Privacy milestone
Now it’s easier to keep internet searches secret
What if an ISP suffers a data breach? Will our browsing history be sold to the highest bidder on the Dark Web and all of our secrets used for ransom? Probably.
Right now, internet service providers around the world are keeping a record of every site you’ve ever visited, by default. Even when you’ve been browsing in incognito, or private, mode. That’s right. Your internet provider has a record of every time you’ve visited Facebook; every illegal torrent site you’ve been to; dumb questions you’ve asked Google; and all those other things you do online that you might be ashamed of.
And until a few years ago, before https (the little padlock symbol in your browser) became the norm, these internet service providers (ISPs) – and everyone else on the journey between you and your online activity, were able to see what you were up to.
Shocking, isn’t it? I’ll come to how and why the ISPs are doing this later. But for now, I want to make the following point really clear: the only easy way to keep your online activity truly private is to use a VPN – one with AES with 256-bit keys (military-grade) encryption. And more importantly, one that has a ‘‘no log’’ policy.
Even then, you’re trusting that the VPN isn’t lying to you. And over the past few years, several VPNs have been caught keeping logs, and in some cases, handing them over to governments when requested. Despite advertising otherwise. It’s a wildly unregulated industry.
Should you care that your ISP can see every website you visit? The answer is an emphatic ‘‘yes’’.
Why? Because I subscribe to Murphy’s law: ‘‘Anything that can go wrong will go wrong’’. And the thought of ISPs keeping a record of all the websites we’ve ever visited, fills me with dread.
What if an ISP suffers a data breach and these records are stolen? Will our browsing history be sold to the highest bidder on the Dark Web and all of our secrets used for ransom? Probably.
That’s just one possible, and fairly lightweight, scenario.
Needless to say, protecting your online activity is something you should start taking seriously. Which is why I was encouraged to read the news this week that Mozilla will begin updating its Firefox web browser to have encryption turned on by default.
And this, as far as I can tell, is the last piece of the privacy puzzle for the casual internet user.
DNS (domain name system) over HTTPS (DoH) means that your DNS look-up, the action of transforming a written URL into an IP address, will be encrypted.
Using a browser with DoH means that all those snooping eyes that have been keeping track of where you go on the internet will be redundant.
The move from Mozilla will, no doubt, add fuel to the debate on national security versus encryption-by-default. Governments and national security agencies want visibility over what people are looking at online, for obvious reasons.
The price that we, the average law-abiding citizens, have had to pay for this has been collectively giving up our right to online privacy too.
Which is ridiculous. Not least because any bad guy worth his or her salt will already be paying a few dollars a month for a good VPN that doesn’t log its users’ online activities. And this makes the whole national security argument trivial.
I, for one, welcome Mozilla’s move. We just need Apple (Safari) and Google (Chrome) to follow suit.