Online privacy tips

A friend asked Marcie about reducing her exposure to ads on Facebook and I decided to write up the answer as a blog post so it would be easy to send to others (and update with new stuff). So here is a list of stuff that I do — your mileage may vary.  I update this about once a year with new/improved plugins/tips.

I use Firefox as my primary web browser (and keep it up to date), mostly so I can add a gaggle of plug-ins.  Some of these are now available for Safari too.  Here’s the list (installing the first three will provide most of the benefit).

  • 1Password — a great way to manage a bajillion really-strong passwords on web pages, but costs (a little) money
  • Adblock Plus or uBlock Origin — plugins which, once you’ve subscribed to the EasyList USA filter, gets rid of all the ads on web pages
  • BetterPrivacy — gets rid of “persistent” cookies that are used by lots of big companies (Google, Yahoo, etc) to track your behavior on the ‘net
  • CanvasBlocker: blocks Canvas Fingerprinting which is a sophisticated technique to track your computer across multiple sites.  This extension blocks the APIs in the browser that allow this to happen.
  • Decentraleyes: checks to see if it can use any of these files from your computer first rather than making an external request.
  • Ghostery — same sort of thing that BetterPrivacy does, but gets rid of trackers that aren’t cookies
  • HTTPS Everywhere — a project of the EFF to redirect to the SSH-encrypted version of popular web sites
  • NoScript — allows you to choose which pages you trust, and blocks Javascript on all the rest by default (with the option to trust them temporarily)
  • Privacy Badger — a good all-in-one blocker from EFF
  • ShareMeNot — stops those Facebook/Twitter/etc. “sharing” buttons from sharing stuff until you click them
  • Smart Referer:  removes the extra info in a URL that tells sites what site referred you

Here are web-browser habits that I folow in order to further reduce tracking.

  • I don’t log into any of the “big data” services (like Google, Yahoo, etc.) unless I absolutely have to and I log out when I’m done.  UPDATE: See the “Divorcing Google” section below.
  • I don’t permit the web browser to “remember” any passwords — I use 1Password for that
  • I disable the “browsing history” feature, so the browser doesn’t remember where I’ve been in the past
  • I disable the “search” and “form” history features too
  • I allow the browser to “accept cookies” and “accept 3rd-party cookies” but I only keep them until I close Firefox, then all cookies are deleted
  • I have the browser open a blank page when it launches (just about every site plants a cookie when you arrive)
  • I disable Google and Yahoo in the “search” choices (they plant cookies when the browser starts)
  • I avoid putting cookie-planting sites (Google, Facebook, etc.) in the shortcuts bar (they plant cookies when the browser starts)
  • I elect to clear history and cookies when Firefox closes
  • I close and restart Firefox several times a day, especially after logging into Google, Yahoo, Facebook, etc.

Facebook — DO NOT use their smartphone app.  If you have it, delete it.  It’s very invasive.  I only use Facebook on my computer (and thus subject to all of the tips I’ve listed above).  Here are things you can do in your Facebook account.  As of this writing, these can be found in the “Privacy Settings” part of the “Account” menu — but they change things all the time, so look carefully.

  • I’m pretty liberal with what people can see, but very conservative with what they can share about me with other people
  • I’m very aggressive in blocking applications — I try hard not to sign up for any applications and block them when they appear in my news feed.  UPDATE 2018: this is easier now — turn off the Facebook “platform” in Settings/Apps.
  • I am pretty aggressive about blocking “bozos” in my news feed.  I don’t unfriend them, I just block their inane posts.

Divorcing Google.  Inspired by this post about “Divorcing Google”, I decided to describe my replacements for all things Google — they’re very similar to his.  I too have pretty much completely weaned myself from Google, for the same reasons.  Here’s my “replacements” list.

  • Search — DuckDuckGo SSL
  • Mail/contacts/calendar — I run my own servers for these.  It’s a hassle but worth it to me.
  • Maps — Apple Maps
  • File storage — Dropbox

Broader topic: workstation security.  Tip of the hat to John Hoffoss for this link to a terrific workstation security checklist.

There.  That’s my list.