An interesting perspective on Internet privacy techniques can be found here.
PGP (Message Encryption)
Enigmail with Thunderbird
By far the easiest method for encrypting email is using the Enigmail add-on for the Thunderbird email client. It creates PGP key pairs, stores and retrieves keys from keyrings, and encrypts and decrypts messages automatically.
- Menu -> Applications -> Accessories --> Passwords and Encryption Keys
Web tracking, scripts, and advertisements are extremely intrusive on the Internet. A dossier of your online habits is created by a multitude of services, including every major portal such as Google and Yahoo, as well as a variety of tracking services on the Internet. This is accomplished through the use of the "cookies" in your browser and by a variety of web elements (sometimes called "web beacons") embedded on the web pages you visit. Your behavior is monitored and correlated by recording the IP address of your computer, even when you turn off the cookies in your browser. Still, it is highly recommended to configure your web browser to erase your cookies and history every time the web browser is closed; otherwise, every website you subsequently visit can instantly see the long list of recent websites you have visited. In Firefox, for example, cookies can be accepted for the current session but erased upon closing:
- Firefox -> Edit -> Preferences -> Privacy -> History -> Firefox will: Use custom settings for history
- -> Always use private browsing mode (or customise the settings to your desired level of privacy)
- In addition, both Adblock Plus and NoScript are highly recommended as plug-ins for Firefox (and other Gecko-based browsers) to limit exposure to undesirable web elements, scripts, and tracking mechanisms.
Tor (Network Privacy)
Tor is a project to allow privacy while using the Internet and to limit usage tracking. It routes your traffic through several anonymous nodes, so that your usage appears to come from an IP other than your own. (There are always risks when using the Internet that even Tor can not help with, though. Read this.) Using Tor can slow down your Internet usage significantly, depending on how much traffic is being passed through the Tor network (routine file-sharing or large downloads will also significantly reduce performance of the Tor network.)
- Install the Privoxy http proxy:
sudo apt-get install privoxy
- Install Tor by following the instructions here. Note that the instructions require port 11371 on your firewall to be open to use the gpg keyserver (and download the key for the debian package). Then see the Tor installation guide for details.
- For more installation tips, see this page.
Vidalia (Tor interface)
Vidalia is the recommended Qt4-based GUI frontend for Tor. If not installed with Tor, install:
sudo apt-get install vidalia
Torbutton (Firefox plug-in)
Once Tor is installed and running properly, Torbutton allows you to choose whether to use Firefox through the Tor anonymizing network or not.
- Install the .xpi extension directly from the website.
- Torbutton intereres with several functions of Firefox, most notably the "Drag and Drop" bookmark and menu sorting functions. Disable the plugin while attempting any Drag and Drop functions, then re-enable it afterwards.
DNS Servers and Search engines
- Most users rely on the DNS server of their ISP (Internet Service Provider). DNS queries can be recorded, however, and theoretically correlated by an ISP to the data traffic to/from a user's IP address serviced by that ISP. A somewhat less trackable solution is to use a DNS service that does not belong to your ISP. This can belong to any another commercial ISP or to a third party service such as OpenDNS, Comodo, ScrubIT, Google (though slightly less secure due to Google's own tracking mechanisms), another free DNS service, or (for maximum security) a publicly-available international DNS server. For example, a Verizon customer could use the AT&T DNS servers or the OpenDNS servers. An AT&T customer could use one of the Verizon servers or the Google servers. It is important to use a reliable DNS provider, however, as man-in-the-middle DNS redirection and DNS cache poisoning attacks are increasingly common. Stick to one of the major DNS services (just not your own ISP's DNS service).
The DNS server setting can be changed in the router's settings (recommended) or individually for each computer. If changing on an individual computer, use the Network Manager or Wicd settings, or edit /etc/resolv.conf manually and change the nameservers to the addresses you desire to use:
sudo gedit /etc/resolv.conf
- Many search engines track your search requests (notably Google, Bing, and Yahoo) and keep logs of the searches they receive from your IP address. DuckDuckGo.com is a filtered search engine that has made its reputation not only by promising not to track searches, but also by providing a secure (encrypted), Tor-capable and anonymized search portal. Point your browser to https://duckduckgo.com. It can be used with your Torbutton turned on.
- Many censorship/filtering/tracking techniques (that use deep packet inspection) cannot be used with secure (SSL/TLS encrypted) websites (denoted by https:// ). Use them whenever possible. For example, use the secure Wikimedia portal for Wikipedia (and other Wikimedia services) instead of the insecure portal(s).
- Many websites keep logs of referring http headers (which can be correlated with cookies to track your browsing activities). To turn off the passage of referral headers in Firefox, see this info.
- Certificate authorities charge a fee to store and verify certificates. However, many websites use self-signed certificates that are not registered with any certifying authority. A free system of certificate "network notaries" has emerged called Perspectives. A certificate's validity (even if self-signed) can be checked using a Firefox plugin. For more info see this article.
- CAcert.org is a free certifying authority that maintains weak certificates that are recognized by many open source operating systems, but not by Firefox or most browsers. (For browsers that do not include CAcert.org recognition, certificates appear to be self-signed certificates.) While Debian incorporates CACert.org's root certificate by default, Ubuntu derivatives do not (Canonical was originally founded with funds earned from Thawte, a certifying authority founded by Mark Shuttleworth.)