Browsing the Internet: good-bye anonymity!
Do you consider browsing the Internet to be your private business? When visiting random web-sites, how far do you assume you are anonymous? Would it matter to you that Google or Facebook can profile your browsing behaviour in order to better target you with advertisements? Did you notice that you already get targeted ads when you are logged on to Google or Facebook even if you are visiting completely different websites? If matters to you, note that browsing anonymously on the Internet is far from easy.
When you are connected to the Internet, you give away a variety of information: your PC’s IP address, some browser settings like language or screen size, and, probably, your login information. So how private is private?
You might argue that your current IP address has been picked from a pool of addresses and therefore regularly changes, so it does not necessarily always pinpoint you. On the other hand, with the dawn of IPv6 there is no need any more for shared IP addresses as the pool of IPv6 addresses is considered non-exhaustive. With IPv6, you might get a permanent IP address assigned. Privacy... game over. The best chance regarding this will be legislation. Already today, IP addresses are considered to be personally identifiable information (PII) in some European countries, which means that storing IP addresses for profiling purposes is illegal. However, to be sure, your best option is to use so-called “anonymisation services”, but this depends how much you trust them!
Then there is the too talkative browser. Depending on which browser you use, it already exposes lots of information: the local language, time zone, screen size, installed plugins, available system fonts, etc. As these settings can vary a lot, it means that the probability of you and I having exactly the same settings is very low. Ergo, this information can be used to pinpoint your browser and uniquely identify you when browsing the web… If you don’t believe it, check out Panopticlick and note that some browser plug-ins like “Stealther”, or security settings like “In Private” browsing might change the odds in your favour.
Finally, your login. If you are logged in with your Google or Facebook account, they can profile your activity even outside their domains. This is mainly due to the wide usage of Google Ads/Analytics and Facebook’s “Like”-button: the embedded code directly feeds back into your Google and Facebook profile… For a bit more privacy here, log out whenever you don’t need to be logged in, and consider installing something like the “Ghostery” plug-in in your browser.
So what else can you do? Not much, as I am not suggesting that you change your browsing habits. There is no silver bullet. I just wanted to take away the illusion that you browse the Internet anonymously. You don’t and you hardly can.
For further information, please check our web site or contact us at Computer.Security@cern.ch.