21 April 2013

13 things that you can do to improve your privacy online

I was asked by a mate of mine recently, 'Dikkii.  Why don't you do a blog post about all the privacy stuff that you have done with your browser?'

Personally, this mate of mine is pretty switched on, internet-wise (I cracked a pun!) so I was a bit taken aback that he genuinely wanted to know about why he should get his web-surfing privacy under control.  I thought that he might already have this sorted out.

The reality of it all is, that these days, it's a game with moving goal posts.  To keep up with the companies mining your browsing habits really needs one to be on one's toes.  But it's so difficult.  Consider these:

  • Cleaning cookies, cache, history, and other browser profile settings is often recommended, but this page here tells you why it doesn't work.  Plus, you have to remember to get in there and clear stuff on a frequent basis.
  • 'Opt-out' cookies were invented to be like a reverse tracking cookie, but again, the page I referred you to earlier tells you why this is a bad idea.
  • For similar reasons, TACO add-ons/extensions (Targeted Advertising Cookie Opt-Out) seem to be useless these days.  Tacos were invented to take out some of the practical issues in using opt-out cookies, but it seems that they're pretty useless now.

But you have to be sensible as well.  For example, do you use a free service?  OK.  If you do, how is it paid for?  We all know that Facebook is ostensibly free to its users, but how does it continue to remain in business?  Does it involve invasions of your privacy?  Of course it does.

Finally, consider what happens with your personal data.  In Australia, we have a very good Privacy Act.  But of course, Google is not an Australian company and where they conduct business with you and where they hold your data is certainly not Australia.  At least, that is how they would consider it.

Here is a list of what I did with my browsers (I use Firefox primarily, but I also use Chromium - the open source version of Google Chrome), but also, a couple of other things as well.  Apologies to Internet Explorer, Opera and Safari users.

1.  Enable Do Not Track

The 'Do Not Track' feature is an admirable function that is sneered at by more and more cynical users.  Basically, this feature tells the website that you're visiting to not track you.  Politely - it's done by way of an HTTP header, but has to be set to opt-out if you don't want to be tracked by a website.

The reason that it's sneered at, though, is that many websites simply ignore it.  Plus, after Microsoft said that they were going to set the value to opt-out by default in Internet Explorer 10, many websites openly revolted and said outright that they would ignore it.

Still, some websites are honourable.

To set this in Firefox, go into Preferences, select the Privacy tab and then enable the top option, 'Tell websites I do not want to be tracked'.

In Chromium/Chrome, go to Settings and click on 'Show advanced settings...' and in the 'Privacy' section, enable 'Send a ‘Do Not Track’ request with your browsing traffic'.

2.  Install Adblock Plus add-on/extension

I first knew there was a problem when she rang me and said, 'I have a virus on my computer.'

I asked her, 'Did you install Avast?'

She told me, 'No.  I couldn't work out how to do it.'

I put the phone down and swore, saying all sorts of uncharitable things about her.  Then I realised that maybe, just maybe, she wasn't as silly as I had made her out to be.

And it turned out that I did owe her an apology.  Have a look at this:

If you look closely, you'll see that there is a great big red 'Start Download' button on the right, which is not the correct one.  There is, below the box that button is in, the word 'Ads' writ very small.  Scarcely noticeable.  Probably deliberately so.

So you need to install Adblock Plus.  Adblock Plus will remove most advertising from the webpages that you look at, together with any associated tracking that might have been attached.

For all your add-ons/extensions, do the following:

Firefox: Select Add-ons and then search in the 'Search all add-ons' up in the top right.

Chromium/Chrome: Select Tools then Extensions.  Then select 'Get more extensions' down the bottom.  Another tab will open up at the Chrome web store but your search (top left) will specifically search extensions only.

At both, search for Adblock Plus, and install both Adblock Plus itself, as well as the Element Hiding Helper for Adblock Plus (Firefox) or Adblock+ Element Hiding Helper (Chromium/Chrome).

Don't install Adblock - it's the old program what ABP was forked from.  Also, don't bother with the Filter Uploader for Adblock Plus (Firefox only) unless you plan on modifying your filter frequently and wish to share.

You may want to install the Adblock Plus Pop-up Addon and the Customizations for Adblock Plus but these are only available in Firefox.

Also, follow the directions here (Firefox or Chromium/Chrome) at step 1, so that you have a subscription to both EasyPrivacy + EasyList in addition to Fanboy's List.

Here's what the offending page should now look like:

Nice and clean?  You better believe it!  Now there can be no confusion as to which 'Download' button to click on.

If there's one complaint I have about Adblock Plus, it's the 'Acceptable Ad' feature.  I would prefer that a whitelist only feature was there instead.  If you want to, there are forks of Adblock Plus that come without the Acceptable Ad feature that might be worth checking out.

3.  Install BetterPrivacy add-on (Firefox only)

Thanks to Flash being embedded in Chromium/Chrome, you won't be able to use this one with it.  I have no idea what removes Flash cookies from Chromium/Chrome at all (Edit: Click&Clean, apparently), but in Firefox, the removal of Flash cookies (Local Shared Objects, or LSOs) is deadly easy with this thing.

We'll deal with cookies themselves later on, but Flash cookies are also pretty evil things.  BetterPrivacy will, by default, remove your Flash Cookies on exit.  Here's what is says when you close Firefox at the end of a session:

Firefox: Select Add-ons and then search in the 'Search all add-ons' up in the top right for BetterPrivacy.

You may need to configure it.  I suggest setting it up to remove Flash cookies on Firefox exit.

(Edit: Click&Clean is available in the Chrome Store for Chromium/Chrome users, however it only supports manual removal of Flash cookies at this stage.)

4.  Install DoNotTrackMe add-on/extension

This one is another very popular add-on/extension.  There are a number of these types of thing but basically, DoNotTrackMe prevents tracking cookies being set.

There is, however, exceptions made for cookies that if they were to be removed, might interfere with functions on a page.  Hypothetically.  I dislike this feature, as, although a page might need the Brightcove or Omniture tracking cookie to enable the comments section, for example, it's rare that I'm going to want to make (or even read) the comments.

Firefox: Select Add-ons and then search in the 'Search all add-ons' up in the top right for DoNotTrackMe.

Chromium/Chrome: Select Tools then Extensions.  Then select 'Get more extensions' down the bottom.  Search field up the top left for DoNotTrackMe.

Once you have it installed, you can get wonderful information like this about all pages that you visit:

Ghostery is another good one, however the issue of how it works (via blacklisting) may put users off.  But if you're not put off by that, it works very well.  I'm also hearing good things about one called Disconnect.

On the subject of Ghostery, apparently it works well with another add-on, called Collusion.  I'm yet to try this combination out, but it does sound interesting.

5.  Install Priv3 and ShareMeNot add-on/extension

I also use the Priv3 (Firefox only) and ShareMeNot add-ons which both work differently, apparently.  Priv3 allows you to stay logged in to social networks (Facebook, Google+, Twitter and LinkedIn are supported) but not be tracked by any 'Like', '+1' or 'Follow' buttons that appear on certain websites.  Yes folks, even if you do not click on these, you're still being tracked.

ShareMeNot does something similar, but works differently, apparently.

Priv3 is available for Firefox only through Add-ons.  ShareMeNot is available for both Firefox and Chromium/Chrome here.

The next lot of edits come from an excellent page from the EFF - 4 Simple Changes to Stop Online Tracking.

6.  Change cookie settings

If you haven't done so already, you should set it so that you are not accepting third party cookies. Third party cookies can be set merely by clicking a tracker's ad or visiting a tracker's website, such as Facebook or Google.  The ability to block third party trackers works differently from browser to browser - Firefox's block feature prevents both setting and reading of third party cookies, but Chromium/Chrome, Internet Explorer and Safari only prevent cookies from being set.

Firefox: Preferences, then Privacy tab (thank you to the EFF for the annotised screendumps):

Chromium/Chrome: Settings menu, then Settings, and scroll to the bottom and click "Show Advanced Settings." Under Privacy, click Content Settings:

You're done!  Now on to shutting off referers.

7.  Turn off referers

Referers (sic) are HTTP headers which contain the address of the webpage that linked to the resource being requested.  It means that the page you land on can look up the page you clicked through from.  This creates privacy concerns.

To do this in Firefox, you have to get your hands dirty in the registry.  Enter "about:config" into the address bar of your browser.  You will be careful.

After negotiating the warning screen with the correct answer, scroll down until you find the network.http.sendRefererHeader item.  Right click on it and change the value to 0 (zero):

It's slightly different in Chromium/Chrome.  You need to install the extension Referer Control and then,  after installing, scroll down and locate the text "default referer for all other sites" and click on Block:

It's that easy.

8.  Install HTTPS-Everywhere

HTTPS-Everywhere provides encryption over HTTPS with websites, making your browsing more secure.  This plugin is provided by the EFF in conjunction with the Tor Project, but is not available in the Firefox add-on repositories, nor in the Chrome Store.

Click here to add HTTPS-Everywhere to Firefox or Chromium/Chrome.

9.  Install MaskMe add-on/extension

From Abine, the makers of DoNotTrackMe comes MaskMe.  MaskMe is a rather awesome tool that will automatically generate a one-off email address whenever you sign up for something online.

Why is this important?  Your personal details are often matched by advertisers online using your email address which is pretty unique.  The random email address used by MaskMe redirects to your proper one.  And periodically, you can log into MaskMe and remove the ones that you have no need for emails from anymore.

MaskMe is available for both Firefox and Chromium/Chrome here.

10.  Install NoScript add-on for Firefox and NotScripts extension in Chromium/Chrome

Blocking Javascript, Java and Flash from running is popular with some.  There are additional advantages to running these plug-ins, too - they make pages load faster in your browser as well.

NoScript is a popular Firefox add-on that also provides anti-XSS and anti-Clickjacking functionality and works on a whitelist basis which is perhaps a little severe for some.  But once you get used to it, it really is quite powerful.

NoScript is available from a search in Firefox add-ons.

But what about Chromium/Chrome users?  Up until recently, this functionality wasn't available, but someone managed to make this work.  Thus NotScripts was born.  NotScripts is also available for Opera and offers both a whitelist or a blacklist-based service.

The NotScripts extension is available from the Chrome store.

11.  Use a secure cloud storage service like SpiderOak

A couple of years ago, I remember the interwebs freaking out when Dropbox added a clause to their terms of service that asserted a right over works that users uploaded:
By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.
I remember complaining to someone about this, but was informed that "they have to do this to operate in the US," despite the fact that Canonical operates their Ubuntu One service in the US quite fine without such a clause.

Dropbox have improved their terms of service since this.  It now reads like this:
By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.
This is a bit better.  But it's nowhere near as good as SpiderOak.  SpiderOak uses encryption in both the cloud, and at the client end that means that even SpiderOak employees can't access users' information.  And it is available for Windows, Mac OSX, and Linux, as well as the major phone OSes.  Too awesome!

You can download SpiderOak here.

(Disclosure: If you click on this link, you get an extra gigabyte of storage data, and so do I)

12. Use DuckDuckGo or Blekko as your search engine

Whenever you use a commercial search engine, it's not just their paid advertising that shows up in the results that you have to look out for.  Google, for example, make quite a bit out of sending your IP address off in a way that's not dissimilar to the story that this website from DuckDuckGo tells.

Fortunately, it doesn't have to be this way.  Why not use a different search engine?

DuckDuckGo promises full anonymity.  No personal information stored at all.

Blekko promises to erase their logs within 48 hours, but also provide the innovative slashtag search functionality that they're known for.

Give them a go.

13.  Consider using 'Porn Mode' for sensitive browsing

This suggestion generally gets greeted with some childish giggling or even the odd snide remark.  Nevertheless, porn mode, or 'Private Browsing' as it may be more grown up to refer to it as, is an incredibly useful addition to your privacy arsenal.  I simply won't go near Facebook without it.

The sad thing is, that by suggesting that people might be irrationally part of the 'tinfoil hat brigade' by utilising these functions, it's probably more correct to say that most users of services like Facebook or other places where you're encouraged to provide a great deal of detail about yourself are maybe not valuing their own privacy enough.

But porn mode is exceptionally easy to use and it can be used for many purposes.  Social media and porn are merely two.

Firefox: Select New Private Window.

Chromium/Chrome: Select New Incognito Window.

Enjoy some privacy

So there you go.  13 things you can do to improve your privacy online.

But don't rest on your laurels.  Keep reading up, because this whole game is really about where the next privacy breach will come from.  Please check out these websites for more information:

Tracking the Trackers: Self-Help Tools.

Google tracks you. We don't. An illustrated guide..

4 Simple Changes to Stop Online Tracking.

Fix Tracking!


Anonymous said...

full block on nice work Dikkii :)

moat20rugby said...

Wonderful blog post, resolved to go on and even bookmarked your webblog. As i can’t hold on to enjoy a book alot more as a result of one.
view daily kos