We receive many questions regarding privacy and anonymous web surfing. Below are some of the topics of concern and the answers that we provide:
People must understand that any company that tells you they can make you completely anonymous while online, is outright lying to you. Even though we at SurfBouncer have no idea of where you are surfing and keep no records of your surfing activities, you could still be traced. However, being able to do this involves a lot of money and resources. Could some government agency with unlimited resources track you through any VPN? Sure they could. And nobody could stop them.
The Personal VPN will:
Help prevent identity theft by masking your IP address and encrypting your data
Help prevent web sites from gathering data on you and profiling you
Give an anonymous presence on the internet for the legitimate purposes that most people are seeking from such a service
SurfBouncer Personal VPN will encrypt your data connection so that your ISP cannot see what web sites you are going to. That, effectively stops your ISP from profiling you.
When you go to a web page or a search engine, they will see our IP address, not yours. Therefore, they cannot determine who you are or, if you have been there before, by IP address. Our IP addresses are assigned randomly and changed frequently. This fact, coupled with the large number of people showing the same address, makes it impossible for a web site to know who you are by your IP address.
However, you have to take steps to insure this security is not bypassed via other means:
Always be sure to log in to the VPN before opening any browser. We suggest using the Firefox browser due to it's feature set and available plug-ins. We don't recommend any browser tied to a company that operates a search engine. While these browsers may be completely free of tracking code that links to the search engine, the recent history of several of these companies gives us concern.
Important: To configure Firefox from reporting your surfing activities to web sites you visit see this page.
There are other ways in which a web site or search engine can identify you. If you want to see a small slice of some of the things your browser is revealing about you, go here and take the browser test.
a) Logging in to the web site and giving them your personal information
--All the security in the world can instantly be defeated by logging in to a web site with a user name and password or email address that traces back to you. In effect, they don't need to figure out who you are because you are telling them. Logging in to a search engine will allow them to follow your every move across the internet. If you are concerned about being profiled while online, then don't log in to web sites unless you have to. If you do log in for some reason, follow the tips below to clear your tracks. Whatever you do, don't install a search engine toolbar in your browser. That is the easiest way to have your every move tracked.
--On web sites that ask for personal information that you don't necessarily care about -- consider signing up under a fake name and address.
--Get a free email account from Yahoo, Google or one of the other providers. Don't use any real information when signing up for this email account and only sign up and use it while on the secure VPN, following all the tips on this page to secure your privacy. When a web site asks you for your email address, give them this clean address that does not trace back to you. If you use Yahoo for your search engine, get an email account from Gmail. If you use Google for searches, get a Yahoo email account. The more variation in services you use, the less trackable you become.
Reserve your real, personal email address for people and companies that you absolutely trust not to sell your information or spam you. If in doubt give them the disposable address.
Most web sites will not give you full access to their page if you block cookies, creating a problem. However, you can allow the page and then erase cookies at the end of each session. In fact, all modern browsers can be configured to delete all cookies, upon closing a session.
--Configure your browser to erase your entire browsing history every time you shut it down. When you go to the options menu, check all items in order to erase everything. Then, when you go to a web site where a login is required, after you finish your business, close your browser along with any additional browser windows that might be open. When the browser closes, all cookies, history and other such tracking information will be deleted. Open your browser again and continue surfing.
--If you are at a site where no login is required, in most cases it's okay to go from site to site and ignore the cookies they are presenting. While they will know someone went from site 'a' to site 'b', they won't know who it was because the secure VPN is keeping your IP address from them. While this is of benefit to them, it is not the information they really want to know about you. Of course, if you want maximum protection against tracking, close your browser and restart each time you change sites.
There are also several programs on the market that will "clean" or "wash" your computer and remove all traces of personal information that can be revealed by your browser while online. Some of the well known programs are listed below. They are highly recommended for making sure your computer is always clean.
c) Flash Cookies
These are similar to cookies but are saved by flash-enabled web sites and can contain a lot of information. Unlike regular cookies, browsers are not currently set up to remove them. While Adobe (the maker of Flash) offers an online opt-out process, we have found it confusing and cumbersome to use. We have also found that many flash cookies seem to get set, even if you have opted out. We feel that a better solution is a plug-in for the Firefox browser called Better Privacy which will clear all flash cookies when you run it. Essentially, as you start your browser, you hit the Better Privacy tab in the 'Tools' menu and tell it to clear all the Flash Cookies (LSOs). It will also tell you what flash cookies are set at any given time so you can see which sites are using them. Current version of Firefox have added flash cookie deletion to the delete menu for clearing your history. For these versions no additional plug-in is required.
Flash cookies are currently a favorite method to track people, since they are not widely known and most of the browsers today will not clear them. Most people have dozens, if not hundreds, of these on their system and don't even know it.
d) Java and other scripting languages
Most web sites today use some scripting. It could be as trivial as presenting you with drop-down menu tabs, like those at the top of this page, to complex scripts that try to extract everything they can from your computer and even plant objects on your computer to track you with.
One approach is to turn off all scripting languages in your browser. However, the problem with this is that most web pages will fail in one way or another. A better approach is another Firefox plug-in called NoScript. It works on Firefox Windows, Mac and Linux versions.
With NoScript installed, all scripts are blocked when going to a new web site. Then, you are given a list of all the potential scripts that are on the page. You can either temporarily or permanently enable the scripts that you need to use while disallowing ones from advertising sites, click banks and search engines. By not allowing these scripts to run and allowing only the scripts needed to make the site function, you prevent the site from reporting your presence to the advertising and click bank sites. For sites that you frequent, you can set your choices as permanent and have no worries going forward.
While using the Personal VPN, your IP address might, for example, appear to be from a server in Texas. However, you might be in California. This is very beneficial as the web site will see you with a Texas IP address. Unfortunately, your system clock will reveal your true time zone. In most cases, this doesn't matter as there are a lot of people in a time zone. However, for a completely accurate picture to the web site you are visiting, you can make your clock match the location of the server. To determine which server you are logged in to, check your location after logging in to the Personal VPN by using this link. Set your clock to the location indicated.
Many web sites will offer either a prize or a chance to win something big, just for signing up. What needs to be understood is that this is just a ploy to get you to provide them with your user information. If you provide your email, name and address and they are viewing your IP address, they have just profiled you. This information, shared with other companies, will be used to track you all across the internet. It is virtually sure that you will get no prize from these sites. What you will get is your information lifted and used against you.
Everyone gets spam. Many of these spam emails contain a prominent link saying that you can unsubscribe from the mailing list if you wish. More often than not, this is a ploy to get more information. Never reply to a spammer. Doing so does two things:
1) It proves they have a 'live' email address, which they will then sell to thousands of other spammers at a premium. This, in turn, will result in even more spam for you.
2) It will associate your IP address to your email address, giving them an additional data point. By accessing marketing lists and comparing the two data points, it is highly possible they can figure out exactly who you are and where you live.
As an example, suppose you signed up for something legitimate using your real name and email address. Then, this web site sells the information about you to a marketing company and it ends up in a database. One day you are checking your work email from home and respond to the spam. The spammer now has your IP address. Comparing this address to the marketing database reveals your true name, personal email address and physical address to the spammer. Now they are 90% of the way towards stealing your identity. Another day, give up your SSN on some other web site or have this dug up and correlated via data mining and...boom! They have your identity.
Another way spammers can tell if you opened and read an email is via small invisible images planted in the html email. When you open the Email it forces the image to download and thereby records your IP address and the fact that you read the email. These techniques can also be used for the planting of malware on your computer. Fortunately there is an easy solution to this problem. Set your email software to only work in text mode. Since html will not be allowed, nothing will ever download and you will be secure.
This could be a work computer or one at the library or even at a friend's house. There is a lot of risk in using other people's machines for anything involving personal information. First, many network owners monitor their network and even record network traffic. Being on an unknown network that is not under your control means you don't know who is watching. If you can set up the Personal VPN on this computer, that will solve this problem. However, since the computer itself is beyond your control, you have no way of knowing if the computer is set up with some sort of key logger or even a virus that is stealing all your information. In these situations, a Flash Drive VPN using a virtual machine will prevent the local computer and the network owner from spying on you.
Even at home, there are risks when online. Many cable services use a shared network structure where everyone in the neighborhood is on the same link. This means all of your traffic is combined and anyone with a little bit of computer knowledge can see your traffic. The SurfBouncer Personal VPN takes care of this by encrypting all traffic. When using wireless at home, always encrypt your wireless.
You are ultimately responsible for what is going over your connection. People drive around in cars looking for unsecured networks so they can log in and use them to commit crimes. The last thing you need is your home IP address being the center of such activity.
There are two main encryption methods for wireless today. The first is called WEP and is past its prime -- don't use it. Anyone with access to a search engine can crack it and the people driving around looking for open networks consider WEP as good as an open network.
Then, there is WPA. This encryption is very secure and the only way to break it is to guess the key. To keep it that way, pick a secure key. Obviously, if your wireless access key is 'password', then it certainly won't take much to break in. On the other hand, if you chose a key such as 'YHfwjgfr87fdHjfip935UG53gjp132HpofpiwcwfrHUhhow202*&6cwo', then the odds of anyone guessing it in this century is nil.