It’s all well and good to take precautions when browsing, e-mailing, or using a social network. But if you’re doing all that over an insecure network, your privacy could still be at risk.
The risk: Any time you use a public network (especially at technical conferences or on college campuses), someone else could be listening in. Sniffing still happens. And there’s a variation on it, side-jacking, whereby an attacker snoops on your traffic to certain sites (such as Twitter or Facebook), hijacks your credentials, then uses the service as you.
How to protect yourself: First, connect with care. Don’t hop on a public Wi-Fi network you don’t absolutely trust. Second, think long and hard about the applications and sites you use on a publuc net; don’t, for example, do any online banking. (You’d be surprised how often people do just that.)
Encrypt your network traffic via SSL (secure sockets layer) whenever you can. It’s relatively easy to do so in e-mail clients. (In Mail.app, for example, go to the Accounts pane in Preferences, select an account, open the Advanced tab, and select Use SSL.) It’s easy to do in Safari, too—it automatically defaults to SSL on sites that support it. (You’ll know because of the closed padlock in the upper left of the browser window.) For Firefox, try the HTTPS Everywhere plugin, which forces SSL sessions for services that support it. Absent that, try replacing
https://; that works on some sites.
Another alternative is to use a VPN (virtual private network) or Internet proxy service when connecting through public networks. Some good services are Anonymizer for $80 a year (which adds extra privacy controls), StrongVPN, and PersonalVPN, which both cost about $5/month.
ISP and network tracking
The risk: Internet service providers, or whoever manages the network you’re using to connect to the Internet, can see all of your traffic. A number of ISPs now track their customers’ browsing and sell aggregated information to market analysis firms. As with other privacy violations, this is more creepy than dangerous.
How to protect yourself: If your ISP tracks activity, you might be able to opt out on its Website. As with opting out of advertising networks, opting out of ISP tracking means setting a cookie in your browser telling them to ignore your traffic. Remember that if you clear that cookie, the ISP will go right back to tracking, and it is often impossible to fully opt out of their monitoring.
If you are worried about your ISP or network provider sniffing your traffic, the only way to protect yourself is to encrypt the traffic using the techniques discussed above, or to use an anonymization service such as Tor. Tor encrypts your connection and routes it through a number of random servers on the Internet. Your traffic is still visible at the exit node, but Tor protects you from local network or ISP monitoring. Unfortunately Tor significantly slows down browsing and other activities.
[Mike Rothman is an analyst at Securosis.com and author of The Pragmatic CSO.]