Computer security: Difference between revisions
re-writting outdated and wrong information about IP address, reference link added |
m small test on link |
||
Line 11: | Line 11: | ||
While you are connected to the Internet you are identified by a unique number know as an [[IP address]], this takes the form '''n.n.n.n''' (ie. 127.1.67.235), your Internet Service or Email Provider knows the subscriber that has been assigned the IP, even if it changes, it can still be linked to you since timestamps containing the date and time that the subscriber had been assigned the IP address are kept. The only way to stop this would be using | While you are connected to the Internet you are identified by a unique number know as an [[IP address]], this takes the form '''n.n.n.n''' (ie. 127.1.67.235), your Internet Service or Email Provider knows the subscriber that has been assigned the IP, even if it changes, it can still be linked to you since timestamps containing the date and time that the subscriber had been assigned the IP address are kept. The only way to stop this would be using | ||
Internet service providers can spy on the sites you visit, the European Union's Data Retention Directive forces them to keep records for at leas, this information is available to law enforcement with little oversight, depending on country. The United States does not have any mandatory data retention law for ISPs but law enforcement can require an ISP to retain data for a particular customer<ref>{{cite web |url=https://www.eff.org/issues/mandatory-data-retention/ |publisher=[[Electronic Frontiers Foundation]] |title=Mandatory Data Retention}}</ref> . | Internet service providers can spy on the sites you visit, the European Union's Data Retention Directive forces them to keep records for at leas, this information is available to law enforcement with little oversight, depending on country. The United States does not have any mandatory data retention law for ISPs but law enforcement can require an ISP to retain data for a particular customer <ref>https://www.eff.org/issues/mandatory-data-retention/</ref> | ||
<ref>{{cite web |url=https://www.eff.org/issues/mandatory-data-retention/ |publisher=[[Electronic Frontiers Foundation]] |title=Mandatory Data Retention}}</ref> . | |||
If your is provider located in another country the effort to get customer details considerably increases and it makes law enforcement to think twice before issuing and international subpoena, but some countries, like European Union members, have a special agreement to make data surrendering easy without the need to go to a judge. | If your is provider located in another country the effort to get customer details considerably increases and it makes law enforcement to think twice before issuing and international subpoena, but some countries, like European Union members, have a special agreement to make data surrendering easy without the need to go to a judge. |
Revision as of 09:11, 17 March 2016
The term browser security can have various meanings. For boylovers this most often refers to the need to get rid of any tracks that a visit to boylove related web sites can leave in one's browser, or on a server.
This page was created to provide a quick reference to browser security, it also contains information regarding the data that may be sent by your browser when visiting other sites, each individual is ultimately responsible for their own security. The information on this page is provided as a guide only, following the links in this page will take you to more detailed articles on the specified topics.
What information does your browser send?
When your browser sends a request for a page to a web server, this request includes a HTTP header containing information about you and your request. Typically this includes your IP number and a string called "HTTP_REFERER"[sic]. These values are stored in server logs and may be retrieved by the server admin. You can increase your anonymity by using a proxy and blocking the referrer string sent by your browser. Following is a brief explanation of each of these pieces of information.
IP Address
While you are connected to the Internet you are identified by a unique number know as an IP address, this takes the form n.n.n.n (ie. 127.1.67.235), your Internet Service or Email Provider knows the subscriber that has been assigned the IP, even if it changes, it can still be linked to you since timestamps containing the date and time that the subscriber had been assigned the IP address are kept. The only way to stop this would be using
Internet service providers can spy on the sites you visit, the European Union's Data Retention Directive forces them to keep records for at leas, this information is available to law enforcement with little oversight, depending on country. The United States does not have any mandatory data retention law for ISPs but law enforcement can require an ISP to retain data for a particular customer [1]
[2] .
If your is provider located in another country the effort to get customer details considerably increases and it makes law enforcement to think twice before issuing and international subpoena, but some countries, like European Union members, have a special agreement to make data surrendering easy without the need to go to a judge.
In adition to your ISP, websites also have the ability to log IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, but a subpoena may entail little more for the requesting agency than filling out an online form, in many foreign countties law enforcement has total access to servers within its borders.
If you are concerned that your activities may be linked back to you, you can use an anonymous proxy (also called Virtual Private Network or VPN). The proxy server will handle http requests and your IP address will be replaced by the IP address of the proxy server in http headers. Most proxy servers are vulnerable to hostile parties who may hack into or even control the server, which persuades some people to use proxy networks such as Tor, which routes data through multiple, random servers.
The links listed under a URL included at the bottom of a BoyChat post are free web-based proxy servers which will take you anonymously to the listed site. For a more permanent solution you can enter one of many free public anonymous proxies into your browser preferences to use with all your surfing. Check the external links at the bottom for a list of publicly-available anonymous proxies.
HTTP Referrer
When you click on a link embedded within a web page, your browser attempts to send the location of that page as a string known as "HTTP referrer|referrer". The address of this referring page is then stored in the logs of the server you are visiting. If you are clicking on a link from any site, the site address will be recorded along with your IP number.
As of the beginning of 2004, a new feature was added to the Free Spirits family of boards to increase anonymity by stripping out this referrer value. When you click on a link in a BoyChat post, or from BoyLinks, you will be redirected through a script called derefer. This will remove the address of the linking page. (This is the notice you receive saying "One moment, you are being redirected to ...")
The simplest way to circumvent the referrer problem when following links from non-FS sites is to open a new browser window, then copy and paste the URL (link address) into the address bar of this new window rather than clicking directly on the link. A few browsers will allow you to block the sending of the referrer in the preferences or browser settings. Doing this will enable you to click on links without fear of transmitting the location of the referring page. In Mozilla Firefox, the string "network.http.sendRefererHeader" is used to control referer settings. Changing this value to "0" in "about:config" will prevent Mozilla Firefox from sending the referring URL.
What information does your browser store?
Your web browser stores a great deal of information every time you visit a web page. This information is often stored to make it easier to later find and reload already visited web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:
- All Web page addresses (URLs) you entered into your browser's address bar to tell it which sites to go to. This is found in your browser's History, with links to the pages you visited.
- The page itself in your cache.
- Any embedded elements, such as graphics or scripts, saved separately in your cache.
- Cookies.
- Search history (terms searched for by search engines).
Address Bar and History
Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leave a breadcrumb trail for others to find and follow your activity on the internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity. Many browsers allow you to change your settings to not store this information.
The Browser Cache
The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, stylesheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server. The browser cache is a record of the sites you have visited and can easily be accessed by others.
Cookies
Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.
Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.
"Private" or "Incognito" mode
Modern browsers often have what is called "private" or "incognito" mode. When activated, no history or cache is kept, and cookies are not accepted. Once all tabs are closed, all session information is discarded. However, your Internet service provider probably keeps the items in its own history, so this mode is only a partial protection.
The iPhone
Recent versions of Apple's iOS operating system, used on the iPhone, iPad, and iPod, encrypt all information on the device. A user-chosen 4 digit passcode must be created when the phone is first used, and it must be entered each time the device restarts (after complete shutdown). The passcode is also required when a screen lock activates after a certain (adjustable) period of inactivity; this feature is on by default, though it can be turned off.
Finding the 4-number passcode by the what cryptographers call the "brute force" method (trying all 9999 possible codes) is almost impossible, because the iPhone only permits 10 attempts to enter the code. After that the phone is frozen, and a setting, not enabled by default, will cause all data on the phone to be erased after 10 unsuccessful attemps.
This encryption on the iPhone has never been defeated by either thieves or law enforcement. Police and similar agencies have hundreds of seized iPhones, which cannot be accessed without the passcode. Apple itself cannot break the encryption.
In theory, Apple could assist law enforcement by writing a new version of the iOS operating system, which could defeat some or all of the security that makes it impossible to break into an iPhone. As of this writing (March 2016) the FBI has, through a court, ordered Apple to write this software. Apple is fighting this in the courts, saying they have already turned over all the information they have on the phone in question, and a search warrant cannot compel them to write software that does not exist. This has provoked a considerable debate in the United States about whether, in principle, encrypted information should be decryptable by police and other government agencies. While the FBI says they are only seeking to access one phone, other agencies, such as the New York County District Attorney's office, are lining up to have many other phones decrypted if the FBI prevails. Apple claims that the software, if created, would be impossible to control, and repressive governments, such as China's, would use it against political dissidents. The FBI-Apple case will probably not be resolved until 2017. Congress may try to arrive at a policy, which would be addressed in new legislation.
All of the data on the phone is backed up onto servers operated by Apple, which are easily accessed by law enforcement. This backup can easily be turned off by the user. If this is done, the iPhone is at present the personal computer with the greatest privacy protection. (The iPhone is a computer that makes phone calls.)
Erasing history, cache, and cookies
All major browsers offer the user the means to easily erase the information the browser has stored: Web sites visited, search history, cookies, passwords. However, like any erased file, it is only invisible, and is not really gone until the file is overwritten. Specialized but inexpensive software will overwrite the "erased" data multiple times. However, all or most of this information is retained by your Internet service provider (ISP), where law enforcement can easily access it through a subpoena.
Using a VPN (Virtual Private Network) to hide your Internet activity from your Internet service provider
An easy way to greatly increase your Internet privacy is the use of a VPN, also called proxy server. Encrypted requests go to the VPN, which in turn requests the Web pages you specify, but with its own IP address instead of yours. Web sites send the VPN the pages you request, and it forwards them to you.
All your ISP knows is that you sent encrypted data to the proxy server and received different data back. Proxy servers, which necessaily know what pages the user wants, and the IP address of the requestor (you), usually make a point of not storing this information, so there is nothing to subpoena.
In picking a VPN, choose one located where privacy protections are strong (primarily Western democracies, not including the U.S. and U.K.) Choosing one in a different country may make it more difficult for law enforcement to access it.
Some VPNs are free, although they are not expensive to pay for and get additional features. Research your VPNs through articles and reviews of them. It is not impossible that a phony VPN be set up to collect your data instead of protecting it.
See also
External links
- Have two computers, your normal everyday one you use for everything NOT BL related ... THEN a secret weapon. A laptop WITH NO HARD DRIVE IN IT. Just slip in a 'Tails OS CD', boot from that and you are up and running on a secure Tor system that does not leave ANY history at all about you, well nothing 'they' can use in court anyway.
You may want to look into that here: