Browser Security: How Safe Are You on the Internet?
Recently I was chatting with some friends in an online venue full of people I assumed to be tech savvy folks. Someone had mentioned an incompatibility of a web site with their browser, and I casually asked which browser they were using. I was pretty shocked to find that they were using Google’s Chrome browser. Maybe I shouldn’t have expected everyone to be hiding behind a layer of firewalls, VPN’s, and proxies, but the lack of knowledge–in general–of the privacy flaws inherent to most browsers was a little surprising to me.
It’s not a secret that technology effectively runs our daily lives. Ordering food with an app on your mobile device, grabbing GPS directions to a local watering hole, or sending a selfie of yourself puking up rainbows. Try this: think of the last time power went out for more than a couple of hours. For me, it was a few years back, I spent a Christmas Eve with family during a power outage. It was a real dose of reality for many of us when the use of television, wifi, computers, and tablets were all rendered mostly useless save for our offline media. Sure cellular data was still up, and that was something of a saving grace, at least in the form of keeping everyone individually entertained for the night. The power came back on shortly before sunrise, and order was restored to the world, but I woke up somewhat disgusted with the fact that “no TV and internet = no fun”. Personally, I hadn’t really expected the night to be off-the-charts exciting, but I do enjoy family activities around the Holidays. The fact that the lights were out didn’t really impact my mood, sure the bourbon helped keep me jovial, but really the Holiday Spirit was all I had required for a night of fun. I was alone in that feeling, and it seemed most of my friends and family had a really hard time just making it one evening without power, which felt an awful lot like just making it through a night of spending time with each other. It was a real wake up call to me.
I’m not under the impression that we, as a society, would immediately and catastrophically collapse without use of the internet or television for a night or two; however, I have to admit that we rely so heavily on it that we’re often willing to skip over EULA’s and Privacy Policies by simply clicking that “accept” button to log in and gain the precious access we desire. I want to take a bit and highlight my concern for privacy and security measures when browsing the web, and to showcase a few examples that are user-friendly ways to better protect yourself online.
Everything you do online is recorded somewhere. The physical location of that data isn’t really important for this topic. It makes no difference to most people if their browsing habits are stored in a rack of servers in California, or in an offshore data center someplace allegedly out of reach of the NSA. In my loose and sloppy research (mostly consisting of asking users of my corporate network or various modes of internet based chat) most of the time it seems that people are willing to forego privacy because they feel as though they have nothing to hide. An honorable, but naive notion. Sure, you may not be at the top of a watch list of a three-letter agency. You may not even be on the radar of your local neighborhood watch. You’re a good person after all. You are, however, on the radar of the Internet. The Internet…inherently anonymous, yet somehow we’re all connected to it in so many ways.
Do you use Facebook? Do you use Twitter? Have you sent an email, paid a bill online, checked the balance of your bank account through your banks web based service? Sure you have, we all do this regularly. What’s the big deal? In the beginning of the previous paragraph I said “everything you do online is recorded”, and I wasn’t joking. Every search you make, every web site you visit, every service you sign up for, these are all points used to build a sort of online fingerprint of you. That data is used for dozens of, what I consider to be, grey area marketing techniques where companies can (and do) adjust what they sell and how much they charge for it based on these online fingerprints. I’ll try not to ramble on the subject too much, if you care for news articles I found a link to this one on the Wall Street Journal via epicbrowser.com. It shows how two people saw different prices for an item based on their information. If you’re the researching type, I suggest you dig around this topic a bit, you’ll find some eye-opening information out there.
So how can we protect ourselves? What can we do, as users, to limit the amount of information we offer up? This isn’t meant to be a technical article, so I’ll keep it simple. The browser you use, or the program you use to look at web sites, may be a large part of the issue. Browsers have the ability to run scripts, store, send, and otherwise use the data you enter in them without making you aware of this. Browsers based upon privacy tend to strip these elements out, leaving you with an arguably safer browsing experience.
I’ll recommend a few browsers I have personal experience with, and just briefly highlight what they may offer you if you decide you’re interested in becoming a bit more involved with your online security. Note the difference between privacy and anonymity. Being anonymous online is to hide your appearance, or IP address. Your IP, simply stated, is tied to the physical location that you’re accessing the web from. Think of it like your home’s address, or the license plate of your car. It’s an identifier. To achieve anonymity, typical one would use a proxy server. An off the top of my head example would be: using a landline phone (A) to call another landline phone (B), then using phone (B) to actually make a phone call to someone else. The person you call would see phone (B) show up on caller ID, rather than your actual phone number–making phone (B) your “proxy”. Privacy refers to your activity itself being logged, tracked, stored, or otherwise used without your knowledge. Using a browser in ‘private’ mode often turns off a few tracking and history storage options, but does not truly make the browsing experience private.
Iron. Iron, like Epic, is Chromium based. It is clean and fast, and works nearly identical to Google Chrome, albeit a more private option. There is no built in proxy, so your web experience would still appear to originate from your IP address; however, it is a ‘private’ browser.
Tor. Tor can be used a number of ways, but the all-in-one bundle is what I’ll discuss here. Being that it’s a simple download, install, execute type of package–this will be the easiest mode for most users to operate. Tor is an anonymous browser, meaning it connects you to the web through it’s network. Tor’s network is not privately owned, and people can setup their own Tor relays to essentially become part of the proxy network. Like anything else, when you allow people to join in, there is the chance for bad apples. Tor’s network does have the potential for bad apples, as does any internet connection. Don’t let it deter you from a cleaner browsing experience, just make sure you do your research before diving into any new browser. Don’t blindly take my word for it, and scoop up a new browser thinking you’re now safe! This is meant to be an informative article–but not a technical article. There are a lot of ins and outs to privacy and security that simply can’t be covered in a [moderately] brief article.
Epic. Epic is a browser that essentially does it all. Epic is based on the Chromium Engine, which is what Google Chrome is based off of, but Epic’s claim is that it has removed tracking scripts and other privacy-hindering aspects that Google puts into Chrome. It’s a clean, and quick browser in my experience. It runs within it’s own network, meaning there is a proxy built in to help keep your browsing session anonymous. Overall it’s extremely easy to use, simply download it, install it, and run it.
When people willingly subject themselves to lax security policies, weak privacy statements, or end user agreements that allow their data to be bought or sold–they are what I consider to be part of the problem, not part of the solution. Remember the days when people were skeptical of buying things online with their credit card? They didn’t know who was on the other end of that web site getting a hold of their hard earned money. Let’s not forget that the same people are on the other end of the line these days, the only thing that’s changed is our willingness to trust them.
If you use a browser focused on privacy, please feel free to comment below or to mention it to me on Twitter.
Remember the adage: “between safety, security, and freedom…you may choose two“.