Help secure your business with a web browser

Getting your Trinity Audio player ready...

If you’re interested in cybersecurity and data tracking (as we all should be!) you’ll likely have heard of Mullvad’s VPN. Widely regarded as one of the best VPN options on the market, and at a reasonable price, the VPN doesn’t compromise on features and requires no email or account information to set up.

For those who don’t use one already, a VPN is a Virtual Private Network that encrypts your internet traffic and disguises your online identity, making it easier to evade third parties that track and take your data.

For businesses, stolen data is a costly issue; although cybersecurity budgets are being increased, the importance of data protection in the cybersecurity picture is under-appreciated. Using a VPN is a step in the right direction, but the technology has remained on the periphery of the business consciousness for most. If it were possible to use VPN technology in everyday web browsing by default, many more commercial and public sector organizations would likely be interested. That may now be the case, as Mullvad and the Tor project have collaborated to develop the Mullvad browser.

The privacy-focused browser minimizes data tracking and browser fingerprinting. It’s free and open source, and works using any trusted VPN — you don’t need to be a Mullvad VPN customer to use the browser.

Because it uses a VPN, the new offering could be viewed as a Tor browser without needing the Tor network. Tor — the onion routing project — is an open-source privacy network that enables anonymous web browsing by means of passing information from A to B through random relays. It was initially developed and solely used by the US navy to protect sensitive government communications. Since then, the Tor network has become widespread, piggty-backing onto “normal” internet protocols.

Sites like Silk Road, a Tor-hosted underground marketplace known for facilitating illegal drug sales, garner the most headlines for Tor. However, many Tor users have legitimate reasons for wanting to privately browse the web, especially in an era when cybercrime is on the rise or browsing the web for “the wrong information” could lead to individuals being targeted by rogue states or other malicious bodies.

Taking the extra step of using a secure browser provide more security than manually hiding an IP address and emptying the browser cache after every use, basic steps that few take.

Tracking and fingerprinting

When you enter a webpage, scripts on the page will ask your browser a series of questions: which version of the browser do you run, are you using mobile or desktop, which language have you chosen, which time zone are you in, which plugins and fonts have you installed, what resolution do you have on your screen, which graphics card does your device use, and so on. This is known as browser fingerprinting. Many websites also ask your browser furtherquestions about your hardware, to create device-specific fingerprints. The number of questions and the combination of answers make it possible to create a unique fingerprint that can identify you (and your location) as an  individual. In a time of cookies being under legal scrutiny, browser fingerprinting plays by different rules. As the Tor Project says, “there is no need to ask for permission to collect all this information.”

Big tech companies have built a business model on data tracking, to gather historic information, predict your future behavior and profit from both. According to Shoshana Zuboff, “right from the start, they understood that these mechanisms had to be hidden. They had to observe through a one-way mirror. That’s what makes it surveillance.”

Browsers use scripts (typically, small pieces of JavaScript code) to function, but can also be used by third parties to track you. Through scripts, it’s possible to know which videos you watch on YouTube, whether you read a whole article or give up halfway (so stick around here!), where you click next, even how you move your mouse.

If data collectors gather internet activities through scripts, they need unique identifiers to connect the activity to specific users. If paths to identification are cut, the behavioral data is useless. The Mullvad browser not only blocks unwanted scripts, but ensures that your browsing habits stay completely anonymous, by giving all of its users the same fingerprint.

Do you really need to protect your company’s internet usage data?

What would third-parties get out of your company’s data? As it stands, a great deal of information about the activities of people inside the company, and in the future, probably more of the same as organizations combine different data sources to create more detailed pictures of web users. Cookie data + script data + email tracking pixel data + app use data = a very detailed picture of every individual in an organization.

In and of themselves, cookies and browser fingerprinting won’t harm a device or the company running it. However, if the wrong people got access to the information those technologies collect, data could be used against a business as information that would inform phishing attempts, create the basis for blackmail or represent the conduit through which attackers can concentrate their efforts. It’s counterproductive to increase your cybersecurity budget without considering how, just by using Chrome, for example, employees could open the way for privacy breaches.

Companies spend big on data compliance but internal users being tracked without realizing they are putting their organizations in breach of local legislation. Preventing breaches of governance means the business doesn’t lose the trust of its customers and doesn’t have to deal with fines, multi-year penalties, or any of the financial fallouts from government-sanctioned fines.

The model of “free” services, like search engines and apps consists of companies that produce the services profiting from data collected during usage. For the most part, that takes the form of selling the data collected about your browsing habits. Because Mullvad makes its money from the VPN service, the browser can be distributed for free. Mullvad (and a few other VPN companies, like Private Internet Access) does not collect data from its VPN users. Payment for the VPN service is the only source of income.

What happens to your company’s data?

According to Mullvad, the current system of “surveillance capitalism”, where data can be collected and sold to the highest bidder, is devastating for the development of society. Mass-monitoring authorities can use technology to predict and influence your future behavior for commercial or political purposes.

In his book, Permanent Record, Edward Snowden writes that “ultimately, saying that you don’t care about privacy because you have nothing to hide is no different from saying you don’t care about freedom of speech because you have nothing to say… Or that you don’t care about the freedom to peaceably assemble because you’re a lazy, antisocial agoraphobe.”

Data tracking is pervasive and impacts everyone: Facebook has 52,000 unique attributes to classify users. Data brokers collect data, package and sell it. For example, you can buy lists of people with alcohol problems.

States and authorites are also surveilling — this is what Snowden’s book covers — and the issue isn’t just American: the UK’s Tempora program and China’s “great firewall of China” are similarly concerning.

A Pew report found that it was important to 93% of Americans to have control over the entities and individuals who are allowed to get information about them, and 90% said that they wanted to control the specific types of information that was collected about them. Being a business that’s open about who might track its data — nobody — will make customers feel much safer engaging with the company.