February 24, 2014

Creating a Digital Island

Law Practice Magazine | March/April 2014 | The ABA TECHSHOW 2014 IssueStories about government and business monitoring of citizens online have fanned interest in what can be done to remain anonymous. Attorneys are learning to expect that when they visit a website, their location, recent browsing history and interactions with other sites may be recorded. Less understood is what data is being gathered and how to prevent it.


People surfing the Net feel as if they were David Carradine’s character from the ’70s TV show Kung Fu, gliding along the rice paper, leaving no trace of their passage, blissfully unaware of the cameras. Understanding the monitoring that occurs on the Web is difficult to visualize—and easy to ignore. A simple tool that can illustrate Web tracking is Collusion. This plug-in for Chrome and Firefox provides information on how data is monitored from tracking company to tracking company to service provider. It puts a small button on the browser and provides a real-time count on the number of trackers affiliated with the sites visited. When it is clicked, you are provided with a map of all the trackers associated with your browsing session and those active on the visited site.

A free companion product is Disconnect (https://disconnect.me). It provides listings of all entities “listening in,” along with notes on the security level of the page being visited. Using Disconnect, you can view the “listeners” and selectively disable sharing information with them.


Controlling anonymity means using tools and settings that manage one or both ends of the connection. Local anonymity is the ability to avoid leaving traces on the machine in use, such as transaction cookies, history files, form data, autocomplete and temporary files. Remote anonymity ensures that the service you are using is encrypted and that the target system cannot determine—or that it erroneously determines—information about you, your location and the circumstances of use.


As cloud service use grows, sharing unintended information rises exponentially. The relationship of a cloud service to a browser is based upon exchanging the information we are working with and the exchange information relating to usage history, location and context of use. (Examples: Are you mobile or in a fixed location? What OS and browser are you using?) Modern browsers provide some controls to limit this. The most hyped and least effective tool is the Do Not Track setting. IE 10 and Safari both enable it by default, while you need to manually adjust this with Chrome and Firefox. This setting provides notice to third parties to not track information provided by the browser. The problem? The provider still controls the decision to honor that request.

A more effective control is to create a session that doesn’t record usage and erases all information once you conclude the session. This service can be called up on demand as follows:

  • Internet Explorer provides InPrivate browsing and can be activated by using the Control+Shift+P keys.
  • Google Chrome provides Incognito, which is called up by the Control+Shift+
    N keys.
  • Firefox provides a Private Window by clicking on the Firefox button and then selecting Private Window or by right-clicking a link and choosing Open in Private Window.
  • Safari offers a menu option to enable privacy by clicking on Safari then selecting Private Browsing.


Web sessions come in two flavors: “http” and “https.” The latter is the important one as it designates that your connection to a Web server is encrypted. By default, the Web server will provide unencrypted “http.” You can force your browser to use “https” by installing a small browser plug-in. In Chrome and Firefox, use HTTPS Everywhere (https://www.eff.org/https-everywhere). However, in Internet Explorer and in Safari, no option currently exists to force “https.”

One consideration for forcing “https” is that it can affect the speed of the browser, as the tool tries to complete an “https” connection to services that may not offer such access.


Concealing and encrypting are a good start, but using anonymous services such as a proxy service or virtual private network will help ensure your sessions remain private. The perceived requirements of technical skill, performance sacrifice and discipline to remain anonymous diminish the desire to maintain anonymity, as most users prefer ease of use to security. Several online and local-use software tools can offset the need for technical skills. The sacrifice element is that several “useful” online services depend on having access to a normalized Web browser and may not be displayed properly in a more secure environment.

A great service to maintain anonymity on the Net is called Tor. Short for “the onion router,” Tor was developed to secure military communications but now serves as a hub for privacy applications. Tor runs on most operating systems and popular mobile platforms. Download it from app stores or download pre-configured Tor bundles (https://www.torproject.org). Bundles come with a quick-start application that begins the encryption process and then starts up a hardened Firefox Web browser containing plug-in applications required to secure the session. To use the system, start your Tor client. Tor initiates a secure session and provides a window telling you the connection is secure and letting you see how you appear to remote systems.

This service will provide anonymity, but you can violate that by downloading files that activate programs on your computer or by installing plug-ins that have the ability to report usage.

Need anonymizing services on the road? Remain hidden by using hosted services that access the Web without leaving a direct trace. Most offer a basic free service with additional low-cost options for those who want faster service or fewer ads. Some examples of hosted services are:

  • Hidemyass.com, which provides free anonymous surfing and sells add-ons such as anonymous email and improved proxy service.
  • Anonymouse.org, a free quick-and-dirty service that has been running for the past 16 years.
  • Anonymizer.com, which provides a business-class range of services for $80 per year.


Email is a prime target for snooping. Encrypted email platforms can provide your clients with peace of mind. Encrypted messaging systems typically are Web-based and can provide the ability to securely store email and provide delivery tools for recipients to securely access it. Consider the following providers:

  • Hushmail (hushmail.com). Hushmail has a great track record, with free accounts available and professional accounts for $49 per year. Hushmail provides secure email for organizations for $5 per address per month.
  • Mailinator (mailinator.com). This site provides disposable, receive-only email. You provide an email address to a person, such as myhiddenemail@mailinator.com. When email arrives at the address, the system creates a new inbox and stores the email for a few hours.
  • Send Email Message (send-email.org). The opposite of Mailinator, Send Email Message provides anonymous delivery of email. Email recipients cannot respond to it, and the email is not stored on any server.
  • MyKolab (mykolab.com). Operating out of Switzerland for 11 years, MyKolab provides a secure email and calendar framework where your data is completely isolated, even from administrators. It costs $11 per month, but the Swiss have the best security and privacy laws in the world.


Security is a trade-off. If you have the discipline and ability to sacrifice some of the luxuries of the Internet, a relatively private and secure digital island can be created. As people learn of the threats to privacy, your ability to demonstrably secure client information will become an appreciated selling point. If you are comfortable with the status quo, simply explore the tools and become familiar with their capabilities. While their day-to-day use may not be in your future, they may be necessary for a potential client.