If you're reading this posting, you're probably sitting in front of your computer without anyone gazing over your shoulder. It's therefore easy to believe that what you do on the Internet—browsing, chatting, e-mailing, or whatever—is private.
Don't believe it. Your Internet Service Provider (ISP) can monitor every e-mail message you send, every Web page to which you surf, and every chat session you initiate. If police demand this information, your ISP must turn over a record of everything you’ve done online. And now, thanks to a ruling by U.S. District Court Judge Richard Jones in Seattle, you have no right to keep your "Internet identity" anonymous. That opens the door to even greater privacy invasion.
Jones issued the ruling in dismissing a class-action lawsuit against Microsoft stemming from the company's practice of collecting the "Internet Protocol addresses" (IP addresses) of consumers who download automatic updates from the company. Your IP address is a unique number that represents your publicly visible identity on the Internet. But because the address identifies your computer—and not you personally—according to Jones, you have no "expectation of privacy" in the address. That means any Web site can legally collect your IP address, unless they've promised not to do so.
Moreover, it's relatively easy for Web sites, police, or anyone else to combine your IP address with other information to determine your identity. That means if you don't want details of what you do on your computer divulged to the highest bidder, or anyone armed with a subpoena, you need to take precautions to anonymize it.
The easiest way to do this is to use a "virtual private network" (VPN). Essentially, the VPN acts as an intermediary (called a proxy) between your PC and the Web site to which you're connecting. That Web site records the IP address of the proxy, not of your PC. This lets you use the Internet virtually anonymously. And all your ISP sees is that you've signed on to the VPN—it can't track your Web surfing, either.
The only way anyone could recover your IP address would be by comparing the logs from the VPN and the logs from the Web site in question. That’s a little like looking for a needle in a haystack. What’s more, a well-designed VPN will be configured so that it’s impossible to retrieve a meaningful log to connect to individual subscribers.
There are many VPN services available. I prefer services that don’t have networks installed in the United States to avoid possible compromise under legislation such as the USA PATRIOT Act. The service that I use is http://www.cryptohippie.com. Its only U.S. presence is to authenticate connections to Cryptohippie servers in other countries. None of Cryptohippie’s servers are in the United States.
If you already have a VPN that you’re satisfied with, keep using it. But if not, and you value your online privacy, give the “Road Warrior” VPN a try.
Copyright © 2009 by Mark Nestmann
Comments