8 Comments

Summary:

In light of the continuing brouhaha over online privacy (as exemplified most recently by the deal between Charter and NebuAd) it’s worth asking the simple question: what can you do to keep control of information about your online activities? While some folks think it’s paranoid to worry about this, others prefer to choose what they tell the data collectors. Fortunately, there’s a tool as close as your desktop that can help you considerably in this area: the Firefox web browser.

ScreenshotIn light of the continuing brouhaha over online privacy (as exemplified most recently by the deal between Charter and NebuAd) it’s worth asking the simple question: what can you do to keep control of information about your online activities? While some folks think it’s paranoid to worry about this, others prefer to choose what they tell the data collectors. Fortunately, there’s a tool as close as your desktop that can help you considerably in this area: the Firefox web browser.

Firefox’s privacy controls start with its built-in preferences. Here you can decide whether to accept cookies, and specifically whether to accept third-party cookies (which are often used for tracking your travels around the net). You can also decide when your cookie stash should be deleted. These are relatively blunt instruments, though. For enhanced privacy protection, you need to turn to Firefox extensions. Fortunately, there are a number of good choices in this arena.ScreenshotCookie Control – A good place to start is with exercising more control over your cookies. There are a number of add-ons in this area, including Cookie Monster and Cookie Whitelist, These add-ons generally let you see what cookies a site is leaving behind, give you finer-grained control over when cookies are deleted, and let you set site-by-site permissions for leaving cookies. I like CookieSafe Lite, which also adds a blocklist of known tracking cookies that you can deny with a single click.

ScreenshotProxy Surfing – Another line of defense is to push your surfing through a proxy server, so that it’s harder to track it back to your own IP address. While you can do this by setting up Firefox with a proxy server in your network settings, you’re better off with more granular control, since using an anonymizing proxy can be slow. FoxyProxy is a hugely flexible add-on here, letting you define URL patterns that automatically switch between multiple proxies, but its configuration options can be overwhelming (and confusing). For simpler alternatives, look at PhProxy, Tor-Proxy.NET Toolbar, or TorButton (my favorite due to the extra options available for extremely paranoid use).

Extra Protection – There are a few bits of extra privacy protection available that don’t fit into either of the above categories. SquiggleSR is designed to keep search engines from building up a good profile of you by randomly performing searches and clicking on results in the background. RefControl offers you fine-grained control over referrer headers, to prevent sites from knowing where you came from. BetterPrivacy protects you from data stored in Local Shared Objects, a sort of next-generation cookie.

You’ll need to find your own balance in this area – the more extreme steps you take to protect your privacy, the more inconvenient you’ll find random web surfing. But even blocking advertising cookies and switch to Tor when you’re going to a site you’d like to keep to yourself will go a long way to avoid broadcasting information indiscriminately.

Do you have your own favorite techniques for protecting your privacy on the web?

  1. NoScript is a great extension for managing the JavaScript to allow on a page. You can basically tell Firefox to accept JavaScript from specific domains and also tell it never to. You can even allow it temporarily during the session.

    In an era of XSS attacks and the overabundance of 3rd party JS files that can overstep the privacy line, this is a nice add-on.

    Share
  2. I’m surprised you left out NoScript. Safe History and Safe Cache are also good for the privacy-minded.

    Share
  3. Indeed, NoScript (https://addons.mozilla.org/en-US/firefox/addon/722) is a great addition to the line-up; making JavaScript default to “off” is a great way to be more secure against attacks as well as preventing some information-harvesting.

    I didn’t include Safe Cache (https://addons.mozilla.org/en-US/firefox/addon/1474), which helps prevent cross-site behavior tracking via included files, because I haven’t had good results running it. The code hasn’t been updated in a year and a half and it looks like FF3 is leaving it behind.

    SafeHistory (https://addons.mozilla.org/en-US/firefox/addon/1502), preventing cross-site information sniffing via visited link displays, is another one that seems to be moldering.

    Share
  4. I never consider Noscript a really security extensions. It disable javascript but even websites likes Google and similar that you consider trusted sites could be vulnerable at xss and so, even if you let noscript works with them, you’ll never keep really secure.
    Noscript was good some years ago but now
    the web is most based on js and use noscript is simple useless.

    Share
  5. “I never consider Noscript a really security extensions. It disable javascript but even websites likes Google and similar that you consider trusted sites could be vulnerable at xss and so, even if you let noscript works with them, you’ll never keep really secure.
    Noscript was good some years ago but now
    the web is most based on js and use noscript is simple useless.”

    Completely disagree. It’s all about reducing the risk. There are lots of sites I visit that are more than functional enough without running whatever js nonsense they’re running. Yes, my trusted sites could be vulnerable, but that’s not much of an argument against blocking js at non-trusted sites.

    Share
  6. Basically none of this stuff can prevent you from getting raped so just be careful out there guys.

    Share
  7. PHProxy sites are good for getting around local URL based browser restrictions but you are basically entrusting everything you submit to an unknown server so… not suitable for confidential stuff

    Share
  8. These add-ons may help keep your information private but they will not protect against all sorts of malware that commonly arise in social networking sites. Some good rules that I like to keep in mind are 1) never to open files that are sent to me from an unfamiliar source 2) never enter my password and username when prompted to by a seemingly familiar source; it is safer to restart the program and enter information on the main screen of the website 3) Make my passwords complicated using symbols.

    Share

Comments have been disabled for this post