Privacy while web browsing

Browsing the internet without giving corporations my personal information for free



Avoiding corporate spying in the web. The browser mediates a large portion of my interaction with the internet, so I should make sure it is ship shape, and specifically, that it is not leaking my info everywhere.

Blacklight realtime privacy inspector. I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?

Leigh Elliot’s Contrachrome updates the Chrome browser infographics.

Passwords

Use a password manager. It is easy, free and saves time.

Useful extensions

To take control of my identity online I use Privacy Possum, uBlock Origin, and ClearURLs in the Firefox browser which is IMO the best browser. This is a good level of fussiness for an obsessive tinkerer like me. Sometimes I use the Brave browser instead of Firefox because of a website quirk that doesn’t work in Firefox.

I tried a lot of things before settling on these tools; some of the other options might be of interest.

  • uBlock Origin

  • Privacy possum aims to be a successor to Privacy Badger which is more aggressive and (the creator argues) remedies certain shortcoming in Privacy Badger. The argument is something like “let us raise the cost of tracking people and consider ourselves successful if it is probably too expensive to bother”.

  • ClearURLs removes tracking crap from your URLs

  • Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers

  • Startpage Privacy Protection Extension might be good but I am nervous about it because I cannot find the source code even though they say nice things

  • scriptsafe offers aggressive no frills script blocking.

  • The browser plugs suite comprises various browser plugs that hinder fingerprinting of the unique features of your browser.

  • Fuzzify automates and monitors clicking on the “delete my ad data” button in facebook.

  • adblock plus is a ublock origin alternative. Better business model but AFAICT a worse product.

  • torbrowser bundles all the ad-blocking conceivable, although it also makes browsing unpleasant and slow. There is some kind of lesson there.

  • Ghostery disables most of the social media spyware, although its process a little opaque.

uBlock Origin {#ublock-origin)

uBlock Origin is an adblocker and general tracking blocker with a complicated history which we can mostly ignore. (Except, pro-tip, ublock.org is nothing to do with ublock origin). It has a semi pro feel, being not quite as polished as its commercial cousins but also more configurable. Some people prefer the somewhat smoother but also compromise-filled Adblock plus.

NB: It works best on firefox. That essay is also an interesting insight into various superior firefox features. they may be an endangered species.

The sweet spot for me is medium mode which I find gives me the freedom me to tweak glitches I see in easy mode but also not freak out with choice paralysis like in hard mode.

There is a discontinued (?) alternative by the same author called umatrix which I find offers way too many choices for a sane person.

ublock origin also comes with a handy element zapper mode which I use to eliminate distractions

Encrypted connections

HTTPS everywhere is vexing. It is a mass of code that plasters over certain security holes caused by the continued existence of HTTP-and-Secure-HTTP in parallel. Which sounds fine — does everything need to be encrypted? Well, no, IMO, but while swapping between secure and insecure modes is an option it means that some things that do need to be encrypted are not.

Effectively, security-optional leads to writing your passwords on the lawn in big letters any time someone asks. But don’t take my word for it— see how this was used in the PoisonTap attack.

This is being gradually rendered irrelevant by some network technology called HSTS; hopefully we can forget it soon.

In the interim we can switch off insecure mode:

Firefox: Settings > Privacy & Security > Scroll to Bottom > Enable HTTPS-Only Mode

Chrome: Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”

Search engines

See internet search.

Browser containers

“Private Browsing mode revised and improved”. Firefox multi-user-containers are one low friction option; they compartmentalise our different online activities from each other so that each website lives in its own solipsist universe. These have obvious privacy implications — keep all your sites isolated from one another! Why does google need to know about your facebook usage? They are also generally useful.

For example, if a site such as medium.com constantly nags you to become a member after you have read 2 articles in the same month, create a new browser container, and get two more free article.

Single Site Browser

I could use a Single-site browser for spyware sites such as Facebook. because

  • Otherwise Facebook would know even more about me than they do
  • Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly easier to segregate that activity from other ones.

You can do this too, for social media, or for whatever other website you wish to.

  • nativefier/nativefier: Make any web page a desktop application is I think the mos popular method currently? Cross platform.

  • Epichrome (macOS): An application (Epichrome.app) and Chrome extension (Epichrome Helper) to create and use Chrome-based SSBs on macOS. So, full Chrome, custom configuration. Here is a walk-through.

  • MacPin (macOS)

    creates macOS & iOS apps for websites & webapps, configured with JavaScript.

    The Browser UI is very minimal, just a toolbar (with site tabs) that disappears in Full-Screen mode.

    MacPin apps are shown in macOS’s Dock, App Switcher, and Launchpad.

    Custom URL schemes can also be registered to launch a MacPin App from any other app on your Mac.

    So, minimal browserlets.

There are more manual methods.

Generally, I find the browser container feature of firefox much easier.

Chaff

Left-field solution idea : Obfuscate your activity. Get your browser to do meaningless nonsense that obscure the patterns of your behaviour I would be curious to know how effective that is, or even how one would discover how effective that is. I am not hopeful that this works, which is why it is at the top of the page, but it is an interesting idea.

Random noise extensions attempt to make your browsing data useless to trackers by making your browser mindlessly visit lots of nonsense sites, thus confusing the paper trail. noiszy, does for news consumption. trackmenot does this for search queries. AdNauseam is the latest one:

AdNauseam works to complete the cycle by automating ad clicks universally and blindly on behalf of its users. Built atop uBlock Origin, AdNauseam quietly clicks on every blocked ad, registering a visit on ad networks’ databases. As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile. Read more about AdNauseam in this paper.

Alternative browsers

Leigh Elliot’s Contrachrome updates the Chrome browser infographics.

Some browsers claim to be privacy first.


No comments yet. Why not leave one?

GitHub-flavored Markdown & a sane subset of HTML is supported.