Online privacy is a vast topic and for the average internet user it can be an uphill struggle keeping up with the facts. So we’ve rounded-up five of – what we think – are the most common misconceptions surrounding online privacy. If you can think of any better ones, let us know in the comments!

My ISP doesn’t keep a record of the websites I visit…

Many people browsing the web believe that they are not being tracked by their ISP and that their ISP is not keeping a record of the websites they visit, as well as the people they email. It’s a very reasonable belief, but in many countries it simply is not true. The vast majority of European countries have a data retention policy in place that adheres to the EU Data Retention Directive. This means ISPs are forced to keep logs of your web activity for up to 2 years after you cancel their service. The UK, Sweden, France, Italy and Holland all have a data retention law in place. Germany is one of the few European countries that has resisted. The US currently has no data retention law in place (lets hope it stays that way), but ISPs will certainly keep data for at least 30 days and possibly more (it’s entirely down to the ISP in question). Australia is also in the clear for now, but the government is currently considering implementing an EU-style data retention act.

All VPNs protect your online privacy…

Despite the vast majority of VPNs marketing themselves as online privacy protectors, many simply aren’t up to scratch in this area. A number of VPNs retain your personal data – just like an ISP would – and are subject to any laws of the land requiring them to hand data over to authorities. This can be easily cross-referenced with billing information to find out your identity. TorrentFreak posted a good article on this subject, and we wrote another one discussing exactly what happens when law enforcement demands a VPN hand over customer data.

‘Private browsing’ is anonymous…

This may seem obvious to many readers, but I’m willing to be most people who click on ‘private browsing’ options really do think they’re being offered an extra level of privacy. In reality, you’re simply browsing without cookies, it has no effect on whether or not your ISP can track your IP address.

Law enforcement needs a warrant to access my data…

Sure, technically warrants are needed in most countries to access customer data from ISPs, but it’s not always so clear cut. In the UK any public authority (such as local council) can access “communications data” from your ISP without a warrant or judicial oversight. This includes partial URLs (the whole URL would require a warrant, but presumably they’d know the domain). In 2009 there were 500,000 requests for this type of data. It’s also worth noting that in the US The Fourth Amendment does not extend to your private data stored on servers outside your home. This led to the creation of the Stored Communications Act, which has been criticised for being confusing and failing to sufficiently protect privacy. It’s quite complicated (you can read an analysis here), but essentially law enforcement does not need probable cause and a search warrant in order to access your data, they just need a subpoena and can delay prior notice indefinitely.

SOPA and ACTA were defeated…

Online privacy activists quite rightly celebrated when the draconian copyright bill SOPA – and its Euro counterpart ACTA – were put to bed due to strong popular protest. But that doesn’t mean the laws these bills tried to implement have gone away. Elements of SOPA have re-emerged in the Intellectual Property Attache Act, which is authored by Lamar Smith, the same congressman who co-authored SOPA. While ACTA has been ratified in Japan and is being considered for ratification in a number of non-EU countries, including the US, Canada and Australia.

Image copyright © 2012 by Tomasz Sienicki