Online privacy tips

UPDATE: This post was written way back in 2011, a more innocent time pre-Snowden.  I still run all this stuff, but recognize that these things won’t protect you from all the NSA attacks that have been revealed since then.

A friend asked Marcie about reducing her exposure to ads on Facebook and I decided to write up the answer as a blog post so it would be easy to send to others (and update with new stuff). So here is a list of stuff that I do — your mileage may vary.

Here’s where to start.  This is a spectacularly good/fun/accessible description of how to improve your Facebook security (and the security of your computers in general).  Unlike most of these things, this short (20 page) piece is written for regular people who don’t want to be yelled at by security geeks.

Now for the stuff that I do…

I use Firefox as my primary web browser (and I keep it up to date), mostly so I can add a gaggle of plug-ins.  Here’s the list

  • 1Password — a great way to manage a bajillion really-strong passwords on web pages, but costs (a little) money
  • Adblock Plus — a plugin which, once you’ve subscribed to the EasyList USA filter, gets rid of all the ads on web pages
  • BetterPrivacy — gets rid of “persistent” cookies that are used by lots of big companies (Google, Yahoo, etc) to track your behavior on the ‘net
  • Ghostery — same sort of thing that BetterPrivacy does, but gets rid of trackers that aren’t cookies
  • NoScript — allows you to choose which pages you trust, and blocks Javascript on all the rest
  • ShareMeNot — stops those Facebook/Twitter/etc. “sharing” buttons from sharing stuff until you click them
  • Collusion — visualize who’s tracking you in real time
  • Web of Trust — take advantage of their huge database of “safe” and “unsafe” sites built by other Web of Trust users — like me.
  • HTTPS Everywhere — a project of the EFF to redirect to the SSH-encrypted version of popular web sites

I also have peculiar web-browser habits to further reduce the risk that corporations (or other bad-guys) are tracking me

  • I don’t log into any of the “big data” services (like Google, Yahoo, etc.) unless I absolutely have to and I log out when I’m done.  They track what you do while you’re logged in.  I just did a “What if Google Turns Evil?” podcast if you want to learn more about why I avoid Google services these days.  UDATE: See the “Divorcing Google” section below.
  • I don’t permit the web browser to “remember” any passwords — I use 1Password for that
  • I disable the “browsing history” feature, so the browser doesn’t remember where I’ve been in the past
  • I disable the “search” and “form” history features too
  • I allow the browser to “accept cookies” and “accept 3rd-party cookies” but I only keep them until I close Firefox, then all cookies are deleted
  • I have the browser open a blank page when it launches (just about every site plants a cookie when you arrive)
  • I disable Google and Yahoo in the “search” choices (they plant cookies when the browser starts)
  • I avoid putting cookie-planting sites (Google, Facebook, etc.) in the shortcuts bar (they plant cookies when the browser starts)
  • I elect to clear history when Firefox closes
  • I close and restart Firefox several times a day, especially after logging into Google, Yahoo, Facebook, etc.
  • I used to use this link (they’ve taken it down) — — when logged into Google to determine what they know about my social-media connections.   My goal was a blank slate.  Anybody know if there’s a replacement?
  • I use the ICSI Netalyzr to check my DNS service-provider to see if they’re intercepting/redirecting some of my traffic (also good for all sorts of performance-improving stuff like identifying “buffer bloat”)

I’m sortof a softie when it comes to Facebook, but there are a few things that I do — all of these can be found in the “Privacy Settings” part of the “Account” menu

  • I periodically run the “Scan for privacy” tool from
  • I’m pretty liberal with what people can see, but very conservative with what they can share about me with other people
  • I’m very aggressive in blocking applications — I try hard not to sign up for any applications and block them when they appear in my news feed
  • I am pretty aggressive about blocking “bozos” in my news feed.  I don’t unfriend them, I just block their inane posts.

Divorcing Google.  Inspired by this post about “Divorcing Google”, I decided to describe my replacements for all things Google — they’re very similar to his.  I too have pretty much completely weaned myself from Google, for the same reasons.  Here’s my “replacements” list.

  • Search — DuckDuckGo SSL
  • Mail/contacts/calendar — I too run my own server for these.  It’s a hassle but worth it to me.
  • Maps — Yahoo Maps
  • Online document editing/sharing — I’m experimenting with lots of stuff, including SkyDrive
  • File storage — Skydrive, Dropbox, etc.
  • Social media — Facebook for fun, LinkedIn for um…  “grownup”?

There.  That’s my list.