app 隐私 自我评估指南_在线隐私入门指南

app 隐私 自我评估指南

by Iulian Gulea

由Iulian Gulea

在线隐私入门指南 (The Beginner’s Guide To Online Privacy)

We are living in remarkable times. We can make pictures of places and people we like by pressing a button on our phones; shop from our homes for literally anything from needles to cars; reach hundreds of thousands of people through social and blogging platforms, and consume information on any topic in any volume at any time of the day.

我们生活在非凡的时代。 我们可以通过按下手机上的按钮来拍摄我们喜欢的地方和人物的照片； 从我们的家中购物，从针头到汽车几乎所有东西； 通过社交和博客平台吸引成千上万的人，并在一天中的任何时间以任意数量消费有关任何主题的信息。

For a person from 30 years ago it might sound very futuristic. For us it’s just how things are. Common sense.

对于30年前的人来说，这听起来可能很有未来感。 对我们来说，事情就是这样。 常识。

But all that comes at a price. And that price is our privacy.

但是所有这些都是有代价的。 这个价格是我们的隐私。

为什么要保持私密性？ (Why stay private?)

I am a law-abiding citizen, I have nothing to hide.

我是守法公民，没有什么可隐瞒的。

Or this one:

或者这个：

Why to hide in a globally connected world?

为什么要躲在全球互联的世界中？

Many people think this way, which is understandable and is absolutely normal. We expect that some companies know a lot of info about us (mainly because we provide it to them ourselves), but it might be a huge surprise that other companies collect far more sensitive information about us that we might not want to share with anyone.

许多人以这种方式思考，这是可以理解的并且绝对是正常的。 我们希望一些公司知道很多关于我们的信息(主要是因为我们自己提供给他们)，但是其他公司收集到的关于我们的更敏感的信息却可能不想与任何人共享，这可能令人感到惊讶。

To make matters worse, advances in Artificial Intelligence in recent years enable companies to find very interesting patterns and create fine-grained physiological and psychological profiles of people based on their online behavior. There was a case in 2012, when a company knew a girl was pregnant even before her family knew that. Now imagine what can be done with AI and lots of data about people today.

更糟的是，近年来人工智能的进步使公司能够找到非常有趣的模式，并根据人们的在线行为创建人们的细粒度生理和心理特征。 在2012年的一个案例中，一家公司甚至在家人知道之前就知道一个女孩怀孕了。 现在，想象一下使用AI和当今有关人的大量数据可以做什么。

Hopefully, by the end of this article, you’ll review your thoughts about online privacy. Before moving on, take a moment and consider how would you feel if you had to share the following information about you with a group of 200 strangers:

希望在本文结尾处，您将回顾您对在线隐私的想法。 在继续之前，花点时间考虑一下如果您必须与200个陌生人共享以下有关您的信息时的感受：

• where are you located (geographically)
  您在哪里(地理位置)
• when do you surf the Internet and for how long
  您什么时候上网和上网多长时间
• what is the list of all sites you are visiting on each day
  您每天访问的所有网站的列表是什么
• what illnesses (if any) you have that you searched online
  您在网上搜索过哪些疾病(如果有)
• what types of products you buy online
  您在网上购买什么类型的产品
• what devices you use to connect to the Internet
  您使用什么设备连接到Internet
• what type of content you prefer to read
  您喜欢阅读哪种类型的内容
• what type of food you prefer to eat
  您喜欢吃哪种食物
• what your political views are
  你的政治观点是什么

The list can continue, but let’s stop here. Probably you wouldn’t share all this information with your friends, not to mention strangers.

该列表可以继续，但我们在这里停止。 可能您不会与朋友共享所有这些信息，更不用说陌生人了。

However, the reality is that today many people unwillingly and unconsciously are already sharing such data about themselves to “strangers” in companies who collect this data to benefit from it.

但是，现实情况是，如今许多人已经不知不觉地不知不觉地将自己的此类数据共享给收集这些数据以从中受益的公司中的“陌生人”。

您的“个人匿名个人资料” (Your “personal anonymous profile”)

Even if the majority of those companies who collect all that data about you do not know your real name, it’s not that important for them. It’s not your name that interests them, but rather your behavior and preferences. If they don’t have your name, they’ll just label you with an ID in their system.

即使大多数收集有关您的所有数据的公司都不知道您的真实姓名，对他们来说也并不那么重要。 使他们感兴趣的不是您的名字，而是您的行为和喜好。 如果他们没有您的名字，他们只会在系统中用一个ID标记您。

However, some companies do know your name and even your social security number, even though you didn’t explicitly share it with them.

但是，即使您没有明确与他们共享，有些公司的确知道您的姓名，甚至您的社会保险号。

The paradox is that we “share” most of that data, in our ignorance about what type of information is easily obtainable about us when we navigate the Internet.

自相矛盾的是，我们“共享”了大部分数据，因为我们不知道在浏览互联网时很容易获得关于我们的哪种类型的信息。

There is so much to privacy that I’m afraid it’s impossible to fully protect ourselves on the Internet from the eyes of amoral corporations, but we can minimize this risk. I invite you to find out how this can be done.

隐私太多了，恐怕不可能在不道德的公司眼中完全保护互联网上的自我，但我们可以最大程度地降低这种风险。 我邀请您了解如何做到这一点。

隐私金字塔 (The Pyramid of Privacy)

I would like to visually demonstrate what can protect your privacy and how effectively it can do that.

我想在视觉上展示什么可以保护您的隐私以及如何有效地保护您的隐私。

In order of significance, from bottom to the top:

按照重要性从下到上的顺序：

1.操作系统 (1. Operating System)

Without a solid foundation, you won’t be able to build anything useful. It turns out that even the choice of the operating system that people use can pose a risk to their privacy.

没有坚实的基础，您将无法构建任何有用的东西。 事实证明，即使人们选择使用的操作系统也会对他们的隐私构成风险。

风险 (The Risk)

If you are a Windows 10 user, then I have some bad news for you, because:

如果您是Windows 10用户，那么我对您有一些坏消息，因为：

• Your device is by default tagged with a unique advertising ID

  默认情况下，您的设备带有唯一的广告ID标记

• Data syncing is by default enabled (browsing history, app settings and wi-fi names and passwords)

  默认情况下， 数据同步处于启用状态(浏览历史记录，应用程序设置以及Wi-Fi名称和密码)

• Cortana can collect any of your data (like, literally any data you operate with on your computer, including credit card info, mic input, etc.)

  Cortana可以收集您的任何数据 (实际上是您在计算机上使用的任何数据，包括信用卡信息，麦克风输入等)

• Microsoft can collect any personal data about you

  Microsoft可以收集有关您的任何个人数据

• All that data about you can be shared, with any third-party and even without your consent

  与您有关的所有数据都可以与任何第三方共享 ，甚至无需您的同意

解决方案 (Solutions)

One possible solution here is to switch to another operating system like Linux or MacOS. And if in order to use MacOS you have to buy a Mac, you can install a Linux distribution of your choice on any computer.

这里一个可能的解决方案是切换到另一个操作系统，例如Linux或MacOS 。 如果要使用MacOS，必须购买Mac，则可以在任何计算机上安装自己选择的Linux发行版。

And in case you have heard scary tales about Linux, just check it out yourself. Here you can find a list of the most popular distributions, see how they look like and download and install them. Or, in case you don’t know where to start, just go with Ubuntu.

而且，如果您听说过有关Linux的恐怖故事，请自己检查一下。 在这里，您可以找到最受欢迎的发行版列表，查看它们的外观并下载并安装它们。 或者，如果您不知道从哪里开始，请使用Ubuntu 。

Still don’t want to switch from Windows? Then check out W10Privacy — a tool to help you disable some tracking settings in Windows.

还是不想从Windows切换？ 然后签出W10Privacy —一个可帮助您在Windows中禁用某些跟踪设置的工具。

2.网络层 (2. Networking Layer)

Now, once you at least have a chance to be anonymous and not have a unique ID stuck to your computer that you can’t get rid of, let’s talk about connecting to the Internet.

现在，一旦您至少有一个匿名的机会，并且没有一个无法摆脱的唯一ID贴在您的计算机上，让我们来谈谈连接到Internet。

Have you ever thought about how the Internet works? The navigation process is complex, but at the same time it reflects the power of engineering. However, I won’t dive right now into the internals of how it works, but will focus on privacy-related topics that you must have heard about before: IP and VPN.

您是否考虑过互联网的工作原理？ 导航过程很复杂，但同时也反映了工程的力量。 但是，我现在不会深入探讨其工作原理，而是将重点介绍您之前必须了解的与隐私相关的主题：IP和VPN。

风险 (The Risk)

As in the real world, each device that is connected to the digital World Wide Web has its own address, the IP address that is visible to any site you visit. Therefore, no matter what you do to hide your data and preferences, you will be easily identified by the address through which your computer is connected to the Internet.

与现实世界一样，连接到数字万维网的每个设备都有其自己的地址，该IP地址对于您访问的任何站点都是可见的。 因此，无论您做什么隐藏数据和首选项，都可以通过计算机连接到Internet的地址轻松识别。

That’s exactly why you see ads in your native language from the country you live in, even if you navigate to a foreign website.

这就是为什么即使您导航到外国网站，您仍会以自己的母语从所在国家/地区看到广告的原因。

That’s also the method by which some sites restrict access to visitors from specific countries. Here you can see where your IP address points on the world map.

这也是某些网站限制访问特定国家/地区访问者的方法。 在这里，您可以看到IP地址在世界地图上的指向。

解决方案 (Solutions)

1. Virtual Private Networks (VPNs)
   虚拟专用网(VPN)
2. WebRTC IP Leak Test
   WebRTC IP泄漏测试

Let’s discuss them one by one.

让我们一一讨论。

1. Virtual Private Networks

1.虚拟专用网

You can’t just hide your IP address, as you won’t be able to navigate the Internet. However, you can pretend you have a different IP address than your real one. This is where the Virtual Private Networks come into play.

您不能只隐藏 IP地址，因为您将无法浏览Internet。 但是，您可以假装自己的IP地址与实际IP地址不同。 这就是虚拟专用网发挥作用的地方。

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

虚拟专用网络 ( VPN )将专用网络扩展到整个公用网络，并使用户能够跨共享或公用网络发送和接收数据，就像其计算设备直接连接到专用网络一样。

Source: Wikipedia

资料来源：维基百科

There are more than 150 VPN service providers available worldwide and choosing the right one may be tough, as each provider has their own features and limitations.

全球有150多家VPN服务提供商，由于每个提供商都有自己的特点和局限性，因此选择合适的提供商可能很困难。

There are, however, few critical things to take into consideration when choosing one and, surprisingly, it relates to some “eyes.”

但是，选择一个时几乎没有关键的事情要考虑，而且令人惊讶的是，它与某些“眼睛”有关。

Five Eyes, Nine Eyes, Fourteen Eyes

五只眼，九只眼，十四只眼

All these are global alliances with the goal of mass surveillance. They cooperatively collect, analyze and share data about citizens from different parts of the world. This started after the World War II, and now countries spy on each other’s citizens and share intelligence on people’s online activity, received/sent emails, Facebook posts and more.

所有这些都是以大规模监视为目标的全球联盟。 他们合作收集，分析和共享有关世界各地公民的数据。 这始于第二次世界大战之后，如今，各个国家互相监视彼此的公民并共享人们在线活动，已接收/已发送电子邮件，Facebook帖子等信息。

The countries that make up these groups are:

组成这些小组的国家是：

Five Eyes:1. Australia2. Canada3. New Zealand4. United Kingdom5. United States

五只眼： 1.澳大利亚2。 加拿大3。 新西兰4。 英国5。 美国

Nine Eyes (all of the above plus):6. Denmark7. France8. Netherlands9. Norway

九眼(以上所有方面)： 6.丹麦7。 法国8。 荷兰9。 挪威

Fourteen Eyes (all of the above plus):10. Belgium11. Germany12. Italy13. Spain14. Sweden

十四只眼睛(以上所有优点)： 10.比利时11。 德国12。 意大利13。 西班牙14。 瑞典

To keep it short, choosing a VPN provider based in one of these countries does not guarantee you privacy, as some entities (like NSA and alike) from the same or even different countries can force VPN (and basically any online service) providers to offer their data.

简而言之，在这些国家之一中选择VPN提供商并不能保证您的隐私，因为来自相同或什至不同国家的某些实体(例如NSA等)可能会强制 VPN(基本上是任何在线服务) 提供商提供他们的数据。

There is a nice list of over 150 VPN providers with all their features and limitations on thatoneprivacysite.net. Take some time to read and analyze what VPN fits you best. Then I would recommend that you use it for 1 month before buying a long-term subscription to see how it goes.

在thatoneprivacysite.net上有超过150个VPN提供商的列表，列出了它们的所有功能和局限性。 花一些时间来阅读和分析最适合您的VPN。 然后，我建议您使用它1个月，然后再购买长期订阅以了解其运行情况。

2. WebRTC IP Leak Test (even with VPN you may be visible)

2. WebRTC IP泄漏测试(即使使用VPN也可能可见)

Hold on! Even behind a VPN and with an encrypted DNS service you may still leak your IP address. And why should things be so complicated?

坚持，稍等！ 即使在VPN后面并使用加密的DNS服务，您仍可能会泄漏IP地址。 为什么事情会如此复杂？

Technology is always improving, and with every new thing that is being developed, there are either bugs or simply ways to exploit some features to obtain the required results. So it is with WebRTC — a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. Check it out on privacytools.io and if you see any IP addresses identified, check out this section on the same privacytools.io and go through the steps enumerated there. Don’t forget to check again if WebRTC leaks your IP address!

技术一直在进步，并且随着每一个新事物的发展，都存在错误或者只是利用某些功能来获得所需结果的简单方法。 WebRTC也是如此。WebRTC是一种依赖JavaScript的新通信协议，它可能从VPN后面泄漏您的实际IP地址。 检查出来的privacytools.io ，如果你看到任何标识的IP地址，检查出这部分在同一privacytools.io和经过的步骤列举那里。 不要忘记再次检查WebRTC是否泄漏了您的IP地址！

3.浏览器 (3. The Browser)

Let’s discuss the surfing boards that we use to navigate in the digital cosmos of the Internet.

让我们讨论一下用来在Internet的数字宇宙中导航的冲浪板。

What browser is better?

哪种浏览器更好？

• Internet Explorer! (said nobody)

  IE浏览器！ (没有人说)

• Edge (*…whispered somebody…*)

  边缘 (* ...对某人说悄悄话... *)

• Opera! (said a couple of people)

  歌剧！ (几个人说)

• Safari! (said a bunch of people that have all the Apple products of the newest version the first day they appear)

  苹果浏览器！ (有很多人在第一天就拥有所有最新版本的Apple产品)

• Tor! (shouted an anonymous group from somewhere)

  托！ (从某个地方呼唤一个匿名团体)

• Яндекс Браузер! (said a group of Russian speaking people)

  ЯндексБраузер！ (一群说俄语的人说)

• Chrome!!! (cried a crowd for whom Google probably has their digital version of themselves)

  Chrome！！！ (激怒了Google可能拥有其数字版本的人群)

• Firefox!!! (cried another crowd with posters on privacy)

  火狐！！！ (用隐私权的海报使另一群人哭泣)

• Brave! (said somebody, but it wasn’t clear whether they referred to a browser, or just to be brave in today’s world?)

  勇敢！ (有人说，但是不清楚他们是指浏览器，还是只是为了勇敢地面对当今世界？)

There are several dozens of them, a list of which you can find on Wikipedia, but this doesn’t answer the above question…

它们有几十种，您可以在Wikipedia上找到它们的列表，但这不能回答上面的问题……

风险 (The Risk)

Any of the aforementioned browsers are complex pieces of software that provide you access to the Internet. And while surfing the World Wide Web, your browser interacts with other computers, exposing some information about itself to any site it visits. And this is where it gets complicated, as a combination of various browser settings can create your unique Device Fingerprint.

任何上述浏览器都是复杂的软件，可让您访问Internet。 在浏览万维网时，您的浏览器会与其他计算机交互，从而将有关自身的一些信息暴露给它访问的任何站点。 而且这变得很复杂，因为各种浏览器设置的组合可以创建您独特的设备指纹。

Wait, what? A fingerprint?

等一下 指纹？

A device fingerprint is information collected about a remote computing device for the purpose of identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off.

设备指纹是出于识别目的而收集的有关远程计算设备的信息。 即使关闭了cookie ，指纹也可以用来完全或部分识别单个用户或设备。

Source: Wikipedia

资料来源：维基百科

So, the bad news is that while surfing the Internet, you literally leave your digital fingerprints on each site you visit.

因此， 坏消息是，在浏览Internet时，您实际上会将数字指纹留在您访问的每个站点上。

The good news? Your device fingerprint can be not unique, if you change your settings to expose as little data as necessary to navigate.

好消息？ 如果更改设置以仅显示导航所需的数据，则设备指纹可能不是唯一的。

This is possible due to the fact that your device’s fingerprint is not a single piece of information, but is rather a set of different settings (e.g. your screen size, browser type, browser version, installed fonts, installed addons, etc.) that together can uniquely identify your browser.

这可能是由于你的设备的指纹不是单件的信息，相反却是一组不同的设置(例如屏幕尺寸，浏览器类型，浏览器版本，安装的字体安装插件等) 一起可以唯一地标识您的浏览器。

Remember the lady in red from The Matrix? She stands out because she has a very distinctive appearance in comparison to others around her. So it is with your browser — the more distinctive features it has, the easier it is to spot in the crowd.

还记得《黑客帝国》中的红色女士吗？ 她之所以能脱颖而出，是因为与周围的人相比，她的外表非常独特。 您的浏览器也是如此-浏览器越有特色，就越容易在人群中发现。

But if you dressed her in a black jacket and a white shirt, like the people around her, she wouldn’t stand out much.

但是，如果像她周围的人一样，穿着一件黑夹克和一件白衬衫给她穿衣服，她就不会显得特别突出。

There are more than a dozen pieces of information that your browser exposes about its settings, and our job is to make them as “common” as possible.

您的浏览器提供了许多关于其设置的信息，我们的工作是使它们尽可能“通用”。

Want to see what your device fingerprint is? Check out:

是否想查看您的设备指纹是什么？ 退房：

1. panopticlick.eff.org

   panopticlick.eff.org

2. amiunique.org

   amiunique.org

If you’ll choose panopticlick, you’ll see something like this:

如果您选择panopticlick，则会看到类似以下内容：

In the ”Browser Characteristic” column, you can find what type of information is being collected. Based on this information, your browser can be identified. Another interesting column is the “one in x browsers have this value,” which basically is the entropy of that browser characteristic. The smaller the number there the better, as it means that there are many other browsers with this exact setting.

在“浏览器特征”列中，您可以找到正在收集的信息类型。 根据此信息，可以识别您的浏览器。 另一有趣的列是“在x个浏览器中有一个具有此值” ，这基本上是该浏览器特征的熵。 数字越小越好，因为这意味着还有许多其他具有此精确设置的浏览器。

Also, above the table you can see how unique you are. The image above represent the results of the test run from my Chrome browser, which is not configured for keeping me private.

此外，在表格上方，您可以看到自己的独特性。 上面的图片代表了在我的Chrome浏览器中进行的测试结果，该浏览器未配置为不公开。

After tweaking some settings and installing some add-ons, here’s what you can achieve (this one’s from my Firefox browser, which I use on a daily basis):

调整了一些设置并安装了一些附加组件之后，您可以完成以下操作(这是从我每天使用的Firefox浏览器中完成的)：

Only 1-in-75,604 browsers from the panopticlick’s dataset have the same fingerprint as mine, which is much better (but not ideal).

panopticlick数据集中只有75,604个浏览器中的1个具有与我相同的指纹，这要好得多(但并不理想)。

解 (Solution)

The first thing is to select a browser. From a privacy perspective there are several of them that are widely recommended above others. Namely these are:

首先是选择浏览器。 从隐私的角度来看，其中有几个被广泛推荐。 即这些是：

1. Tor BrowserComes with pre-installed privacy add-ons, encryption and an advanced proxy. This one you can pretty much use as it comes out of the box.

1. Tor浏览器随附了预安装的隐私插件，加密和高级代理。 开箱即用，您几乎可以使用它。

2. Firefox Tweak the default configuration and install some privacy add-ons and you’re good.

2. Firefox调整默认配置并安装一些隐私加载项，一切都很好。

3. Brave Automatically blocks ads and trackers, making your navigation faster and safer.

3.勇敢自动阻止广告和跟踪器，使您的导航更快，更安全。

Configure your browser for increased privacyThere are 2 options here:

配置浏览器以提高隐私性这里有2个选项：

1. The easy path would be to follow the instructions here (only valid for Firefox, but you can search for similar settings in Chrome under “about:flags”).

   简单的方法是按照此处的说明进行操作(仅适用于Firefox，但您可以在Chrome中“ about：flags”下搜索类似的设置)。

2. If you’d like to have more flexibility and the possibility to have your privacy settings importable/exportable, check out the ghacks-user.js project on Github (also only for Firefox). It’s more comprehensive and requires some setup, but it’s worth it.

   如果您想拥有更大的灵活性，并且可以将隐私设置导入/导出，请查看Github上的ghacks-user.js项目(仅适用于Firefox)。 它更全面，需要进行一些设置，但这是值得的。

Setup additional add-ons for an increased privacyRead about this below.

设置其他附加组件以增强隐私性请阅读以下内容。

4.饼干 (4. Cookies)

Now probably you have heard about cookies on the web and that they are something not very good (otherwise why would sites inform you about their usage of cookies when you navigate to one of their pages?)

现在，您可能已经听说过Web上的cookie ，但它们不是很好(否则，当您导航到其页面之一时，为什么网站会通知您cookie的使用情况？)

The reality is that cookies are a nothing but a tool, and only some uses of this tool are questionable from a privacy standpoint.

现实情况是cookie只是一种工具，从隐私的角度来看，仅对该工具的某些使用有疑问。

So, cookies are small strings of text that a site can store in your browser. They cannot install anything (they are just text) and are visible only to the site that stored them (so that no site can see all of your cookies for 20 other sites you’ve visited).

因此，Cookie是网站可以在您的浏览器中存储的一小段文本字符串。 他们无法安装任何内容(它们只是文本)，并且仅对存储它们的网站可见(因此，没有网站可以看到您访问过的其他20个网站的所有cookie)。

Moreover, cookies are sent with each request and this is what makes them a potential threat to privacy.

此外， Cookie随每个请求一起发送 ，这使它们成为对隐私的潜在威胁。

Let’s take a simple example: suppose you visit a site that has light and dark themes. The default one is the light theme, but you’ve selected the dark one. Anytime you enter on that site, even if you don’t log-in or register, it displays the dark theme.

让我们以一个简单的示例为例：假设您访问的主题是浅色和深色的网站。 默认主题是浅色主题，但是您选择了深色主题。 每当您在该站点上输入时，即使您没有登录或注册，它也会显示深色主题。

In this case, the site could have saved a cookie in your browser theme=dark and whenever you load that site, this cookie is sent to the server, which then serves the corresponding .css file with the dark theme.

在这种情况下，该站点可能已经在您的浏览器theme=dark保存了一个cookie，并且每当您加载该站点时，该cookie就会发送到服务器，然后该服务器会为相应的.css文件提供深色主题。

The fact that you are constantly logged in on sites when you open them even after rebooting your computer is also possible due to cookies storing the data about your session.

即使在重新启动计算机后，即使在打开站点时仍会不断登录站点，这也可能是由于cookie存储有关会话数据的事实。

风险 (The Risk)

Now that was an innocent example, and it’s probably not very clear how one could benefit from these cookies. So let’s see another example that can infringe on our privacy:

现在这是一个无辜的例子，可能还不清楚如何从这些Cookie中受益。 因此，让我们来看另一个可能侵犯我们隐私权的示例：

Let’s see a specific example.

让我们来看一个具体的例子。

1. The User decides to visit siteA.com.

   用户决定访问siteA.com 。

2. SiteA.com, in order to make some money, shows ads from siteB.com, by placing a specific piece of code within its own pages.

   为了赚钱， SiteA.com通过在其自己的页面中放置特定的代码段来显示来自siteB.com的广告。

3. When siteA.com receives the request from User, it sends to him/her the HTML code of the page the User requested, which, in this case, contains an