Speaker Key: PB Phil Brown, DW David Whelan
PB: Hi, it’s Phil Brown. I’m here with David Whelan, and today we’re going to talk about anonymous web browsing.
DW: We are all much more aware than we might have been
about a year ago about how governments are starting to look at
everything that we are doing online, and it might be making you a
little bit paranoid. Why should we be paranoid about our web browsing,
PB: Well primarily the reason why we are going to be
paranoid is because we have an obligation to protect client
confidentiality and, for instance, if we’re doing some research on
behalf of a client, it would be nice to know that we are out there
looking without necessarily leaving a trail.
DW: It’s funny how just a couple of years ago we were
concerned about doing research in coffee houses because maybe people
were watching our traffic, but now we realize that even if we secured
it the government would have been sniffing at it as it went past
PB: I know a lot of the news that’s been out there about
the things that the US government might be spying upon are related to
emails and interception of emails, but I think it would be naïve to
think that they’re not also looking at the browsing traffic that’s
going on as well.
DW: That’s right. And it can be confusing. If you have a
modern or current version of one of the major web browsers, meaning
Microsoft’s Internet Explorer, Firefox from Mozilla, or Google’s
Chrome, they actually have some modes that can make you think that you
are browsing anonymously but you really aren’t. And the one I’m talking
about is called “Incognito”. If you switch into “Incognito” mode in
your web browser you are no longer leaving traces on your local
computer, but you are still leaving traces out on the web for other
people to find.
PB: So in spite of the little clever artistic impression of
one of the spy-versus-spy guys that’s up in the corner of your web
browser that makes it look like you have completely gone stealth, it is
really just not tracking information on your computer in front of you.
DW: That’s right. You really need to be thinking about
where you’re going and what you’re trying to do. So when you open up a
web page in your web browser you are actually sending a request to a
computer that has that web page sitting on it and then it sends it over
the Internet to you. When it sends that file over and any pictures
that are related to it and so on, it will often track where you are
coming from, the specific IP address of the computer you are on, and
certainly the country and city that you are in. It will also probably
know information about the type of web browser you are on, the type of
computer or operating system that you are using and so on.
PB: Before we get into the idea of anonymous browsing,
maybe it’s a good place to point out that everything that you put into
your computer, for example, a password to sign on to Facebook, a
password to sign on to Twitter, or even just logging into your computer,
all of those passwords are resident in a file on that computer.
DW: That’s right, and depending on where they are stored,
in Windows for example they are stored in a secured area, but in web
browsers you can go into most modern web browsers, click on a button
next to the password where it is saved, type something like “show me
the password” and you can see it in plain text. So it is not always as
secure as you might think, although it is very convenient to have them
saved inside your web browser.
PB: So now let’s talk about the anonymous portion of web
browsing as opposed to the incognito mode. One of the reasons you might
want to be anonymous for example is that there is a statistic out
there that suggests that if you visit the 50 most popular websites
there is going to be over 3,000 tracking files installed on your
DW: That’s right, and those are commonly known as cookies.
There are lots of joke you can make obviously about having cookies on
your computer, but they are little files that are put there in some
cases when you click the button that says, “remember me”, and that’s
the cookie that they use to remember who you are and when you logged in
so that they can give you the same kind of experience or the same setup
on the website that you had when you came the first time.
PB: And cookies are also used for security. For instance,
if you are logging into your American Express account or your banking
account they are used to confirm that you are who you say you are. Even
though you are putting in a password it is checking to see if you are
using the same computer you have used before, things like that.
DW: Right and those are the cookies that you really want to
use because obviously they help you to be more efficient, more
productive going to websites, and getting in and out of sites. But
there are also cookies being downloaded that relate to the
advertisements that appear on websites or that may track what you are
doing during the session when you are at a particular website. That
information is then aggregated and made available to people who might
be advertisers or the owners of the site that you are visiting. It is
probably a lot more information than you would want to share if you
were working on a client matter.
PB: And a lot of this information is sold to people for marketing purposes and for sales.
DW: Right and there has been a big pushback against having
all of these cookies saved. I think many of us are now seeing the
ability to opt out from being tracked on the web and to block the
cookies from being downloaded. Certainly the recommendations tend to
be, block whatever cookies you can so that you are not leaving this
tracking profile out there.
PB: As we know there is going to be a future without
cookies and of course the threat detection companies and the marketing
companies are already thinking, “how are we going to track people
DW: That’s right. Your phone has a particular ID, your web
browser, and the combination of all the factors of how you interact
with a website may be enough of a fingerprint that they don’t need to
leave a cookie. They can tell based on other factors or other features
that identify you.
PB: So there are ways to browse anonymously. There are a
couple of specific browsers that we are going to mention without
endorsing any, but these ones are just starting to come to the
forefront or at least to our notice, that enable users to anonymously
browse the web. One of them would be Tor. Can you tell us a little bit
DW: Sure. Tor is an acronym for The Onion Router because it
has layers of anonymity, and so it is almost like a separate network
where you have to connect with it using a Tor client, which is a piece
of software is sort of like a VPN, where you log into Tor and then you
can surf through what is called the dark web. Your activity is anonymous
when you want it to be, and it can also go across the public Internet
or the wider Internet. An example of a client that will connect you to
Tor is called Orweb.
PB: Is there a record anywhere of the searching that is being done?
DW: Well again, up until about a year ago people were
pretty confident that when they were on the Onion Router, on Tor, it
was pretty much secured and there wasn’t a trace of who you were or
where you travelled from. You would essentially connect to Tor and pop
out the other end, and that traffic was completely anonymous. But there
is some concern now that some of the Tor computers may have been
compromised, and so some of that tracking may still be traced.
PB: Another browser that is gaining some traction is called
Epic, which is very similar to Tor. Again, you download it, add it to
your computer, and are able to anonymously surf the web without picking
up cookies and so on as you go. It also does a number of other things.
It doesn’t, however, do the autofill for you that Chrome or Internet
Explorer will often offer where it fills in links for you or come up
with best guesses as to the website you might have been looking for. All
of those things are based on cookies in your computer or the
information that is held on the website because you have been there
before and it is all profiling you as you go.
DW: Any time that your computer offers you information that
is meant to help you usually means that you are balancing your
convenience with your security. So if you are finding something to be
very convenient, you should also be aware that it may be compromising
PB: I don’t know if anyone has ever done a search to find
out what their Google history is, but there is a history of every site
that you have been to and how many times you have been to a particular
DW: Yes, it can be challenging to get rid of it too,
particularly with Google Chrome. It seems to stay there a lot longer.
And you can clean your Internet history from your browser and still
find some disconcerting suggestions.
PB: And these browsers wipe out things like that, but you
also give up some features: you don’t have web extensions, spell
checking, autofills, and things like that.
DW: Yes, and so you may want to have one of these browsers
available for those times when you do research that requires that you
have that depth of security and anonymity. You can use your normal web
browser while taking some care like using secured or anonymous search.
Then you can have the best of both worlds.
PB: I just wanted to mention that there are a couple of
different search engines you can use to anonymize your search for
DW: Yes, when you use Google these days, certainly if you
have logged in with a Google account, but even if you haven’t, they are
now trying to make your search information inaccessible to the site
where you are visiting. So in the past if you went to your web browser,
went to Google and typed in, “doughnuts Tim Hortons”, and ended up
going to a Tim Hortons website, the website person at Tim Hortons would
know that you had typed in “doughnuts Tim Hortons”, and they would
value that information. Now when you type that in and go to their site
they get something that says nothing about who you are or where you
came from, from the perspective of the search terms you used. They
would still know where you came from, the city or town, or the
computer, but they wouldn’t know how you got there or the search terms
you used to get there.
PB: But Google would still know.
DW: Google would still know, so yes that is definitely an issue, and you want to be aware that that’s being stored somewhere.
PB: And they’d be happy to sell that information to Tim Hortons as well, to tell them how their customers found them.
DW: Right. The only benefit there is that they probably
wouldn’t sell the information about who you are or those sorts of
details. So Tim Hortons wouldn’t be in the position of being able to
know that you stopped by at eight o’clock looking for doughnuts.
PB: That’s right, and this is almost trite to say, but it
is a good idea to look through those click-through privacy agreements
to find out what information is being tracked, how long it is being
kept, whether it gets sold off to anyone else, or held confidential.
DW: The laws in the EU have changed recently, and you will
see this if you go to websites in the UK and other countries in the
European Union where there is actually a little puppet at the top of
and that has been very helpful. You don’t get that as much in North
PB: All right. And that’s our brief look at anonymous browsers. I have a suspicion we will do another podcast about this as well.
DW: Surf carefully, Phil.
PB: All right. Take care, David.