How to Protect Your Online Privacy

Hello, I've written an article called How to Protect Your Online Privacy. It's meant to provide detailed information for both novice and advanced users so they can do as much as possible to protect their online privacy.

Please let me know if you think there's something more I should add to this article or some advice I should change. I want to make it as useful as possible to as many people as possible, so any comments or criticisms are welcome.

Thanks.

 

Another extension that's more suitable for the average user is ghostery. It's primarily a blacklisting tool for known trackers and data miners. More advanced users with a basic knowledge of HTML and javascript can implement some very fine grained control with Proxomitron. The app itself isn't being developed any further, but it's one of those timeless designs that's only limited by the filters chosen or written by the user. IMO, it's as useful and powerful today as it was when it was written.

 

I've looked into Ghostery in the past, and even recommended it for a while. However, as far as I can tell AdBlock Plus and DNT+ block more than Ghostery anyway. So, since I advise my readers to use both programs anyway it seems to me that Ghostery would be overkill.

I'll check out Proxomitron.

Thanks.

 

As a SeaMonkey user, my selection is more limited. DNT+ won't work for me. As for NoScript and AB+, I have mixed feelings on these. Tried NoScript a long time ago. Didn't like their included whitelist, which at the time would replaced those whitelisted items when I restarted the browser. No idea if that's changed since then. I didn't like that behavior or the attitude behind it, so I haven't used it since.

Regarding Proxomitron, you can find most anything you want about it at http://prxbx.com/, including downloads, addons, filtersets, and a forum where they still make custom filters.

 

While your article contains some good information, I fail to understand why you recommend DoNotTrack Plus. Simply blocking 3rd party cookies in the browser and making session cookies your default is just as efficient and doesn't require an additional addon (this also applies to Ghostery). The more addons you're using the more unique is your browser (fingerprint).

What I missed in article: You didn't say anything about DOM Storage (which can be disabled in about:config) and ETags (which can be prevented by disabling disk caching).

 

DNT+ doesn't just block tracking cookies (by setting opt-out cookies; whether this can or cannot be seen as a way of tracking is another discussion lol), it also block connections to tracking servers, such as Google Analytics, etc. Blocking third-party cookies won't stop this kind of tracking. So, Simply blocking 3rd party cookies in the browser and making session cookies your default isn't just as efficient

 

Is this really so? The only evidence I found which might support that claim is this remark:

I'm not sure what that really means. Does this really mean that it blocks connections to tracking servers (like RequestPolicy)?

 

If you don't trust it, then I suppose you don't have to use it. But, if you use Google Chrome/Chromium, you can easily test it out. If you open chrome://net-internals/#dns and then go to -https://www.pcworld.com/products/software/antivirus_and_security.html you shouldn't be able to see connections to pcwmw-pcworld.122.2O7.net, for example (make sure scripting is blocked in the web browser, because it's embeded in <noscript> tag).

 

Thanks - that makes sense. However, I still think it's superfluous if you use - as suggested by Chiron - AdblockPlus (or even RequestPolicy). The EasyPrivacy subscription already blocks that connection (and RP does it anyhow).

 

There are a lot of connections that DNT+ blocks, though; not only that one. Anyway, I don't know if anyone has ever experienced it on Firefox, but for more than once both me and relatives have seen ABP lists disappearing from within the Options without any apparent reason, in both Google Chrome and Chromium. So, DNT+ is there as a backup, and I must say it works quite well.

 

It isn't the only connection blocked by ABP, either

Well, not on Firefox, never ...

Understood. However, I don't feel any need to use it. The ABP subscriptions are very comprehensive, and I'm using RequestPolicy -> game over for any trackers

 

I like your article but I think Peerblock is out-of-date and it really can't protect your computer from anything. IP blacklisting makes no sense at all ...

 

I've found that even with AdblockPlus running on a page, and third party cookies blocked, DNT+ still blocks connections. Thus I do believe that it's very complimentary.

Can you please elaborate on how these are privacy concerns. Sorry, I'm not very familiar with them.

Thank you for pointing this out. Can you please elaborate on why IP blacklisting makes no sense? Also, do you have any good alternatives or other approaches I might take?

 

Sure. Here are some links:
https://developer.mozilla.org/en/dom/storage
https://en.wikipedia.org/wiki/Web_Storage
http://kb.mozillazine.org/Dom.storage.enabled
http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/

https://en.wikipedia.org/wiki/HTTP_ETag
http://ip-check.info/description.php?lang=en

 

Peerblock works as it's intended to. As for being out of date, I don't see anything that needs fixing or improving. If your privacy arrangement includes blocking access to certain companies, adservers, etc, (like Google, Facebook, your own governments IPs if you're a dissident, etc) it makes plenty of sense. Depending on how your system is equipped, Peerblock may be redundant. I block several IP ranges but do it with the firewall.

 

Proxomitron users can also remove ETags without disabling the cache if desired. See http://prxbx.com/forums/showthread.php?tid=1816

 

Yes, it can also be done with other proxies like Privoxy. BTW, I should have added that it's not absolutely necessary to disable disk caching completely: Alternatively you can also clear the cache at every browser shutdown - this would clear any ETags. However, tracking would still be possible within the browser session.

 

Okay, I've updated the article.

Please read over the entire article (because I've altered the advice in multiple places) and let me know what concerns you believe I have not yet covered.

I was trying to counter many of the concerns raised above by advising users to delete most information when the browser is closed. Please let me know if my advice is not good enough to accomplish this or if you think the privacy threat is great enough to warrant making actual changes to whether particular items are turned on or not.

I'm trying to balance privacy and usability, and it's proving to be a very difficult job.

I'd really appreciate any comments you have.

Thanks.

 

That's a tall order in itself. The more trackers a policy blocks, the more likely it becomes that different functions on sites (or the entire site) gets broken. Sadly, the most effective tools are usually the least friendly for the average user. IMO, protecting your privacy has become more difficult than defending against malicious code, and the law of diminishing returns kicks in quite fast.

 

Ghostery blocks more than 1000 trackers + 500 cookies, DNT+ according to their website just 600 trackers. It much more customizable an advanced I can't understand why is not in the article by the way is also much more populat than DNT+

 

Thanks.

I'll look into it again.