Privacy while web browsing
Browsing the internet without giving corporations my personal information for free
December 12, 2018 — August 17, 2024
Avoiding corporate spying on the web. The browser mediates a large portion of my interaction with the internet, so I should make sure it is shipshape, and specifically, that it is not leaking my info everywhere.
Blacklight realtime privacy inspector. I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?
1 Fingerprinting
2 Tracking consent
Nearly all websites use tracking technologies to collect data about you. By law, they often need your permission, which is why many websites have “consent pop-ups”. However, 90% of these pop-ups use so-called “dark patterns”, which are designed to make it very difficult to say no, but very easy to say yes. Although using dark patterns is illegal, the laws are not enforced enough, so many websites get away with it.
Consent-O-Matic is a browser extension that recognises CMP (Consent Management Provider) pop-ups that have become ubiquitous on the web and automatically fills them out based on your preferences — even if you meet a dark pattern design. Sometimes a website might not use standard categories, and in that case, Consent-O-Matic will always try to submit the most privacy-preserving settings.
3 Passwords
Use a password manager. It is easy, free, and saves time.
4 Useful extensions
To take control of my identity online I use Privacy Possum, uBlock Origin, and ClearURLs in the Firefox browser which is IMO the best browser. This is a good level of fussiness for an obsessive tinkerer like me. Sometimes I use the Brave browser instead of Firefox because of a website quirk that doesn’t work in Firefox.
I tried a lot of things before settling on these tools; some of the other options might be of interest.
Privacy possum aims to be a successor to Privacy Badger which is more aggressive and (the creator argues) remedies certain shortcomings in Privacy Badger. The argument is something like “let us raise the cost of tracking people and consider ourselves successful if it is probably too expensive to bother”.
ClearURLs removes tracking crap from your URLs
Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers
Startpage Privacy Protection Extension might be good but I am nervous about it because I cannot find the source code even though they say nice things
scriptsafe offers aggressive no-frills script blocking.
The browser plugs suite comprises various browser plugs that hinder fingerprinting of the unique features of your browser.
Fuzzify automates and monitors clicking on the “delete my ad data” button in Facebook.
adblock plus is a ublock origin alternative. Better business model but AFAICT a worse product.
torbrowser bundles all the ad-blocking conceivable, although it also makes browsing unpleasant and slow. There is some kind of lesson there.
Ghostery claims to disable most of the social media spyware, although its process a little opaque so I am not sure how much to trust it.-
This is a nice idea, although the usability and documentation could be less nerdy.
5 uBlock Origin
uBlock Origin is an adblocker and general tracking blocker with a complicated history which we can mostly ignore. It has a semi pro feel, being not quite as polished as its commercial cousins but also more configurable. Some people prefer the somewhat smoother but also compromise-filled Adblock plus.
ublock.org is nothing to do with ublock origin
NB: It works best on Firefox. That essay is also an interesting insight into various superior Firefox features. they may be an endangered species.
The sweet spot for me is medium mode which I find gives me the freedom to tweak glitches I see in easy mode but also not freak out with choice paralysis like in hard mode.
There is a discontinued (?) alternative by the same author called umatrix which I find offers way too many choices for a sane person.
ublock origin also comes with a handy element zapper mode which I use to eliminate distractions
6 Encrypted connections
HTTPS everywhere is vexing. It is a mass of code that plasters over certain security holes caused by the continued existence of HTTP-and-Secure-HTTP in parallel. Which sounds fine — does everything need to be encrypted? Well, no, IMO, but while swapping between secure and insecure modes is an option it means that some things that do need to be encrypted are not.
Effectively, security-optional leads to writing your passwords on the lawn in big letters any time someone asks. But don’t take my word for it— see how this was used in the PoisonTap attack.
This is being gradually rendered irrelevant by some network technology called HSTS; hopefully we can forget it soon.
In the interim we can switch off insecure mode:
Firefox: Settings > Privacy & Security > Scroll to Bottom > Enable HTTPS-Only Mode
Chrome: Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”
7 Search engines
See internet search.
8 Browser containers
“Private Browsing mode revised and improved”. Firefox multi-user-containers are one low friction option; they compartmentalize our different online activities from each other so that each website lives in its own solipsist universe. These have obvious privacy implications — keep all your sites isolated from one another! Why does Google need to know about your Facebook usage? They are also generally useful.
For example, if a site such as medium.com constantly nags you to become a member after you have read 2 articles in the same month, create a new browser container, and get two more free articles.
9 Cache resources for speed and privacy
Normally when we visit a website a whole bunch of standardised supporting resources are downloaded from content delivery networks, which is not efficient and also leaks information.
LocalCDN is a browser addon that keeps a local copy of that crap so that we download it once then recycle it.
LocalCDN is a web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required. Feel free to use the following testing utility to find out if you are properly protected. For more information, please look at the graphic below or read the tutorial or our Wiki pages. You can also download the extension directly from Mozilla and just try it.
Alternatively Decentraleyes seems to do the same thing.
10 Single Site Browser
I could use a Single-site browser for spyware sites such as Facebook. because
- Otherwise Facebook would know even more about me than they do
- Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly easier to segregate that activity from other ones.
See Single-site browsers.
11 Chaff
Left-field solution idea: Obfuscate your activity. Get your browser to do meaningless nonsense that obscures the patterns of your behaviour. I would be curious to know how effective that is, or even how one would discover how effective that is. I am not hopeful that this works, which is why it is at the top of the page, but it is an interesting idea.
Random noise extensions attempt to make your browsing data useless to trackers by making your browser mindlessly visit lots of nonsense sites, thus confusing the paper trail. noiszy, does for news consumption. trackmenot does this for search queries. AdNauseam is the latest one:
AdNauseam works to complete the cycle by automating ad clicks universally and blindly on behalf of its users. Built atop uBlock Origin, AdNauseam quietly clicks on every blocked ad, registering a visit on ad networks’ databases. As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile. Read more about AdNauseam in this paper.
12 Alternative browsers
Some browsers claim to be privacy first.
- Firefox is safer than Chrome per default and easy to configure to be even more secure. This is what I use.
- DuckDuckGo Browser claims to be secure.
- Brave is a browser which claims to eliminate most tracking except for consensual-opt-in privacy-compatible tracking. I have many questions about that, but it is worth a try. It has a cryptocurrency bent and is more closed-source than the alternatives.