How to browse the web securely and privately

So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible. It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not them, it’s social media sites, ad networks or apps tracking you across the web […]

Getty Images

So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible.

It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not them, it’s social media sites, ad networks or apps tracking you across the web to serve you specific and targeted ads. Your web browsing history can be highly personal. It can reveal your health concerns, your political beliefs and even your porn habits — you name it. Why should anyone other than you know those things?

Any time you visit a website, you leave a trail of data behind you. You can’t stop it all — that’s just how the internet works. But there are plenty of things that you can do to reduce your footprint.

Here are a few tips to cover most of your bases.

A VPN can help hide your identity, but doesn’t make you anonymous

You might have heard that a VPN — or a virtual private network — might keep your internet traffic safe from snoopers. Well, not really.

A VPN lets you create a dedicated tunnel that all of your internet traffic flows through — usually a VPN server — allowing you to hide your internet traffic from your internet provider. That’s good if you’re in a country where censorship or surveillance is rife or trying to avoid location-based blocking. But otherwise, you’re just sending all of your internet traffic to a VPN provider instead. Essentially, you have to choose who you trust more: your VPN provider or your internet provider. The problem is, most free VPN providers make their money by selling your data or serving you ads — and some are just downright shady. Even if you use a premium VPN provider for privacy, they can connect your payment information to your internet traffic, and many VPN providers don’t even bother to encrypt your data.

Some VPN providers are better than others: tried, tested — and trusted — by security professionals.

Services like WireGuard are highly recommended, and are available on a variety of devices and systems — including iPhones and iPads. We recently profiled the Guardian Mobile Firewall, a smart firewall-type app for your iPhone that securely tunnels your data anonymously so that even its creators don’t know who you are. The app also prevents apps on your phone from tracking you and accessing your data, like your contacts or your geolocation.

As TechCrunch’s Romain Dillet explains, the best VPN providers are the ones that you control yourself. You can create your own Algo VPN server in just a few minutes. Algo is created by Trial of Bits, a highly trusted and respected security company in New York. The source code is available on GitHub, making it far more difficult to covertly insert backdoors into the code.

With your own Algo VPN setup, you control the connection, the server, and your data.

You’ll need a secure DNS

What does it mean that “your internet provider knows what sites you visit,” anyway?

Behind the scenes on the internet, DNS — or Domain Name System — converts web addresses into computer-readable IP addresses. Most devices automatically use the resolver that’s set by the network you’re connected to — usually your internet provider. That means your internet provider knows what websites you’re visiting. And recently, Congress passed a law allowing your internet provider to sell your browsing history to advertisers.

You need a secure and private DNS provider. Many use publicly available services — like OpenDNS or Google’s Public DNS. They’re easy to set up — usually on your computer or device, or on your home router.

One recommended offering is Cloudflare’s secure DNS, which it calls 1.1.1.1. Cloudflare encrypts your traffic, won’t use your data to serve ads, and doesn’t store your IP address for any longer than 24 hours. You can get started here, and you can even download Cloudflare’s 1.1.1.1 app from Apple’s App Store and Google Play.

HTTPS is your friend

One of the best things for personal internet security is HTTPS.

HTTPS secures your connection from your phone or your computer all the way to the site you’re visiting. Most major websites are HTTPS-enabled, and appear as such with a green padlock in the address bar. HTTPS makes it almost impossible for someone to spy on your internet traffic intercept and steal your data in transit.

Every time your browser lights up in green or flashes a padlock, HTTPS encrypts the connection between your computer and the website. Even when you’re on a public Wi-Fi network, an HTTPS-enabled website will protect you from snoopers on the same network.

Every day, the web becomes more secure, but there’s a way to go. Some websites are HTTPS ready but don’t have it enabled by default. That means you’re loading an unencrypted HTTP page when you could be accessing a fully HTTPS page.

That’s where one browser extension, HTTPS Everywhere, comes into play. This extension automatically forces websites to load HTTPS by default. It’s a lightweight, handy tool that you’ll forget is even there.

Reconsider your web plug-ins

Remember Flash? How about Java? You probably haven’t seen much of them recently, because the web has evolved to render them obsolete. Both Flash and Java, two once-popular web plug-ins, let you view interactive content in your web browser. But nowadays, most of that has been replaced by HTML5, a technology native to your web browser.

Flash and Java were long derided for their perpetual state of insecurity. They were full of bugs and vulnerabilities that plagued the internet for years — so much so that web browsers started to pull the plug on Java back in 2015, with Flash set to sunset in 2020. Good riddance!

If you don’t use them — and most people don’t anymore — you should remove them. Just having them installed can put you at risk of attack. It takes just a minute to uninstall Flash on Windows and Mac, and to uninstall Java on Windows and Mac.

Most browsers — like Firefox and Chrome — let you run other add-ons or extensions to improve your web experience. Like apps on your phone, they often require certain access to your browser, your data or even your computer. Although browser extensions are usually vetted and checked to prevent malicious use, sometimes bad extensions slip through the net. Sometimes, extensions that were once fine are automatically updated to contain malicious code or secretly mine cryptocurrency in the background.

There’s no simple rule to what’s a good extension and what isn’t. Use your judgment. Make sure each extension you install doesn’t ask for more access than you think it needs. And make sure you uninstall or remove any extension that you no longer use.

These plug-ins and extensions can protect you

There are some extensions that are worth their weight in gold. You should consider:

  • An ad-blocker: Ad-blockers are great for blocking ads — as the name suggests — but also the privacy invasive code that can track you across sites. uBlock is a popular, open source efficient blocker that doesn’t consume as much memory as AdBlock and others. Many ad-blockers now permit “acceptable ads” that allow publishers to still make money but aren’t memory hogs or intrusive — like the ones that take over your screen. Ad-blockers also make websites load much faster.
  • A cross-site tracker blocker: Privacy Badger is a great tool that blocks tiny “pixel”-sized trackers that are hidden on web pages but track you from site to site, learning more about you to serve you ads. To advertisers and trackers, it’s as if you vanish. Ghostery is another example of an advanced-level anti-tracker that aims to protect the user by default from hidden trackers.

And you could also consider switching to more privacy-minded search engines, like DuckDuckGo, a popular search engine that promises to never store your personal information and doesn’t track you to serve ads.

Use Tor if you want a better shot at anonymity

But if you’re on the quest for anonymity, you’ll want Tor.

Tor, known as the anonymity network is a protocol that bounces your internet traffic through a series of random relay servers dotted across the world that scrambles your data and covers your tracks. You can configure it on most devices and routers. Most people who use Tor will simply use the Tor Browser, a preconfigured and locked-down version of Firefox that’s good to go from the start — whether it’s a regular website, or an .onion site — a special top-level domain used exclusively for websites accessible only over Tor.

Tor makes it near-impossible for anyone to snoop on your web traffic, know which site you’re visiting, or that you are the person accessing the site. Activists and journalists often use Tor to circumvent censorship and surveillance.

But Tor isn’t a silver bullet. Although the browser is the most common way to access Tor, it also — somewhat ironically — exposes users to the greatest risk. Although the Tor protocol is largely secure, most of the bugs and issues will be in the browser. The FBI has been known to use hacking tools to exploit vulnerabilities in the browser in an effort to unmask criminals who use Tor. That puts the many ordinary, privacy-minded people who use Tor at risk, too.

It’s important to keep the Tor browser up to date and to adhere to its warnings. The Tor Project, which maintains the technology, has a list of suggestions — including changing your browsing behavior — to ensure you’re as protected as you can be. That includes not using web plug-ins, not downloading documents and files through Tor, and keeping an eye out for in-app warnings that advise you on the best action.

Just don’t expect Tor to be fast. It’s not good for streaming video or accessing bandwidth-hungry sites. For that, a VPN would probably be better.

Check out our full Cybersecurity 101 guides here.

Google lays outs narrow “EU election advertiser” policy ahead of 2019 vote

Google has announced its plan for combating election interference in the European Union, ahead of elections next May when up to 350 million voters across the region will vote to elect 705 Members of the European Parliament. In a blog post laying out a narrow approach to democracy-denting disinformation, Google says it will introduce a […]

Google has announced its plan for combating election interference in the European Union, ahead of elections next May when up to 350 million voters across the region will vote to elect 705 Members of the European Parliament.

In a blog post laying out a narrow approach to democracy-denting disinformation, Google says it will introduce a verification system for “EU election advertisers to make sure they are who they say they are”, and require that any election ads disclose who is paying for them.

The details of the verification process are not yet clear so it’s not possible to assess how robust a check this might be.

But Facebook, which also recently announced checks on political advertisers, had to delay its UK launch of ID checks earlier this month, after the beta system was shown being embarrassingly easy to game. So just because a piece of online content has an ‘ID badge’ on it does not automatically make it bona fide.

Google’s framing of “EU election advertisers” suggests it will exclude non-EU based advertisers from running election ads, at least as it’s defining these ads. (But we’ve asked for a confirm on that.)

What’s very clear from the blog post is that the adtech giant is defining political ads as an extremely narrowly category — with only ads that explicitly mention political parties, candidates or a current officeholder falling under the scope of the policy.

Here’s how Google explains what it means by “election ads”:

“To bring people more information about the election ads they see across Google’s ad networks, we’ll require that ads that mention a political party, candidate or current officeholder make it clear to voters who’s paying for the advertising.”

So any ads still intended to influence public opinion — and thus sway potential voters — but which cite issues, rather than parties and/or politicians, will fall entirely outside the scope of its policy.

Yet of course issues are material to determining election outcomes.

Issue-based political propaganda is also — as we all know very well now — a go-to tool for the shadowy entities using Internet platforms for highly affordable, mass-scale online disinformation campaigns.

The Kremlin seized on divisive issues for much of the propaganda it deployed across social media ahead of the 2016 US presidential elections, for example.

Russia didn’t even always wrap its politically charged infowar bombs in an ad format either.

All of which means that any election ‘security’ effort that fixes on a narrow definition (like “election ads”) seems unlikely to offer much more than a micro bump in the road for anyone wanting to pay to play with democracy.

The only real fix for this problem is likely full disclosure of all advertising and advertisers; Who’s paying for every online ad, regardless of what it contains, plus a powerful interface for parsing that data mountain.

Of course neither Google nor Facebook is offering that — yet.

Because, well, this is self-regulation, ahead of election laws catching up.

What Google is offering for the forthcoming EU parliament elections is an EU-specific Election Ads Transparency Report (akin to the one it already launched for the US mid-terms) — which it says it will introduce (before the May vote) to provide a “searchable ad library to provide more information about who is purchasing election ads, whom they’re targeted to, and how much money is being spent”.

“Our goal is to make this information as accessible and useful as possible to citizens, practitioners, and researchers,” it adds.

The rest of its blog post is given over to puffing up a number of unrelated steps it says it will also take, in the name of “supporting the European Union Parliamentary Elections”, but which don’t involve Google itself having to be any more transparent about its own ad platform.

So it says it will —

  • be working with data from Election Commissions across the member states to “make authoritative electoral information available and help people find the info they need to get out and vote”
  • offering in-person security training to the most vulnerable groups, who face increased risks of phishing attacks (“We’ll be walking them through Google’s Advanced Protection Program, our strongest level of account security and Project Shield, a free service that uses Google technology to protect news sites and free expression from DDoS attacks on the web.”)
  • collaborating — via its Google News Lab entity — with news organizations across all 27 EU Member States to “support online fact checking”. (The Lab will “be offering a series of free verification workshops to point journalists to the latest tools and technology to tackle disinformation and support their coverage of the elections”)

No one’s going to turn their nose up at security training and freebie resource.

But the scale of the disinformation challenge is rather larger and more existential than a few free workshops and an anti-DDoS tool can fix.

The bulk of Google’s padding here also fits comfortably into its standard operating philosophy where the user-generated content that fuels its business is concerned; aka ‘tackle bad speech with more speech’. Crudely put: More speech, more ad revenue.

Though, as independent research has repeatedly shown, fake news flies much faster and is much, much harder to unstick than truth.

Which means fact checkers, and indeed journalists, are faced with the Sisyphean task of unpicking all the BS that Internet platforms are liberally fencing and accelerating (and monetizing as they do so).

The economic incentives inherent in the dominant adtech platform of the Internet should really be front and center when considering the modern disinformation challenge.

But of course Google and Facebook aren’t going to say that.

Meanwhile lawmakers are on the back foot. The European Commission has done something, signing tech firms up to a voluntary Code of Practice for fighting fake news — Google and Facebook among them.

Although, even in that dilute, non-legally binding document, signatories are supposed to have agreed to take action to make both political advertising and issue based advertising “more transparent”.

Yet here’s Google narrowly defining election ads in a way that lets issues slide on past.

We asked the company what it’s doing to prevent issue-based ads from interfering in EU elections. At the time of writing it had not responded to that question.

Safe to say, ‘election security’ looks to be a very long way off indeed.

Not so the date of the EU poll. That’s fast approaching: May 23 through 26, 2019.

Nigerian data analytics company Terragon acquires Asian mobile ad firm Bizense

Jake Bright Contributor Jake Bright is a writer and author in New York City. He is co-author of The Next Africa. More posts by this contributor Africa Roundup: Local VC funds surge, Naspers ramps up and fintech diversifies Tarform debuted new e-motorcycles but is there a U.S. market? Nigerian consumer data analytics firm Terragon Group has acquired Asian […]

Nigerian consumer data analytics firm Terragon Group has acquired Asian mobile marketing company Bizense in a cash and stock deal.

Based in Singapore, with operations in India and Indonesia, Bizense specializes in “mobile ad platform[s] for Telco’s, large publishers, and [e-commerce] ad networks” under its proprietary Adatrix platform—according to its website and a release.

The price of the acquisition was not disclosed.

The company lists audience analytics, revenue optimization, and white label SSP services among its client offerings.

Headquartered in Lagos, Terragon’s software services give its clients — primarily telecommunications and financial services companies — data on Africa’s growing consumer markets.

Products allow users to drill down on multiple combinations of behavioral and demographic information and reach consumers through video and SMS  campaigns while connecting to online sales and payments systems.

Terragon clients include local firms, such as Honeywell, and global names including Unilever, DHL, and international agribusiness firm Olam.

The company’s founder and CEO Elo Umeh sees cross-cutting purposes for Terragon services in other markets.

“Most of the problems we seek to solve for our clients in Africa also exist in places like South East Asia and Latin America,” Umeh told TechCrunch.

The Bizense acquisition doesn’t lessen Terragon’s commitment to its home markets, according to Umeh.

“We are…super focused on Africa right now, building out propriety platforms powered by data and artificial intelligence to help Telco’s, SMEs, FMCGsand financial institutions …increase their customer base and drive more transaction volumes,” he said.

Terragon’s CEO would not divulge the acquisition value, saying only that it consisted of  “a combination of cash and stocks, with the actual amount not disclosed.”

In an interview with TechCrunch earlier this year, Umeh confirmed the company was looking into global expansion.

Tarragon already has a team of 100 employees across Nigeria, KenyaGhana and South Africa.

Umeh indicated the company is contemplating further expansion in Asia and the Latin America, where Terragon already has consumer data research and development teams.

With the Bizense acquisition Terragon plans to “build out platforms, tools and machine learning models to help businesses…acquire new customers and get existing customers to do more.”

Bizense founder and CEO Amit Khemchandani will be involved in this process. “We are excited about the next phase of this journey as we innovate for Africa and other emerging markets,” he said.

With the exception of South African media and investment giant Naspers, acquisitions of any kind—intra-continental or international—are a rarity for Sub-Saharan African startups and tech companies.

Terragon’s acquisition in Singapore, and other moves made by several other Nigerian startups this year, could change that. African financial technology companies like Mines and Paga announced their intent to expand in and outside Africa. They would join e-commerce site MallforAfrica, which went global in July in a partnership with DHL.