How to stay anonymous and retain your privacy online: Basic security

The UK government is currently debating plans to establish a nationwide surveillance network which will record all online activity, storing emails and web browsing details for up to 12 months. While the police and other bodies can already see phone records, browsing history and some other information the Communications Data Bill suggests they will install black boxes on ISP networks to allow them complete unfettered access to all communications.

The usual terrorist and think-of-the-children excuses are being rolled out but this is invasion of privacy on a massive scale.

If you’re not worried yet, you should be - if it goes ahead everything you do online will be logged and recorded, accessible to the authorities with just the signature of a senior police officer. No warrant required. It may also be possible for local councils to gain access, despite them having abused the ‘anti-terrorist’ RIPA law to spy on people for such heinous crimes as not picking up dog mess or allegedly trying to get their kids into a school in a different catchment area.

As well as writing to your local MP and lending support to privacy campaigners every net user should take the time to learn a bit about online privacy and anonymity to find out how you can protect yourself from nosey parkers, be they government officials or hackers.

That’s exactly what we’re going to show you in this two part feature, starting with some basic necessities before moving on to more advanced methods of staying anonymous online.

Privacy vs anonymity

Before we go any further we should take a moment to clear up the confusion between anonymity and privacy. The two are often used interchangeably but there is a very important difference and it is essential to understand this so you can learn how to best protect yourself.

Privacy is someone not being able to see what you’re doing, but knowing who and where you are. Close the curtains in your house and nobody on the street outside can see in, but they still know who lives there.

Anonymity means your identity is unknown but your activity may be visible. For example, cast a vote in an election and the people counting will see your choice but have no idea who you are.

You should know the difference because you may want to keep your activity private but aren’t concerned about the anonymity, or vice versa, and not understanding the distinction can mean inadvertently revealing information through carelessness.

Is it possible to have total privacy and anonymity online? For the average person, probably not, the more you want to the hide the more complex it becomes, and even then it’s never 100% guaranteed. However there are many things you can do to limit your exposure and ensure a very high level of security.

Privacy basics

Start with your computer. Your hard disk holds a huge amount of data about your activities, almost everything is recorded, logged or noted in some way, whether it’s web browsing history or a list of recently accessed documents. When talking about privacy this is often all anyone is concerned about; they share a PC and don’t want other users to access their information.

Personal privacy is easy to achieve using these free Windows tools:

  • CCleaner. An excellent utility which scans and wipes data remnants like recently accessed documents, browser history and cookies. Includes the option for secure deletion and it’s a good idea to set it to ‘one pass wipe’ (that’s all you need to ensure a file is gone forever).
  • Eraser. While CCleaner includes custom file deletion Eraser is much easier to use if you want to get rid of a particular file or files - just right-click on any file, folder or drive and wipe. Again, setting it to one pass wipe is more than sufficient.
  • TrueCrypt. This is an incredibly powerful tool which has the ability to create encrypted containers for storing data. Provided you use a secure password no one else will be able to see what’s inside your TrueCrypt container. It can even create hidden partitions so the container itself can’t even be located.

Private browsing

Chrome, Firefox, IE and Opera all include a private browsing mode (under different names - it’s called ‘Incognito’ on Chrome).

Private browsing is popularly referred to as ‘porn mode’ because it allows you to browse the web without recording the history. Or as the Microsoft adverts would have us believe, it's useful if you don’t want your partner to know you’ve been shopping for a wedding ring.

However there are two things to note about private browsing. First of all it’s not infallible. Third party plugins, notably Java, can leave traces and web addresses can be stored in the DNS cache

Second and, most importantly, it offers absolutely no security, privacy or anonymity online. Your ISP will still know where you’ve been, web sites can still see your activities. Private mode is designed to prevent casual users of the same machine seeing your browsing history and it does that job perfectly adequately.

User profiles

If you’ve got a system shared between several people then setting up user profiles will allow everyone to have their own storage space and desktop. It’s not 100% secure (particularly on Windows) but like private browsing will deter the casual snooper. Though also like private browsing this does nothing for online activities.

Always use HTTPS where possible

Encrypted web connections, indicated by an address beginning ‘HTTPS’, are a standard way of securely accessing online services. Check next time you log in to your email or bank - they will be using HTTPS (if not stop using it immediately).

When connected via HTTPS your privacy is intact as no one (ISP included) monitoring the connection can look into encrypted connections. The government seems to be hoping it will gain access to HTTPS sessions with its black boxes but unless they’ve invented some clever new spying technology this would introduce numerous problems for everyone involved.

There are browser plugins which can force a connection over HTTPS whenever it’s available - HTTPS Everywhere (Chrome & Firefox) and HTTPS Enforcer (Chrome).

When using HTTPS watch out for certificate warnings, these indicate that the encrypted connection is not secure. If you ever get one of these while accessing an important site like online banking then do not proceed any further and contact the site for advice. 

Create a junk email address

It’s good practice to have another email address and save your main email for friends, family and official business. Use the ‘burner’ for forums and random web sites, then it won’t matter if they ever sell on your info or suffer a hack attack, or just decide to start sending spam. If you use Gmail you can create multiple aliases so each site can have a unique address, or you can take advantage of services like Mailinator to create one-use throwaway addresses.

Be vigilant when using unknown networks

If you’re not using your home connection then be extra-paranoid. Anyone who controls a network can use freely available software to monitor and capture traffic so if it’s not encrypted they’ll be able to see everything (this includes your work internet). 

A good way to avoid this kind of surveillance is to use a VPN, which we’ll cover in the next part of the feature, otherwise it’s best to assume that unless you’re connected via HTTPS everything is being recorded.

Same thing goes for PCs you don't own, particularly those in public locations. In those situations you should not trust it at all - a secure connection can be rendered useless by a keylogger installed on a PC.

Install anti-virus and anti-spyware applications

You should be doing this anyway, but AV and anti-spyware tools will prevent malicious software from taking over your PC. Compromised systems can be used to host files (including the worst possible kind of files you can think of), allow the PC to become part of a botnet or give the hacker access to whatever sensitive information they fancy. An encrypted connection won’t help you if someone on the other side of the world is simply watching your keypresses while you type the password to your online bank.

Recommended anti-virus applications include Avira, Microsoft Security Essentials and Kaspersky. SUPERAntiSpyware is a good spyware detector. Just remember you have to keep them updated and scan regularly too. 

Control cookies

Cookies are tiny files used to store preferences for web sites. They can also allow sites to track you across the web which is why you can see adverts for products you might have previously viewed on Amazon. While they are needed to ensure many sites function correctly it’s not hard to see how they could also inadvertently breach your privacy.

Check the security settings on your browser to change how it handles cookies so they’re not kept after the browser is closed, or only allow trusted sites to store cookies. You can also install a cookie manager browser add-on/extension which will provide a much greater level of control.

Be smart with your passwords

Careless treatment of passwords is responsible for a huge number of security breaches and lead to all kinds of information being revealed. Follow these password tips to stay safe:

  • Don’t trust your browser's password management

The built-in password management of web browsers does save you from having to remember all your different logins but they’re very insecure. If you want a safe way to store multiple passwords we’d recommend LastPass or KeePass. Both of these offer incredibly secure password management and browser integration.

  • Use good passwords

This should be something we all know by now but the use of ‘password’ as a password is still scarily common. Use a phrase that’s not obvious (no pet names, maiden names or favourite football teams), mix letters and numbers and make it as long as possible. Use symbols and upper case characters whenever allowed as well.

  • Don’t have the same password on all sites

If you have the same login for every site you’re only one corrupt admin or insecure server away from a total security nightmare. Once they've got your login from one place they can use it to access everything.