xonen's Journal: My privacy online

I decided recently to put some more effort in securing my online privacy, by using some standard tactics, like automagic clearing of cookies except for a whitelist, and by logging out from the big spysites like Facebook and Google. I also try to obfuscate my surfing even further by using different browsers, and even got more headroom if i'd install Opera or Safari as well, in an effort to sabotage browser fingerprinting.

The practical implications are more severe than i expected though. For example, when not logged on to a Google account, their search results seem a lot more irrelevant, up to the point i'd call it a 'shitty search engine', littering the top-10 results with rubbish. And before you say 'duh, of course personalized search results are better' - the same applies to subjects i'd normally never search for. Of course this is a subjective impression. Just as subjective as that certain sites seem to remember your history without being logged on anywhere. Clearing cookies largely helps, it seems. It's stunning though how visiting a single page easily leaves no less than 30 cookies on occasion - and that's with an ad blocker enabled. My conclusion here is that using an ad blocker might indeed block ads from displaying, it is in no way an effective means of getting tracked less.

All my effort seem in vein though, when i read the numbers on police queries. According to http://webwereld.nl/nieuws/109521/-politie-schendt-wet-met-bevragingen-ciot-database-.html , the dutch police queried personal data (name, address) belonging to a certain IP address, no less than 2.3 million times in 2011.

The most basic math would reveal that about 15% of the dutch population (around 16.6M) was queried. However, if you start counting the number of households (around 7M), or better: the account of households with broadband internet connection (around 5M), that number approaches 50%.

If you'd also factor in my internet usage which is surely a lot larger than the average (16/24 x 7/7, visiting a lot of websites, leaving comments left and right, likely on more delicate subjects), then it's almost a statistical certainty, with a sigma that the CERN would be proud of, that my IP address was queried at least once in 2011.

There's no privacy. If it's not an secured connection, it's even likely that all data is tapped. Not only the obliged info that's tapped for everyone (you know, emails, tcp connections) as by EU law, but also a full tap as in phone tap - holland tops the numbers there too.

To make matters worse. It can also not be excluded that even a secured connection is insecure. Apparently almost any certificate distributor is flawed, stamping thousands of fake certificates. There are even certificates that work on the 'top level domain'. Worse, there's no reason to believe they were not only used in Iran or so, as is officially claimed. Man-in-the-middle attacks are not only a theoretical concern.

There's only one conclusion: there's no privacy online. What the big companies do is only children's play compared to how the dutch gov operates. It's logged, filed and analyzed. Likely even this very message. I'm a suspect. A potentional rebel, hacker or terrorist. Just like 2.3 more dutch citizens.

So, next time you come to holland, better think twice before visiting our country filled with criminals. But rest assured you're watched, for the safety of us all. Because we all want a safe internet, don't we.