Keeping snoopers out of your browser history

By Jeremy Wilson on October 25th, 2012

As Web 2.0 and the multifarious societal and commercial horrors of social networking begin to unravel, it may be fruitful to step back and observe the collision of changing behaviours, consistent values and a flailing establishment. This miasma is well illustrated by the dichotomy between the freedom and power channelled by abusive Twitter trolls and the swiftness and ease with which they have been prosecuted.

To fully understand how unqualified those elected to govern us are in speaking about the complex, evolving landscape of privacy and online identity, I recommend sitting down and watching in full any Select Committee hearing that touches on the subject. Last year, the Select Committee on Privacy and Injunctions heard evidence from four prominent bloggers in a session that proved to be particularly revelatory of the obliviousness that abounds in Westminster.

Aside from the pomposity and stupidity swilling around the room – certain members of the committee were initially under the impression that we have a privacy law in this country – it was the refusal to accept that social media can’t be regulated that was most striking. The members were terrified of something outside of their control. When they learned that one of the bloggers based himself outside the UK and hosted his blog on an American server, the confusion and frustration was palpable.

Yet, the truth is, the four bloggers at the Select Committee hearing all operated in the same, exposed fashion as just about everyone else in this country that produces online content, either professionally or on social media. Online content can almost always be traced back to its author, who can be prosecuted if they have broken a law.

We don’t have to live so openly online, yet through apathy and ignorance we have so far chosen to do so. When fat fantasist and racist incest porn author Johann Hari embarked on an online smear campaign, libelling and abusing female journalist Cristina Odone, he demonstrated a lack of understanding not just of the unacceptability of his actions but more astonishingly of the way the internet works.

As with Twitter bullies, the impression of invincibility, created by a false sense of anonymity, encouraged him to behave in an unprofessional and immoral way.

Once serial miscreants perceive a threat, they quickly become adept at dodging it. Paedophiles soon stopped paying for kiddie porn with credit cards after the first few reported busts. (You may ask yourself how anyone could have been so stupid in the first place.) The rest of us are alert too: we know companies like Facebook and Google are making a lot of money selling our data, which makes us more cautious about what we upload to their services.

While we seem happy currently for anonymous machines to churn through our data, there is reason to expect change soon. What will happen when this information leaks, or the filter bubble clouds or overwhelms our search results? When we find out that our Internet Service Providers have been hawking off all of our traffic data?

When the Communications Data Bill gets through Parliament allowing the police access to the time, duration, originator and recipient of every communication we have made on the internet, without a warrant? What will happen when we realise that the heady freedom we thought existed turns out to be a cruel illusion?

The majority of people treat computers in the same way as cars: they don’t know how they work and don’t much care as long as the car drives. It can be a bit overwhelming for the average Joe to assess and control who sees what about his internet usage, when the internet is an abstract thing that gets piped into the house like water and electricity.

Admittedly the answer to the question, “How do I browse the internet privately?” isn’t short, but here’s an explanation even the honourable members of the Joint Committee on Privacy and Injunctions should understand.

The first thing you might have heard of are encrypted websites which can be recognised by the https:// at the start of the address bar instead of http://. Encrypted websites were initially used by online payment and email services, but they are becoming more widespread. If you use an encrypted website, no one can see what you are doing except for the website itself (though this does not stop someone from knowing that you are using the website).

To be anonymous on the internet, you need to keep your IP address – a bit like a street address for your computer – hidden, and the simplest way of doing this is to use something called a proxy server. Put simply, instead of connecting directly to a website, you ask a proxy server to do it for you. The proxy acts a middleman, passing information between you and the website with the two of you never directly meeting. The website won’t know who you are and if you use a program to encrypt your initial contact with the proxy, no-one can tell what you are asking the proxy to do.

Using a proxy poses one huge problem: the proxy will know everything about you, so you have to trust the proxy and hope that no one breaks into it. This problem can be solved by using something called onion routing (the most common service for doing this is called Tor, of which more later) which utilises a chain of proxies. So you ask the first proxy to do something, it passes the message on to a second proxy which passes it on until it reaches the final proxy which talks to the website.

Additionally, the message is wrapped in several layers of encryption, so each proxy can only strip away one layer as the message moves through the chain. The first proxy knows who you are and the last proxy knows the website, but none of the proxies know both you and the website.

To make this work in practice, you need a big network of separately operated proxies with lots of people using a piece of software to connect them to the network and to assign them random chains. It is possible to tell who is connected to the network and what sites the people on the network are visiting, but not who is visiting what (there is a theoretical way to work this out, but in practice it would require huge, almost impracticable resources).

So to answer the question about browsing the internet privately, what you really need to do is to become properly anonymous – via onion routing. To use the internet in this way you need to use Tor, which is both the name of a network of proxies and the name of the free software used to access the network.

Using the software is as easy as using any other browser. You download a package that includes a patched version of Mozilla Firefox and that’s it. Browsing on Tor is a bit slower than normal, and plug-ins can’t be used, but by essentially switching browsers you can effectively hide your internet activity.

Also of interest to anyone in the business of pushing for online censorship is the staggering number of websites that use Tor to remain hidden. In essence, the servers that host these websites are only connected to the Tor network, so their IP addresses are never revealed.

These hidden websites include file sharing sites, imageboards, unregulated marketplaces, Bitcoin laundries, hacking forums and, yes, child pornography. It’s impossible to tell how much traffic these websites get, but by looking through the amount of content linked to by the hidden sites that serve as a gateway to the Tor “deep web” it is clear that illegal activity around money and porn is what this part of the internet is often used for.

Around 500,000 people use Tor each day. It’ a minuscule proportion of total internet usage. Data on these people, who have perceived a need to become anonymous online and have acted on it is by is hard to come by. But the fact that by proportion of population Iran had the highest number of daily users over the past year indicates that the main driver of Tor usage could be government intervention and surveillance, rather than porn or money laundering.

Tor has made online anonymity almost as easy as clicking a button. With one simple download, the data bounty internet tracking services have been feasting on could disappear, the information the intelligence services are so keen to get their mitts on could vanish and a new generation of anonymous web users could be unleashed – if only people were better educated about their options.

A flick of a switch and the dreams of consolidated online identities could be dashed. (Shed a tear for Larry Page.) The internet as we know it shouldn’t be taken for granted; the ease with which online activity can be linked to a user is an accident of design, not a feature.