The online privacy debate: Understanding the basics

Privacy & Security Posted on May 17, 2013

The online privacy debate: Understanding the basics

The current debate being waged around online privacy isn’t always straightforward and can often be filled with  legislative and technical jargon that confuses people. We frequently get questions on very fundamental aspects to understanding online privacy, such as the difference between privacy at the IP level and at the browser level, understanding what data retention is, or questions around the myriad of surveillance bills that seem to pop-up every month or so. Therefore, we thought it might be useful to provide a run-down of online privacy basics; a cheat sheet, if you will, for the important task of understanding and participating in the current debate.

Online privacy basics

Cookies and IP addresses

If you zoom out of the privacy debate, you’ll see two separate conversations taking place. One concerns advertising and data mining from ad companies and major online platforms such as Facebook and Google. The other concerns government surveillance of citizens’ online activities.

Advertising and cookies

When it comes to data mining and advertising, your privacy is potentially being compromised via ‘cookies’ in your web browser. A cookie is simply a piece of data that websites can store on your computer. Cookies deployed for various reasons, but they’re particularly useful to advertisers, because they can tell them what websites you’ve visited and what advertisements you have clicked.  This lets advertisers build a profile of you in the hope you’ll be more susceptible to marketing messages. Cookies have therefore become essential to the online ad industry. Not only do they allow advertisers to target ads to your individual tastes, they also track whether or not an advertisement is effective. It’s important to note that none of this data is necessarily stored with advertisers, it’s stored on your computer. However, this hasn’t stopped privacy campaigners raising concerns about how web users are being profiled and tracked.

Surveillance and IP addresses

Your IP address is numerical identifier assigned to the device you’re using to connect to the internet. Essentially, this identifier is used to determine where you’re located and who your ISP is, and is therefore a pretty good indicator of who you are. When it comes to surveillance, data can be gleaned based on activity linked to your IP address. Typically such surveillance will occur with the cooperation of your ISP, which brings us to the next key element to the online privacy debate.

What is data retention?

When we talk about data retention in the realm of online privacy, we’re usually discussing the issue of ISP data retention policies. Different countries and different ISPs have different laws and policies in terms of the data they store on individual customers’ web activity. This data usually contains web logs, which reveal what websites you’ve visited, email logs, which revealed who you’ve emailed (but not necessarily the contents of the emails), and billing info, so the data can be linked to your identity.

European Union member states currently must abide by the EU Data Retention Directive. This directive mandates all ISPs retain customer data for between 1 and 2 years after they leave the ISP’s service. In the US, there is currently no data retention law. However, ISPs are free to set their own policies. A Justice Department document from 2011 revealed that Verizon retained IP session information for one year. Time Warner on the other hand retained data for 6 months, while AT&T’s logging practices are not made public.

Given the EU’s mandatory data retention policy, other countries such as Australia and the US, are exploring the possibility of introducing similar policies.

How can the government spy on me?

There are numerous ways law enforcement would be able to obtain your private data. But the main channel would be to obtain a warrant to get data from your ISP, or to request the ISP start logging data on you if it isn’t already. But of course, as we saw with the NSA surveillance debacle in the US and with the RIPA in the UK, law enforcement doesn’t always play by the rules and obtain a warrant, which means they can get your data without judicial oversight and without any evidence you’ve engaged in wrong doing.  Drafted surveillance bills such as CISPA and the CCDP sought to make it easier for law enforcement to obtain private data.

The surveillance debate

As you probably already know, government around the world are trying to introduce new legislation to enhance their ability to conduct online surveillance. Governments are not incorrect when they say current surveillance legislation is out of date and needs to be updated for the internet age. But law enforcement agencies are clearly using this opportunity to increase their powers of surveillance to unprecedented levels. The debate also spills into the copyright and online piracy realm, as legislation such as SOPA and the TPP would appear to require privacy compromises in order to make it easier for copyright holders to prosecute copyright infringers.

Hopefully, the above helps clear-up some common misconceptions around online privacy for those of you new to the debate. If you have any questions, comments or suggestions on how we can improve this mini-guide please let us know in the comments below.

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.