Online privacy tips

UPDATE March 2018: I just realized that I neglected to change this post to reflect my views about Facebook privacy.  Admonishment: delete the Facebook app on your phone – now.  Tip: turn off their apps, websites and plugins “platform” in their “Apps” settings section.  Don’t forget to use the tools listed below to block their pesky “share on Facebook” beacons and trackers on web sites — that’s how they collect personal data on people who aren’t Facebook subscribers.

UPDATE March 2016: This post was written in 2011, a more innocent time pre-Snowden.  I still run all this stuff, but recognize that these things won’t protect you from all the NSA attacks that have been revealed since then.  I’ve also added a broader workstation-security checklist at the very bottom of this post.

A friend asked Marcie about reducing her exposure to ads on Facebook and I decided to write up the answer as a blog post so it would be easy to send to others (and update with new stuff). So here is a list of stuff that I do — your mileage may vary.

I use Firefox as my primary web browser (and keep it up to date), mostly so I can add a gaggle of plug-ins.  Some of these are now available for Safari too.  Here’s the list (installing the first three will provide most of the benefit).

  • 1Password — a great way to manage a bajillion really-strong passwords on web pages, but costs (a little) money
  • NoScript — allows you to choose which pages you trust, and blocks Javascript on all the rest
  • Redmorph — my newest blocker, liking it so far [March 2018]
  • Privacy Badger — a good all-in-one blocker from EFF
  • BetterPrivacy — gets rid of “persistent” cookies that are used by lots of big companies (Google, Yahoo, etc) to track your behavior on the ‘net
  • Ghostery — same sort of thing that BetterPrivacy does, but gets rid of trackers that aren’t cookies
  • Adblock Plus — a plugin which, once you’ve subscribed to the EasyList USA filter, gets rid of all the ads on web pages
  • ShareMeNot — stops those Facebook/Twitter/etc. “sharing” buttons from sharing stuff until you click them
  • Web of Trust — take advantage of their huge database of “safe” and “unsafe” sites built by other Web of Trust users — like me.
  • HTTPS Everywhere — a project of the EFF to redirect to the SSH-encrypted version of popular web sites

I also have peculiar web-browser habits to further reduce the risk that corporations (or other bad-guys) are tracking me

  • I don’t log into any of the “big data” services (like Google, Yahoo, etc.) unless I absolutely have to and I log out when I’m done.  They track what you do while you’re logged in.  I just did a “What if Google Turns Evil?” podcast if you want to learn more about why I avoid Google services these days.  UDATE: See the “Divorcing Google” section below.
  • I don’t permit the web browser to “remember” any passwords — I use 1Password for that
  • I disable the “browsing history” feature, so the browser doesn’t remember where I’ve been in the past
  • I disable the “search” and “form” history features too
  • I allow the browser to “accept cookies” and “accept 3rd-party cookies” but I only keep them until I close Firefox, then all cookies are deleted
  • I have the browser open a blank page when it launches (just about every site plants a cookie when you arrive)
  • I disable Google and Yahoo in the “search” choices (they plant cookies when the browser starts)
  • I avoid putting cookie-planting sites (Google, Facebook, etc.) in the shortcuts bar (they plant cookies when the browser starts)
  • I elect to clear history when Firefox closes
  • I close and restart Firefox several times a day, especially after logging into Google, Yahoo, Facebook, etc.
  • I use the ICSI Netalyzr to check my DNS service-provider to see if they’re intercepting/redirecting some of my traffic (also good for all sorts of performance-improving stuff like identifying “buffer bloat”)

Facebook — DO NOT use their smartphone app.  If you have it, delete it.  It’s capturing all kinds of data about your phone calls and text messages on that phone.  I deleted that app almost immediately and have for years only used Facebook on my computer (and thus subject to all of the tips I’ve listed above).  Here are things you can do in your Facebook account.  As of this writing, these can be found in the “Privacy Settings” part of the “Account” menu — but they change things all the time, so look carefully.

  • I periodically run the “Scan for privacy” tool from ReclaimPrivacy.org
  • I’m pretty liberal with what people can see, but very conservative with what they can share about me with other people
  • I’m very aggressive in blocking applications — I try hard not to sign up for any applications and block them when they appear in my news feed.  UPDATE 2018: this is easier now — turn off the Facebook “platform” in Settings/Apps.
  • I am pretty aggressive about blocking “bozos” in my news feed.  I don’t unfriend them, I just block their inane posts.

Divorcing Google.  Inspired by this post about “Divorcing Google”, I decided to describe my replacements for all things Google — they’re very similar to his.  I too have pretty much completely weaned myself from Google, for the same reasons.  Here’s my “replacements” list.

  • Search — DuckDuckGo SSL
  • Mail/contacts/calendar — I run my own servers for these.  It’s a hassle but worth it to me.
  • Maps — Apple Maps
  • File storage — Dropbox

Broader topic: workstation security.  Tip of the hat to John Hoffoss for this link to a terrific workstation security checklist.

There.  That’s my list.