Who can see what you are doing on the internet right now?

Yesterday’s cryptoparty was fascinating in so many ways. A two hour-ish session took us through online privacy issues, behaviours and tools.

Particularly useful was an interactive diagram from the Electronic Frontier Foundation, which campaigns for internet freedom, showing who can see what you are doing with your web browser – from a hacker sitting in the same coffee shop, to your ISP, the hosts of the website you are using and government agencies tapping into the internet backbone (as the NSA and GCHQ in the UK have been doing) or contacting the ISP or website for their records. 

Click on the image below to try it for yourself.

ZZ55706B45

 

I knew some of this previously, but this diagram is really helpful in clarifying the situation. You can see who see how of your online activity is blocked by using a secure plug in (the HTTPS Everywhere extension for Chrome and Firefox browsers will do this) or a super-secure browser like TOR (which encrypts and hides users’ location, identity and web use). Fro the most part, the former blocks people seeing who you are and your data, the latter almost everything except your location and the fact that you are using TOR.

On the last point, using TOR presents what my colleague Jason Ryan calls “the cryptographer’s dilemma”. While it means you have a huge amount of privacy online, it also holds up a metaphorical sign saying “I am doing secret things! Over here, mass surveillance agency – me! Me!”.

Recommendations for using TOR for people like activists or journalists who need to keep their online activity away from prying eyes include:

  • Don’t use it too often
  • Don’t use it at home
  • Don’t upload files on it
  • Don’t log in to your email

There are more in an exhaustive – and, frankly, exhausting – list called Want TOR to really work?.

Online privacy and mass surveillance are very complex issues, as are the solutions. I’m very grateful to Chris Pinchen and his cryptoparty friends for helping me to begin to think these issues and ideas through.

  • Scott Lawson

    I know someone who was using Tor and freaked out when he saw that someone from Russia was accessing his Gmail, then realised it was him ;) The problem with https is we don’t know if NSA/GCHQ have backdoor access. The US Government may even have backdoor access to Tor, given they did invent it after all. This is quite interesting, although who knows what spying Germany/France are doing, they just haven’t been caught yet http://www.bbc.co.uk/news/world-europe-26210053. Although Germans are extremely sensitive about spying, given their past, and the USSRs habit of spying on everyone and everything.

  • amayfield

    Thanks, Scott. FWIW, the view of the Cryptoparty hosts was that if the NSA/serious law enforcement want to take a look at your computer / comms, you are pretty powerless.