Safe surfing on the Web – what you should keep in mind

Thoughts about security on the net are now commonplace: data theft, espionage, cyber criminality... We'll show you how to navigate the net safely without expert knowledge.


Experience has shown that Germans worry a lot about their security: they don't want to access online banking through their mobile phones, they prefer to pay in cash and are particularly critical of video surveillance. But especially when it comes to surfing the Internet, most people have almost no idea how much of their data is being collected and what they reveal.

 

"Because you looked at... you might also be interested in..."

According to an online study conducted by ARD and ZDF in 2017, approximately 62 million people in Germany now use the Internet, equaling to 89% of the population. This means that almost every citizen surfs the Internet regularly, but very few of them know what they reveal about themselves when they visit a website. Even users who are familiar with the topic are increasingly overwhelmed, because both the monitoring methods and the possibilities for protection are becoming more and more sophisticated.

First of all, the question arises why users are tracked on the Internet at all. This is due to the fact that browser providers want to collect more and more data from you in order to be able to create user profiles that are as concrete as possible. A good example of this is Amazon. The company lives from evaluating what interests the user. This helps Amazon to create the "Recommendations for you" or "Similar products" categories. And let's be honest: the products offered usually fit like a glove. But how do companies do it?

What do I reveal when I visit a website?

When surfing the Internet, a user is automatically assigned an IP address that identifies them. This means that every time you become active during an Internet session, whether you visit a website, download a file or stream movies and music, the IP address is invisibly sent to the computer or server you are communicating with. Together with the connection or inventory data stored by the service provider for ten weeks, the investigating authorities can accurately identify each user. This concerns information about the beginning and the end of the connection with date and time, but also the name, address, billing address and further contact data. The servers accessed during a session also automatically create logs that can be used to identify the user. Likewise, the Internet browser used reveals a lot about the identity. This is due to the many setting options and additional programs, where hardly any combination is the same as the others.

Percentage of all loaded sites which have been tracked by the following enterprises

Based on the analysis of 144 million sites that have been loaded by 850.000 Ghostery users (in more than 20 countries)

Quelle: Statista

Who gets my data and what effects can this have?

In addition to investigating authorities, who can easily query the stored data from the service provider, secret services are particularly interested in such data. But private third parties, such as companies from the film and music industry, can also access this data via detours. For this, only criminal charges against unknown persons must be filed (e.g. in the case of illegal file sharing or streaming). Investigators then determine the provider's identity and the companies only have to ask for access to files in order to access the corresponding data. Even corporations, such as Amazon mentioned above as an example, have great interest in obtaining data to help them create their user profiles. In addition to simple consequences, such as displaying user-centric advertising, this data disclosure can also have more serious consequences. For example, if insurance companies learn sensitive information about a user, such as references to his hobbies like bungee jumping or cave diving, the monthly fee could be increased for these people. If the personal data falls into the wrong hands, individuals could be blackmailed, for example, for possible illnesses or sexual preferences. Such data are particularly sensitive in authoritarian regimes, which they can misuse for their political purposes.

Simple prevention measures

There are very simple ways to provide more security that can be implemented without much effort. In general you should take care to surf only on pages with a secure https encryption. Cookies are also a big topic: On almost every website you are asked whether you agree to the use of cookies or not. If you agree to the cookies, your personal data will be stored and, for example, evaluated by online shops. This allows a fairly accurate motion profile to be created of the user. However, accepting cookies can be useful on pages that are used regularly: To avoid having to login again or repeatedly having to fill forms. Tracking goes one step further: here data kraken, such as Google, not only track every input and every click - they also track page views outside their own services.

How can I protect my data?

In addition to these simple possibilities, further measures can be taken to conceal one's identity on the Internet. There are many services that advertise with anonymity on the web. However, these usually only protect on a superficial level. Only cookies and tracking services are blocked here, so that the browser cannot create a browsing history. However, the IP address is not obfuscated. The approximate location and browser information can still be transferred to the website. Even the incognito mode of the browser only helps superficially. Here only the browsing history is not created on the computer, but the IP address and other data are transferred anyway.

Proxy server and VPN services

Both proxy servers and VPN services act as an exchange between the computer and the web server. They each establish a connection via an anonymous IP address. While connections to proxies are only limited to certain protocols (such as the use of the browser) and the data is not fully encrypted or secured here, VPN services go one step further: they allow the IP address to be masked by switching a computer between your own computer and the website. The website is then accessed via the IP of the VPN service. This is useful, for example, for watching Netflix or Amazon Prime Video on holiday, but be careful here too. When using such services, you should make sure that the provider is trustworthy and that the data is not passed on to third parties. Under certain circumstances, dubious providers may sell the data on directly or cooperate with authorities.

Tor browser

Number of German tor network users

Quelle: Statista

If you don't want to rely on such providers, you should surf through the Tor network. This is not as complicated as many people think and is completely legal. You can simply download the Tor browser and use it in a similar way to normal browsers. The difference: the Tor browser encrypts the data and switches several computers in a row, so that each computer is only given a part of the request. In addition, the intermediate computers are changed every 10 minutes. However, for complete anonymity, there are a few things you should keep in mind when using Tor:

  • Do not maximize the browser window to full screen, otherwise installed fonts, the browser type and window size may reveal details about your identity.
  • Don't log in with your Google or Facebook account - even if you use a fake account. Otherwise the service could simply link the surfing behavior with the IP address and the browser data with which one is normally logged in, and thus draw conclusions about the aproximate location and identity.
  • Surf the Tor browser only on https-encrypted pages, otherwise the last link in the Tor network chain could read your traffic.
  • Do not download PDF, Word or other documents from websites. The download is often done outside the Tor browser using the program in question, which could reveal the actual IP address.

In addition to these limitations, you also need to know that the Tor browser is slowing down your browsing speed. Due to the many detours that a request must take, surfing is noticeably slowed down. Some websites block access from servers in the Tor network - for example, you cannot make edits on Wikipedia.

A last remnant of uncertainty remains

Even the use of a Tor browser does not protect against all dangers. If, for example, a State Trojan has been introduced to a computer via a file in an e-mail attachment, it will access the data before it is transmitted in encrypted form. Even Tor can't change that.

It's not that hard to cover up your traces on the Internet a little bit. But everyone has to decide for themselves how much they want to reveal. However, one should also be aware of the fact that fast and stable VPN services, for example, cost money. Tor networks also have disadvantages: they are often used for criminal purposes. And if an attacker succeeds in latching into the network as a trusted Tor server, he will be able to tap into all the data running through him as an exit node. Before you decide on a solution, you should weigh up all the advantages and disadvantages.