Internet privacy is the concept of the human right to privacy of individuals on the Internet. This is directly contrary to internet surveillance, especially warrantless mass surveillance, as is currently being perpetrated by multiple entities.
Mass surveillance, as Edward Snowden revealed the National Security Administration was engaging in,[1] is one of the greatest threats to Internet privacy. Mass surveillance involves the collection, review, and storage of all available information by a government. This method is often used to help the government find and stop those who would harm it. However, many argue that this is a direct violation of the unalienable rights given by God to every human. This also causes concern for many, because oppressive dictatorships and police states have arisen under the guise of security, because it is offered in exchange for freedom.
Even when mass surveillance is not considered, there is still a large amount of tracking by various companies. Companies such as Facebook and Google have been found to be tracking the activity of Internet users as well.[2] Facebook has been found to be tracking users even when they have logged out of their accounts, using the cookies which are left on each user's computer.[3] Even deleting one's account does not seem to stop this privacy threat.[4] Meanwhile, Google has been collecting information of web searches, video viewing, and other Internet usage using not only their own websites (of which they have many), but also using the websites of others. Google's Ad Sense was become popular because it is easy for any website owner to add advertizements to their site, and get a token payment when they are clicked on. Google tracks who clicks on what, doesn't click on what, and visits what using this service. Another even more popular service they offer is Google Analytics, which has the sole purpose of tracking users and analyzing usage. Statistics for each site are provided to the webmaster, but all these statistics are also saved for other marketing purposes. Meanwhile, Google's popular Android system also collects private information and reports it to Google, up to and including passwords.[5][6]
While corporations are collecting massive amounts of information for marketing, U.S. and British intelligence services are also reportedly benefiting. Through a program called "Planning Tool for Resource Integration, Synchronization, and Management" (better known by its acronym, PRISM)[7] the National Security Administration is believed to have direct access to the data collected by a number of the largest Internet companies in the United States, including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. All companies asked about such a program have disavowed any knowledge or participation in such a program, but the evidence speaks to the contrary.[8] Additionally, it is now believed that British intelligence agencies have access to the same information.[9] However, since the NSA is now coping all Internet traffic as it travels through the Internet backbone, it is unclear how useful PRISM is anymore.[10]
Using a device's Internet protocol (IP) address, it can be tracked to a specific area, at least to the town or city that device is connecting from. Mobile devices using wireless Internet can be easily located as well, using Wi-Fi triangulation. If mobile devices are instead using a cellular network, this can also be triangulated.[11]
An increasing number of devices have integrated Global Positioning System (GPS) chips. This enables them to be located to within a few feet, with little if any effort. In general, the systems on such devices refuse to report their location unless the user agrees, but this can no doubt be circumvented (by "hacking" or malware). Also, considering the disregard of user privacy on the part of Google, it is not inconceivable that Android devices may report their locations to Google. GPS chips are also available for computers, although they are not yet standard equipment.
For a more detailed treatment, see Internet cookie.
Cookies are files placed on computers as they browser the World Wide Web. These cookies hold preference and setting information for some websites, and log in tokens for others. These cookies can be used to very easily follow users from one website to another, tracking their activity. Google uses these to great effect, since its cookies can be read by its advertizement and analytic systems installed on the majority of websites in existence.
Two major methods used today to help protect Internet privacy are anonymizing internet connections, and encrypting data. Other minor solutions exist for other specific issues as well.
Whether protecting information from a malicious party which may intercept it, or protecting from a government which is overstepping its bounds, encryption is vital. This can be applied to specific files and text, computer systems, or communication links. It is not impervious to supercomputers, encryption makes in much more difficult for information to be useful to those it was not intended for, and has proven effective against governments in the past. Some websites encrypt communication using a protocol called Transport Layer Security. However, this is only possible if the server already has an SSL certificate. Encrypting all communication greatly aids in Internet privacy.
It is very difficult to become truly anonymous, especially in the eyes of mass surveillance. When every action in monitored, it is hard to escape. However, a reasonable attempt can be made using encrypted proxy servers. This system involves the piping of all Internet traffic through a remote server. The connection between a client and the proxy should be (and usually is) encrypted. Requests from a client will be sent out by the proxy, and content sent back in response is piped to the originally requesting client. In theory, only the proxy server knows who exactly is requesting the information—this meas that the proxy server must be secure, and not be itself tracking activity. However, the Internet service provider (and those monitoring it) can see the stream of encrypted data traveling between the proxy and client. It can be possible to determine what each person is doing, by analyzing patterns, studying upload/download sizes, or cracking the encryption. Spyware (either third-party, or provided by a manufacturer or the NSA) can also foil this method by simply transmitting activity information.
Another method to anonymize a connection is through the use of a traffic distribution network. The Onion Router (TOR) is the best (and probably the only) reliable network for this to be accomplished through. Rather than using one proxy server which itself could be compromised, each client becomes a proxy. All traffic is piped to other clients, which in turn process portions of the request. Each job may pass through five or more clients before being processed or completed. At each jump, each client only knows where the job came from, and where it is going next. Although an inefficient system, this makes it impossible for any one link to know what any other link is doing. However, it is possible for a connection to be compromised by the creating of a number of malicious nodes. If three of four links in the chain are working together, it often becomes possible to determine the purpose and source of a connection.[12][13] This is something this the NSA could probably accomplish with ease, so some theorize that even TOR is not safe from them.
When companies use cookies to track users, they rely on the users' own computers to work against them. Cookies must be stored on each person's computer, which means that the user does ultimately control them. These cookies can be easily deleted in the settings or configuration of any web browser, or addons can be installed which make the process even easier, such as "Remove Cookies for Site" or "Self-Destructing Cookies."
In some cases, it is possible to block Internet trackers such as Google Analytics before they even have the chance to place cookies on a computer. This is commonly done using browser addons such as "Ghostery" and "Ad-block Plus."