Law in the Internet Society

Stopping the Data Log

In my previous essay, I wrote about two issues: first, that I interact with technology in a way detrimental to my ability to focus, and second, that I compute in a way that compromises my privacy. It was easy to begin a process of change for my first issue; the path towards a solution there takes more will power than know how. I will address more about that process in the second draft of my first essay. Here, however, I address my second issue, one which presents some more formidable barriers of change.

As I have mentioned before, I am not technologically savvy. Concepts that many students in this course find rudimentary, leave me perplexed: packets, servers, encryption, all of it goes straight over my head. That is what makes this the more difficult of the two problems for me to solve. For the first issue, I knew how to leave my phone at home, it was all a matter of getting it done. With this issue, I have to figure out what the “it” is before I get “it” done. That means I have to identify my computing problems and arrive at solutions that are accessible to someone of my technological prowess (or lack thereof). My goal with this essay is to begin the process of becoming competent enough to keep my computing private. I will present a problematic way in which I surf the web and a solution. Whomever chooses to edit the draft will tell me that I am on the right track, or inform me of how incorrect I am. I will then build on that research for the next draft, until something akin to a plan forms.

Problem: My Web Surfing is Logged

Today I have spent a good deal of time surfing the internet, jumping from one site to the next using links and manually entered searches. During this time, many web servers played a part in transferring my data to the ultimate destination server and back to me, all of which recorded my IP address, along with the information I requested. That means, while I felt as if I was thinking privately, I was really thinking out loud, participating in the creation of a running list of my interests, concerns, and curiosities. I would like to instead keep my thinking private.

Solution: VPN

Per NPR’s All Things Considered broadcast, a VPN is like “a dark, secret tunnel you use to go from your computer to a website.” That would be a welcome change, because right now, if we are using metaphors, I am running naked through Central Park when I surf the web. In my limited understanding, the VPN server acts as a sort of middle man between the individual and the internet: data travels to the VPN server first, through an encrypted connection, before entering into the web bearing the VPN server’s IP address instead of the user’s, and when data comes back in, it passes through the VPN server before reaching the user’s device. The VPN acts as the individual’s agent, taking and executing a user’s orders in the wider web without revealing the user’s identity.

Metaphors are nice, but much of my research on VPN’s got into some grittier tech lingo, which I tried my best to bear with. What I learned: a VPN’s efficacy in terms of maintaining data security derive from the protocols and level of encryption which it employs. First, each VPN comes with a specific set of protocols, some more desirable than others. For example, point to point tunneling protocol is not very secure at all, and those with hacking know how can easily crack the “tunnel” and take a peak inside at the activity. On the other end of the spectrum in terms of strength of security is Open VPN protocol, an open source VPN project improved constantly by hundreds of developers. Next, users need to be wary of the encryption key used by the VPN provider. Some providers use encryption algorithms that are quite vulnerable to decoding. I was told to be on the look out for something called the AES algorithm with at least a 128-bit key. Lastly, a common concern I have seen researching VPNs is that some providers log their users’ web surfing information. An individual would be frustrated to learn that, in an effort to thwart his or her ISP from maintaining a log his or her web activity, he or she had handed that information over to a VPN service just as willing to do the logging. In the same vein, the VPN that logs a user’s information could have crappy security, thereby leaving that information vulnerable to breach.

Which VPN Provider Should I Choose?

I am sure there are other important specifications that I am neglecting (perhaps speed or price, perhaps some technicality that I do not yet know of). From my research, it seems that any VPN provider well-regarded enough to be recommended by top tech websites will match the above specifications. However, until I research further or get recommendations, it would appear that I am searching for an open-source VPN provider using an AES algorithm of at least 128 bits that does not log my information, and is reputable enough to assuage my fear of security breach. "IPVanish" is one such provider that meets those specifications, "ExpressVPN" another.

Next Problem: Watching/Viewing Privately

I understand that I cannot fix all of my security problems through use of a VPN. Given my limited time and know how, I will have to attack my privacy problem piecemeal. Another issue I have that needs fixing: I do all of my television and movie viewing through Netflix and Amazon Prime, and all of my music listening through Spotify and Pandora. Even if I mask my web surfing through use of a VPN, I am logged onto all of these media providers as Gregory Suhr. I will need to begin researching more private modes of internet entertainment.

Yes, this conclusion is correct. Learn how to store music and video in an own-cloud, with a personal server located in your home. FreedomBox can do all that and more for you.

You can achieve the results of the VPN more simply, and without having to rely on yet another service provider, though encrypted proxy browsing over the Columbia network. Look at Technical Exercise #2 on the front page of my other course to learn how.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r2 - 01 Apr 2018 - 16:12:11 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM