A growing awareness of risks to privacy and the generally miserable state of computer security is changing how people use the internet. A recent study found that people in seemingly free western countries feel uncomfortable searching for politically sensitive topics online. A lot of common privacy advice is dangerously misleading; overestimating the level of security provided by a technology can lead people to use it in ways they later regret. Many celebrities recently discovered that they were storing photos worth hundreds of thousands of dollars using security that was penetrated for far less.
In no particular order, here are six common myths about internet privacy. Each myth has a quick summary if you are in a hurry.
Limiting Public Wifi Use to “Unimportant” Things Makes it Safe to Use
Many people believe that it’s perfectly safe to use public wifi, as long as you don’t do anything “important” such as accessing online banking. Accessing online banking from a public wifi network is actually not especially problematic – as long as you correctly type in the https URL for your bank’s website.
Every unencrypted connection your device makes while using a public wifi network is easily observed. Security tokens which are almost as useful to an attacker as your actual username and password are frequently transmitted without any protection. Many websites use cookies in an insecure way that creates a risk when a device which was previously used on a “trustworthy” network (as if such a thing exists these days) is later used on a “dangerous” network. Connecting to a public wifi network without first doing a complete reset of your browser is probably a bad idea. During your use of a public wifi network, an adversary can put files into your browser’s cache which create a security problem even after you stop using that network.
Additionally, many devices will automatically re-connect to any previously used wifi network, unless you specifically tell the device not to. Apple iOS devices allow you to “forget” a network while you are connected to it, but once you are outside the range of the wifi hotspot, your only option is to reset all network settings – there is no simple way to view the list of networks to which your device will automatically connect. Public wifi hotspots are problematic because it’s easy for an adversary to set up a fake wifi network which looks the same to your device as the public hotspot you previously used. If the signal of the fake network is strong enough, your device may then automatically connect to it instead of the “trustworthy” network you expect.
Most devices will regularly transmit a unique identifier whenever the wifi radio is on (even if the device is in your pocket and not in use). Many devices will also transmit information about the networks to which they have recently connected. If “Yourname’s iPhone” is one of those networks, your name is broadcast. Furthermore, publicly available databases indicate the precise location of most wifi hotspots (which is how your laptop can locate itself on a map). Combine those databases with the data your phone transmits, and it’s not difficult for an attacker to figure out where you live, work, or otherwise spend your time.
Bottom line: Reset your web browser before and after using a public wifi network. Remove open networks from your device’s auto connect list. Consider turning off your device’s wifi radio when not in use.
Deleting Browser Cookies is Effective
Many believe that deleting their cookies will prevent their online activities from being tracked. If cookies are deleted but cache, history, and other browser settings (“state”) are left behind, many of the cookies will be re-constructed. Even if you do a complete browser reset, it’s still pretty easy to fingerprint your device. The size of your screen, the fonts and plugins you have installed, subtle manufacturing inconsistencies, and various other properties of your device make it pretty easy to identify it for the unique snowflake that it is. Common devices which are hard to customize (such as iPhones) are a little harder to fingerprint, but not enough to actually protect you. Furthermore, some of the most interesting approaches to fingerprinting a device are trade secrets. The technology industry is a long way from building devices which don’t implicitly identify themselves every time you use them.
Even if you manage to shed your digital fingerprint, your new fingerprint will be linked to your old one the moment you do something on the internet which identifies you. This could be something as obvious as logging into a website with your email address. It’s also pretty likely that you are one of the only people in the world who visit a specific combination of seven different websites.
If you went to the effort of deleting the cache on your device, you probably didn’t think about the fact your ISP may also operate another cache on your behalf – and that one doesn’t have a delete button under your control. If you ask them about it they’ll probably mumble something about “increasing network performance” or “improving battery life”, both of which are valid explanations.
Bottom line: Deleting your cookies will make you appear as a “new” visitor to less sophisticated tracking systems. But it will not meaningfully increase your privacy online, and the “delete cookies” button often leads to a false expectation of privacy that simply does not exist.
SSL is Secure
SSL is the technology some websites use to cause a nice re-assuring padlock to appear in browser address bars. That is quite literally what motivates most purchases of SSL certificates – the appearance of security. It is an utter mess of a technology with a design too complicated to conduct a useful security audit. I say this despite having personally sold many SSL certificates, some to fairly high-profile firms. Heartbleed, POODLE and other reported problems are mere symptoms of a much deeper issue. SSL is a broken technology vulnerable to many technical attacks, only some of which are in the public domain. Furthermore, the technology relies on placing complete trust in an impractically large number of individuals and organizations – many of which have a demonstrated history of not being trustworthy. Furthermore, the expertise required to securely implement SSL is far beyond the expertise of most of the individuals tasked with implementing it.
SSL makes it so that it’s more likely your device is talking to the device you intend. SSL also makes it hard to observe the contents of your communication without modifying that communication (a risky proposition for an adversary wishing to remain covert). But it’s nowhere close to the panacea many vendors claim. The insurance policies which cover the “$1,000,000 security guarantee” are narrowly defined and have enough exceptions that they are pointless. They are good marketing tools which provide a great reason to sell SSL certificates to website owners at a variety of prices based on their ability to pay – but don’t serve a significant non-marketing purpose.
In fact, I’m unaware of any circumstance in which an SSL warranty has compensated anybody for a loss (if it’s actually happened, I would love to hear about it).
Bottom line: When you see the SSL padlock, it is usually uneconomic for an adversary to intercept your communications with that site. There is no assurance that the server you are communicating with will handle your data securely or in a way that meets your privacy expectations.
Encrypting your Hard Drive is Effective
An adversary that is able to physically access your devices on multiple occasions will have little difficulty defeating an encrypted hard drive. An adversary observing your internet traffic will likely remain unaware you’ve gone to the effort – an encrypted system looks almost exactly the same as an unencrypted system when it communicates with the rest of the world. A single mistake in how you encrypt your hard drive will allow sophisticated attackers to break your encryption.
Bottom Line: Encrypting your devices is a great idea to reduce the privacy and security impact of a device being lost or stolen. It won’t do much else.
VPNs Improve your Privacy
A VPN creates a relatively secure connection between your computer and another computer on the internet. VPNs can be used to see the internet from the perspective of another country, and they are also a good countermeasure for many of the risks of using public wifi. But while the connection to your VPN provider may be secure, the connection from your VPN provider to the rest of the internet remains insecure. The privacy situation is just as bad as if you hadn’t bothered with a VPN. VPNs only protect against local privacy threats.
But there’s also a new risk introduced by using a VPN. VPNs provide a convenient chokepoint for your adversary to monitor all of your communications. By routing all your communications through a VPN, your adversary only needs to compromise your VPN provider’s systems or otherwise compel their assistance in monitoring all of your traffic. Without a VPN, your adversary needs to figure out all the networks you use, and find a way to monitor your use of each of those networks. With a VPN, they only need to monitor traffic coming from and going to your VPN provider. Which is easier?
Bottom Line: Using a VPN is a good choice when using public wifi networks. Although they can address some privacy issues, they also introduce new ones. Using a VPN on a day-to-day basis in the belief that doing so will increase your privacy is probably misguided.
Having a Gmail Account is a Privacy Risk
Google uses software to scan your emails and target the ads you see. Even if you don’t use Gmail, other people you communicate with do. That makes information about you available to Google even if you choose to avoid using their service. As emails get transmitted from one email server to another, they are often sent without any encryption, making sending an email about as safe as sending a postcard – Google has actually been one of the leaders in doing things more securely. Google’s security record is good – better than Yahoo and Hotmail. Unless you have the time and skills to operate and secure your own email server, entrusting your email data into someone else’s care is mandatory. Are you qualified to assess the security of the alternative you are considering?
Bottom Line: Even if you avoid using Gmail, Google still learns about you when you correspond with Gmail users. Google’s security record is excellent. Google scanning your email for ad targeting is simply not the biggest risk involved with email.