The Internet has a way of lulling you into a false sense of anonymity. After all, how can anyone know your true identity in a virtual world? The truth is that simply by connecting to the Internet, you share information about your computer, your geographical location and even about the Web sites you visit.
The goal of anonymous Web surfing is to circumvent the technologies that track your online activity and may potentially expose your personal information to others. By surfing anonymously, no one knows who you are, where you're connecting from or what sites you are visiting.
When people think of surfing the Web anonymously, they automatically associate it with extramarital affairs, malicious hacking, illegal downloading and other sordid behaviors. That's not necessarily the case. In fact, there are many legitimate reasons why someone would wish to remain anonymous online:
- Your employer or school has strict Web surfing policies and filters your access to the Internet.
- You're a staunch free speech advocate and don't want the government or anyone else to censor your activities.
- You believe that the Internet is the perfect forum in which to express your opinions freely without fear of being harassed or tracked down by people who don't agree with those opinions.
- You believe the Bill of Rights and the United Nations Universal Declaration of Human Rights empowers you to conduct your private business without outside intrusion.
- You live abroad and want to access streaming video content that's only available to people living in your home country.
- You don't like the idea that search engines are collecting information about your queries.
- You don't want online advertisers to know where you live or what products you buy.
- You want to participate anonymously in Internet forums, perhaps to speak to other people about a private medical condition or to discuss
As you'll see in the next section, surfing the Web anonymously isn't as easy as erasing your browser history. Learn more about computer networks and IP addresses and how they can expose your identity.
IP Addresses and Cookies
Every machine connected to the Internet has a unique Internet Protocol (IP) address, including your computer. You may have a static IP address or it may change each time you go online. Either way, you are tagged with a unique identifier every time you surf the Web.
An IP address is necessary for the Internet to work. It is literally the address of your personal computer on a vast computer network -- like a single house on a crowded street. The only way a Web server can send the contents of a Web page to your browser is if it has your computer's address on the network.
IP addresses, in and of themselves, do not contain any personally identifiable information about you. However, if you're signed up with an Internet Service Provider (ISP) -- which is the way most of us get our Internet service -- then your ISP can easily link your IP address with your name, home address, phone number, e-mail address and even credit card information.
Don't get paranoid just yet: In general, ISPs have fairly strict privacy policies. They won't give out your personal information to any random person who asks for it. However, under laws like the U.S. Patriot Act and through subpoenas from the police and federal agencies, an ISP may have no choice but to supply personal information related to an IP address.
Cookies are another way for an outside source to track your Web surfing habits. Cookies are tiny text files that are saved in your Web browser when you visit a Web site. The file might contain your login information, your user preferences, the contents of your online shopping cart and other identifiers. These cookies make your Web browsing experience more personalized and customizable. They're designed to save you time when you visit your favorite sites. They're also designed to help advertisers tailor their messages to your personal preferences.
First-party cookies are cookies left on your browser from Web sites you visited. Third-party cookies are files stored on your computer from advertisers and other parties that have information-sharing agreements with the site you visited. Many people find third-party cookies to be a particularly egregious breach of privacy, since you have no control over who collects information about you.
In the next section, we'll taker a close look at how scam artists can use an online data trail to piece together your identity.
Piecing Together Your Online Identity
Cookies and IP addresses alone may not give away your personal information, but when these clues are combined with other Web surfing data -- like your search history -- you could unwittingly disclose your identity to hackers, scam artists or government investigators.
Search engines routinely store search queries associated with your IP address. Google stores search queries for nine months and MSN stores them for 18 months [source: Privacy Rights Clearinghouse]. By examining hundreds or thousands of search queries from the same IP address, it's possible to deduce someone's identity, particularly if they have done map searches on their home address or entered their Social Security number.
Another threat to online privacy involves Web e-mail accounts. If you use the same Web site for both your e-mail service and Internet searches, you might be leaving a very clear trail for hackers and cybercriminals to follow when you go online.
For example, if you use Google as your e-mail provider, then you need to log in to Gmail.com for each e-mail session. Any Google Web searches you conduct while logged in to your e-mail account will be associated with the same IP address as your e-mail account. From there, it would be easy for a hacker or other third party to associate your searches with your e-mail address -- and to use this information to send you customized spam or other e-mail scams.
The simplest and most direct way for someone to track your Web surfing is to view the history on your Web browser. Your Web browser keeps a chronological list of every Web site you visit. Most Web browsers will save your browsing history for at least a week by default. If someone wanted to monitor your Web surfing, all that person would have to do is open your browser and search your history.
If you're surfing the Web from a work computer, your boss doesn't need to physically turn on your computer and check your browser history. Since you're working on an office network, your employer has the right to monitor what sites you are visiting.
In the next section, we'll talk about anonymous proxy servers, one of the most effective ways to hide your identity online.
Anonymous Proxy Servers
Every time you type a URL into your Web browser and click Enter, your computer sends a request to a Web server, which then delivers the Web page back to you. To do this, the Web server needs to know your IP address. So much for surfing anonymously, right?
Not necessarily: One way to avoid revealing your IP address to every Web server you contact is to use a proxy server. A proxy server is a machine that sits between you and the rest of the Internet. Every page request you make goes through the proxy server first.
An anonymous proxy server is a special kind of proxy loaded with software that erases your IP address from any page requests and substitutes its own. When the page is sent back by the Web server, the proxy server then forwards it along to you free of any additional software scripts that might compromise your identity.
The most popular kind of anonymous proxy servers are Web-based proxies. All you have to do is go to the Web site of the proxy service, enter the desired URL in a special address box and the service will relay the request to the Web server anonymously.
There are some downsides to anonymous proxy servers. Because each incoming and outgoing page needs to be processed by the proxy server, this can often result in slow page loading times. And since the proxy server attempts to delete or bypass any suspicious elements on the returning Web page, a lot of pages will load with errors.
You should also avoid so-called "open proxies." These are proxy servers that claim to have been abandoned and accidentally left "open" for one reason or another. Many of these proxies are booby traps set up by malicious hackers who want to steal personally identifiable information. Some open proxies are actually living on the computers of unwitting users who have been infected by a computer virus.
Now that you know how to hide your IP address online, it's time to check your Web browser settings.
Privacy Settings in Your Browser
Anonymous proxy servers are a great way to mask your IP address online, but there is still plenty of information about your Web surfing habits stored on your computer. Luckily, it's easy to control your privacy settings directly in your Web browser.
One of the simplest ways to cover your online tracks is to manually delete your browser history. All Web browsers -- like Internet Explorer, Firefox, Safari or Google Chrome -- allow you to delete your Web surfing history.
Follow these instructions to delete your browser history:
- In Safari, go to the History menu, scroll all the way down to the bottom and click "Clear History."
- In Firefox, open the Preferences box from the Firefox menu. Choose the Privacy tab. Go down to the section on Private Data and click "Clear Now."
- In Google Chrome, go to the Tools menu, select "History," select a recent Web site and click "Delete history for this day."
- In Internet Explorer 7 and 8, this process is a little more complicated. Go to support.microsoft.com and follow the directions there for assistance.
Note, however, that any network administrator -- at the office or even at your ISP -- can access your surfing history on the network level, even if you erase it on your computer.
You can also control how your browser handles cookies. The default setting on most browsers is to accept cookies from all sites. You can either block cookies entirely -- which might prevent you from using certain online banking and shopping sites -- or you can choose only to block third-party cookies.
Since anonymous Web surfing is becoming more and more popular, the latest versions of Internet Explorer, Firefox, Safari and Google Chrome include special settings for surfing without a trace. By enabling these settings, your browser won't save your surfing history, search queries, cookies, download history or passwords.
Here is how you activate anonymous surfing in some the more popular Web browsers:
- In Internet Explorer 8, open a new tab and select "Browse with InPrivate."
- In Safari, under the main Safari menu, you can check a setting called "Private Browsing"
- In Google Chrome, click on the page icon next to the URL window and select "Open New Incognito Window."
In the next section, we'll talk about ways to get around the thorny problem of Web sites that force you to register.
Many free and subscription Web sites require you to register before using their services. This usually requires three basic things: an active e-mail address, a username and a password.
Aside from the security risks of giving your e-mail address and other personally identifiable information to a random Web site, a lot of people simply don't want every Web site they visit to know who they are, and certainly not how to contact them.
For security purposes, experts recommend that you don't use the same username and password to access all of your Web sites and services. The danger, of course, is that one of these sites will -- either maliciously or accidentally -- hand your information over to identity thieves who will use your universal username and password to access your online bank account or other highly sensitive Web services.
Another annoyance is that many Web sites have no problem with selling your information to third parties who will then load your inbox with spam. Some sites allow you to opt out of receiving e-mails from partners, but it isn't always clear which boxes to check or uncheck.
If you don't want to give your real e-mail address to every Web site that requires registration, you can always create multiple e-mail accounts using free services like Yahoo! Mail or Google Mail. For most Web sites, the only real purpose of the e-mail address is to confirm registration, so it's OK if you never check the e-mail account again.
However, if you register with many different Web sites and want to keep track of all of your different usernames, passwords and e-mail addresses, don't create an Excel or Word file and save it on your computer. If someone is able to access that file, they'd have more than enough information to steal your identity.
A better solution is to use a secure, Web-based service like ShopShield or Anonymizer. These services automatically generate temporary e-mail addresses with unique usernames and passwords for any site you wish. Whenever a new e-mail message is received at one of these temporary accounts, it is scrubbed for viruses and spam and then forwarded to your real e-mail address. You can also delete unwanted accounts with a click of a button.
Another clever solution is a Web site called BugMeNot.com, in which users post free usernames and passwords for shared access to popular Web sites like newspapers and video sharing sites. If a username and password stops working, it is voted down the list.
For lots more information about online privacy and the mechanics of the Internet, follow the links on the next page.
- Barbaro, Michael and Zeller, Tom. "A Face is Exposed for AOL Searcher No. 4417749." New York Times, August 9, 2006 (Accessed June 5, 2009)
- Privacy Rights Clearinghouse. "Privacy and the Internet: Traveling in Cyberspace Safely" (May 19, 2009)http://www.privacyrights.org/fs/fs18-cyb.htm
- Proxy.org. "Your right to anonymity" (May 19, 2009)http://proxy.org/
- Shop Shield. "Anonymous Registration" (May 19, 2009)http://www.shopshield.net/secure_registration.html?source=top_menu
- WhatismyIPaddress.com. "Internet Anonymity" (May 19, 2009)http://whatismyipaddress.com/staticpages/index.php/internet-anonymity
- WhatismyIPaddress.com. "What is a Proxy Server?" (May 19, 2009)http://whatismyipaddress.com/staticpages/index.php/proxy-server