Tech
VPN providers don’t protect your privacy online. Here’s what can. | TechCrunch
If you’ve heard that a VPN provider can help protect your privacy and security online, don’t believe the hype. The truth is that most people don’t actually need a VPN.
By funneling all of your internet traffic through their own servers, VPN providers expose their customers to the very privacy risks they claim to help defend against, including having their internet browsing records stolen by cybercriminals or obtained by legal order.
That’s why if you think you need a VPN, we’ll show you how to set up your own private and encrypted VPN server.
If you’re in the majority who don’t need to use a VPN, there are still easy and effective ways to reduce the trail of data that you leave behind as you browse the web. Some of these ways include the use of simple tools in your browser that can automatically prevent online trackers from collecting information about you to begin with, and encrypting your web browsing traffic that makes it more difficult for anyone to snoop on the sites and services you access.
There are no one-size-fits-all solutions or a panacea for absolute privacy. Instead, all of these simple steps can provide additional and meaningful privacy as you use the web, and we’ll explain how.
Install and use an ad-blocker
Love them or hate them, ad blockers are an important security and privacy defense for any online user. Even the FBI suggests using an ad blocker, given the rise of malicious ads used for scams, fraud, and the delivery of malware and spyware.
Ad blockers are web browser extensions that automatically prevent ads from loading on websites and in search results. The obvious upside is that your visual browsing experience will improve, but ad blockers also stop your browser loading the underlying tracking code that ads rely on to collect information about you. By blocking the code, ad companies can’t track the websites you visit as you browse the web, which makes it more difficult for the ad and tech companies to infer your tastes and interests and otherwise monetize your browsing data. (Of course, you can always temporarily switch off your ad blocker on any website.)
Using an ad blocker is one of the most effective ways of preventing the majority of online tracking by making it much more difficult for advertising and tech giants to know which websites you visit as you browse the web.
One of the best low-memory ad blockers for web browsers is uBlock Origin, which works in most modern browsers, and its code is open source (allowing anyone to look at the source code to make sure it’s safe to use). AdGuard also has an open source ad blocker for a variety of devices and platforms. Remember to always download from trusted and verified sources, like their official pages, before installing.
Once you’re set up with an ad blocker, the online rights group Electronic Frontier Foundation has a tool called Cover Your Tracks that lets you stress-test your browser’s anti-tracking defenses and tells you what you can do to help improve them. This other online open source tool is an easy way to quickly test your ad blocker on any device.
Use an encrypted DNS provider
Almost every website on the internet today can be delivered to your browser over an encrypted connection (known as HTTPS), which prevents anybody else on the internet from seeing what loads on your screen or tampering with it before it gets there.
But because of the way that the internet inherently functions and routes your information around the world (through a public and global system called DNS), you can still leave behind a record of the specific website you visited because DNS traffic has historically largely been unencrypted.
For most, your unencrypted DNS traffic — which can reveal which websites you’re visiting and the apps you’re using — typically routes through your internet provider, which, like advertisers and tech giants, can monetize and sell that data or make your information available to requesting legal authorities.
Switching to an encrypted DNS service is fairly quick and simple, and it can have immediate effect.
Some browsers (like Chrome and Firefox) began encrypting DNS traffic by default back in 2020, and have long included options to use an encrypted DNS provider, such as Cloudflare and NextDNS, to handle DNS traffic instead of your local internet provider.
You should be aware of how long the provider retains your information; some of the large DNS providers provide reasonable security and privacy assurances. Also, if your DNS provider briefly goes down, your internet activity will suffer until the problem resolves or you switch your DNS provider. This is also why picking a reputable DNS provider can be helpful.
You can go beyond just your browser’s settings by changing your DNS in the settings for your device, so that all of the DNS traffic on your device gets encrypted. If you want all the devices on your home network to take advantage of encrypted DNS, you can opt to change the DNS settings on your network router, too.
A multi-hop service, like Apple Private Relay, can have privacy benefits
A core problem with VPNs is that you have to trust a single provider that it won’t sell or snoop on your data, or provide it to someone who will. Since 2021, Apple has allowed its paying customers to stay more private online through its “multi-hop” service called iCloud Private Relay, which sends a user’s encrypted internet traffic through two separate internet relays (or “hops”), including one that isn’t run by Apple.
Because iCloud Private Relay uses two separate internet relays to route a user’s traffic, this prevents either of the internet relays, including Apple, from being able to see or analyze your internet traffic. That also means that requesting law enforcement authorities cannot get your information from a single internet relay; they instead have to demand the data from both relays. Apple’s partners, like Cloudflare, help to provide the multi-hop relay service.
iCloud Private Relay helps to protect both web and app traffic on your Apple device, and is available for Apple customers who pay for Apple’s premium iCloud+ service. iCloud Private Relay isn’t available in all regions, such as countries like China and Russia, where internet freedoms are considerably limited.
While services like iCloud Private Relay offer some privacy benefits, beware of non-reputable providers that purport to offer multi-hop services or make other claims that cannot be independently verified.
Tor is the gold standard for online anonymity
Wherever you are in the world, using Tor is one of the universally best tools for allowing users to browse the web freely while bypassing censorship and avoiding surveillance.
For some people, Tor is synonymous with the “dark web,” which some automatically (and wrongly) conflate with criminality. In reality, Tor is a privacy tool used every day by journalists, researchers, activists, and anyone else who wants to browse the web with a high degree of privacy and anonymity.
You might want to browse the web anonymously for any reason, but this can include searching the web without wanting the search engine (or anyone else) connecting you to those search results, or simply accessing a news website or resource that might be banned by a government or regional authority.
Instead of relaying your data through a single virtual tunnel (like a VPN) or through two separate relays (like a multi-hop service), Tor works by encrypting and routing its users’ internet traffic multiple times through thousands of servers set up around the world. This way, the user’s internet traffic is shielded from everyone else on the network as well as the regular internet. As such, using Tor is often slower than the regular internet and is not designed to be used for accessing high-bandwidth services, like music or video streaming.
Most people use Tor by downloading and running the Tor Browser, a custom-made version of Firefox, in which anything that happens in that browser window privately routes over the Tor network. Other implementations of Tor are available, including mobile apps.