Here’s a Practical Way to Think about the Web Privacy “Arms Race” and Where Residential Proxies Fit In Hprox Follow Feb 22, 2019 · 5 min read

1 billion gigabytes!

That’s the standard unit of data storage — also known as an exabyte — the NSA is working with, apparently, at its Utah Data Center. Their simple plan is to store as much data as possible. It’s OK if it’s encrypted — they’ll worry about decrypting it later with quantum computers or whatever cutting-edge tech their virtually unlimited budget will buy in coming years.

In other words, there is a surveillance tech “arms race” and the NSA definitely has more arms than you ever will!

The thing about arms races, though, is that they be pretty complex on multiple levels.

Think about the Cold War, which is probably the most famous historical example of an arms race. If you believe President Ronald Reagan, it was all part of a master plan to outspend the USSR and bankrupt them economically in a massive “keeping up with the Joneses” situation.

Obviously, the USSR collapsed. But if you drill down and look at the actual arms themselves, there is a pretty compelling case for a lot of Soviet weaponry being better designed and reliable. (Or destructive in the case of nukes — thank goodness we only know that from the blueprints and not from actual experience!)

As one example, consider the AK-47 vs M16. The AK-47 “just works” far better. There are plenty examples of the “little guys” using Soviet weaponry to stand up to the American “big guys” in insurgency-style warfare. Vietnam, Afghanistan, etc. etc.

What does that have to do with the surveillance tech arms race?

The NSA and other world governments are winning — and will continue to do so — in the traditional sense of spending, resources, and capabilities.

They have tremendous resources and if they concentrate them all on little old you, you extremely unlikely to win a war for online privacy. If you are in the crosshairs and really don’t want them what you’re doing on the internet, then you probably shouldn’t use the internet.

Obviously we do not recommend doing anything that would put you in these crosshairs in the first place.

Even so, as a thought experiment it is useful to think how these “heavyweight” government snoopers might theoretically track your behavior. Once you know that, you can choose your best way to stay ahead of them. Or at least delay your unhappy ending… maybe indefinitely. But we don’t like your chances against heavyweight snoopers!

We are certain, however, that you can protect your privacy when you are up against midweight snoopers like search engine providers, social media platforms, or digital content producers.

They have essentially the same playbook as the heavyweights — it’s just that for legal or budgetary constraints they just can’t use the plays quite as effectively.

Here’s that playbook:

Web snooping basically involves recognizing traffic patterns and penetrating (or blocking) their sources.

Let’s say you are using a privacy tool, i.e. a commercial VPN or proxy service, to try to maintain your web browsing privacy. If someone wants to totally crack your privacy, they’re going to have to:

identify that you are using the privacy tool in the first place. Heavyweight and midweight snooper can see unusual amounts of traffic originating from an IP address and flag it as a VPN provider, for example. For practical purposes, just that knowledge is enough for them to kill the connection with that IP address so as to complicate your digital life.

Second, snoopers with enough resources can penetrate the IP server. Heavyweights could bug / wiretap it. Midweights might, for example, create an account with a VPN provider so as to identify the IP addresses it is using from the inside and then flag them.

Both tactics are becoming increasingly effective with the rise of artificial intelligence and big data analytics.

A heavyweight snooper who can bug both you and the VPN provider probably won’t be able to see your browsing activity directly. They probably can’t break the encrypted “tunnel” you create between your computer and the server, even though they can see that the tunnel exists.

But they can see certain amounts of anonymized data flowing from your computer to the VPN server, and from the VPN server to the website you want to look at. With powerful enough analytical tools, they identify a correlation between both sets of data and therefore track you effectively.

A midweight snooper can’t take it quite that far. But with sophisticated data analytics, they can get increasingly granular about the traffic patterns they identify as coming from VPNs. We’ve written about how good they’re getting before.

Your best countermeasure, therefore, is to avoid being part of a traffic pattern! In other words:

Avoid the “mini crowds” that form around commercial VPN providers.

In American football, there’s an interesting formation called “the wedge.”

As the name suggests, it basically means that all the offensive players come together into wedge shape and hope to break through the defense with brute force.

Historically you would see variations used throughout the game. Today due to rule changes — because it was so violent and caused so many injuries to both sides — you only really see it on kickoff returns.

The basic assumption behind the play is that your team is more powerful than the other team. If the other team is more powerful, well, they know exactly what you are doing and how to stop your play. Usually it involves a player known as the “wedge buster” running kamikaze-style into the front of the wedge!

When you’re using a commercial VPN, which is also serving other privacy seekers, you’re forming something like a American football wedge. This mini crowd causing irregular traffic is a relatively easy target, and if the snooper has capabilities to bust your wedge, you are probably going to get busted!

Instead, blend into the largest crowd of web users you can find — ideally via a residential proxy network.

That means, essentially, using residential proxy services like ours. You’ll be accessing other users’ IP addresses and appearing for all practical purposes to be an individual web user in a different country. Not a group of web users using a data center IP provided by a VPN company.

This way, heavyweight and midweight snoopers can’t identify you as easily. Then, midweight snoopers probably won’t want to block you — or at least who you appear to be.

And it is going to take heavyweight snoopers a lot longer to bug every single residential IP address than every single commercial VPN provider!

Summing up, on one side of this surveillance tech arms race you have proxies and VPNs. On the other you have whatever the NSA and other government equivalents are cooking up in their massive data center.

The technologies on both sides are developing fast — but if you want the best of the bunch on the privacy side then check out hprox!