identity to a location and you certainly don't want to make things easier by narrowing the search area to a city, suburb, etc.

With whom are you communicating with
This goes to (what I don't recommend) hiding things from your husband, wife, boss or IT department. I can't help you with your husband or wife problems... but we all use the work computer for non-work activities. In todays world, some amount of non-work related browsing and email is expected.

There are several techniques for getting around the policies that IT departments put in place... like anonymous proxies, TOR and SSH tunneling. What most don't realize is that many of these methods encrypt and/or re-route TCP packets only. The service that translates the FQDN to an IP address is called DNS. When your browser makes a DNS request, such as privacygirl.com, the packets are sent via UDP protocol and bypass the safeguards you've put in place. IT geeks by definition are paranoid people and they look for things like this. In addition, if you use some strange port or the data packets don't match what is expected, it sends up a big red flag for these folks. Best thing is just do the work your getting paid for and do your personal stuff somewhere else.

You should also be aware of Packet Sniffing or Packet Analyzing. This is most prevelent when using a wifi connection but can happen on wired networks. Basically one intercepts and logs network traffic, then decodes and analyzes the content. It would be very easy for someone sitting at an airport or Starbucks to filter DNS packets and follow your internet activities.

What information is being exchanged
Banks and on-line shopping sites have been using SSL to do secure transactions for a long time. Other than those three-letter government agencies, it's highly unlikely that anyone can view an encrypted SSL connection.

POP mail, (most) webmail, FTP and telnet connections send your login and password in the clear, so that anyone can see it!!! This is especially dangerous when using a public wireless connection. As I previously said, people are creatures of habit and will do dumb things like use the same password for everything. Add these things together and you've just set yourself up for a real disaster.

There are also man-in-the-middle (MITM) attacks to be aware of. This is where someone is able to read and modify or insert code into a download without your knowledge. Later I'll discuss using GPG and PGP authentication keys for verifying the integrity of what you've downloaded.

What history are you leaving behind
This should be pretty obvious if you are in hiding or just want to be a private person. The tracks we leave behind are dead giveaways. Fortunately you can delete or encrypt many of those tracks that are left on your computer.

What history you leave behind on the Internet is another matter...

Social networking sites have very long memories. When my Grandfather was alive, he would tell me colorful stories of what he did when he was young. Things done back then have no proof of history. You could just deny some embarrassing youthful transgression and who could prove differently. Today, you post a thong-panties picture of yourself on myspace and there's a permanent record. You may not care now, but the boys in your 7th grade class of 2027 won't let you live it down. Think about it...

In addition to social networking sites, blogs and emails have a persistence. Basically, you can assume that anything you post or exchange with someone else becomes public domain.

Some things are out of your control. ISP's are now required by law to keep logs of their subscriber's activities. Websites keep logs of referrers and what pages you visited. DHS is pressuring Google to hand over their search logs.

Databases have been created and made available to the public that have all kinds of personal information. Some like Intelius are done for profit. Other personal information databases are out there on the Internet through criminal activity, stupidity or naiveté.

Computer and user attacks
There are almost too many to mention... virus, trojan horse, worms, malware, spyware, DNS spoofing, spam, spim, phishing, pharming, keyloggers, social engineering and network cracking... the list keeps growing. Needless to say, the Internet can be a dangerous place.

You've got to stay on top of what you have control of... like your network, firewall, OS, anti-virus software, strong passwords, encryption and the applications you use. Bad people do bad things and when some clever thug figures out how to do something new, hopefully you will be able to detect it and take corrective action.

How to Obtain Internet Privacy

- Angel