Privacy while web browsing

Browsing the internet without giving corporations my personal information for free

December 12, 2018 — January 23, 2024

computers are awful
computers are awful together
confidentiality
Figure 1

Avoiding corporate spying in the web. The browser mediates a large portion of my interaction with the internet, so I should make sure it is ship shape, and specifically, that it is not leaking my info everywhere.

Blacklight realtime privacy inspector. I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?

Figure 2: Leigh Elliot’s Contrachrome updates the Chrome browser infographics.

1 Fingerprinting

3 Passwords

Use a password manager. It is easy, free and saves time.

4 Useful extensions

To take control of my identity online I use Privacy Possum, uBlock Origin, and ClearURLs in the Firefox browser which is IMO the best browser. This is a good level of fussiness for an obsessive tinkerer like me. Sometimes I use the Brave browser instead of Firefox because of a website quirk that doesn’t work in Firefox.

I tried a lot of things before settling on these tools; some of the other options might be of interest.

  • uBlock Origin
  • Privacy possum aims to be a successor to Privacy Badger which is more aggressive and (the creator argues) remedies certain shortcoming in Privacy Badger. The argument is something like “let us raise the cost of tracking people and consider ourselves successful if it is probably too expensive to bother”.
  • ClearURLs removes tracking crap from your URLs
  • Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers
  • Startpage Privacy Protection Extension might be good but I am nervous about it because I cannot find the source code even though they say nice things
  • scriptsafe offers aggressive no frills script blocking.
  • The browser plugs suite comprises various browser plugs that hinder fingerprinting of the unique features of your browser.
  • Fuzzify automates and monitors clicking on the “delete my ad data” button in facebook.
  • adblock plus is a ublock origin alternative. Better business model but AFAICT a worse product.
  • torbrowser bundles all the ad-blocking conceivable, although it also makes browsing unpleasant and slow. There is some kind of lesson there.
  • Ghostery claims to disable most of the social media spyware, although its process a little opaque so I am not sure how much to trust it.
  • dnakov/little-rat: 🐀 Small chrome extension to monitor (and optionally block) other extensions’ network calls

5 uBlock Origin {#ublock-origin)

uBlock Origin is an adblocker and general tracking blocker with a complicated history which we can mostly ignore. It has a semi pro feel, being not quite as polished as its commercial cousins but also more configurable. Some people prefer the somewhat smoother but also compromise-filled Adblock plus.

ublock.org is nothing to do with ublock origin

NB: It works best on firefox. That essay is also an interesting insight into various superior firefox features. they may be an endangered species.

The sweet spot for me is medium mode which I find gives me the freedom me to tweak glitches I see in easy mode but also not freak out with choice paralysis like in hard mode.

There is a discontinued (?) alternative by the same author called umatrix which I find offers way too many choices for a sane person.

ublock origin also comes with a handy element zapper mode which I use to eliminate distractions

6 Encrypted connections

HTTPS everywhere is vexing. It is a mass of code that plasters over certain security holes caused by the continued existence of HTTP-and-Secure-HTTP in parallel. Which sounds fine — does everything need to be encrypted? Well, no, IMO, but while swapping between secure and insecure modes is an option it means that some things that do need to be encrypted are not.

Effectively, security-optional leads to writing your passwords on the lawn in big letters any time someone asks. But don’t take my word for it— see how this was used in the PoisonTap attack.

This is being gradually rendered irrelevant by some network technology called HSTS; hopefully we can forget it soon.

In the interim we can switch off insecure mode:

Firefox: Settings > Privacy & Security > Scroll to Bottom > Enable HTTPS-Only Mode

Chrome: Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”

7 Search engines

See internet search.

8 Browser containers

“Private Browsing mode revised and improved”. Firefox multi-user-containers are one low friction option; they compartmentalise our different online activities from each other so that each website lives in its own solipsist universe. These have obvious privacy implications — keep all your sites isolated from one another! Why does google need to know about your facebook usage? They are also generally useful.

For example, if a site such as medium.com constantly nags you to become a member after you have read 2 articles in the same month, create a new browser container, and get two more free article.

9 Cache resources for speed and privacy

Normally when we visit a website a whole bunch of standardised supporting resources are downloaded from content delivery networks, which is not efficient and also leaks information.

LocalCDN is a browser addon that keeps a local copy of that crap so that we download it once then recycle it.

LocalCDN is a web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required. Feel free to use the following testing utility to find out if you are properly protected. For more information, please look at the graphic below or read the tutorial or our Wiki pages. You can also download the extension directly from Mozilla and just try it.

Alternatively Decentraleyes seems to do the same thing.

10 Single Site Browser

I could use a Single-site browser for spyware sites such as Facebook. because

  • Otherwise Facebook would know even more about me than they do
  • Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly easier to segregate that activity from other ones.

See Single-site browsers.

11 Chaff

Left-field solution idea : Obfuscate your activity. Get your browser to do meaningless nonsense that obscure the patterns of your behaviour I would be curious to know how effective that is, or even how one would discover how effective that is. I am not hopeful that this works, which is why it is at the top of the page, but it is an interesting idea.

Random noise extensions attempt to make your browsing data useless to trackers by making your browser mindlessly visit lots of nonsense sites, thus confusing the paper trail. noiszy, does for news consumption. trackmenot does this for search queries. AdNauseam is the latest one:

AdNauseam works to complete the cycle by automating ad clicks universally and blindly on behalf of its users. Built atop uBlock Origin, AdNauseam quietly clicks on every blocked ad, registering a visit on ad networks’ databases. As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile. Read more about AdNauseam in this paper.

12 Alternative browsers

Figure 3: Leigh Elliot’s Contrachrome updates the Chrome browser infographics.

Some browsers claim to be privacy first.