I can't believe Google Analytics is everywhere!!!

I'm not aware of any other way ...

EDIT: You can delete that data manually, of course, in chrome://settings/clearBrowserData but in an automatic way it can only be done with some extensions, IMHO.

I see - thanks. BTW, I'm using the Search Box extension which allows me to select different search engines like DDG, ixquick, startpage etc. It also opens in a new tab.

 

BTW, do you know if scriptsafe is a viable alternative, and especially does it still suffer from this issue?

EDIT

@tlu,

now I see what you mean about no other way other than to use a 3rd party extension! I did some digging and observed that incognito mode does not delete cookies when the browser is closed. I'm testing click&play and really like it so far Thanks!

 

Yes, it does That's why I changed my strategy: I block JS by default in the Chrome settings (which works reliably) and complement it with ScriptSafe running in "Allow" mode. That still blocks 3rd party "unwanted content" as shown in the ScriptSafe "Privacy Settings" if I allow JS for a site (the easiest way to do this is by using the Quick Javascript Switcher extension). This 3rd party blocking might not always be 100% reliable - but in combination with Adblock (with EasyList and EasyPrivacy) and my big hosts file I feel very comfortable with that solution.

Really Wow! Then the incognito mode isn't incognito at all

You're welcome!

 

That's an interesting approach, and one that no doubt works really well. I may go back to using scriptsafe with some sort of modified options, perhaps similar to yours, but for now I'm not overly concerned. Chrome's security model is very solid by default. I was for a while blocking under Chrome's content settings .com outright, making exceptions for all sites I deemed safe, but of course this does allow all scripts under the domain so I gave up on that idea.

Yeah it's strange, even after several tests it only deletes browsing history but the cookies remain

 

Also, if you are using Google DNS or Open DNS in order to help hiding your IP, read this: https://00f.net/2013/08/07/edns-client-subnet/

 

jedisct1, I must admit that I haven't understood all of what you've written there. I guess I have to read it a second or third time (at least) ...

Are you suggesting to NOT use Google DNS or OpenDNS but rather another DNS server without edns-client-subnet but in combination with Namehelp (and, of course, configuring dnscrypt to use that one)?

 

If you connect to compreorgreenic.com (random funny domain name) and you are using a DNS resolver that is not Google or Open DNS, the company hosting compreorgreenic.com doesn't see your real IP in the DNS query. All they see is the IP of the DNS resolver.

If you do the same thing and you are using Google or Open DNS, these DNS resolvers will send your real network address to compreorgreenic.com. Your packets are changed to tag them with your address before being forwarded to the service you are trying to access.

The purpose is to make things faster; help CDNs and companies with servers in different geographic locations pick the fastest server according to your IP.

However, from a privacy perspective, this is a disaster.

 

I don't see how it's a problem.

Sites that you're accessing always know your Internet IP address.

If you're going naked with no VPN or Tor, both DNS server and sites see your ISP-assigned IP address.

If you are using VPN or Tor, and everything is configured properly, they both see the VPN or Tor exit IP address.

If you're using VPN or Tor, and your DNS lookups are leaking, IP reporting by DNS servers would be problematic. But preventing DNS leaks is the best solution, no?

 

Yes, that's what I don't understand, either. Even if you use another DNS resolver - once the requested website is loaded they have your IP address.

jedisct1, could you elaborate a bit more?

 

Right, it's been like that for years. I've no problem with my IP address being known. Beyond that, such as what Google does where they use all kinds of tracking cookies against the user, is where recently I draw the line. When I close a website I don't want it retaining all kinds of stuff related to my surfing, no matter how harmless it might seem. it creeps me out when I reopen the site later and it displays "recommended" videos for me I'll choose what I want to watch; I don't want someone choosing for me. Nor do I want history retained. I've deleted my youtube & gmail accounts because of that. Google's become far too intrusive for my liking so now I'm free of them, other than the fact I use their browser and I haven't ruled out the possibility of going back to Firefox. Youtube in its infancy was so much better than it is now.

 

If all your DNS queries are going through Tor or a VPN, that's totally fine.

But some people are using dnscrypt or external resolvers to prevent DNS leaks. That doesn't prevent anything.

Also, when using a SOCKS proxy, DNS queries are not going through SOCKS. If you are using a SOCKS proxy to hide your IP to a web site + a non edns-client-subnet resolver, that's fine. If you are using an edns-client-subnet resolver, the proxy is useless, the web site will see your real network address in DNS queries.

Timing attacks on edns-client-subnet resolvers also disclose if someone on your network just accessed some web site without having to sniff any traffic.

So, yes, a properly configured VPN is the best thing you can have.

 

Frank, forgive my ignorance, please. I think I understand what you're saying. However, I still don't understand how a different DNS resolver makes a difference once a website is accessed (without Tor or VPN). They would have your IP address anyhow, wouldn't they?

 

If you're not using proxies, VPNs or Tor, improving DNS privacy doesn't help. Using faster and/or more reliable DNS servers would speed up browsing and/or improve reliability.

If you are using using proxies, VPNs or Tor, it's most important to ensure that all DNS queries use them. Improving DNS privacy helps only as a backup, in case there are leaks.

 

Yes, that's how I see it, too. I was only confused because VPNs or Tot were not mentioned in jedisct1's post #57 at all.

 

Oh wow never heard of Torch Browser. That looks really cool. I hope someone comes up with a portable version. I just downloaded it and will give it a spin.