This is an era where data privacy risks from internet connected devices involves your data being generated, propagated, analyzed, and stored by third-parties on a daily basis.
A large portion of your data being generated revolves around four main catageories of data privacy risks.
I. Domain Name Service (DNS) Leaks
II. Email IP Leaks
III. IPv6 Leaks
IV. Browser/OS Fingerprinting
These data privacy risks are predominantly tied to your internet protocol (IP) address which reveals a lot of your online activities. When using devices on your home network or small business network you have two IP addresses to contend with, your internal private IP address and your external public IP address.
The internal network facing IP address, also known as the private network address is assigned uniquely to each device on your home network by your home router. The address only pertains to the communications between devices happening inside your network.
The external public IP address is assigned by your internet service provider (ISP) and usually represents only your home router or small business router which is then used by each device communicating on the internet. This public IP address represents all of the devices operating behind that home router or small business router.
For example, when your device requests a website address through a given website name, such as https://eff.org, it’s translated from those letters into actual IP address numbers. That translation is made possible by the the DNS servers your device is communicating with.
The role DNS servers play in your overall privacy and security on the internet is often overlooked. This is due to the fact that using a modem and router provided by your ISP means the default settings are communicating with their DNS severs.
ISP’s log all activity on their networks and even if a website you are visiting has a padlock symbol signifying encrypted traffic between your device and the website requested, DNS traffic is usually not encrypted. So in addition to your ISP keeping record of all sites you visit, other third parties have visibility into the unencrypted DNS traffic as well.
A simple DNS Leak test will verify what DNS servers you are currently using. Additionally, if you have already taken steps to either change your DNS server or employ the use of a VPN its worth testing how effective your current settings are working.
Should the test reveal that your settings are not achieving the desired outcome then you will have a starting point for identifying and making necessary corrections.
An excellent VPN service provider such as Private Internet Access will actually wrap all of your device traffic in strong encryption including DNS traffic and then route it through their servers, including their own DNS servers.
That shield against ISP traffic monitoring goes a long way towards increasing your online privacy and security.
Email IP Leaks
Another reason and use case for using a VPN service is that simple emails you send can also reveal your IP address.
If you are sending emails while connected to a VPN service then the IP address of the VPN server is revealed instead of your personally identifiable IP address.
Test to see if your email provider or email client leaks your IP address here.
IPv6 is the preemptive solution to the Internet’s problem of a dwindling pool of IPv4 addresses available. IPv6 vastly expands the TCP/IP identifiers that can be created.
IPv4 is still the prominent internet protocol in use today, however more ISPs are supporting IPv6 which means that is another avenue for a unique identifier which identifies you. If you have adjusted your router settings to disable IPv6 or use a VPN which claims to shield IPv6 leaks as well, then its highly recommended to test for IPv6 leakage here.
Finally, last but not least is browser and operating system (OS) fingerprinting. This is one of the most nefarious and privacy violating tracking methods currently used.
In essence, browser and OS fingerprinting involves capturing many unique data points about your web browser in-use and your operating system in-use. All the data points captured from your browser and OS, which are to numerous to list here are then compiled into a unique and traceable fingerprint across the internet.
So far the best defense to browser and OS fingerprinting is the herd approach. Meaning, you want your device to have identical specifications and settings along with the majority of other users. The more people producing the same browser and OS fingerprint waters down the tracking ability.
If you are ready for a reality check as to the insidious nature of this privacy violating tool then check out PANOPTICLICK provided by the Electronic Frontier Foundation (EFF).
4 Examples of Data Privacy Risks
In summary, you’ve read about the perils of data leakage and 4 examples of data privacy risks stemming from DNS leaks, email IP leaks, IPv6 leaks, and browser/OS fingerprinting.
You may want to bookmark this page (Press Ctrl + D) and come back to test these areas of data leakage regularly as you work to adjust your settings and mitigate the data leakage.
For further reading on your public IP address vulnerabilities and why a VPN is so important I also recommend this article. What’s my IP?
Feel free to share your thoughts on data privacy risks below!