Internet Surveillance

As you browse the Internet, each page loads resources from various URLs that reference other sites. Think of the little Facebook or Twitter tags you see everywhere you go. Those are surveillance devices.

Here's how they work. This example picks on the Facebook widget. The same can be said of every widget that is hosted at a URL at some other site, besides the one hosting the page.

You visit a web site using your web browser. A web server sends the web page to your computer but not the resources, such as the little blue and white Facebook F. To get that little picture, or simply to confirm your local cache is valid, your computer communicates with facebook.com, not the web server dishing out the page. At facebook.com, a log entry is created showing exactly when your IP address accessed that F and what page you viewed that referred to it. Your every step is tracked, each and every time you land on a page with the little F. Facebook can then consolidate and analyze that data in whatever way they choose.

At a minimum, the following information is tracked, for every resource that is accessed by your web browser.

Who Your IP address, never anonymous. Your ISP maintains logs of all its IP addresses, including dynamic IP addresses, showing who has them and when.
What The specific resource that was accessed. .html, .png, .gif, .mp4, etc.
When UTC timestamp.
Where Your IP address reveals your general geographic location.
Why The referring resource. e.g. The web URL that referred to the resource.
How The web browser and version you used to access the resource.

Blocking Hosts

It is easy to prevent your computer from accessing certain web sites, without installing any apps. A few simple changes to your hosts file will do the trick.

· On Linux the file path is /etc/hosts.
· On Windows the file path is something less inviting, like /Windows/System32/Drivers/Etc/hosts.

The hosts file is used by the network subsystem of the operating system to resolve network names to IP addresses. This is typically done by making a query to a DNS server. However, the hosts file is checked first. If a match is found there, no query is sent to the DNS server.

A name can resolve to one and only one IP address, while one IP address can be shared by many names. When no response is received from a server at an IP address, the network subsystem does not check DNS for an alternate IP address. The name has already been resolved; it is not resolved again in hopes of getting a different result. The attempt to communicate just fails.

Consequently, you can prevent access to certain Internet domains simply by mapping the name to an invalid IP address. According to RFC 1918, addresses in the 192.168.0.0-192.168.255.255 range are private; they can't be used on the Internet because they aren't unique. I use 192.168.255.1 as the invalid IP address because I've never seen a DHCP server issue it automatically, in its default configuration.

Here is an example from my personal hosts file.

192.168.255.1 www.youtube.com youtube.com youtu.be
192.168.255.1 www.facebook.com facebook.com
192.168.255.1 www.twitter.com twitter.com
192.168.255.1 www.google.com google.com

The hosts file wants each line to have an IP address followed by one or more names separated by spaces. I split mine into four lines just to be tidy. All the names could have been listed on the same line.

Testing Blocked Hosts

Changes to the hosts file are immediate. The network subsystem does not have to be restarted. You can verify the change by pinging the names.

$ ping google.com
PING www.google.com (192.168.255.1) 56(84) bytes of data.

--- www.google.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

If you get an answer, a device on your network is using that IP address. This is extremely unlikely; pick a different IP address.

Unblocking Hosts

To disable one of these overrides, simply place a # at the beginning of the line in the hosts file. This causes the line to be ignored, until the # is removed. The line can also be deleted.

Aftermath

The FireFox web browser (and possibly other apps) will cache IP addresses during a session. I have to restart FireFox if I change my hosts file.

A surprising number of web sites will fail in some way because they cannot access these names. A lot of pages appear to load fine, then struggle at the end trying to contact one of them. A few pages will not load at all. This may not suit everyone's taste; I have grown quite accustomed; it is not debilitating.

HTTPS

With the advent of HTTPS, surveillance of all Internet activity was integrated into the system in a way that cannot be avoided. This is how it works.

Each access of an Internet resource at an HTTPS address requires communications with the authority who issued the HTTPS key. Therefore, every single secure web site and resource at a secure URL you access leaves a trail.

The United States Constitution, the founding document between the Old Republic and We The People, once guarded the rights of citizens with the following words, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated".

Tracking every paper we read and when we read it is "unreasonable". Obviously the New Order does not agree. The Old Republic should have protected the citizens from this kind of surveillance. Instead, they implemented it and the New Order requires it.

We know where you are.
We know where you’ve been.
We can more or less know what you’re thinking about.
· Eric Schmidt, Google CEO, 2001–11
Polite comments are welcome.
Enter any name to join the discussion.
Name Case Sensitive
Password Case Sensitive
Security
Privacy
Text Formatting