Online privacy tips

UPDATE March 2016: This post was written in 2011, a more innocent time pre-Snowden.  I still run all this stuff, but recognize that these things won’t protect you from all the NSA attacks that have been revealed since then.  I’ve also added a broader workstation-security checklist at the very bottom of this post.

A friend asked Marcie about reducing her exposure to ads on Facebook and I decided to write up the answer as a blog post so it would be easy to send to others (and update with new stuff). So here is a list of stuff that I do — your mileage may vary.

I use Firefox as my primary web browser (and keep it up to date), mostly so I can add a gaggle of plug-ins.  Some of these are now available for Safari too.  Here’s the list (installing the first three will provide most of the benefit).

  • 1Password — a great way to manage a bajillion really-strong passwords on web pages, but costs (a little) money
  • NoScript — allows you to choose which pages you trust, and blocks Javascript on all the rest
  • Privacy Badger — a good all-in-one blocker from EFF
  • BetterPrivacy — gets rid of “persistent” cookies that are used by lots of big companies (Google, Yahoo, etc) to track your behavior on the ‘net
  • Ghostery — same sort of thing that BetterPrivacy does, but gets rid of trackers that aren’t cookies
  • Adblock Plus — a plugin which, once you’ve subscribed to the EasyList USA filter, gets rid of all the ads on web pages
  • ShareMeNot — stops those Facebook/Twitter/etc. “sharing” buttons from sharing stuff until you click them
  • Web of Trust — take advantage of their huge database of “safe” and “unsafe” sites built by other Web of Trust users — like me.
  • HTTPS Everywhere — a project of the EFF to redirect to the SSH-encrypted version of popular web sites

I also have peculiar web-browser habits to further reduce the risk that corporations (or other bad-guys) are tracking me

  • I don’t log into any of the “big data” services (like Google, Yahoo, etc.) unless I absolutely have to and I log out when I’m done.  They track what you do while you’re logged in.  I just did a “What if Google Turns Evil?” podcast if you want to learn more about why I avoid Google services these days.  UDATE: See the “Divorcing Google” section below.
  • I don’t permit the web browser to “remember” any passwords — I use 1Password for that
  • I disable the “browsing history” feature, so the browser doesn’t remember where I’ve been in the past
  • I disable the “search” and “form” history features too
  • I allow the browser to “accept cookies” and “accept 3rd-party cookies” but I only keep them until I close Firefox, then all cookies are deleted
  • I have the browser open a blank page when it launches (just about every site plants a cookie when you arrive)
  • I disable Google and Yahoo in the “search” choices (they plant cookies when the browser starts)
  • I avoid putting cookie-planting sites (Google, Facebook, etc.) in the shortcuts bar (they plant cookies when the browser starts)
  • I elect to clear history when Firefox closes
  • I close and restart Firefox several times a day, especially after logging into Google, Yahoo, Facebook, etc.
  • I use the ICSI Netalyzr to check my DNS service-provider to see if they’re intercepting/redirecting some of my traffic (also good for all sorts of performance-improving stuff like identifying “buffer bloat”)

I’m sortof a softie when it comes to Facebook, but there are a few things that I do — all of these can be found in the “Privacy Settings” part of the “Account” menu

  • I periodically run the “Scan for privacy” tool from
  • I’m pretty liberal with what people can see, but very conservative with what they can share about me with other people
  • I’m very aggressive in blocking applications — I try hard not to sign up for any applications and block them when they appear in my news feed
  • I am pretty aggressive about blocking “bozos” in my news feed.  I don’t unfriend them, I just block their inane posts.

Divorcing Google.  Inspired by this post about “Divorcing Google”, I decided to describe my replacements for all things Google — they’re very similar to his.  I too have pretty much completely weaned myself from Google, for the same reasons.  Here’s my “replacements” list.

  • Search — DuckDuckGo SSL
  • Mail/contacts/calendar — I run my own server for these.  It’s a hassle but worth it to me.
  • Maps — Yahoo Maps
  • Online document editing/sharing — I’m experimenting with lots of stuff, including SkyDrive
  • File storage — Skydrive, Dropbox, etc.
  • Social media — Facebook for fun, LinkedIn for um…  “grownup”?

Broader topic: workstation security.  Tip of the hat to John Hoffoss for this link to a terrific workstation security checklist.

There.  That’s my list.