Avoiding corporate spying on the web. The browser mediates a large portion of my interaction with the internet, so I should make sure it is shipshape, and specifically, that it is not leaking my info everywhere.
Blacklight realtime privacy inspector. I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?
1 Fingerprinting
2 Tracking consent
Nearly all websites use tracking technologies to collect data about you. By law, they often need your permission, which is why many websites have “consent pop-ups”. However, 90% of these pop-ups use so-called “dark patterns”, which are designed to make it very difficult to say no, but very easy to say yes. Although using dark patterns is illegal, the laws are not enforced enough, so many websites get away with it.
Consent-O-Matic is a browser extension that recognises CMP (Consent Management Provider) pop-ups that have become ubiquitous on the web and automatically fills them out based on your preferences—even if you meet a dark pattern design. Sometimes a website might not use standard categories, and in that case, Consent-O-Matic will always try to submit the most privacy-preserving settings.
I run this but have not had a huge success in getting it to work.
3 Passwords
Use a password manager. It is easy, free, and saves time.
4 Useful extensions
To take control of my identity online I use Privacy Possum, uBlock Origin, and ClearURLs in the Firefox browser, which is IMO the best browser. This is a good level of fussiness for an obsessive tinkerer like me. Sometimes I use the Brave browser instead of Firefox because of a website quirk that doesn’t work in Firefox.
I tried a lot of things before settling on these tools. Some of the other options might be of interest.
Privacy possum aims to be a successor to Privacy Badger, which is more aggressive and (the creator argues) remedies certain shortcomings in Privacy Badger. The argument is something like “let us raise the cost of tracking people and consider ourselves successful if it is probably too expensive to bother”.
ClearURLs removes tracking crap from your URLs.
Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers.
Startpage Privacy Protection Extension might be good but I am nervous about it because I cannot find the source code even though they say nice things.
scriptsafe offers aggressive no-frills script blocking.
The browser plugs suite comprises various browser plugs that hinder fingerprinting of the unique features of your browser.
Fuzzify automates and monitors clicking on the “delete my ad data” button in Facebook.
adblock plus is a ublock origin alternative. Better business model but AFAICT a worse product.
torbrowser bundles all the ad-blocking conceivable, although it also makes browsing unpleasant and slow. There is some kind of lesson there.
Ghostery claims to disable most of the social media spyware, although its process a little opaque so I am not sure how much to trust it.-
This is a nice idea, although the usability and documentation could be less nerdy.
5 uBlock Origin
uBlock Origin is an adblocker and general tracking blocker with a complicated history which we can mostly ignore. It has a semi pro feel, being not quite as polished as its commercial cousins but also more configurable. Some people prefer the somewhat smoother but also compromise-filled Adblock plus.
ublock.org is nothing to do with ublock origin.
NB: It works best on Firefox. That essay is also an interesting insight into various superior Firefox features. They may be an endangered species.
The sweet spot for me is medium mode, which I find gives me the freedom to tweak glitches I see in easy mode but also not freak out with choice paralysis like in hard mode.
There is a discontinued (?) alternative by the same author called umatrix which I find offers way too many choices for a sane person.
ublock origin also comes with a handy element zapper mode which I use to eliminate distractions.
NB on chromium browsers ublock origin is - uBlock Origin is discontinued in favour of ublock origin lite, which is better than nothing but not as capable.
My favourite rule to get rid of the google login box which I literally never use but cannot otherwise opt out of:
This does not work in Google chromium browsers, sadly.
6 Encrypted connections
Since we transfer confidential information to websites, we want secure connections. Several hacks are based around tricking your browser into non-encrypted connections. Effectively, security-optional leads to writing your passwords on the lawn in big letters any time someone asks. But don’t take my word for it — see how this was used in the PoisonTap attack.
This problem is being gradually rendered irrelevant by some network technology called HSTS; hopefully we can forget it.
In the interim we can switch off insecure mode:
Firefox: Settings > Privacy & Security > Scroll to Bottom > Enable HTTPS-Only Mode
Chrome: Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”
7 Search engines
See internet search.
8 Browser containers
“Private Browsing mode revised and improved”. Firefox multi-user-containers are one low friction option; they compartmentalize our different online activities from each other so that each website lives in its own solipsist universe. These have obvious privacy implications — keep all your sites isolated from one another! Why does Google need to know about your Facebook usage? They are also generally useful.
For example, if a site such as medium.com constantly nags you to become a member after you have read 2 articles in the same month, create a new browser container, and get two more free articles.
9 Cache resources for speed and privacy
Normally when we visit a website a whole bunch of standardised supporting resources are downloaded from content delivery networks, which is not efficient and also leaks information.
LocalCDN is a browser addon that keeps a local copy of that crap so that we download it once then recycle it.
LocalCDN is a web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required. Feel free to use the following testing utility to find out if you are properly protected. For more information, please look at the graphic below or read the tutorial or our Wiki pages. You can also download the extension directly from Mozilla and just try it.
Alternatively Decentraleyes seems to do the same thing.
10 Single Site Browser
I could use a Single-site browser for spyware sites such as Facebook. because
- Otherwise Facebook would know even more about me than they do
- Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly easier to segregate that activity from other ones.
See Single-site browsers.
11 Chaff
Left-field solution idea: Obfuscate your activity. Get your browser to do meaningless nonsense that obscures the patterns of your behaviour. I would be curious to know how effective that is, or even how one would discover how effective that is. I am not hopeful that this works, which is why it is at the top of the page, but it is an interesting idea.
Random noise extensions attempt to make your browsing data useless to trackers by making your browser mindlessly visit lots of nonsense sites, thus confusing the paper trail. noiszy, does for news consumption. trackmenot does this for search queries. AdNauseam is the latest one:
AdNauseam works to complete the cycle by automating ad clicks universally and blindly on behalf of its users. Built atop uBlock Origin, AdNauseam quietly clicks on every blocked ad, registering a visit on ad networks’ databases. As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile. Read more about AdNauseam in this paper.
12 Alternative browsers
Some browsers claim to be privacy first.
- Firefox is safer than Chrome per default and easy to configure to be even more secure. This is what I use.
- DuckDuckGo Browser claims to be secure.
- Brave is a browser which claims to eliminate most tracking except for consensual-opt-in privacy-compatible tracking. I have many questions about that, but it is worth a try. It has a cryptocurrency bent and is more closed-source than the alternatives.