Internet privacy--what personal information is given out?
Everyone treasures their privacy and it is difficult to know what personal information is exposed when you use the internet. I can do a google search on ways to protect my privacy and reduce traces of what I do like clearing cookies, cache, LSOs, etc., but ultimately I want to understand what access companies like Google and internet service providers have and what restrictions are in place in terms of laws that protect Internet users. I have several questions, most of which are frustratingly obvious but I will ask anyway with the hope of clarification so that I know how to appropriately ask follow up questions:
1. What sort of information do ISPs know about you on the sites you visit? Are there ways to circumvent this such as using Tor? What can ISPs do with this type of information?
2. What can Google do with the information it collects via searches made by user other than personalized advertising? Besides searches, what else does it collect? (Can they read emails, URLs, etc.? What else?). How do we know Google isn't using this information for the wrong reasons?
3. What kind of laws exist that protect the privacy of internet users? Is there some sense of morality that can be expected from a wide range of companies like Google or are users completely at the mercy of these companies?
4. Do private sessions such as Chrome's Incognito mode Google itself from collecting user's browsing data?
5. If the government has any reason to suspect someone for doing illegal activity, can it demand companies like Google for any data collected of the individual?
6. What does a virtual private network do?
7. Are there ways to browse the internet completely anonymously and without fear?
A semi-unrelated question: Can the government demand anyone to unencrypt data?
Thanks. I expect to have more questions as I receive answers.
13 Comments • Newest first
[quote=immortal192]I don't plan on using any of these soon because I have no real reason to, but at least I have some sort of understanding and context with the progression of online security.[/quote]
That's kind of been what my response to all of this has been. A lot of the outrage and insistence on "resisting surveillance" seems to be more of a "because its there" kind of thing and a lot less practical than really needed. One other thing about all this encryption and secrecy is that it complicates relatively simple things to the point of becoming burdensome and in some cases expensive.
Unless there's a really pressing need to hide what you're doing online, a lot of it is way more trouble than its worth.
[quote=BobR]1- VPNs can be used by anyone who needs extra security for their connections. Examples might be financial offices connecting to each other, someone like a day-trader working from home, anyone "telecommuting" to their office, things like that. The use of a VPN by itself shouldn't be anything that would call attention to you because it's a widely accepted security measure. What might be worthy of "official" attention could be use of specific known VPN servers that have been identified as being suspicious.
A VPN server, like a proxy server generally has a fixed IP address so the clients know what to connect to. That also means law enforcement could target people using one that's been marked as suspicious, and known VPN servers could be blocked as in the case of Chinese nationals trying to get past the "great firewall".
Probably most people have no clue what a "DNS Server" is, much less why using an encrypted link to one would matter. I'd hope commercial VPN providers might inform their customers about things like that, but I've never looked closely at what kind of info is given to customers of a service like that.
2- I think the real reason is actually spelled "$$$$". It's nice to have idealistic goals when setting up a company, but unless it's going to stay small forever it doesn't take long for the lure of increased profitability to open the floodgates to grubbing for every nickle. Just look at Nexon.
During the Congressional hearings on corporate data security the question was raised about why customer data isn't routinely encrypted and the silence was deafening.
It's not that it's impossible or even all that expensive, it's just that it's not a priority of most companies handling customer's data. Further questions about why companies don't use secure encrypted links between their facilities were met with similar results... crickets.
3- Errors in the implementation of an encryption algorithm might cause risks that the data encryption could be more easily broken than it's supposed to, I suppose.
I'm not sure if there really are "risks" in using TrueCrypt from actual programming bugs, or if the thought is that since development has stopped it means any bugs that do surface won't be corrected. It's probably the same feeling as "XP isn't safe to use", where the OS is just as safe as it was the day before development stopped, it just means there won't be any more bug fixes released.
4- I think it just comes down once again, to the $$$$. Comcast is one of the leaders in the effort to institute "tiered" levels of service where they charge more for greater bandwidth or higher monthly data caps. They've been pushing the FCC to eliminate "Net Neutrality" as quickly as possible because they see the dollar signs swimming just out of reach under today's rules and regulations. They've got the hardware to provide far better service (higher speeds and bandwidth) right now, it's just a matter of getting the customers to cough up more profits for them. By getting the FCC to change the rules for them, they can charge customers a lot more for higher speeds and more bandwidth, as well as charging companies like NetFlix for allowing their program content to be transmitted without throttling. Sort of like legal extortion. You don't pay their "fees", you get slower service. I woudn't hold my breath over companies like Verizon staying out of it for very long though. Once the floodgates are opened to tiered pricing I expect to see everyone jump onto it so Comcast won't be the only one doing it. Essentially their new proposed Internet regulations would legalize the kind of bandwidth throttling they tried unsuccessfully to do before.
A "Domain Name Server" is essentially a "411" telephone operator for Internet web browsers. It's like you call a 411 operator on the telephone and ask them "What's the number for Best Buy?" and they tell you the number. That way you don't have to memorize the number. You can even have them make the connection for you so you don't even have to write the number down. You just have to remember the name of the store, which for most people is pretty easy.
The "DNS" (DNS Server is actually redundant, (Domain Name Server Server), but most people say it that way) works pretty much the same for computers.
People just aren't going to remember 162 159 242 209 when they want to get the latest and greatest Maplestory info, so they just type "www.basilmarket.com" into their web browser. The browser calls up its computer "411" (the DNS) and the DNS gives the browser the actual IP address of whatever domain name the user entered. Then the browser sends out the actual number to the ISP who makes the connection forward to Basilmarket (or whatever).
You COULD just type in the IP address numbers every time if you really wanted to, which would bypass the use of a DNS completely, but it's a pain remembering numbers like that.
One important thing is that it doesn't matter what DNS you use to look up the numbers because ALL of them should have exactly the same info.
Some ISPs maintain their own DNS setups and some use public DNS. My local ISP has its own, but I've run into problems with their servers going down occasionally so I actually use a Verizon DNS (just out of force of habit) at 4 2 2 2. Other people prefer to use the Google public DNS setups at 8 8 8 8 and 8 8 4 4.
No matter which DNS you use, it should return the same IP addresses for whatever domain name URL you send it as any other DNS.
Most people have no clue what a DNS is, let alone what its number is. In most cases Windows uses dynamic addressing for both IP addresses and for DNS addresses.
That means Windows gets the computer's IP address either from their local router, or if they don't use a router Windows gets the computer's IP address directly from their ISP.
The same is true for their DNS addresses. The computer uses the router's IP address as its DNS, and the router forwards the DNS requests to whatever DNS address the ISP uses. Without a router, Windows gets the DNS address directly from the ISP. That way the average user never has to bother with the techy details.
The important thing about all this, in relation to your questions about network security is that even if you're using a secure encrypted link to your ISP, the DNS connection will NOT be encrypted UNLESS you're specifically using an encrypted DNS. (Most DNS aren't equipped to receive the equivalent of an "https" connection.)
So the NSA or North Korean agents camped outside your house and tapped into your WiFi signal could be watching what domain names you're sending out to be looked up, meaning they'd know every site you're connecting to even if they couldn't break the encryption for the actual site connections.
I only know of one encrypted DNS service that's available, (and I can't remember its name right offhand) but there's probably more.
You have to download their custom encrypted DNS handler since Windows only knows about the normal unencrypted method of getting the DNS information. Then when you enter a URL in your browser the encrypted DNS request goes through your ISP to their encrypted DNS server then the actual connection to the destination site goes out from their encrypted servers, bypassing your ISP entirely, like a VPN. The only thing your ISP sees is the IP address of the encrypted DNS you're connecting to.
Normally even when you use encrypted (https) connections, while your ISP can't read any of the connections contents (because it's encrypted), they CAN see the IP address or the sites you're connecting to. So if the NSA subpoenas your ISP's records they can tell what sites you're connecting to even if they can't tell for sure what the content of the connection contained. When you use an encrypted DNS, all they know is you connected to the IP address of the encrypted DNS and nothing beyond that.
Not exactly a brief paragraph, but hopefully clear enough to make some sense.[/quote]
Thank you! So helpful as always--lots of information and really simple to understand. I bookmarked this thread so I can come back to your answer for some basis when I want to know more in-depth about online security, like whether encrypting DNS and using a VPN is enough and internet laws in other countries. I don't plan on using any of these soon because I have no real reason to, but at least I have some sort of understanding and context with the progression of online security.
1- VPNs can be used by anyone who needs extra security for their connections. Examples might be financial offices connecting to each other, someone like a day-trader working from home, anyone "telecommuting" to their office, things like that. The use of a VPN by itself shouldn't be anything that would call attention to you because it's a widely accepted security measure. What might be worthy of "official" attention could be use of specific known VPN servers that have been identified as being suspicious.
A VPN server, like a proxy server generally has a fixed IP address so the clients know what to connect to. That also means law enforcement could target people using one that's been marked as suspicious, and known VPN servers could be blocked as in the case of Chinese nationals trying to get past the "great firewall".
Probably most people have no clue what a "DNS Server" is, much less why using an encrypted link to one would matter. I'd hope commercial VPN providers might inform their customers about things like that, but I've never looked closely at what kind of info is given to customers of a service like that.
2- I think the real reason is actually spelled "$$$$". It's nice to have idealistic goals when setting up a company, but unless it's going to stay small forever it doesn't take long for the lure of increased profitability to open the floodgates to grubbing for every nickle. Just look at Nexon.
During the Congressional hearings on corporate data security the question was raised about why customer data isn't routinely encrypted and the silence was deafening.
It's not that it's impossible or even all that expensive, it's just that it's not a priority of most companies handling customer's data. Further questions about why companies don't use secure encrypted links between their facilities were met with similar results... crickets.
3- Errors in the implementation of an encryption algorithm might cause risks that the data encryption could be more easily broken than it's supposed to, I suppose.
I'm not sure if there really are "risks" in using TrueCrypt from actual programming bugs, or if the thought is that since development has stopped it means any bugs that do surface won't be corrected. It's probably the same feeling as "XP isn't safe to use", where the OS is just as safe as it was the day before development stopped, it just means there won't be any more bug fixes released.
4- I think it just comes down once again, to the $$$$. Comcast is one of the leaders in the effort to institute "tiered" levels of service where they charge more for greater bandwidth or higher monthly data caps. They've been pushing the FCC to eliminate "Net Neutrality" as quickly as possible because they see the dollar signs swimming just out of reach under today's rules and regulations. They've got the hardware to provide far better service (higher speeds and bandwidth) right now, it's just a matter of getting the customers to cough up more profits for them. By getting the FCC to change the rules for them, they can charge customers a lot more for higher speeds and more bandwidth, as well as charging companies like NetFlix for allowing their program content to be transmitted without throttling. Sort of like legal extortion. You don't pay their "fees", you get slower service. I woudn't hold my breath over companies like Verizon staying out of it for very long though. Once the floodgates are opened to tiered pricing I expect to see everyone jump onto it so Comcast won't be the only one doing it. Essentially their new proposed Internet regulations would legalize the kind of bandwidth throttling they tried unsuccessfully to do before.
A "Domain Name Server" is essentially a "411" telephone operator for Internet web browsers. It's like you call a 411 operator on the telephone and ask them "What's the number for Best Buy?" and they tell you the number. That way you don't have to memorize the number. You can even have them make the connection for you so you don't even have to write the number down. You just have to remember the name of the store, which for most people is pretty easy.
The "DNS" (DNS Server is actually redundant, (Domain Name Server Server), but most people say it that way) works pretty much the same for computers.
People just aren't going to remember 162 159 242 209 when they want to get the latest and greatest Maplestory info, so they just type "www.basilmarket.com" into their web browser. The browser calls up its computer "411" (the DNS) and the DNS gives the browser the actual IP address of whatever domain name the user entered. Then the browser sends out the actual number to the ISP who makes the connection forward to Basilmarket (or whatever).
You COULD just type in the IP address numbers every time if you really wanted to, which would bypass the use of a DNS completely, but it's a pain remembering numbers like that.
One important thing is that it doesn't matter what DNS you use to look up the numbers because ALL of them should have exactly the same info.
Some ISPs maintain their own DNS setups and some use public DNS. My local ISP has its own, but I've run into problems with their servers going down occasionally so I actually use a Verizon DNS (just out of force of habit) at 4 2 2 2. Other people prefer to use the Google public DNS setups at 8 8 8 8 and 8 8 4 4.
No matter which DNS you use, it should return the same IP addresses for whatever domain name URL you send it as any other DNS.
Most people have no clue what a DNS is, let alone what its number is. In most cases Windows uses dynamic addressing for both IP addresses and for DNS addresses.
That means Windows gets the computer's IP address either from their local router, or if they don't use a router Windows gets the computer's IP address directly from their ISP.
The same is true for their DNS addresses. The computer uses the router's IP address as its DNS, and the router forwards the DNS requests to whatever DNS address the ISP uses. Without a router, Windows gets the DNS address directly from the ISP. That way the average user never has to bother with the techy details.
The important thing about all this, in relation to your questions about network security is that even if you're using a secure encrypted link to your ISP, the DNS connection will NOT be encrypted UNLESS you're specifically using an encrypted DNS. (Most DNS aren't equipped to receive the equivalent of an "https" connection.)
So the NSA or North Korean agents camped outside your house and tapped into your WiFi signal could be watching what domain names you're sending out to be looked up, meaning they'd know every site you're connecting to even if they couldn't break the encryption for the actual site connections.
I only know of one encrypted DNS service that's available, (and I can't remember its name right offhand) but there's probably more.
You have to download their custom encrypted DNS handler since Windows only knows about the normal unencrypted method of getting the DNS information. Then when you enter a URL in your browser the encrypted DNS request goes through your ISP to their encrypted DNS server then the actual connection to the destination site goes out from their encrypted servers, bypassing your ISP entirely, like a VPN. The only thing your ISP sees is the IP address of the encrypted DNS you're connecting to.
Normally even when you use encrypted (https) connections, while your ISP can't read any of the connections contents (because it's encrypted), they CAN see the IP address or the sites you're connecting to. So if the NSA subpoenas your ISP's records they can tell what sites you're connecting to even if they can't tell for sure what the content of the connection contained. When you use an encrypted DNS, all they know is you connected to the IP address of the encrypted DNS and nothing beyond that.
Not exactly a brief paragraph, but hopefully clear enough to make some sense.
Thanks to those who answered the questions, especially BobR. There are many things I've read online about stuff like Google's software bots but I don't know enough to ask about them so I figured I would ask simpler questions that would yield answers clarifying what I want to know but don't know how to ask.
With these questions answered, I can ask more appropriate questions, such as:
1. @baddenboy12 mentioned that VPN users are likely to be targets of the government. What legitimate reasons are there for those who use VPN? I'm thinking about the topic of censorship in countries like China. Any noteable/relevant laws in this regard? Also, why would anyone use a VPN server without a special encrypted DNS server?
2. Why aren't there companies which pride themselves on ensuring users their privacy via encryption of any data from the users stored on their servers? Google is so popular but notorious for gathering all this information about us. Probably answered by "increased government scrutiny."
3. I never understood how encryption software can have security issues/bugs (for example, Truecrypt development stopped and it is a risk to use the latest version of Truecrypt). I understand that the program itself might have bugs, but doesn't encryption just come down to what kind of encryption is used (i.e. AES, blowfish, etc.)?
4. Comcast seems to try so hard to restrict high-volume data users. Why isn't Verizon the same? I seem to recall that Verizon doesn't have an actual bandwidth limit. I know people who use Verizon who would torrent so much data in such a short period of time without even receiving a warning. Is it a difference in hardware that Verizon can deal with this better than Comcast can?
What is the relationship between the ISP and the DNS server? I don't know much about networks and how routers work. (Actually, I'll just try and google this myself because I don't think it can be answered in a brief paragraph). Hopefully I won't come across too much terminology.
Great story about Comcast. I remember my family experienced something similar. We used Netflix for a period of time, none of our internet usage patterns changed, and then our internet stopped working. We weren't even close to the bandwidth cap and we shortly switched ISPs.
@immortal192
1- Your ISP knows everything you do, unless you encrypt all the data you possibly can.
The question is how much does the ISP retain in their systems..? Many ISPs don't bother to record everything that passes through them but more and more government regulations require them to hold onto data for longer and longer times so the government can look at who you've been connecting to if they decide they have a reason to suspect you're doing something they're interested in finding out about.
Tor tries to anonymize your connections by "bouncing" them around a system of privately hosted servers (essentially a "VPN" ) in an attempt to throw off anyone trying to track you. It's a bit like TV and movies where the "hacker" is connecting through servers all over the world to throw off the FBI or CIA operatives watching on a huge wall-screen as the signal "hops" around a world map. Problem is, it's inefficient for anything requiring a fast connection because it adds "hops" to your connection to the eventual target, which adds latency (lag) to the connection. And you still have to make that first connection- to your ISP.
2- Google can do anything it wants with the data they collect. They've been a pioneer in the "opt out" model of data collection which means they'll collect everything unless you specifically tell them not to. You have to read every single word of every single "Terms of Use" and "Privacy Statement" on every single service you use to find out exactly what they're telling you they collect and the conditions under which they'll agree not to collect it. In most cases you'll find out they collect everything by default and it's only when you say something about it to them that they'll stop. There have been Congressional hearings where Google tells the government this is the most efficient way to do things and besides people don't want to be bothered with reading all that "opt in" stuff that makes Google ask permission FIRST before starting to collect data. (And it's not just Google. Many (most?) services operate the same way.)
As to whether they can read e-mails- yes, they can and do.
The e-mails are in their possession, on their hard drives and they can essentially do anything they want with them.
When you use G-Mail, you'll notice little "contextual" advertising attached to the bottom of the e-mails you send and receive. This is because "bots" at Google read your e-mails and interpret the content of the e-mail then match up a paying advertiser to what it is you're talking about in the ad. For example if you mention anything about money or moving or looking for a place to stay in the e-mail you may find an ad for real estate or mortgage loans attached to the bottom of your e-mail. They SAY humans don't actually read your e-mails, only software robots. Regardless, you gave them permission to do this when you signed up.
Google Search saves ALL searches since the beginning of time and they've said they plan to do so for the future as well. Everything you search for is saved somewhere in the Google vaults to be compiled into meta-data for who knows what. It can also be aggregated into a pretty personal picture of what you search for personally. Again, you gave them permission to do so when you use their site.
As for "wrong reasons", they're free to use it for ANY reason. Often they say they won't use it for this or that, but there's nothing to prohibit them from doing whatever they want with it.
3- There are endless hearings in the U.S. Senate and U.S. House of Representatives that "investigate" what companies do with the data they collect and essentially nothing ever gets done about any of it. Most of the hearings include witnesses from various consumer privacy groups that try to counter the arguments from the companies, but very little actual effective legislation ever gets passed. Part of the problem is that any laws passed are obsolete by the time they go into effect because the companies have all moved on to the next level of data collection and the legislation only addresses last year's issues. A more cynical view of it all might say that companies like Comcast, AT&T, Google and other companies can just buy whatever votes they need to protect their business interests since that's the way the government works at the moment. Citizens privacy groups can't write the big checks to re-election campaign funds like the "big boys" can.
The ONLY "morality" a corporation has is fiduciary responsibility to its shareholders. Meaning maximizing profits at any cost. To do otherwise is actually illegal.
You may find companies that talk about their "responsibility for customers' privacy" but generally that's what it is... talk. If it comes to losing a nickle in profits, don't expect them to hold onto their "morality" for very long.
4- I've never looked at how Chrome works, so I can't comment on that. I go on the assumption that once they have the datagrams they can do anything they want with them.
5- Yes. Laws like the "Patriot Act" have given government agencies wide power to collect information on suspected terrorists (and a very broad definition of what "terrorist" means), including the records of service providers. The whole NSA and "FISA court" business is an opaque, tangled web of impenetrable doubletalk which allows broad powers to investigate suspected terrorism. You check out a book at the local library that covers chemistry which could be used for bomb making and they could compel the library to give up the records on every book you ever checked out. Same goes for your ISP and companies like Google.
6- A "private network" is one that's not connected to the public Internet. The company I used to work for maintained their own private network which spanned the entire USA and included parts of Canada and Mexico and a few European cities. The network actually pre-dated the "Internet" and used different network protocols and hardware, but essentially worked the same. One of the features they advertised to potential customers was data security because they WEREN'T connected to the Internet. Chinese hackers would have a tough time getting to a client's data if there was no physical connection to anything the hackers could touch.
A "vitrual" private network is one which uses the public Internet but tries to maintain an isolation from the "normal" Internet through encryption and the use of special servers.
When you use a VPN you still connect through your normal ISP (a vulnerability unless you also use a special encrypted DNS server) to a special VPN server over an encrypted connection. The VPN server then connects you with your destination, which may be over another encrypted connection to another private network member, or to the public Internet. Many people use a VPN to "hide" their own IP address because the only IP address that "shows" is the VPN server which makes the connections to the Internet. (This is similar to using a "proxy server" except that it's encrypted.)
7- Not really. At the very least, your ISP is always going to have your personal info (home address, phone number, payment data) and there's no way of blocking that.
You could rely on public WiFi for your Internet access, but that holds its own set of security risks from hackers.
You could encrypt everything you can, but some people believe that might cause increased government scrutiny. As in, anyone going to those lengths to hide their communications must have a reason to be hiding something so let's take a closer look at them.
Semi-related question- interesting subject. Recent Congressional hearings have been investigating government attempts to force service providers and hardware manufacturers to provide "backdoors" in their services and products so the government could access data unencumbered by data encryption methods. Their claim or course is that "national security" trumps privacy concerns.
I don't believe there have been any attempts by the NSA or other government agencies to actually force anyone to stop using encryption, but as mentioned above there's concern that using high-level encryption might draw their attention in ways you might not want.
Tangential exposition:
A few years ago Comcast went on a crusade to shut down torrenting over their Internet networks, and to restrict high-volume data users (which were made up mostly of people torrenting everything under the sun).
They installed hardware from a company called "Sandvine" which used "Deep (umm.. blocked word) Inspection" to read the actual data contained in the connections passing through the Comcast network, looking for certain "triggers". When someone sent another computer a message containing the Bittorrent "Start" command to start a torrent download, the Sandvine hardware would send a TCP/IP protocol "RST" (Reset) command to both ends of the connection, causing the computers at both ends to close the connection. This means anyone trying to torrent anything over Comcast would never receive anything from the other end and would have no clue what the problem was.
They were reading the actual contents of the communications between private users.
They did this of course with no public announcement. Torrenting essentially stopped for anyone whose connection traveled any part of the way over a Comcast network.
At the same time the hardware watched the amount of data flowing to individuals and cut off the connections when bandwidth usage exceeded an unknown threshold.
This was separate from the announced monthly data "caps" Comcast enforced. You could be well under your monthly cap, but as soon as your bandwidth hit their secret level you'd get a RST command that would close your connection to the Internet.
The problem was not everyone using Bittorrent was downloading illegal software or intellectual property, and high volume users also tended to include gamers who suddenly found their games disconnecting when their data usage peaked.
About that time I was playing an online MMORPG called "Star Sonata" (because Maplestory had developed one of its recurring unexplainable problems that Nexon couldn't fix, so I just found a different game to play until they got it working again). All of a sudden, a lot of people started disconnecting in situations where the data usage was high, such as warping into another galaxy and having to download all the other players' info, info about the AIs (monsters) and any local features that weren't part of the default map (similar to moving to a new map in Maplestory). For a simple, not very complex map it worked normally, but if you warped into a star system with a lot of players, a lot of AIs and a lot of fighting going on, blammo... disconnect.
I and some other players did some investigation and sure enough, TCP/IP RST commands were hitting my computer as soon as I'd enter a complex map. We were being disconnected by Comcast.
One player who didn't have to connect to the game server through Comcast set up a VPN server that other players could connect to and then be forwarded over the non-Comcast link to the game. That worked great for anyone who could get to the VPN server over a link that didn't include any Comcast connections, not so great for anyone stuck with Comcast as their own ISP.
Eventually there were Congressional and FCC hearings and Comcast was ordered stop blocking customers' connections using this invasive technology, but it was a really illuminating lesson about how far a company like that will go, and how loose their "morality" is when it comes to their customers and their data.
What you guys don't seems to understand is that once Google, the ISPs, or the Government notices that there is a group of people using VPN services like TOR, they will have reason to suspect that these people are up to illegal activity.
There's a stigma towards VPN users; usually if you are not doing naughty things you will not care about transparency, whereas anyone who is anyone that does any sort of serious hacking, spamming, or remote reverse engineering of networks is always behind a bunch of proxies.
In essence you may be drawing targets on your own foreheads.
Sounds like someone is going to commit some illegal activities over the internet or someone's just paranoid.
ISP knows what sites you've visited. Google will only know if you're signed into a gmail account. Google is authorized to release information about you if they suspect you're doing something very bad. But in most cases, Google's "do no evil" motto holds. Whenever you visit a site, you leave a "footprint." And I THINK/can take an educated guess that a tor network will let you roam the internet anonymously - so @East is a little wrong there. That's why the very bad side of the internet exists. If police could actually locate them, then there would be no dark side of the internet. However, if someone does manage to get a hold of your computer, that's a different story - but that's only if they can find you.
Look the ISP's, as far as I know, have access to everything you do on the Internet, no matter what. There's no way to hide what you're doing in the Internet.
If it makes you feel better, most people who do have access to what you do, probably don't even care. Unless of course you're a hacker doing illegal stuff, or a child molster, or are doing something very nefarious and illegal on the Internet.
If you're suspected of doing a cyber crime, then of course the police or any other governmental group can get access easily to what you've been doing. Provided the Internet connection is under your name, or you're someone who is known to use that Internet connection.
@immortal192 he probably means that because he isn't doing anything illegal and has nothing to hide, he doesn't need to be cautious of what the government sees him doing online. He doesn't need to worry about his privacy on the internet because he doesn't do anything bad.
OT: 5. If the government has any reason to suspect someone for doing illegal activity, can it demand companies like Google for any data collected of the individual?
highly likely? ? ? i mean they are the government...
7. Are there ways to browse the internet completely anonymously and without fear?
No.
How is that relevant to the thread O_o
I'm not doing anything illegal and I'm not hiding anything important from the government. So I have nothing to fear.