Who monitors Internet protocols. What does the provider know about the user? How will “surveillance” work on the Internet?

Use only one antivirus program. If you install several antiviruses on your computer, they will conflict with each other, which will slow down your computer. In the best case, one of the antiviruses will trigger falsely, and in the worst case, the antiviruses will prevent each other from working correctly.

• The exception to this rule is antispyware, such as Malwarebytes. They can effectively work simultaneously with an antivirus program, providing an additional level of security.

Do not download files from unreliable or suspicious sites. For example, if you want to download VLC media player, do so on the official website of the media player (www.videolan.org/vlc/). Don't click on links to random or unofficial websites, even if your antivirus doesn't warn you.

Use a firewall. The firewall checks all incoming and outgoing connections. A firewall prevents hackers from finding your computer and also protects you from accidentally visiting dangerous websites.

• Most antivirus programs include a firewall, and all major operating systems also have a built-in firewall, so you probably don't have to worry too much about the firewall.

Do not use an administrator account. Remember that if you log in as an administrator, any software, including viruses, can gain administrative rights. This will allow malicious codes to wreak havoc on your system and spy on your activities. If you use a “guest” account, the virus must be much more powerful in order to penetrate the system and work on it. From a guest account, malicious code will be able to send information about you, but nothing more.

The security of computer data and ours, the user's, is measured by the absence of viruses - Trojans, worms and other nasty malicious programs designed to slightly or seriously spoil the lives of you and me. However, the last couple of years have shown that viruses of the past, and even the present, are a child's 8-bit squeak on the Super Mario lawn compared to what really threatens each of us.

Well, what can a virus really do? Force the owner of a computer to download, after parting with his hard-earned fifty dollars, a licensed antivirus? Reinstall the operating system? Change passwords on Facebook? Fix a hole in Wi-Fi? Run around to offices engaged in data recovery? Scared! All this can be solved and is not scary.

It’s much worse that all that seemingly harmless information that we share every day with curious friends, boastful colleagues and annoying relatives can end up in the hands of criminals at any moment. Who, how and why is constantly watching us and how to prevent this vile fact - this is what we will talk about today.

Would you like some cookies?

Smartphones can enter the coordinates of the point where the photo was taken into the system fields of a photo file. When publishing a photo on social networks, online resources can automatically match the coordinates and provide the exact address of the shooting location.

Facebook and email have become an integral part of every morning for many. But think about it for a minute! After all, you and I constantly send so many intimate details of our lives to the World Wide Web that no spy is needed. It’s enough to record the actions we perform on our devices 24 hours a day: which club and with whom Sveta visited Facebook for the fifth time that night, what size shoes Alexey bought and how much, when Irina is going to a conference in Poland, which children’s club Sergei took his son to find out at which metro station Katya got off, and to which GPS coordinates Andrey assigned the tag home sweet home.

And who will write down all this seemingly useless nonsense, you ask? There is such a James Bond, and it is also installed on your computer. This is our own carelessness, hiding under the cute name “cookie” or cookies.

“C is for cookies and it’s good enough for me,” sang the cute blue plush Gingerbread Monster in the Sesame Street educational program, not even suspecting that he would serve as an ideological inspiration for the creators of the first “cookies,” Netscape Communications. Old geeks may remember that before Google Chrome, before Internet Explorer, before Opera and, of course, Safari, there was a browser like Netscape Navigator, the “grandfather” of modern Mozilla Firefox, and it was the most widespread until the mid-90s . It was Netscape that first introduced support for cookies. They were invented in order to collect information about visitors and store it not on the company’s overcrowded servers, but on the hard drives of the visitors themselves. To begin with, the cookies recorded basic information: it checked whether the visitor had already been to the Netscape site or was visiting for the first time. Later, programmers realized that cookies can be trained to record almost any information about the user that he himself wants to leave on the Internet. They gathered, of course, without the knowledge of the peaceful visitors.

Imperceptibly introduced into Netscape Navigator in 1994, and into Internet Explorer in 1995, the “cookies” remained unknown workers until 1996, when, thanks to a journalistic investigation, the entire respectable Internet public learned about them, and an international scandal broke out . The public was shocked: the brother, while not very big, but still the brother, it turns out, was monitoring all the actions every minute and, moreover, recording everything. The creators' statements that all data is stored securely (namely, on each user's own computer) and cannot be used by attackers were little reassuring. But it soon became clear that these statements were not reliable.

As it turned out, with a strong desire, an attacker can intercept a “cookie” file sent to the site that created this work of computer culinary art, and, pretending to be a user, act on the site at his own discretion. This is how emails, accounts in online stores, banks, etc. are hacked. But, let’s admit, this is not so easy to do.

Moreover, despite the declared anonymity of cookies, even marketers themselves admit that the classification of users, that is, you and me, has reached perfection. We are looking for all Safari owners, 25-35 years of age, male, with a Citibank card, graduated from the Moscow Aviation Institute, unmarried, suffering from myopia, wearing long hair, fans of the Star Wars series and the Nickelback group, with an annual income of $50-100 thousand, frequent visitors to the Rolling club Stone, living near the Novogireevo metro station? Please, these three people.

Who is buying this information? How will he want to use it? Our paranoia pours herself a glass of something with orange juice and refuses to answer this question. The mass scale of the phenomenon has long gone beyond any acceptable limits.

An experiment conducted by the Wall Street Journal in 2010 showed that the 50 most popular sites in America installed 3,180 spyware files (the “cookies” we already mentioned and their younger advanced brothers “beacons” or “beacons”) on their behalf on a test computer. , recording literally everything for serene users. Only less than a third of the files were related to the operation of the sites themselves - recording passwords, remembering the preferred section to start with next time, and so on. The rest existed only to learn more about a particular visitor and sell the information collected about him at a higher price. The only site that did not install a single unpleasant program was Wikipedia.

In addition to cookies, as we have already said, there are also “beacons”. They do not send themselves to users, but are placed directly on the site as a small picture or pixel. “Beacons” are capable of remembering data entered from the keyboard, recognizing the location of the mouse cursor, and much more. Comparing them together with the “cookies”, we get a picture worthy of a paranoid’s nest.

Using the Privacychoice.com service, you can find out exactly who is monitoring your actions, whether only general or also personal information is recorded, how long it is stored and whether its anonymity is guaranteed. Unfortunately, the unpleasant statistics were collected only for the main American sites.

What can this information be used for?

Fig 1. Approved list of words, phrases and expressions, the use of which may entail increased attention to your actions on the Global Network

Intelligencer Mark Zuckerberg

The American public, unlike ours, is not asleep and, having caught wind that the DMV is conducting violent surveillance of ordinary people, it has created an organization opposing this with the modest name EPIC. In one of their counter-investigations, EPIC employees managed to find out that the Ministry of Foreign Affairs had developed a certain list of surveillance activating words. You type, say, into Google the innocent phrase “Guadalajara, Mexico.” And the Ministry of Foreign Affairs immediately includes you in the list of potential bin Ladens and begins to record all your actions on the Internet, just in case. Suddenly you decide to blow something up, you never know...

A complete list of extremely strange words, many of which we use in online communication every day, can be found on pages 20-23 of this document.

In addition, as EPIC found out, the vast majority of at least somewhat significant domains, such as Facebook, Twitter, news email sites, cooperate with all known security services, giving them access to correspondence, personal data, location and even appearance of users, without a court order. According to one of the MIA employees, for every real suspect there are a dozen suspects on completely unfounded grounds. It is not clear how data transfer occurs in such a situation, how secure it is, and how the received information is disposed of if it is no longer needed.

Another blatant fact of the introduction of Johnsons, Petersons and Sidorsons into computers under the auspices of the fight against piracy was made public in the United States in July of this year. The fact is that the US Recording and Motion Picture Association has developed a project according to which providers will automatically report cases of media piracy. We are, of course, against piracy, but such an initiative means surveillance of users. The punishments seem especially strange: from soul-saving conversations and limiting the speed of the Internet channel to banning access to two hundred major websites in the world.

Even if you have a separate computer for work, from which you, like a decent paranoid person, never access the World Wide Web, we hasten to disappoint you. There are ways to monitor it even bypassing “cookies”, “beacons”, words from the terrorist list, etc. After all, you regularly update your antivirus anyway, right? What kind of signatures are sent to your computer? An antivirus creator who is interested (either by the government or by third parties) can, thanks to his program, search for anything on your hard drive. All you have to do is declare it a new virus.

What about antivirus, your GPS, your smartphone, which is about to acquire a fingerprint sensor, Google Street View, programs for recognizing faces in photographs - there is simply no limit to the introduction of unauthorized strangers into our daily lives. Your supervisor at the FBI or MI6 is aware, they have already been told to him.

Dancing with pigs

But who gave it? We passed it on to you. Look how we treat our own information! Look at your Facebook settings: How many third-party apps have you allowed to use your data? Try installing a new program from the Google Play Store on Android and, for a change, read what powers you promise it (access to the phone book? Using the Internet as needed? Making calls to your grandmother?). Take a look at Instagram's user agreement - by signing up, you've given full ownership of all your photos to Facebook! Create an account in the Amazon cloud and ask what you agreed to: Amazon has the right to change, delete the information you upload at its discretion, and also terminate your access to the site.

Computer science guru and Princeton University professor Edward Felten aptly dubbed what was happening “the dancing pig syndrome.” If a friend sent you a link to a program with dancing pigs, you will probably install it, even if the license agreement says about the possibility of losing all your data, sense of humor, guilt, conscience, reason and average income.

What to do?

1. Make sure your home Wi-Fi is well password protected and never use a suspicious Internet connection.

2. Change passwords more often, make them longer and stronger. We remain skeptical of password management programs and are torn between the fear of forgetting our twenty-three-digit alphanumeric password, the fear of email, Facebook, Twitter and other cute sites being hacked, and the fear of someone writing down our passwords if we keep a record of them in specialized program. As they say, here's your poison to choose from. If you choose the latter option, our paranoia recommends RoboForm and Last Pass.

3. Install CCleaner and don’t forget to use it (ideally, every day). If you don’t know where to get it, go to our website www.computerbild.ru and look in the “Download” section.

4. Install anti-tracking plugins in your browser. In Google Chrome, for example, we like the Keep my opt-outs Plugin. It removes data about you from more than 230 sites. After that, install Do not track plus - this plugin prevents “cookies” from sending information about you again. In Chrome, by the way, we recommend using the Incognito function. In this mode, you can only be watched from behind your back, so don’t forget to look around or hang a mirror behind your computer. Joke.

5. Use an anonymous VPN. A good and fast one may cost a little money, but the service is usually worth it. Of the free ones, we like HotSpot Shield.

6. Turn off Google history. To do this, type google.com/history and, using your gmail.com account, delete everything that Google has recorded about you. After this operation, Google will stop recording (probably), unless you ask otherwise.

7. You can also switch to the now popular TOR browser, which uses a volunteer network of computers to achieve maximum anonymity of transmitted encrypted data.

8. If your last name is Navalny or Nemtsov and you need to communicate with friends and colleagues via an unwatchable channel, install an anonymous file sharing program such as GNUnet, Freenet or I2P. In this case, we recommend regularly making backup copies of data and storing them on different clouds, accessing them through an anonymous VPN.

9. And, most importantly, read the user agreements of the programs you install. Before installing the next cats, think carefully about whether you need this program if it undertakes at any time, like a mother-in-law, to use the Internet and telephone on your behalf, check who called you, find out where you are, pay for purchases on your credit card. card and change your ringtone.

Other news

From January 1, 2016, Belarusian providers are required to collect and store for a year information about all sites visited by their clients.

"Belarusian News" looked into how "surveillance" works, whether it can be bypassed and what it means for ordinary users.

How will “surveillance” work on the Internet?

In fact, the provider’s database will record that, for example, on January 18, 2016, subscriber Ivan Ivanovich Ivanov (passport data is stored with the operator upon conclusion of the contract) from a certain computer and a certain IP within three hours from 16:00 to 19:00 downloaded 10 gigabyte from IP address 188.93.174.78 port 443, which Google uses.

And so on for each connection.

If wi-fi is installed in an office or apartment, to which several people can connect at the same time, it is problematic to determine who exactly visited a particular site. In this case, data about visited Internet resources will be saved in the name of the subscriber with whom the provider entered into an agreement.

Will the provider be able to see and remember the comments I post?

If you open a site through a secure https connection (a green padlock will be drawn in the address bar), the provider does not see what site you opened, how much time you spent there and how much information you downloaded. This can be compared to a postman who delivers letters but does not open them. If you view the site through a regular http connection, then the provider sees all this information plus the content of your messages, login and password for your mailbox.

However, even before the new decree came into force, providers provided law enforcement agencies with information about users that they were interested in. There are known cases when a commentator was held accountable for insulting someone online.

If a social network works via https (and this is how all popular social networks work now), then the provider does not see your messages. And if via http, then the provider can see all the messages that you write and receive, as well as all the photos that you upload. And not just the provider. Also the system administrator of the network you are connected to. And also advanced wi-fi users, if access is passwordless, as happens in a cafe or airport.

Which messengers are the safest?

Almost all modern instant messengers encrypt their traffic, and the provider cannot read the content of messages. More details about the most popular programs can be found in the table. If there is a green bird in the Encrypted in transit column, it means that the provider cannot read your conversation.

The most secure messenger is the one with the most green marks in the table. This is, for example, Signal, as well as Telegram, but always with the secret chat option. This feature only works from smartphone to smartphone. And if you send messages in secret mode, the content of the conversation will be encrypted so that it will not be seen even on Telegram servers. Skype, Viber and WhatsApp, which are popular among Belarusians, are much more susceptible to “surveillance”.

I read opposition sites. Will I be punished?

Perhaps, with the adoption of the resolution, it will be more convenient for the special services to compile lists of citizens who read opposition resources. However, there is no and cannot be any liability for the fact that you open the websites of “Charter’97”, “Belarusian Partisan” or the human rights center “Viasna” liquidated by a court decision. Otherwise it would be direct censorship, which is prohibited according to the Constitution.

Is it possible to escape the “surveillance” of the provider?

You can install a program on your computer that will allow you to anonymously connect to the Internet. The provider will not see what sites you visit and what messages you send. The most popular system in this segment is TOR; it can be installed on virtually any operating system. The very fact that you are using a connection protection program will be visible to the provider, but what exactly you are viewing and transmitting will remain a secret.

Do you need to bother and use anonymizers?

For most users, the new regulation will not affect their work on the Internet in any way. Open your browser history for a month. All these links will be seen by the provider, including sites with pornographic content. But there is no liability for viewing such content in Belarus. There is no way to delete anything from the “provider history”. Information is accumulated and stored for a year. If you are worried that someone knows about all your activity on the Internet, you can install a VPN connection or a TOR browser.

Do providers have enough capacity to remember information for each user?

When and what site the user visited is not much information, considering that a 1 terabyte hard drive costs $50. If we are talking about preserving subscribers’ correspondence on the Internet, then this is a more complicated question. However, government regulations do not oblige providers to store such information.

"Belarusian partisan"

Every person on the planet can be subject to government surveillance. Read our article about how and why we are being watched and what methods they use.

Thanks to information received from intelligence officer Edward Snowden, it became known that the US National Security Agency wiretapped the heads of 35 countries.

In addition to government officials, ordinary residents are also subject to wiretapping.

For example, New York resident Michelle Catalano and her husband, who wanted to buy a pressure cooker and a backpack via the Internet, became victims of intelligence surveillance. The seizure service that arrived at the house asked the couple to slowly leave the house, thereby greatly frightening them.

The reason for this behavior on the part of the intelligence services was the terrorist attack in Boston, which happened a few months earlier. The terrorists made bombs using pressure cookers and carried them to the scene of the tragedy in backpacks.

And this case is not the only one that proves that any human actions can easily be tracked by special units.

All anti-terrorism methods, which, in fact, must be properly coordinated, are very chaotic. And innocent people very often fall under surveillance.

According to Edward Snowden, there are a lot of programs designed to spy on people. One of the most famous is Prism, which cooperates with such well-known computer companies as Microsoft, Google and Facebook, and cellular operators.

They listen to conversations, read correspondence, view photos, videos and Internet queries of any person who uses it. In other words, almost every inhabitant of the planet falls under surveillance.

Even if you turn off your phone or computer, special programs will allow you to turn them on remotely and monitor any movements of a person, record his conversations and actions.

It is possible to escape such surveillance only by removing the battery from the phone. But, for example, such a popular phone as the iPhone does not have such a function.

The public organization EPIC has learned that the US NSA has created a list of special words for surveillance.

By searching Google for “Drug Enforcement Administration,” the DEA automatically puts the person on its list of drug traffickers and begins paying special attention to all of their online activities.

By asking the question in a chat: “Where can I buy Nurofen without a prescription?”, you can easily get on the list of potential drug addicts.

Being the most harmless person in the world, the employee who wants to identify the attacker in you will do so.

If you want, you can find fault with anything. So the question arises: what to do to avoid surveillance?

What you definitely shouldn’t do is throw your phone and computer from the sixth floor.

You need to try to monitor your behavior on the Internet: what pages you view, to whom and what you write, what files you download.

Of course, you can install special programs, encrypt personal data, surf the Internet under anonymous profiles, but perhaps this will attract the attention of the intelligence services.

Even the most professional hackers fell into the hands of intelligence services, despite their ciphers and codes.

By the way, an interesting fact. Edward Snowden once asked Russian President Vladimir Putin whether Russian intelligence services were monitoring their residents. The president's answer was negative.

All Russian services are under state control, and no one will allow them to conduct indiscriminate surveillance in the country.

Take it for yourself and tell your friends!

Read also on our website:

show more

There is one fly in the ointment in the lives of happy owners of Apple technology: unreliable insulation of the cable from the charger, which wears out in the blink of an eye. But we know several simple ways to fix your iPhone charger at home, so as not to spend money on an expensive new thing!

Via Internet Service Provider

Until 2016, clickstream (from the English “click stream”) was widely represented on the market - data on user behavior that was sold by Internet providers. To do this, the intermediary installed special equipment on the operator’s side, which automatically transmitted information, with the exception of confidential https traffic.

The largest clickstream supplier, iMaker, boasted on its website of cooperation with several large federal operators, according to data from the WaybackMachine service. At the end of 2015, the Roskomnadzor department for the Central Federal District fined MGTS, Summa Telecom and PJSC Central Telegraph, convicting them of selling clickstream. After that, its mass sales stopped, although it is still represented on the market, two market players told RBC magazine.

Via public Wi-Fi

Public Wi-Fi operators monetize information about mac addresses—mobile phone identifiers. In order to be “caught”, it is not necessary to connect to their network: routers catch the Mac of everyone who has the “search for Wi-Fi network” function enabled. Modern gadgets distribute random identifiers by default, but operators have learned to bypass this obstacle: for example, the router constantly changes the network name, mimicking the most common names.

The collected macs are subsequently uploaded to advertising platforms, such as myTarget from Mail.Ru Group: they present lists of several hundred thousand visitors to shopping centers in Moscow and St. Petersburg. The platform user can use these lists to target advertising to specific users.

Via phone

Cellular companies are cautious in the user data market. All usual advertising mailings are handled by third-party technology platforms that have agreements with all operators. The advertiser can bring his customer base, or he can ask him to select a list of recipients of his messages. In the latter case, the mailing is carried out to those subscribers who agreed to receive advertising when purchasing a SIM card. Now there are about 80% of them, Petr Yakubovich, managing director in the CIS region of the Infobip platform, told RBC magazine.

The list is formed based on targets. MegaFon has 11 of them, indicated in the operator’s commercial offer: age and gender, average mobile bill, phone model, interests on the Internet, specific addresses. Some SMS messaging platforms also offer the use of targets such as “calls to competitors’ phones” or the number of “notifications,” that is, messages from taxi services or sports organizations.

Via bank

Banks operate even more cautiously than mobile operators in the user data market. Sberbank was the first to build full-fledged third-party advertising campaigns for its users. In 2015, he bought a controlling stake in Segmento, one of the oldest platforms in Russia for the automated purchase of advertising on the Internet.

Segmento receives cookies from Sberbank of clients who used the bank’s online services, then, through existing audience segments, finds them on the Internet to display targeted offers. According to this scheme, Segmento conducted an advertising campaign for McDonald's: having received data on several million people who visited fast food restaurants and paid with a Sberbank card, Segmento played them videos of the new Creek Mac sandwich. And then she also analyzed which of those who saw the advertisement tried the new product.

Through the box office

Owners of dishwashers (280 thousand people), buyers of premium cigarettes (1.4 million), buyers of baby diapers (375 thousand) are ready-made audience segments uploaded by X5 Retail Group into the myTarget advertising platform. The retailer has been officially cooperating with it since the end of 2017; in total, about 1,000 such segments are now available.

In 2017, fiscal data operators, who are responsible for transmitting information about purchases to the Federal Tax Service, also entered the market. In its pure form, their information is a list of product items, cost, time and place of payment without reference to a specific client. But you can link fiscal data with a person through a loyalty card or bank transactions.

Who sells data

The main players in the online advertising market (Yandex, Mail.Ru Group), banks, payment systems, mobile operators, retailers, and large public Wi-Fi operators do not sell their data directly. At the same time, most companies do not advertise cooperation in the field of enriching their audience segments.

Experts and market players estimated the volume of the Russian user information market in 2017 at no less than 3.3 billion rubles, and its potential - up to 30 billion.