It’s one of the internet’s oft-mentioned 'creepy' moments. A user is served a banner ad in their browser promoting products on a site they visited hours, days or months in the past. It’s as if the ads are following them around from site to site. Most people know that the issue of ad stalking – termed 'remarketing' or 'retargeting' - has something to do with cookies but that’s barely the half of it.
The underlying tracking for all this is provided by the search engine provider, be that Google, Microsoft or Yahoo, or one of a number of programmatic ad platforms most people have never heard of. The ad system notices which sites people are visiting, choosing an opportune moment to 're-market' products from a site they visited at some point based on how receptive it thinks they will be. The promoted site has paid for this privilege of course. Unless that cookie is cleared, the user will every now and then be served the same ad for days or weeks on end.
Is this creepy? Only if you don’t understand what is really going on when you use the internet. As far as advertisers are concerned, if the user has a negative feeling about it then the remarketing has probably not worked.
If it was only advertisers, privacy would be challenging enough but almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model. User data is simply too valuable to advertisers and profilers not to. The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties. Broadband providers, meanwhile, are increasingly required by governments to store the internet usage history of subscribers for reasons justified by national security and policing.
The cost of privacy - dynamic pricing
Disturbingly, this personal tracking can also cost surfers money through a marketing technique called 'dynamic pricing' whereby websites mysteriously offer two users a different bill for an identical product or service. How this is done is never clear but everything from the browser used, the search engine in question the time of day, the buying history of the user or the profile of data suggesting their affluence may come into play. Even the number of searches could raise the price.
This seems to be most common when buying commodity services such as flights, hotel rooms and car rental, all of which are sold through a network of middlemen providers who get to decide the rules without having to tell anyone what these are. Privacy in this context becomes about being treated fairly, something internet providers don't always seem keen to do.
How to browse privately
Achieving privacy requires finding a way to minimise the oversight of internet service providers (IPS) as well as the profiling built into browsers, search engines and websites. It is also important to watch out for DNS name servers used to resolve IP addresses because these are increasingly used as data capture systems.
At any one of these stages, data unique to each user is being logged. This is especially true when using search engines while logged into services such as Google or Facebook. You might not mind that a particular search is logged by the search provider but most people don’t realise how this is connected directly to personal data such as IP address, browser and computer ID not to mention the name and email address for those services.
Put bluntly, the fact that an individual searched for health, job or legal advice is stored indefinitely as part of their personal online profile whether they like it or not.
In theory, the traditional way of shielding internet use from ISPs can be achieved using a VPN provider.
A VPN creates an encrypted tunnel from the user’s device and the service provider’s servers which means that any websites visited after that become invisible to the user’s primary ISP. In turn, the user’s IP address is also hidden from those websites. Notice, however, that the VPN provider can still see which sites are being visited and will also know the user’s ISP IP.
Why are some VPNs free? Good question but one answer is that they can perform precisely the same sort of profiling of user behaviour that the ISP does but for commercial rather than legal reasons. In effect, the user has simply swapped the spying of one company, the ISP, for another, the VPN.
Post-Snowden, a growing number advertise themselves as 'no logging' providers, but how far the user is willing to go in this respect needs to be thought about. Wanting to dodge tracking and profiling is one thing, trying to avoid intelligence services quite another because it assumes that there are no weaknesses in the VPN software or even the underlying encryption that have not been publicly exposed.
IPVanish is a well-regarded US-based service offering an unusually wide range of software clients, including for Windows, Mac and Ubuntu Linux, as well as mobile apps for Android, iOS and Windows Phone. There is also a setup routine for DD-WRT and Tomato for those who use open source router firmware. Promoted on the back of speed (useful when in a coffee shop) and global reach as well as security. On that topic, it requires no personal data other than for payment and states that it does not collect or log any user traffic.
Another multi-platform VPN, Romanian-based Cyberghost goes to some lengths to advertise its security features, its main USP. These include multi-protocol support (OpenVPN, IPSec, L2TP and PPTP), DNS leak prevention, IP sharing (essentially subnetting multiple users on one virtual IP) and IPv6 protection. Provisions around 50 servers for UK users. It also says it doesn’t store user data.
All browsers claim to be ‘privacy browsers’ if the services around them are used in specific ways, for example in incognito or privacy mode. As wonderful as Google’s Chrome or Microsoft’s Edge might be their primary purpose, isn't security. The companies that offer them simply have too much to gain from
The companies that offer them simply have too much to gain from a world in which users are tagged, tracked and profiled no matter what their makers say. To Google’s credit, the company doesn’t really hide this fact and does a reasonable job of explaining its privacy settings.
Firefox, by contrast, is by some distance the best of the browser makers simply because it does not depend on the user tracking that helps to fund others. But this becomes moot the minute you log into third-party services, which is why most of the privacy action in the browser space now centres around add-ons.
Epic Privacy Browser
Epic is a Chromium-based browser that takes a minimalistic approach to browsing in order to maximise privacy. It claims that both cookies and trackers are deleted after each session and that all browser searches are proxied through their own servers, meaning that there is no way to connect an IP address to a search. This means your identity is hidden. Epic also provides a fully encrypted connection and users can use its one-button proxying feature that makes quick private browsing easy, although it could slow down your browser.
This Firefox-based browser that runs on the Tor network can be used with Windows, Mac or Linux PCs. This browser is built on an entire infrastructure of ‘hidden’ relay servers, which means that you can use the internet with your IP and digital identity hidden. Unlike other browsers, Tor is built for privacy only, so it does lack certain security features such as built-in antivirus and anti-malware software.
Privacy search engines
It might seem a bit pointless to worry about a privacy search engine given that this is an inherent quality of the VPN services already discussed but a couple are worth looking out for. The advantage of this approach is that it is free and incredibly simple. Users simply start using a different search engine and aren’t required to buy or install anything.
The best-known example of this is DuckDuckGo. What we like about DuckDuckGo is it protects searches by stopping 'search leakage' by default. This means visited sites will not know what other terms a user searched for and will not be sent a user’s IP address or browser user agent. It also offers an encrypted version that connects to the encrypted versions of major websites, preserving some privacy between the user and the site.
In addition, DuckDuckGo offers a neat password-protected 'cloud save' setting that makes it possible to create search policies and sync these across devices using the search engine.
Oscobo UK search
Launched in late 2015, Oscobo returns UK-specific search results by default (which DuckDuckGo will require a manual setting for). As with DuckDuckGo, the search results are based on Yahoo and Bing although the US outfit also has some of its own spidering. Beyond that, Oscobo does not record IP address or any other user data. According to its founders, no trace of searches made from a computer is left behind. It makes its money from sponsored search returns.
Techworld's sister title Computerworld UK recently covered the issue of alternative DNS nameservers, including Norton ConnecSafe, OpenDNS, Comodo Secure DNS, DNS.Watch, VeriSign and, of course, Google.
However, as with any DNS nameserver, there are also privacy concerns because the growing number of free services are really being driven by data gathering. The only way to bypass nameservers completely is to use a VPN provider’s infrastructure. The point of even mentioning them is that using an alternative might be faster than the ISP but come at the expense of less privacy.
Available on 126.96.36.199 and 188.8.131.52, DNS.Watch is unique in offering an alternative DNS service without the website logging found on almost every rival. We quote: “We're not interested in shady deals with your data. You own it. We're not a big corporation and don't have to participate in shady deals. We're not running any ad network or anything else where your DNS queries could be of interest for us.”
Now part of Cisco, the primary is 184.108.40.206 with a backup on 220.127.116.11. Home users can simply adjust their DNS to point at one of the above but OpenDNS also offers the service wrapped up in three further tiers of service, Family Shield, Home, and VIP Home. Each comes with varying levels of filtering and security, parental control and anti-phishing protection.
Blur is an all-in-one desktop and mobile privacy tool that offers a range of privacy features with some adblocking thrown in for good measure. Available in free and Premium versions ($39 a year) on Firefox and Chrome only, principle features include:
- Masked cards: a way of entering a real credit card into the Blur database which then pays merchants without revealing those details.
- Passwords: similar in operation to password managers such as LastPass and Dashlane without some of the layers of security and sophistication that come with those platforms. When signing up for or encountering a new site Blur offers to save or create a new strong password.
Masked email addresses are another feature, identical in principle to the aliases that can be used with webmail systems such as Gmail. Bur’s management of these is a bit more involved and we’d question whether it’s worth it to be honest were it not for the single advantage of completely hiding the destination address, including the domain. Some will value this masking as well as the ease of turning addresses on and off and creating new ones. On a Premium subscription, it is also possible to set up more than one destination address.
- Adblocking: with the browser extension installed, Blur will block ad tracking systems without the conflict of interest are inherent in the Acceptable Ads program used by AdBlock Plus and a number of others. We didn’t test this feature across many sites but it can be easily turned on and off from the toolbar.
- Two-factor authentication: Given the amount of data users are storing in Blur, using two-factor authentication (2FA) is an absolute must. This can be set up using a mobile app such as Google Authenticator, Authy or FreeOTP.
- Backup and Sync: Another premium feature, this will sync account data across multiple devices in an encrypted state.
- Masked phone: probably only useful in the US where intrusive telemarketing is a problem, this gives users a second phone number to hand to marketers. Only works in named countries including the UK. Only on Premium.
Overall, Blur represents a lot of features in one desktop/mobile browser extension. Limitations? Not terribly well explained in places and getting the best out of it requires a Premium subscription. Although the tools are well integrated and thought out most of them can be found for less (e.g. LastPass) or free (e.g. adblocking) elsewhere. The features that can’t are masked phone and masked card numbers/addresses.