19 ways to stay anonymous and protect your online privacy – ExtremeTech


Now more than ever, your online privacy is under attack. ISPs, advertisers, and governments around the world are increasingly interested in knowing exactly what you’re up to when you browse the web. Whether you’re a political activist or simply someone who hates the idea of third-parties scrutinizing your surfing habits, there are plenty of tools available to keep prying eyes off of your traffic.

In this post, I’m going to highlight 19 ways to increase your online privacy. Some methods are more complicated than others, but if you’re serious about remaining private, these tips will help shield your traffic from snoops. Of course, internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology.

#metaslider_231991_filmstrip.flexslider .slides li {margin-right: 5px;}

<img src="http://www.techbutts.com/images/201611/TorBrowser.png" height="480" width="640" data-title="

The Onion Router (Tor)

If anonymity is what you’re after, The Onion Router (Tor) is what you need. It uses a vast network of computers to route your Web traffic through a number of encrypted layers to obscure its origin. Tor is a vital tool for political dissidents and whistleblowers to anonymously share information, and you can just as easily use it to help protect your privacy. Get started by downloading the Tor Browser. This customized fork of Firefox automatically connects to the Tor network, and includes some of the privacy-enhancing browser extensions discussed later in this post. This package has everything you need to use Tor successfully, but you’ll also need to change your web surfing behavior to retain as much anonymity as possible. Abide by the Tor warnings, and remember this isn’t a magic bullet. It still has some significant weaknesses.” alt=”TorBrowser” class=”slider-231991 slide-232326″ />
<img src="http://www.techbutts.com/images/201611/2-VPN.png" height="480" width="640" data-title="


If you’re very serious about maintaining your anonymity, consider investing in a VPN solution like TorGuard or Private Internet Access. These services essentially allow you to disguise your traffic. Your real IP address will be hidden from the world, and your traffic will remain indecipherable to nosy ISPs or governments. Even if your government is actively on the lookout for VPN traffic, you can still benefit from so-called “stealth VPNs.” TorGuard offers its stealth VPN service at no additional cost, and it will make government detection and interference much harder to accomplish. For those of you being held hostage by your government, VPNs are by far the best bet for bypassing censorship and snooping.” alt=”VPN” class=”slider-231991 slide-232028″ />
<img src="http://www.techbutts.com/images/201611/3-DNS-Leak.png" height="480" width="640" data-title="

DNS leak testing

Even if you’re using a privacy service (like a VPN) to hide your IP address, it’s still possible to give away clues to your identity via your DNS traffic. Thankfully, it’s easy to detect if your configuration is leaking your DNS information. Simply head over to DNSLeakTest.com, and run the extended test. If the results show the third-party DNS service you’re using (like TorGuard), you’re set. If your ISP’s DNS info shows up, you have a DNS leak. Follow the steps listed on the “How to fix a DNS leak” page, and then test yourself again to make sure everything is working as intended.” alt=”DNS Leak” class=”slider-231991 slide-232027″ />
<img src="http://www.techbutts.com/images/201611/4-Virtual-Machine.png" height="480" width="640" data-title="

Virtual machines

Your browser isn’t the only vector for third parties to invade your privacy. PDFs and other seemingly harmless files can serve as homing beacons, and potentially alert government entities when you’re viewing planted contraband. To prevent unintended breaches of privacy, open suspect files inside of a virtual machine. Load up your favorite Linux distribution inside of VirtualBox, configure it to your liking, and then save a snapshot of your VM. Next, download your desired file (using the protections illuminated in this article), and then shut off your virtual machine’s access to the Internet. Once you’re sure that the VM is cut off completely from the network, you can now open the file safely. Read what you need, make notes, and then shut down the VM. Next time you need to view a file inside one, you’ll have your snapshot ready to go.” alt=”Virtual Machine” class=”slider-231991 slide-232026″ />
<img src="http://www.techbutts.com/images/201611/TAILS-Desktop.png" height="480" width="640" data-title="

Tails live operating system

If you want to take privacy beyond a simple VM solution, you can instead boot up a live OS from a CD or USB stick. Knoppix and Ubuntu are good options for normal use, but Tails is custom-built for preserving your privacy and anonymity. Your traffic is automatically routed through Tor, encryption tools are built-in for IM and email, and it won’t interact with any of your existing OS installations. It’s an excellent all-in-one package that’s easy to use. Still, you need to be vigilant. All of the same Tor disclaimers apply, and if you’re using this on a shared PC, you could still be tracked even with a simple key logger.” alt=”TAILS Desktop” class=”slider-231991 slide-232333″ />
<img src="http://www.techbutts.com/images/201611/5-Third-Party-Cookies.png" height="480" width="640" data-title="

Blocking third-party cookies

Third-party cookies are one of the most common methods that advertisers use to track your browsing habits. If you visit two sites using the same advertising service, rest assured that the advertiser is keeping tabs on that information. Every major Web browser offers the ability to turn off tracking cookies. While this is far from a panacea, it shuts down the most common vector used by advertisers to build usage profiles.” alt=”Third Party Cookies” class=”slider-231991 slide-232025″ />
<img src="http://www.techbutts.com/images/201611/6-Location-Data.png" height="480" width="640" data-title="

Blocking location data

In recent years, many sites have begun using location data to offer specific services, and serve targeted advertisements. Mapping applications have legitimate reasons for gathering location data, but that same technique can be used to help identify who you are. Any legitimate browser should let you toggle on and off location data, and we recommend leaving it off completely. At the least, demand that websites prompt you for access before gathering the data. That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. If you’re browsing the Web without a proxy or a VPN, you’re effectively broadcasting your IP to every server you come across, and that information can be used against you. It’s not necessarily something you have to worry about constantly, but it’s worth keeping that fact in the back of your mind if you’re criticizing your local dictator or blowing a whistle on the NSA.” alt=”Location Data” class=”slider-231991 slide-232024″ />
<img src="http://www.techbutts.com/images/201611/7-Do-Not-Track.png" height="480" width="640" data-title="

Do not track

The “Do not track” HTTP header is an optional message that browsers can send to Web servers. You can easily enable it in your browser’s settings, but it’s rather limited in scope. For this to work at all, the Web server needs to be configured to respect this flag. There is absolutely no requirement of any kind that any website needs to obey this setting, so don’t expect widespread protection from trackers. Still, you don’t have much to lose. The only potential issue here is that it’s an additional datapoint for browser fingerprinting. But if enough people are using it, that shouldn’t be a real issue.” alt=”Do Not Track” class=”slider-231991 slide-232023″ />
<img src="http://www.techbutts.com/images/201611/Plug-ins.png" height="480" width="640" data-title="

Plug-in management

Even if your browser is configured properly to hide your identifying information, plug-ins can still be used to endanger your anonymity. If you’re serious about remaining anonymous, you should avoid running plug-ins altogether. Unfortunately, that can leave a number of popular websites completely unusable. To solve this problem, we recommend a hybrid approach. First of all, configure your browser to require your approval to run any plug-in. Next, make sure you’re running sandboxed plug-ins. While this is mostly considered a security issue, a rogue plug-in could be used to gather your personal information by an organization like the NSA. Chrome can be configured to completely disallow un-sandboxed plug-ins, but it can be trickier with some other browsers. Windows users can run their browsers inside of an application called Sandboxie, so less sophisticated browsers can receive similar benefits.” alt=”Plug-ins” class=”slider-231991 slide-232055″ />
<img src="http://www.techbutts.com/images/201611/Block-Javascript.png" height="480" width="640" data-title="

JavaScript blocking

JavaScript is a powerful language, but it can leak out identifying information. By design, it can deliver detailed information to any Web server about your setup. What plug-ins do you have enabled? What size screen are you using? Those small pieces of information can add up, and make tracking your usage profile easier for advertisers and governments. Worse, unpatched JavaScript exploits could potentially be used to trick your browser into giving up even more identifying information. If you want to be truly anonymous, you’re going to need to disable JavaScript. That’s easier said than done, since many websites rely on JavaScript for core functionality, so you’d be effectively knee-capping your Web browser. A browser extension like NoScript lets you manage which domains have permission to run JavaScript in your browser. This way, you can whitelist only the domains and webpages that you trust.” alt=”Block Javascript” class=”slider-231991 slide-232057″ />
<img src="http://www.techbutts.com/images/201611/ghostery.png" height="480" width="640" data-title="

Ghostery browser extension

If you’re serious about protecting your privacy, consider installing Ghostery in Firefox, Chrome, Opera, IE, or Safari. This adorable little browser extension allows you to block trackers from all over the web in one place. Better yet, it displays just exactly which tracking services are being used on your favorite websites, and allows you to dynamically enable or disable tracking as you see fit. It’s simple to use, and extremely customizable. If you hate the idea of being spied on by advertisers, this is exactly the extension you’re looking for. Ghostery has been criticized for collecting data, so we spoke to Todd Ruback — Ghostery’s chief privacy and security officer. During our interview, he assured us that the tracking is strictly opt-in, and explains how the information is used. If you’re concerned about Ghostery, take this opportunity to read up on the extension, and make a decision for yourself. ” alt=”ghostery” class=”slider-231991 slide-232558″ />
<img src="http://www.techbutts.com/images/201611/Privacy-Badger.png" height="480" width="640" data-title="

Privacy Badger browser extension

If you’re looking for a Popeil-esque “set it and forget it” method of blocking trackers online, try out the EFF’s Privacy Badger add-on. Available for Chrome and Firefox, this browser extension monitors when sites try to track your browsing habits, and automatically thwarts future tracking attempts. While this add-on was built using the Ad-Block Plus codebase, this isn’t truly an ad-blocking tool. Instead, the EFF is only interested in blocking snoops. Best of all, the list of blocked content automatically improves the more you browse — no need to fiddle with filters by hand.” alt=”Privacy Badger” class=”slider-231991 slide-232058″ />
<img src="http://www.techbutts.com/images/201611/HTTPS-Everywhere.png" height="480" width="640" data-title="

HTTPS Everywhere browser extension

In spite of some infamous security issues, SSL is still extremely important for keeping your Web traffic safe from prying eyes. If you want to keep nosy packet sniffers out of your business, your Web traffic should always be going through SSL connections. Sadly, not every website supports SSL. Even worse, many websites that do support SSL still default to unencrypted connections — and the Electronic Frontier Foundation wants to change that. The HTTPS Everywhere browser extension, provided for free by the EFF, forces SSL connections on countless websites. Chrome, Firefox, and Opera users can all take advantage of this wonderful extension, and keep important Web traffic private and secure.” alt=”HTTPS Everywhere” class=”slider-231991 slide-232061″ />
<img src="http://www.techbutts.com/images/201611/Search-Engine-Links.png" height="480" width="640" data-title="

Thwart search engine tracking URLs

It’s no secret that Google makes money by tracking your behavior for targeted ads, and that’s problematic from a privacy perspective. Using DuckDuckGo is a good alternative for some of us, but the quality of Google’s results can be difficult to forgo. Thankfully, you can sidestep one of Google’s most obnoxious behaviors: URL trackers. When you click on a URL in Google, it actually loads a redirect URL first for easier tracking. Even worse, simply copying the link from Google can give you a long, messy tracking link instead of the plain URL you really want. But when you use this simple little extension called Searchlinkfix, it does away with that completely.” alt=”Search Engine Links” class=”slider-231991 slide-232073″ />
<img src="http://www.techbutts.com/images/201611/WebRTC.png" height="480" width="640" data-title="

Disable WebRTC

Did you know that your browser can leak some of your network information to any web server that asks for it? If your browser has WebRTC enabled, your internal IP can be accessed by any given website, and it can potentially reveal your real IP address while using a VPN. If you’re using Firefox, you can go into https://www.extremetech.com/internet/about:config, and set media.peerconnection.enabled to “false.” Alternately, you can use the popular content blocker uBlock Origin to turn off this functionality in Chrome and Firefox. ” alt=”WebRTC” class=”slider-231991 slide-232064″ />
<img src="http://www.techbutts.com/images/201611/BetterPrivacy.png" height="480" width="640" data-title="

BetterPrivacy browser extension

Even if you’re blocking traditional cookies, some sites can still track you using LSOs (Local Shared Objects) — commonly known as “Flash cookies.” If you never use Flash, these won’t be a problem, but that can be incredibly difficult to pull off for some of us. Of course, you could configure Flash to block all LSOs, but that would break some Flash content. Thankfully, there is a simple plug-in for Firefox called BetterPrivacy that allows you to granularly manage your LSOs just as you would with normal cookies.” alt=”BetterPrivacy” class=”slider-231991 slide-232066″ />
<img src="http://www.techbutts.com/images/201611/Browser-Leaks.png" height="480" width="640" data-title="

Browser leak testing

Is your browser disclosing personally identifiable information? Head over to BrowserLeaks.com, and take a gander at all of the data your browser is giving away. This toolset will never be completely exhaustive, but if you want to verify that your privacy and security precautions are really working, this site is an invaluable asset.” alt=”Browser Leaks” class=”slider-231991 slide-232068″ />
<img src="http://www.techbutts.com/images/201611/Panopticlick.png" height="480" width="640" data-title="


Depending on how your browser is configured, there’s a chance that online advertising giants and nosy government agencies can identify your browsing behavior by recognizing just a few telltale markers. To discover exactly how unique your browser’s fingerprint is, head on over to Panopticlick. This handy little tool, owned and operated by the Electronic Frontier Foundation, quickly tells you just exactly what your browser is broadcasting to the world. The more information given away, the easier it will be to identify you as a unique individual.” alt=”Panopticlick” class=”slider-231991 slide-232069″ />
<img src="http://www.techbutts.com/images/201611/Mailinator.png" height="480" width="640" data-title="

Use different email accounts

When you sign-up for user accounts across the web, using a different email address for each site is a good way to throw unscrupulous third-parties off of your trail. If you’re merely creating a throwaway account on a whim, consider using disposable email accounts from sites like Mailinator or YopMail. Anybody can access those inboxes though, so use discretion. If you actually want to maintain legitimate accounts on sites like Facebook or Twitter, you can create numerous free email accounts, and then configure email forwarding to funnel all of the messages into a single inbox. It’s a lot of additional work, but it also offers the benefit of being able to easily detect which sites are selling your information to spammers.” alt=”Mailinator” class=”slider-231991 slide-232070″ />

Justified paranoia

You might not think you have anything to hide, but that doesn’t mean you shouldn’t enjoy the benefits of online privacy. Some of these recommendations are a real hassle to live with — I’m well aware. It’s a lot easier to shove your fingers in your ears, and pretend like the NSA and your ISP aren’t watching every move you make. But what you browse is your business, and your business alone. Now is the time to stand up for yourself, and take back your privacy.

In time for Black Hat and DEFCON, we’re covering security, cyberwar, and online crime all this week; check out the rest of our Security Week stories for more in-depth coverage as the week goes on.

(Image credit: ºNit Soto, edited)


Post Author: Tech Review