Book Review | The Internet can be intrusive: Better learn how to be left alone
However, when you think about privacy, it is worth asking if every message is really worth saving
Since computer storage is cheap, many providers default to saving all your messages and posts. This seems like a great idea because you can go back and search for every message that someone has sent you. However, when you think about privacy, it is worth asking if every message is really worth saving.
As a society, we underappreciate the value of forgetting. It is not just privacy, it is about our emotional well-being. Since we’re used to looking up old links, or jokes or memes that our friends sent, we have started believing that having all messages stored forever is a good thing. However, just because some messages are useful to look up later, doesn’t mean saving all messages is beneficial.
Many instant messengers now allow you the option to make your messages ephemeral. That is, they disappear after a certain period of time. Some services allow you to even set the time period of this disappearance. We recommend you use this feature extensively on your most personal relationships, especially with your spouse or partner. By default, the messages you sent each other will disappear.
Privacy from Tracking
The strongest argument to prevent tracking is the asymmetry of risk and reward. There is generally very little for you to gain from targeted advertising or other surveillance, but the potential harms of a motivated attacker having access to your entire browsing history could be huge. You should adopt as many of these measures as you comfortably can based on your assessment of your privacy risks.
Protection from the unknown unknown: Sometimes you might need to be extra sure that there is no trace of what you're doing. You may find it useful to use Tor Browser.
Tor is short for The Onion Router. The Internet is basically one large open network. You can use encryption such that only the intended recipient will be able to read the contents of your request. However, the meta-data, i.e., the data about who sent the request, when and to whom is sent openly. Think about the postman and the envelope. The envelope protects the contents of the message, but what's on the address is public, so that the postman can deliver the message to the right address. There is a certain degree of privacy loss if someone can read the addresses you communicate with, even if they can't read what you're communicating about.
Instead of taking the shortest route, the Tor browser routes every request through multiple, random servers. At each hop, information is masked, and a layer of encryption is added (hence, the “onion” router). Even if a hop is compromised, it could, at best, only know the addresses of one hop ahead and one hop behind.
Because of the layers of encryption, no hop individually can decrypt the information. At no point in the journey does any one computer know both the original sender and the receiver, offering a truly anonymous browsing session.
Tor is the safest browser, but also the slowest. Tor's multiple hops make page loading slower. An alternative strategy is to simply protect yourself from tracking at two levels. First, protection from the ISPs who track you using the hardware they provide to connect to the Internet. Second, protection from advertisers who track you using browsers, apps and other software you use to use the internet.
Protection from your ISP: Your ISP is the bottleneck to all your Internet usage. All requests from all your devices pass through them. They know what all the members of your family are up to. You can do two things to make sure you’re safe.
1. Use HTTPS everywhere: The original protocol of the Internet didn’t really have security in mind. All your data was transmitted in plain text and could be read by anyone in the middle. Using HTTPS prevents them from being able to read the contents of the websites you are accessing. Using https is as simple as making sure the uniform resource locator (URL) you are currently on begins with “https://”.
2. Use a paid, secure, non-logging VPN: Anytime you visit a website or access an app, all ISPs can see the Internet address of the destination, even if you’re using HTTPS. Virtual Private Networks (VPNs) route your traffic through their own private servers. The ISPs can now see the address of the VPN but will not know your final destination.
3. Ensure that your DNS is private too: The way the Internet is architected is that Internet addresses are pure numbers called IP Addresses, for example, 123.45.67.89. However, since humans are bad at remembering these numbers, we created domain names such as Google.com, Apple.com, and so many more. A domain name server (DNS) translates between human-readable addresses and IP addresses. Every time you click a link or type in a URL, your request is first sent to a DNS, which translates that URL into an IP address. This is another potential source of leakage, even if you do use VPNs. The Appendix lists open DNSes and how to change them.
Protection from the advertisers: The other entities likely to track all your browsing history are the adtech companies. The very first thing to remember is that they use your identity to recognise you. Due to rising awareness of the extent of data collection, many of these companies have started offering privacy choices.
Excerpted with permission from the chapter entitled “How to Be Left Alone”, The Art of Bitfulness: Keeping Calm in the Digital World, by Nandan Nilekani and Tanuj Bhojwani, published by Penguin Random House India
The Art of Bitfulness: Keeping Calm in the Digital World
By Nandan Nilekani and Tanuj Bhojwani
Penguin
pp. 228, Rs.799