“OPSEC” (Operational Security) on the World Wide Web

Guest post by ‘restoringBrad’

World Wide Web- Buckle up, it could be a bumpy ride!

ISP: ISP (Internet Service Provider)

It’s the company you pay to provide you with access to the internet.

Some ISP’s will record, to some degree, everything you do. Some state they do this in order to provide you with better service, a more personalized experience, etc. Some may be recording everything you do.

IP Addresses (Dynamic vs. Static)

Shortly after we got onto the internet back in the 1990’s (yep- the stone age of the web) we switched from dial-up to broadband. Every time we connected to the web, we were assigned a new IP address (Internet Protocol Address).

(An IP address identifies your computer on the internet and allows you to retrieve web pages, download stuff, etc.)

This is, for internet purposes, your computer’s address. Similar to how your street address is how you receive mail and packages, your IP address is how your computer works on the web.

Dynamic IP Address

When your IP changes every time you get online, it is called “dynamic”.

A few years after switching to broadband service, I was working tech support for the same company I had internet access with. Word came down that “dynamic” IP addresses were being done away with and would be replaced with “static” ones that would never change. IP addresses would be tied to the modem or router the ISP provided.

Back in the day, this seemed to be a counter-intuitive policy as there would always be a now limited number of available IP addresses for new customers to use. When IP’s were dynamic, you released your IP address when you logged off the internet and it “returned” to a pool where it could be reassigned to someone else when they logged on.

Static IP address

When your IP stays the same every time you get online, it is called “static”.

One of the rumors was this change to static IPs because dynamic ones made tracing online activity too difficult as it was hard to verify who was using a given address at a given time. Now, that’s not a problem. With a static IP, logging what you do is much easier. This was confirmed to me in 2008.

Something to consider is that every website you connect to learns your IP address. It is how the information your computer needs is sent to it. An amazing amount of information is required just to load a webpage.

When you try to view a webpage, the server which hosts that page has to know your IP address so that it can send required information to your computer. Usually, logs are kept that show what IP addresses accessed what content. Again, consider the criminal and civil cases where a person’s online activity was used against them.

 

Search Engines

Some search engines have a reputation for recording every search you perform, as well as what links you clicked on.

I don’t think I need to mention any specific names here… you get the idea. Most of us have heard news reporters mention someone’s internet search history as having been accessed after someone is accused of a major crime like a mass shooting.

 

Web Sites / Policies

Each one has its own policies. Some are more notorious than others, some more infamous, but it boils down to the stated policies of the website you are going to.

A certain MAJOR social media site (FB) recently came under fire for their relationship with an analytical firm that not only accessed the information for people who consented, but appears to have also accessed the information of the consenting person’s friends as well- without notifying those friends or gaining their individual permission.

Another example:

Several HUGE sites were recently apparently taken over by a single company ( oath.com ). Not everyone using these sites (and there are millions of users) has been notified of this company’s “privacy” policy. I received notice weeks ago when trying to log in, but my wife who uses one of the same websites still has not been notified.

It appears to apply to:
Yahoo
Tumblr (owned by Yahoo)
Flickr (owned by Yahoo)
AOL
Huffpost
TechCrunch
Verizon
Flurry
and more ( oath.com/our-brands/ )

If I read this new policy correctly, it states:

*They are going to record and track every single thing you do across all of their websites, as well as on sites that do not belong to them but upon which they have placed “beacons or other technology” in order to “understand your activity “on and off” of their services.

*They will analyze and store ALL communications content including comments, photos, voice inputs, videos, emails, messaging services, and attachments.

*They will collect information from your devices such as device specific identifiers, IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data.

*They will assign unique identifiers to every device you use to access their sites and the sites they don’t own but have placed beacons on.

*They advise they will lump all of your activity into a single unique identifier and will be able to do all of this and more even if you are not signed in.

They refrained from disclosing what sites they have placed beacons upon, and they refrained from advising how long they intend to keep all of this information.

They do however advise that they intend to share this information when you interact with services they offer to partners. This is information about you. What you do, what you are interested in, where you go online, whom you exchange emails with, what is in those emails… they will know more about you than you do.

This is just one example of what information a website can collect, and what they may choose to do with it.

 

Web Browsers

Since the early days of the web, people have been arguing over which browser is safer, better, more private, etc. For a while Fire Fox appeared to be the winner. Their latest update (as of this writing) leaves me wondering though.

Previously, FF stored all cookies in a folder that was easily accessed in order to verify that cookies were being deleted. They were stored in simple .txt form and could be manually removed if for some reason they remained after using the clear history feature in the browser.

Now, they are stored in a manner that makes them difficult to view or remove. Instead of being stored in .txt (opened by notepad) in a folder actually named cookies, now they are stored with a file extension of .sqlite (a relational database management system) among MANY other files and folders in something labeled “Profiles”. This requires the use of a program just to open the file and view the information it contains.

Removing the new version of FF won’t help. I tried it several ways. It appears to leave information on the system so that when one attempts to re-install an older version of FF, it automatically forces the new version back in. From what I have read, the only way to successfully “downgrade” to a previous version is to format the hard drive and reinstall the computer’s operating system along with all of the other software one wishes to keep. Several users have reported the names and locations of the items removing FF left, but also reported that manually removing these items caused their operating systems to crash.

I have to ponder why one of the best browser programs available would suddenly remove much of the ability for users to maintain a higher degree of control over their browsers and systems. Sure, one can click on the clear history button, but now one cannot verify that the history was actually cleared. Remember, cookies are accessible by many of the sites one may visit. It’s a breadcrumb trail of where one has been online.

 

VPN / Routing Programs / Proxy Servers

VPNs (Virtual Private Networks) are subscription based services that create a “tunnel” through the internet between your device and their services. This allows you to browse with a greater degree of privacy.

It can conceal your online activity from your ISP, as well as most anyone else who is attempting to monitor you. Some VPNs will even allow you to falsify your geographical location in order to access content that might not be available where you actually live such as tv programs, etc. Some of them keep logs of everything you do.

Routing programs such as TOR, attempt to conceal your location and identity by means of routing your internet traffic through a series of worldwide routers. However, your ISP may be able to determine if you are using TOR, and the traffic leaving your device may be susceptible to interception. The site you are attempting to view may be able to identify you. There is indication that some of the worldwide routers and servers are now in the hands of potentially hostile entities and governments.

Proxy servers are basically a middle-man deal. Instead of a direct connection between your system and the website, you are connected to another computer (server) that in turn connects to the website. This keeps your identity from the website in question, however the proxy server still has all the information as to who is looking for what.

 

Content Providers Such As Netflix

I’m going to keep this short, but Netflix caught allot of flack back in December of 2017 for tweeting that 53 people were watching a particular Christmas program repeatedly.

Sure, most people figured they kept a record of what you have watched, but this startled people into realizing it goes much deeper. Again, allot can be determined about a person based on what movies/shows they gravitate towards.

 

So… Why Worry?

If this stuff is out of our hands, why worry? After all, you’re not a criminal. You’re not doing anything illegal online. You’re probably not involved in civil litigation.

What can happen if some entity has access to some or all of this information? They will know intimate details of your life.

It doesn’t even take a human pouring through gigabytes of data to do this. There are very sophisticated algorithms that do it 24/7/365 in real time.

In 1999, when Windows ’98 was still “new”, my employers were using a facial recognition program that scanned every person entering our very large and public business. It was able to identify people who had been a problem in the past either at one of our locations or at a competitors location who had uploaded their image to the database we all subscribed to. That was 20 years ago. Wonder what they can do now?

Everything you do, everything you search for, everything you purchase online (and in some real life stores), what you watch, what you read, etc., is logged, analyzed, and paints a picture of you and your life that is miles above and beyond anything George Orwell could have imagined.

What we are looking at, commenting on, reading, etc. is legal today, but it may not always be.

An example of this is a certain massive online video site (YT) where users can upload their own videos. Several people who had very large followings have had their videos de-monitized, deleted, and some accounts were even banned for violating the site’s ever changing terms of service.

One channel in particular that I liked had videos that were over 6 years old removed without warning because although they were fine when they were uploaded, the latest terms of service treated them as a violation that would count against account removal.

Yes, that is just a private company. What happens with all of this history about you if we find ourselves with a less free society or a more intrusive government? Now you have a demonstrated interest in something they may frown upon.

 

We can’t just walk away from the web. That would be almost impossible to do and still prosper in the modern world.

However, please be mindful of what you are putting out there. It stays out there, recorded in many places, aggregated in a few, analyzed constantly, and it tells a very intimate and accurate story about you.

More: Read Part 1 here

Share this article!
SHARE This! by Email
SHARE This! Facebook
SHARE This! Twitter
SHARE This! Google+
SHARE This! Pinterest

This Page - Unique Human Visits
0 (today) 115 (week) 222 (month)

Related Posts That You Might Like:



69 Comments

  1. NRP 05/24/2018
    • NRP 05/24/2018
      • Antique Collector 05/24/2018
    • Doc Jackson 05/25/2018
      • NRP 05/25/2018
  2. Anonymous 05/24/2018
    • Steve 05/25/2018
  3. McGyver 05/24/2018
    • Lauren 05/24/2018
      • RoadWarrior 05/24/2018
      • restoringBrad 05/25/2018
  4. aka 05/24/2018
  5. White Cracker 05/24/2018
  6. blackjack22 05/24/2018
  7. me 05/24/2018
    • Mr. Skpetical 05/24/2018
  8. NRP 05/24/2018
    • aka 05/24/2018
    • Lauren 05/24/2018
  9. Plainsmedic 05/24/2018
    • Ken Jorgustin 05/24/2018
      • restoringBrad 05/24/2018
        • NRP 05/24/2018
          • Anon 05/24/2018
  10. NRP 05/24/2018
  11. Anonymous 05/24/2018
    • restoringBrad 05/24/2018
      • Grey 05/24/2018
        • Lauren 05/24/2018
          • NRP 05/24/2018
          • Grey 05/25/2018
    • Lauren 05/24/2018
      • Anon 05/24/2018
        • Lauren 05/24/2018
  12. Joe c 05/24/2018
    • restoringBrad 05/25/2018
  13. Wendy 05/24/2018
    • Joe c 05/24/2018
    • Just Sayin' 05/25/2018
  14. Mrs. USMCBG 05/24/2018
    • Gator70 05/28/2018
  15. 0ldhomesteader 05/24/2018
    • Lauren 05/24/2018
    • GoodBear 05/25/2018
      • 0ldhomesteader 05/25/2018
        • GoodBear 05/25/2018
  16. kevin 05/25/2018
  17. old lady 05/25/2018
    • NRP 05/25/2018
    • Antique Collector 05/25/2018
      • Just Sayin' 05/25/2018
      • old lady 05/25/2018
  18. aka 05/25/2018
  19. Dennis 05/25/2018
    • NRP 05/25/2018
      • Antique Collector 05/25/2018
    • Tommyboy 05/25/2018
  20. car guy 05/25/2018
  21. Dennis 05/25/2018
    • NRP 05/25/2018
  22. Plainsmedic 05/25/2018
    • NRP 05/25/2018
      • Tommyboy 05/25/2018
    • Just Sayin' 05/25/2018
      • Tommyboy 05/25/2018
    • Antique Collector 05/25/2018
  23. Joe c 05/25/2018
  24. Gator70 05/28/2018
    • Ken Jorgustin 05/28/2018

Leave a Reply

Do NOT follow this link or you will be banned from the site!