I need input on how to protect online privacy

Chiron

Level 1
Thread author
Feb 24, 2011
250
Okay, so I'm starting research for my next article. It's going to be about How to Protect your Online Privacy.

Please let me know what you think of my steps. I'm going for more of a paranoid perspective than a combination of usability and privacy. (I know they're after me, oh no, there they are.) :google:


I know cookies should be disabled globally and allowed on a site-per-site basis.

I am also blocking flash globally and allowing it on a site-per-site basis. I believe this will protect against flash cookies.

I'm using an ad-blocker. This should block many of the ads that would report information back.

I also know about using Anonymous Surfing Services (like those discussed here) to mask your IP.

I will also advise blocking all scripts globally and allowing them on a site-per-site basis. This should block all types of super-cookies (including Evercookies). Thus I don't think I need to advise blocking flash any more as if scripts are disabled flash cookies shouldn't be able to be set. Please let me know if I'm wrong.




Can you please comment on my ideas and let me know if something I'm going to recommend isn't enough (or adds nothing in terms of privacy)? Also, please leave any other suggestions you may have that I haven't mentioned.

(I'll update this post as I am given new information.)

Thank you.
 

bogdan

Level 1
Jan 7, 2011
1,362
Use encryption where possible, do not reveal personal information, block third party cookies, delete cookies when you close the browser?
 

Chiron

Level 1
Thread author
Feb 24, 2011
250
bogdan said:
Use encryption where possible, block third party cookies, delete cookies when you close the browser?

I am already advising they block all cookies globablly (thus I think blocking third-party cookies would be overkill). Perhaps I'll add it as another option to blocking all cookies.

Also, with all unwanted cookies blocked what would be the advantage of deleting cookies when you close the browser?

As for the encryption, what are you referring to? Do you mean encryption on your hard-drive?
 

bogdan

Level 1
Jan 7, 2011
1,362
The idea is to find a balance between usability and privacy. Some cookies are OK to use. Bugs use third party cookies, blocking them should not impact usability. Of course it depends on everyone's level of paranoia :D

Delete all cookies when you close your browser just in case someone else uses your PC while you're away.

HTTPS encryption
 

Chiron

Level 1
Thread author
Feb 24, 2011
250
Okay, perhaps I should have been more specific.

I understand how to balance privacy with usability.

I suppose I'm now looking for some of the paranoid solutions. :lolz:

Do you have any suggestions on blocking scripts globablly (throwing out all, well most, usability concerns).

I'll go edit the first post to make this more obvious. :tuxout:
 

LaserWraith

Level 1
Feb 24, 2011
497
If they are going to have all cookies deleted, advice them to use a password manager or something. It can get very annoying to have to login to each site each day.
 

Chiron

Level 1
Thread author
Feb 24, 2011
250
LaserWraith said:
If they are going to have all cookies deleted, advice them to use a password manager or something. It can get very annoying to have to login to each site each day.

Thanks, I'll update my original post.

Any other suggestions for paranoid users such as myself? :neutral:
 

Chiron

Level 1
Thread author
Feb 24, 2011
250
bogdan said:
HTTPS encryption

Sorry, but I'm still not sure what you mean by this. Isn't this done on the site and not something that can be affected by the user?

A explanatory link would be very helpful. :)

bogdan said:
Use a dynamic IP address?

How do I set this up? I thought that only applied to dial-up connections (apparently I'm wrong)?


Thanks for you're help. I'm still learning (as always).
 

LaserWraith

Level 1
Feb 24, 2011
497
I thought the option for HTTPS relied on the site, and you can't do much.

As for dynamic IPs, it was my belief that some ISP used them and some didn't. Mine changes maybe once or twice a week. I guess you have to request your ISP for a dynamic IP if you don't have one.
 

bogdan

Level 1
Jan 7, 2011
1,362
1. The user can use a plugin like https everywhere since some sites drop the https connection after the login page. This prevents a man-in-the-middle attack (a hacker spying on his connection). It is not related to tracking but I find it important as privacy is concerned. Also avoid unencrypted wireless connections for the same reason.

2. Not necessarily dial-up, but depends on the ISP. A paranoid person might prefer a dynamic IP address. This is probably the most personal information bugs can gather from you.
 

HeffeD

Level 1
Feb 28, 2011
1,690
There are a few Firefox extensions I could recommend for the more paranoid users.

Of course there are the private browsing modes, that I believe all browsers have now. (Does IE?)

I use RoboForm Password Manager instead of storing passwords in my browsers, although I know LastPass gets good reviews.

Https-Everywhere has been mentioned, but of course if the site doesn't support it, this is not useful.

Cookie Monster
Makes it easy to block cookies globally and with a simple right-click on the icon, either allow cookies permanently, temporary cookies to be set, or session cookies to be set per site. (Temporary cookies are a one time thing, session cookies allow that site to always set cookies, but they are deleted when the browser is closed)

BetterPrivacy
Doesn't block LSO's, but deletes them when you close your browser.

RefControl
Allows you to control what sort of referrer data is sent.

Redirect Remover
Rewrites redirect links.

Stanford SafeCache
Segments your cache per domain, so cache based tracking techniques fail.

Stanford SafeHistory
Doesn't allow offsite links to be marked so link tracking techniques fail.

And of course Adblock Plus with the EasyPrivacy filter subscription. (I use the combined EasyList/EasyPrivacy subscription)

And I probably shouldn't forget the ultimate browser cleaning tool, Sandboxie. Run your browser in this and have it automatically delete the sandbox contents when you close the application, and anything that is gathered during a particular browsing session is deleted.

Chrome doesn't quite have the arsenal of extensions that Firefox has yet, so much of this functionality isn't available.

There is Adblock Plus for Google Chrome™ (Beta)
Still young and not as full featured as its Firefox version.

NOREF
Not nearly as flexible as RefControl for Firefox, but still blocks referrers.

Vanilla
Is the closest thing to CookieMonster.

Use HTTPS
Is similar to HTTPS-Everywhere.

Are you planning a companion article that is more balanced towards usability? If so, I'm more of a fan of AdBlock Plus with the
Code:
*$script,third-party
filter to block all third party scripts instead of a global script blocker like NoScript. Unless you visit questionable sites a lot, it's the externally hosted scripts that are the big risk. Blocking third party scripts ensures site navigation will still work on any page you visit, yet externally hosted scripts that the site owner has no control over will be blocked. If you wish to whitelist a domain such as YouTube that serves videos externally, you can add them to the filter.
Code:
*$script,third-party,domain=~youtube.com|~whateverdomain.com
 

Chiron

Level 1
Thread author
Feb 24, 2011
250
Thanks HeffeD. Now I think I'm set as far as Firefox advice goes. Now I'm moving on to the Chromium Browsers.

Do you see any advantage to disabling cookies globally instead of just using Vanilla. It can be set to delete cookies you haven't marked to save after 30 minutes.

I ask because I'd love to suggest NotScripts, but it doesn't work if cookies are blocked globally.

Thanks for the AdBlock Plus advice. Does this work with the Chrome version as well?


HeffeD said:
Are you planning a companion article that is more balanced towards usability?

I was planning on setting the format up similar to this. I will divide it into advice for novice users and intermediate to advanced users.
 

HeffeD

Level 1
Feb 28, 2011
1,690
Chiron said:
Do you see any advantage to disabling cookies globally instead of just using Vanilla. It can be set to delete cookies you haven't marked to save after 30 minutes.

If it were easier to adjust cookie permissions with Chrome the way CookieMonster does with Firefox, I would leave my cookies globally disabled. But since it's not, I really don't have a problem using Vanilla and having it delete unwanted cookies every 30 minutes. That will make building up any sort of long term tracking profile on you difficult.

Chiron said:
Thanks for the AdBlock Plus advice. Does this work with the Chrome version as well?

Yes it does.

Chiron said:
I was planning on setting the format up similar to this. I will divide it into advice for novice users and intermediate to advanced users.

Ah, excellent. :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top