August 6, 2011

Protecting My Internet Privacy

I am about to geek out. You have been warned.

 

geek_out


A co-worker of mine clued me in to this house bill that just came out of a committee recently.  Here is a blurb from the news story about it:

A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored…. To make it politically difficult to oppose, proponents of the data retention requirements dubbed the bill the Protecting Children From Internet Pornographers Act of 2011, even though the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well.

You can help fight the bill by letting your congressman know you oppose it.  An easy way to do so would be to use the form on the Electronic Frontier Foundation’s website.

 

Now, the mere insinuation of that level of data being kept about me got me into a bit of a sour mood.  Sure, it will probably (if it passes) be put to some good use.  But even if I totally trusted the government not to misuse this data, I certainly don’t trust that some random hacker won’t come along and pilfer it from my ISP and put it to some nefarious use.  So I decided to do something about it.

 

What’s Happening and Why You Probably Don’t Like It

In layman's terms (that means my geek friends can’t critique me for over-simplifying this), your ISP provides you with your all of your internet services, like web-surfing.  When you go to a website, your computer asks your ISP “Please take me to this website” and your ISP goes and finds that website and delivers it to you.  Your ISP could potentially keep a history of everything you ask it for…  every site you visit, and everything you type or click while on that site.  What it can’t keep a history of is encrypted traffic.  So once you go to your bank’s website, for example, you’re computer and the bank create a secure, encrypted link, and the ISP can no longer “see” what you’re sending and receiving.  It does still know how much you are sending where, and that’s still a lot of information.  What this bill would do is force the ISP to store all the data; the easily-readable unencrypted data (the majority of your browsing) and whatever information they have on your encrypted communications, as well. 

 

What I Did About It

I’m cheating.  The bill only applies to ISPs (Internet Service Providers).  So if there is a way to have someone else fetch and return your traffic for you, and deliver it in a secure, encrypted channel, then all your ISP will see is the link between you and this mysterious 3rd party.  So I created a 3rd party.   Amazon has this group of services called Amazon Web Services (AWS).

 

Amazon Web Services

 

If you have heard the phrase “in the cloud” from someone in reference to the internet, then this is sort of what they were talking about.  Simply put, Amazon has a crap-ton of computational power and storage capacity, and they’ve made it available to the masses to do things with.  The user doesn’t really know where these things are being done.  It doesn’t really matter.  All that matters is they are being done somewhere and that the user gets the results.  Hence; cloud.   I made this…umm… helpful picture to demonstrate.

 

the_cloud

 

Amazon charges per-hour to use their cloud resources to do these things.  But their entry-level stuff is free for a year; and even after that, it’s pretty inexpensive. 

 

I created a Ubuntu EC2 instance and set it up as a proxy using a public-key encryption to authenticate me and my VPN sessions. 

 

The simplest way to explain that is to say that I now have my very own computer running at Amazon somewhere, and I have an encrypted tunnel to it from my computer.  Now, when I ask to go to a website, my computer tunnels that encrypted request through my ISP and asks my computer in the cloud to go find it for me.  It uses Amazon’s resources to find the website and deliver it back through my encrypted tunnel.  Here’s the catch… Amazon is not an ISP.  So they don’t have to keep logs. 

 

For the down and dirty on how I did this, I cannot overstate how awesome this guide is.  It’s written for mac-users, and I use windows, so I had to download OpenVPN to use instead of Tunnelblick.  I added it to my startup folder so that it starts when I log in.

 

I hope this explanation-sans-guide is helpful.  Protect your privacy!

 

Powered by Blogger.