Protect Yourself From Your ISP

Ryan Daulton
Red Shepard Blog
Published in
9 min readMar 30, 2017
Image Source: Hacker News

“A computer lets you make more mistakes faster than any other invention…” — Mitch Ratcliffe

In loom of Congress’ decision to overturn internet privacy regulations with a CRA Resolution, it goes without saying that your online rights are of no concern to the U.S. Government. Our politicians continue to line their pockets with lobbyist money from Internet Service Providers like Comcast, Verizon, and Time Warner — all at the expense of your personal data and privacy.

What is this new resolution, anyways?

In an effort to save some time, I’ll paraphrase much of this from Quincy Larson’s article about the issue. Please check it out for more info, it deserves a read and I cannot take credit for most of this information since he wrote it first…

The Congressional Review Act (CRA) — passed in 1996 — allows Congress to overrule regulations created by government agencies. In this case, they have overturned a regulation implemented by the F.C.C. One that protected your privacy.

You used to be “somewhat protected” by the F.C.C. Your data was safe unless you gave a company (like Google or Facebook) permission to use it and log it. But this resolution allows Internet Service Providers (ISPs) to sell your entire web browsing history to literally anyone without your permission. The only rules that prevented this are the ones that were just repealed.

What will happen to your data?

It’s for sale. To anyone. In fact, it will be available to any corporation or foreign government who wants to see it. Ever thought about getting a job in 5 years? Your future employer will be able to buy it too.

You might be wondering: who benefits from this new ruling? Other than those four monopoly ISPs that control America’s internet?

Literally no one. No one else benefits in any way. Our privacy has been diminished so a few mega-corporations can make more money than they already do.

In other words, these politicians — who have received millions of dollars in campaign contributions from the ISPs for decades — have sold us out.

Have you ever looked at anything online that you wouldn’t want anyone to know about? It’s now for sale. ISPs can now:

  • Sell your browsing history to basically any corporation or government that wants to buy it
  • Hijack your searches and share them with third parties
  • Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
  • Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
  • Pre-install software on phones that will monitor all traffic before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

How you should protect yourself:

If you have not already, now is the time to begin implementing your own protection so that corporations and third parties cannot grab your data, your passwords, your history, your habits, and more — all from your online activity.

Below you will find some tips, tricks and resources for protecting yourself online — not only from ISPs, but from prying eyes in general. You’d be amazed at how easy it is to access someones information.

Cover your webcam

“I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera.” — James Comey, Director of the FBI

And if Mark Zuckerberg covers his webcam, so should you.

Protect your passwords

Passwords are incredibly insecure. Even Snowden says so.

Speaking of Mark Zuckerberg, last year he used the password “dadada” on his LinkedIn account. When hackers released 117 million email & password combinations, his was among them. They were then able to use his email and password to gain access to his Twitter and Pinterest accounts.

Bottom line: don’t use the same password in more than one place. Use a password manager to keep all your account passwords secure and different. For example, Master Password or 1Password.

Use Two-Factor Authentication

In any place possible, you should be using two-factor.

Two-factor authentication is a second layer of security when sign in to services like Google, Facebook, or your bank. It usually involves receiving a text message or email with a code to sign in to your account.

The is arguably the easiest and more effective thing you could do to prevent being hacked.

If you use Gmail, you should activate two-factor auth here.

Annoying, but seriously necessary. Seriously.

Encrypt Your Searches

DuckDuckGo Logo

Search service DuckDuckGo does not track you or your information, unlike Google who uses your information to sell you ads and learn about you (and now your ISPs will too). I encourage you to begin using DuckDuckGo, but for those who have a habit of using the address bar for automatically searching Google, I have a solution for you.

You can re-configure Google Chrome so that your searches are routed through DuckDuckGo and therefore encrypted.

1)Enter Chrome’s Settings

2)Find the ‘Search’ section, and select Manage search engines…

3)Scroll to the bottom to add a new search engine, and add the following:

The important piece is the url. Make sure it matches:

https://duckduckgo.com?q=%s!google

There. Now your search queries in the address bar will all be re-routed and encrypted. Test it by typing in a search to your address bar, and look for the ‘encrypted.google’ in the start of the endpoint.

a search for “puppies”

Use AdBlock

Although using an ad blocker, like AdBlock, doesn’t do much for your actual online security, it stops your browser from serving you ads. If you couple this with the next step, “Cut Off Trackers”, you’ll begin to fully rob ad agencies and your ISP of the valuable monies that they so greedily thrive.

Cut Off ‘Trackers’

Believe it or not, even when you are not currently visiting some websites, you are still being monitored by them. Ever heard of these things called “cookies”?

In the today’s Internet, embedded images and code often use cookies and other methods to track your browsing habits — often to display advertisements. These are often called ‘third party trackers’.

There are many tools to prevent this. Privacy Badger is one of the better ones.

Ensure HTTPs

HTTPS works by encrypting traffic between destination websites and your device by using the secure TLS protocol.

The problem is that, as of 2017, only about 10% of websites have enabled HTTPS, and even many of those websites haven’t properly configured their systems to disallow insecure, non-HTTPS traffic.

This is where the HTTPS Everywhere extension comes in handy. It will make these websites default to HTTPS, and will alert you if you try and access a site that isn’t HTTPS. It’s free and you can install it here.

One thing we know for sure — thanks to the recent WikiLeaks release of the CIA’s hacking arsenal — is that encryption still works. As long as you’re using secure forms of encryption that haven’t yet been cracked — and as far as we know, HTTPS’s TLS encryption hasn’t been — your data will remain private.

Use a VPN

But even with HTTPS enabled, ISPs will still know what websites you’re visiting, even if they don’t know what you’re doing there.

And just knowing where you’re going — the “metadata” of your web activity — gives ISPs a lot of information they can sell.

For example, someone visiting Cars.com may be in the market for a new car, and someone visiting BabyCenter.com may be pregnant. This is information that your ISP can profit from.

VPN stands for Virtual Private Network. Think of it like this: your car is speeding down the road and a police officer pulls it to the side, only to find out there is no driver behind the wheel, and the plates don’t match any single individual. The officer can tell what highway your car was on, where it was headed, and how fast it was going. But the driver is nowhere to be found. Identity unknown.

This is the idea behind a VPN — your web traffic will be encrypted and re-routed so as not to be pinned back onto you. Often through servers in other countries.

An example of a VPN route

A simple search will yield you thousands of results for VPN providers, but be sure to do your research before deciding on one. Some well known and industry tested services include Mullvad, Nord, IVPN, and PIA.

At the very least, VPN your browser traffic with some sort of chrome extension.

Use a Better Browser

Needless to say, “Incognito Mode” or Firefox’s “Private Browsing”, cannot stop third parties from viewing your traffic and data. And companies like Google use their browsers (Chrome) to log billions of data points about you, even if you use all the tools above.

Consider changing your browser to a safer, more private and ethical alternative:

If you want reasonably private browsing (no system can ever be 100% secure), you should use Tor.

Protecting Your Smartphone

Turn on your phone’s password protection

Today’s devices often have touch identification, using your fingerprint. Works pretty well, but it’s often not enough. For example, a court can force you to unlock your phone with your thumbprint.

I recommend a passcode, longer than 4 digits if you can help it.

However, if you feel comfortable just using thumbprint identification, remember this: if you are ever arrested or asked to provide your device as evidence to a case, immediately power off your phone. When authorities turn your phone back on, they won’t be able to unlock it without your backup passcode first.

You might say “Well, I’ve got nothing to hide on my phone”, or “Sure, if my phone can provide extra evidence, why not?”…

Authorities will comb every file on your device for anything that advances their case. And if being investigated at a federal level, they’ll make copies of those files. All of them — texts, photos, past locations, contacts, browser caches, and everything else they can get.

Stop Using Google

When it comes to mobile, Google is the behemoth of data mining. They know everything about you — all because you gave it to them.

Using Google search on your mobile not only exposes your location, but it also exposes arguably your most sensitive data: the data stored on your smartphones; the gateway to your personal life.

If you would like to continue using search engines on your device, begin by switching to a search service like DuckDuckGo for mobile. Additionally, do not use Chrome or Safari. Just as previously mentioned, start using mobile browsers like Brave, or Tor.

Use a Mobile VPN

As discussed previously, VPNs can be used on your device as well — where they are perhaps more necessary. SurfEasy for example, or NordVPN for a paid service. Remember with VPNs: do your research. You usually get what you pay for.

Final Thoughts

“Arguing that you don’t care about the right to privacy because you have ‘nothing to hide’ is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden

I urge you to begin adopting as many of these protections as you can. In addition, check out some of these articles on setting up a VPN and encrypting your life. Privacy is more work than you might be used to when it comes to your device utilization, but I can promise you it will be worth it. This CRA resolution is a very very slippery slope, no doubt leading to more repeals of net neutrality and further invading your privacy. It is imperative to begin protecting yourself.

Best of Luck.

--

--