So what's this new IPBill I keep hearing about?
Recently passed as legislation by Parliament, the IPBill (amongst other things) requires your ISP to retain a log of all the websites and apps that your computer or mobile phone connects to. This data can then be viewed and accessed by the Police, Department of Health and any other Government agency that is given access without a court order. Equally, once stored it will be a magnet for hackers and some of the data will, at some point, be hacked into by a 3rd party and released publically.
Why is that a problem for me?
The list of every website that you visit is hugely personal information. Just think about those that you visited over the last week. It would almost certainly reveal who you bank with, where you get your main source of news, your political affiliation, which social media networks you use and how often, any health issues you might currently be concerned about, what schools your children attend, where you are thinking of going on holiday or what presents you are looking at for your loved one(s). For even the most innocent person, it is information that could be embarrassing if your work colleagues knew about it, but could be really valuable for anyone wanting to steal your identity.
It is even more of a potential problem for lawyers protecting client confidentiality to ensure a fair justice system, for journalists protecting sources and the knowledge of stories that they are currently investigating, to minorites who are being, or who could be targetted and harrassed by others.
So what can I do about it?
As far as the IPBill is concerned, to reduce the ability of your ISP to log the websites which you visit you can use Tor browser. When using Tor, the ISP will see that you are connecting to Tor but won't see which websites you are viewing through it. It provides a level of anonymity by routing the data through a number of different machines rather than by connecting directly to the website you're visiting.
Download and use Tor browser today
Download Tor Browser for Windows, Mac and Linux at https://www.torproject.org/.
For Android phones and tablets, use Orbot. Install it from Google Play: https://play.google.com/store/apps/details?id=org.torproject.android.
But hang on, I thought that website connections were secure - what's that padlock thing then and why doesn't that help?
The difference is between hiding the identity of the website to which you are connected, and hiding (encrypting) the information that you are exchanging with that website. In simple terms it is the difference between the ISP logging that you are connected to your bank's website, and which bank that is, and someone knowing what information you exchange with that site (i.e. your account number and password).
HTTPS (where your browser shows a padlock symbol in the corner) is where the data that you exchange with that site is encrypted between the two sites (so your ISP, or anyone else, can't read that data). Whilst this level of security is obviously important for online banking, making credit card payments etc. we believe that ALL websites should be encrypted so that people don't know if you are reading the cricket pages of the BBC, finding out the latest Strictly gossip, or looking at obscure news from a repressive regime somewhere in the world that you are about to travel to.
In order to force this where possible, you can download the HTTPS Everywhere Add-In for your chosen Internet Browser (Firefox, Chrome, or Opera) here: https://www.eff.org/https-everywhere
Stop Google tracking your searches
A traditional internet search engine such as Google utilises all the data that it has about you in order to present you with the most relevant results. This data will be a combination of your searches on Google, your calender items if you use Google Calendar, your YouTube viewing habits and even the contents of your e-mail (if you use Gmail). This means that Google has vast amounts of data on you, and can utilise that data.
In order to avoid this we recommend switching your search engine to DuckDuckGo, but ixquick and others have also caught on that we don't like being tracked.
Other ways to improve your online security
A tough one. There are secure messaging providers out there such as Signal or Wickr but unless the people you chat with also switch providers, you're not going to be doing much. If you can't convince everyone to swap over, simply don't share sensitive information over a messaging app - you'd be surprised at the amount of people who still drop their bank account information here.
What is it / Why do I need it / How do I put it in place.
On desktop computing, you can choose to encrypt anything you can compress. Keeping sensitive information in a compressed file is a quick solution but often when setting up your hard disk you have the option to encrypt the drive, depending on your operating system. Mobile phones are similar - you can choose you encrypt the content of your SD card in the settings for example. Take some time to get to know your system.
Let's not complicate matters by explaining the ins and outs of encryption. It will suffice to say as long as you encrypt, it's exceptionally unlikely someone will crack it. Instead the most likely way someone will get through your encryption is with a key logger - so just follow some good practice below:
- Don't open attachments from unfamiliar e-mail addresses
- Don't share your location with sites
- Don't link social media accounts to 3rd party websites or apps where possible
- Lock down your privacy settings on social media so you aren't openly posting your location, keep your GPS/data off when you're not using it
IPBill: Investigatory Powers Bill. Often referred to as the Snooper's Charter which has now been passed by Parliament and which puts onto a firm and legal setting all the survelliance that the Government can legitimately do.
ISP: Internet Service Provider. The company who provides an internet connection. (eg Talktalk, BT etc. for a Fixed Line connection; Vodafone or Giffgaff etc. for your mobile data connection.)
Tor: The Onion Router. A way of connecting to the internet which 'hides' the details of the websites that you are looking at.
HTTPS: HTTPSecure (HTTP is HyperTextTransferProtocol) - Basically a standard method of websites sending infomation in an encrypted (secure) manner.