Privacy and risks

Risk gauge

You might have noticed that there was a "Risk gauge" added recently to the "Internet Privacy Test". Please note that the risk shown is NOT the risk to you, but the risk of you being denied access to some sites or being subjected to additional checks (solving CAPTCHAs, requesting confirmation codes, etc). Please read below for more details of why such risks, as well as some other risks, need to be considered.

In essence, the "Risk gauge" is an attempt to show you how likely it is that you will be seen as a potential risk. If it is possible to detect that you use Tor, VPN, some proxy services, or that your browser configuration has some discrepancies (such as pretending to be some other browser or having some odd extensions), your risk score will go up.

Normally, with no attempts to anonymize yourself your risk score should be well below 50 within the 'green' gauge. Higher score will bring you to the 'yellow' and then the 'red' zones. Detectable Tor and VPN are the major contributors to the score - however, it does not mean that you are doing something wrong or that you should stop using privacy-focused services and software. It only means that this could raise some flags for the sites which need to be very careful about who can access and use their services.

Privacy in the context of e-commerce sites, streaming and other services

Privacy is quite important indeed, and there is nothing wrong with the users trying to achieve that privacy. You can use some specific services to hide your actual location and some characteristics of your browser with Tor, VPN (which should also help your security if you are connected to an untrusted/public network for example), or proxy services. You can use privacy-focused browsers, such as Brave. You can use certain browser extensions preventing fingerprinting and modifying the way your browser identifies itself to websites. You need to understand though that sometimes your attempts to hide or alter certain data may raise alarms for the websites and services.

While hiding or changing the information about your location, browser, the languages supported and some other things is unlikely to cause issues with your regular browsing, such attempts to anonymize yourself could be percieved as a 'risk' by some e-commerce websites or websites providing other services (community forums, analytics, customer feedback surveys, live chat, etc.). This is not because you are doing something wrong, but because such sites may need to safeguard themselves against fraud attempts or some legal or technical implications which might result from the actions of the users.

For example - if you are located outside of the UK and you would want to watch Channel 4 TV, you might find that you cannot access those TV channels, because the licensing deals and copyright laws require the streaming services to ensure that the content is not available outside of the regions where it is allowed to be consumed. You could try VPN, but the chances are it would already be blocked, or would be blocked sometime later.

Another example could be e-commerce sites selling some products, which should only be sold domestically. The sites could then hide the products or refuse to sell them if the user is seen as being located in another country. Additionally, if the e-commerce site itslf or its payment provider uses anti-fraud services and/or services helping to prevent ATO (Account takeover), then changes in your location, characterisitcs of your browser, or even your behaviour on the site you have used before, could influence the risk score assigned to you, and trigger necessary additional checks.

The purpose of the "Risk gauge" is to indicate the level of the risk you might be seen as in the above scenarios.

Other risks to consider

Connecting indirectly to some website may not only unblock your access to its content, but can also hide your IP address, potentially limiting the danger of a site recording your IP and then trying to connect back to it for some reason for example, or associating your actions on the site with your actions (or identity) elsewhere. However, using such services as VPN, Smart DNS and proxy requires you to trust those services withthe data passing through it. You also have to trust that the operators behind the services secure them well enough and do not have a malicious intent. So be careful with what information you are accessing while using those services, and choose those services wisely. Keep in mind that so-called open proxy servers you may find on the internet are often just someone's misconfigured or compromised computers. Sometimes those machines are deliberately left misconfigured to work as honeypots. Some "free" VPN apps or extensions could in fact be malicious or could route traffic through its users, which might end up in some attempts to attack online services coming from your IP address for example.

When looking for the services which would help you to stay private, make sure that the company behind the service:

  • Lists actual contact information, not just email or WhatsApp/Telegram;
  • Has written and clearly visible privacy policy;
  • Registered in a reputable jurisdiction;
  • Has verifiable positive feedback on well-known resources rather than "sponsored" reviews;
  • Has a trial period that should allow you to better understand whether the service is any good;