The Maze into Privacy Paradise (Q&A)


Q: With so many privacy extensions for browsers, it’s all too confusing. Even in the NDAS “Resources: Internet” section, should I use Ghostery or AdBlock? They both seem to do the same thing.

A: We empathize with you. Internet privacy (security) has become a horror tale, like trying to find and recover treasure in a maze before the monster in there finds you. It makes people want to run away, choose a browser by manufacturer touchy-feely claims of protection, and/or just stick to what came pre-installed in their OS.

Please do not do any of these. Let us explain a little more about our recommendations.

Complete privacy on the internet is impossible. Extreme measures can achieve 99.9% privacy, but the average web user would be overwhelmed by what that involves. Even the savviest among the NDAS staff do not go that far—well, most of the time. Yet giving up is not the answer either.

As an author in the eBook age, you need to use the internet for business as well as research. Yes, even a fiction author will do online research sooner or later. You can find that treasure (or at least most of it) if you follow the steps we recommend.

Kick Your OS Browser Habit (Just Say No?)

This means Safari, Internet Explorer, and (yes) Chrome. Each may claim to be secure for sensible use online. That says nothing about how those companies use their installed browser.

As a recent example, an update to Safari in OS X 10.9 triggered an intense barrage of attempts by the OS and application to access closed ports and/or IP ranges on the internet that had been locked down for security reasons. This occurred in our last remaining Apple-based file server unit. It happened both before and after the updated application was launched. Secondary attempts where made to obscure subdomains not clearly identified as controlled by Apple. And even if…

There is no acceptable reason for this nonsense. Initial Illicit activity like this is usually only seen—if it is ever visible—with a default browser installed and maintained by a corporate OS’s manufacturer.

The average user would not know this is happening let alone that such activity has nothing to do with Safari’s internet functionality. This activity has to do with Apple accessing the device (and OS) in question. And to what purpose?

Neither we nor you should have to figure that out or accept a corporate default answer that is not precise. The only reason that Safari was left in that one machine was to monitor for activity like this. And yes, we have monitored similar with default installs of Internet Explorer in Windows.

You should not have to face such invasions of your privacy—your property—before you have even accessed the internet by your own choice.

Ignore counter claims that this activity was caused by a worm, trojan, malware, virus, etc.  Ignore counter claims that this is normal / necessary by the OS manufacturer. If the latter were true, it would not be hidden from you. NDAS staff members know better.

As to Chrome, we always questioned why it has a notably different code footprint than Chromium, the open source browser upon which it is built. You should question that as well. And Opera has turned into a miasma of “borrowed” code and should be avoided for that reason alone.

Starting from Scratch with EFF

Our first recommendation for enhancing a better browser is to listen to (and support) truly independent foundations waging war against privacy invasion. The top one by a vast margin is the EFF: Electronic Frontier Foundation (Defending Your Rights in the Digital World).

The EFF is generally disliked (but monitored) by Microsoft, Apple, Google, and many other corporate presences wanting to record your internet activity. That is what tracking is really about—recording, using, and even selling data about you and what you do. The same can be said for certain governments. In a few places, the EFF site has been blocked where internet access is controlled completely by a government. There is a good hint, and of course, there are ways around that.

Use EFF extensions as your bare minimum defenses. That would be “HTTPS Everywhere” and “Privacy Badger” as of now. The latter is a truly evolutionary step in privacy defense and easy to use. Both are linked in our “Resources: Internet” section.

About the Cunning Badger

Unlike other defenses, Privacy Badger does not use third party subscription lists for known trackers. Thereby it does not ignore trackers missing from those lists. It has a list of its own but also analyzes web site code for anything that tries to record your presence / activity in browser-side “cookies.” It also watches for code that attempts to access data stored in those cookies, which is how your activities are tracked across the internet.

Once installed and in use, click the “badger” icon in the top (usually right) of your browser window. You are presented “sliders” to enable any impeded site function based on tracker code found. Unlike other subscription based anti-trackers, it gives you a third covert choice. The following is an excerpt from the EFF site page related to Privacy Badger.

What do the red, yellow, and green sliders in the Privacy Badger menu mean?

Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.

Yellow means that the third party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "whitelist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and supercookies from it.

Red means that content from this third party tracker has been completely disallowed. Privacy Badger analyzes each third party's behavior over time, and picks what it thinks is the right setting for each domain, but you can adjust the sliders if you wish.

With Privacy Badger, you are protected intelligently and yet have clean and simple control. Unlike other anti-trackers, you have more choices, including re-enabling lost site function in a way that can still have a reasonable chance to block tracking. And PB will get smarter the longer you use it.

If your browser does not support all EFF extensions, then you are using the wrong browser.  If you can install EFF extensions, you will have adequate to good privacy control for general (and sensible) web use, and you can stop here. Still, a bit more security never hurts.

Similar But Not The Same: Ghostery vs. AdBlock

Both of these use third party tracker lists. Those lists are reasonably reputable, but these extensions do not analyze web code like Privacy Badger. They know only what they are told by the lists, and thereby miss things not yet added to those lists.

Ghostery has a similar “slider” function to Privacy Badger; unlike PB, it has only on/off capability vs. PB’s more intelligent middle compromise. But it does not learn over time like PB.

When you first install it, it may not always walk you through selecting additional list subscriptions. You can always click its icon, select the “gear” icon in the pop-up panel, and step through turning on additional subscriptions. You can as well whitelist certain sites it should leave alone. However, it will not allow you to analyze other code injections in a site to block them.

AdBlock is a bit of the reverse of Ghostery. After install, you will need to click its stop-sign-hand icon and select “Options” to fully setup its capabilities. Other than that, it does not have a per-tracker on-off arrangement like Ghostery. It does have a way to block specific script injections according to what it finds that may be doing something nasty other than tracking, such a pop-up ads / nags and misleading links.

If you click “show resources,” you will be presented a list of known code injections in the current site; ones marked in red are of greatest concern, though you will not know what they are doing.

NOTE: AdBlock has recently become available for Safari and Firefox as well as Chromium and Chrome, which means you can skip using AdBlock Edge for FireFox. Do not confuse it with AdBlock Plus, which has been known to sell collected data to third parties.

Try If You Like

There is no harm in trying either of these extensions with Privacy Badger. You can uninstall either as needed without harm to your browser. If you do not understand web code, Ghostery might be the better choice. AdBlock is by far the more versatile and one of the top three extensions used worldwide. That may change in the future with more exposure for Privacy Badger.

Back to Start

Do not give up in exasperation. Privacy on the internet is being challenged but there are factions and organizations on your side. Others are the developers of true FOSS (free open source software) browsers. They may not put potent defense code in their applications, but they do not alienate their potential users. They do not do to you what corporate browser manufacturers do behind your back.

WARNING: There was a time when FireFox passed all of your URLs through Google’s “Safe Browsing” server—which is now known to record that information for an indeterminate, undisclosed amount of time. If you use a version of FireFox with this feature, turn off “Safe Browsing” immediately if you value your privacy.

FOSS browser developers also generally stick to the true W3C (World-Wide-Web Consortium) standards; most corporate OS browsers do not, and that now includes Google’s Chrome. This is why the web looks different in those browsers and from one to the next. Generally, you will not face that nonsense in using browsers like FireFox and Chromium.

We hope this has been a little helpful in understanding the ins and outs of privacy defense on the web. And that you can make suitable choices for yourself to get back to your writing.

N.D. Author Services [NDAS]

No comments:

Post a Comment