Step 4: So, What Can We Do?

/in /by
Data protection & Privacy Maintaining Privacy While Browsing the Web Step 4: So, What Can We Do?

Because of the way web browsers are designed to work with website code to improve user experience, it is surprisingly difficult to protect our privacy. The diversity of this data we’ve mentioned, and the diversity of techniques that can be used to capture it, calls for a diversity of mitigation tactics. There are a variety of fixes for each kind of vulnerability.

Trainer’s Note
The number of countries where the use of encryption is illegal has decreased, but legal concerns are still very real for some participants. Before a training, review the laws of where your participants live and work, as well as the laws of where you’re conducting the training, to confirm that the use of technologies highlighted in this section and in Deepening sessions, including the Tor Browser Bundle, is allowed.

Tor browser bundle
Because browser fingerprinting is made easier by customizations to browser settings, the simplest solution is to use Tor Browser without additional plugins and using default configurations.
At this point, you may wish to demonstrate the benefit of using the Tor Browser Bundle.
Open the Tor Browser Bundle and re-visit Panopticlick and What Is My IP to illustrate that the browser is no longer leaking information.
This can also serve as a segue into the Deepening session for the Tor Browser Bundle.
If using the Tor Browser, don’t use other plugins or change the default settings to prevent unique browser fingerprinting!

HTTPS Everywhere
HTTPS (Secure Hyper Text Transfer Protocol) ensures that a connection between a user and a website is authenticated and confidential. It uses a strong encryption system called SSL (Secure Sockets Layer) to create a special encoded connection between a computer and the web server, into which nobody can see.
•It may also be worth noting here to participants that HTTPS only encrypts the channel through which data is traveling – not the data itself.
Some websites always provide a protected SSL (HTTPS) connection; for instance, Google services offer session-wide (from log-in to log-out) HTTPS. However, some websites will have a SSL connection available but won’t force users to connect through it – it may very well not even be obvious that it’s there.
•To demonstrate, visit a website that provides both an HTTP and HTTPS connection, but does not force that HTTPS protected connection. An illustrative and relatively recognizable example is Microsoft.com.
This can also serve as a segue into the Deepening session for HTTPS Everywhere.

Previous Topic
Back to Lesson
Next Topic