Basic Browsing Security

    How does internet security software and procedures really keep you secure?  Actually, there are two forms of security:  What you are sending, and who is sending it and to whom!  All forms of security should utilize data encryption to obscure the nature of the messages.
    Basic security is SSL/TLS (Secure Socket Layer/Transport Layer Security) and involves a type of encryption call asymmetric, which means that the key to encrypt the message is different from the key used to decrypt the messages, often called public key/private key encryption. 
    Each client has a private key that is secret to them and a public key which can be shared to anyone.  What is encrypted with a person's public key can only be decrypted with that person's secret key.  For A to send B a secure message, A obtains B's public key and uses it to encrypt the message.  B, being the only one who knows the secret key, is the only one who can decrypt it.  Messages can be exchanged with confidence that no one can read read them, but at this point, the origin and destination are clear.
    If it is desirable to obscure the origin or destination of a message, the first step would be a simple proxy.  This is where a message is sent to an intermediate station and passed on, obscuring the origin.  If this is a secure message, the destination would be obscured as well.  The range of services over a proxy is limited and is usually limited to a single message port, which may be all that is needed.  There are various forms of proxies, with varying capabilities, so a blanket statement would be unwise.
    The next level of security would be the Virtual Private Network.  In a VPN, all data packets are encrypted and sent to an intermediate transfer point to be distributed to the intended destination.  The connection to the intermediate is secure, but the connection to the destination point, may or may not be in the clear, depending on the type of protocol being used.  SSL is secure, some others are not, but in any case, the origin cannot be determined other than from the intermediate point.  The true sender could only be identified by data content, such as password, ID or something as simple as a clear text name.
    The next level of security is accomplished by onion routing.  This is where multiple secure relay points are used, with the final destination being known only to the last relay and the preceding relay points not known to subsequent points. There is significant overhead to this protocol, but the TOR network and software actually make it fairly simple to utilize.  Again, the final destination may or may not be in the clear.
    For simple secure web browsing, there are many free proxies that can be utilized.  The TOR project also publishes a secure TOR browser that is extremely tight.  Both the free proxy and TOR have limitations that may be considered unacceptable, which can be solved by a fuller featured, paid proxy or a purchased VPN subscription.  The VPN subscription offers the most transparent use, and if SSL is utilized at the end point, is very secure. 
    VPN connections have the advantage of being persistent.  They can last for hours or days.  If left unattended, the vulnerability is that an interruption could occur, leaving data transmission in the clear.  This could be from minor to serious.  There is software available that will monitor the VPN connection and terminate selected programs if the VPN connection fails.  This type of software is basic to simple security and is available, in a simple form, for free. See: http://vpnetmon.webs.com/
    There is an additional consideration for security, even when using a VPN, and that is what is called a DNS leak. 
    When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks via the underlying connection, anyone monitoring your traffic will be able to log your activity.
    DNS or the domain name system is used to translate domain names such as www.privacyinternational.org into numerical IP addresses e.g. 123.123.123.123 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities.
    Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.
    If you are deadly serious about security and anonymity, the fix is simple and reasonably painless. See:  http://www.dnsleaktest.com/
    It makes sense to ask, “Why all this concern with security?  I don't really care who knows what I read on the internet.”  That is a legitimate view, and it may be correct, but when you browse, sites are tracking the pages you browse to, they are timing how long you stay on a page, they know what products you view and buy.  If you use Google email, they know every thing you say and discuss, not they are interested in anything except your purchasing power, and the ability to deliver paid ads to you. 
    Your address and phone number on on the internet.  Your associations and possibly political affiliations are out there.  The books you purchase, the vitamins you buy, your entire purchasing history is in an archive, somewhere, from which all of this is being collated, collected and sold to telemarketers, direct mail houses, and pop up browser ads. 
    Do you feel violated?  You probably should.  Most of the major sites fully cooperate with almost every government request for disclosure.  Have you ever voiced an unpopular political opinion about a politician?  It is known, and can be laid directly at your door.  Oh, that can't happen here..... Really?  Ever heard of the Homeland Security Act? Just what actions can be justified under this act?  How would you like to find out the hard way?
    Or, as is far more likely, you'll never attract the attention of any security agency, how do you like having your most intimate purchases being available to any company that will cough up the funds to obtain a profile on you? 
    No one is going to protect your privacy!  Every move every government makes is to open the citizen's life and make every thought, act and desire available to the government.  Every move every company makes is to establish a more accurate profile of you so that they can manipulate your purchasing habits and get your money.
    This is the world we live in.  How do you intend to react to it?
.~~~~~~~.
    Okay, that's the doom's day scenario, but there are other considerations!  Suppose you want to watch a video and it's in a country that blocks your connection.  Are you out of luck?  Not if you can connect to a VPN server in a nation that is not blocked by that provider.  The USA censors many sites.  Connect to the Netherlands and read what you can't read in the USA.
    Even more trivial, but very annoying, is the policy of many ISPs of “traffic shaping”.  This means that your traffic is slowed down if you are not connected to a favored provider or are using too much bandwidth of an “unacceptable” nature.  This is NOT science fiction or theory.  This is daily practice.  A VPN, with its encrypted data stream masks the nature of your communication, avoiding the traffic shaping algorithms and the relay facility obfuscates your target site. 
    You are likely to discover that your downloads load faster, pages paint quicker, and videos no longer stutter and hang, when online. 
    You pay for service.  You have the right to the service that you pay for, and you are not really getting it. 
~~~