Whenever you browse the web,
your privacy is under constant barrage. Advertisers are trying to track
every move you make, and governments around the world want in on the
action as well. Getting tracked by Facebook and Google is bad enough,
but knowing that the NSA has its eyes on your web traffic is more than a
little worrisome. Thankfully, there are steps you can take to protect
your anonymity on the web, and prevent other organizations from
monitoring your browsing habits, ensuring your privacy online.
In
this post, I’m going to highlight thirteen different methods you can use
to keep prying eyes off of your web traffic. Some methods are more
complicated than others, but if you’re serious about privacy, these tips
will help you remain anonymous on the open web. Of course, internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology.
Blocking third-party cookies
Third-party
cookies are one of the most common methods that advertisers use to
track your browsing habits. If you visit two sites using the same
advertising service, rest assured that the advertiser is keeping tabs on
that information. Thankfully, every major web browser offers the
ability to turn off tracking cookies. Without third-party cookies,
advertisers have to work much harder to monitor which pages you visit.
While this is far from a panacea, it shuts down the most common vector
used by advertisers to build usage profiles.
Blocking location data
Recently,
many web sites have begun to use location data to offer specific
services, and display local advertisements. Mapping applications
obviously have legitimate reasons for gathering location data, but that
same technique can be used to help identify who you are. Any legitimate
browser should offer the ability to toggle on and off location data, and
I recommend leaving it off completely. At the very least, demand that
websites prompt you for access before gathering the data.
That
said, IP-based geolocation data is incredibly trivial to acquire, so
remain vigilant. If you’re browsing the web without a proxy or a VPN,
you’re effectively broadcasting your IP to every server you come across,
and that information can be used against you. It’s not necessarily
something you have to worry about constantly, but it’s worth keeping
that fact in the back of your mind if you’re criticizing your local
dictator or blowing a whistle on the NSA.
Do not track
The
“Do not track” HTTP header is an optional message that browsers can
send to web servers. You can easily enable it in your browser’s
settings, but it’s rather limited in scope. For this to work at all, the
web server needs to be configured to respect this flag. There is
absolutely no requirement of any kind that any website needs to obey
this setting, so don’t expect widespread protection from trackers.
Still, you don’t have anything to lose, so there’s no reason not to take
advantage of this built-in protection.
Plug-in management
Even
if your browser is configured properly to hide your identifying
information, plug-ins can still be used to endanger your anonymity. If
you’re serious about remaining anonymous, you should avoid running
plug-ins all together. Unfortunately, that can leave a number of popular
websites completely unusable. To solve this problem, I recommend a
hybrid approach.
First of all, you need to configure your browser
to require your approval to run any plug-in. Chrome offers this
functionality in its settings, and extensions offer this capability in other browsers.
Next, you need to make sure you’re running sandboxed plug-ins. While
this is mostly considered a security issue, a rogue plug-in could
certainly be used to gather your personal information by an organization
like the NSA. Chrome can be configured to completely disallow
un-sandboxed plug-ins, but it can be trickier with some other browsers.
Windows users can opt to run their browsers inside of an application
called Sandboxie, so even less sophisticated browsers can receive similar benefits.
JavaScript blocking
JavaScript is an incredibly powerful language, but it also has the capability of leaking out identifying information. By design, it can deliver detailed information to any web server about your setup. What plug-ins do you have enabled? What size screen are you using? Those small pieces of information can add up, and make tracking your usage profile easier for advertisers and governments. Worse, unpatched JavaScript exploits could potentially be used to trick your browser into giving up even more identifying information.If you want to be truly anonymous, you’re going to need to disable JavaScript. Of course, that’s easier said than done. Many websites rely on JavaScript for core functionality, so you’d be effectively knee-capping your web browser. Thankfully, there is a way to have your cake and eat it too. By using a browser extension like NoScript or ScriptSafe, you can personally manage which domains are given permission to run JavaScript in your browser. This way, you can whitelist domains and webpages that you trust, but you can bypass all of the baggage that comes along with running any ol’ JavaScript that comes along on the web.
User-Agent spoofing
If you’re using a rare or specialty browser, your user-agent string can easily be used to help identify which pages you’re visiting. Instead of allowing your browser to identify as an oddball one-off variant of Chrome or Firefox, you can choose to identify your browser as something more mainstream. If you’d like to quickly switch your user-agent string, look into using an extension like User-Agent Switcher or User Agent Overrider. This method can’t stop more nuanced techniques of browser detection, but at least your browser won’t stick out like a sore thumb in the server logs.
Comments
Post a Comment