Telescope

Simple Steps to Increase Online Privacy

Since the revelations by Edward Snowden on the online data tracking done by the government of the United States of America, the current state of online privacy has been thrust into public attention, in particular how much information is willingly, and more often unknowingly, given away by internet users.

Your online activities are tracked by every internet service you use, by every web site you visit and by the advertisers and content providers on each page you view. These companies track web users invisibly as they surf the internet recording everything that is searched for online, each link that is clicked and each web page that is visited. The list of people acquiring information that can personally identify you is longer than what you might expect.

Regardless of the reasons provided for tracking your online activities, which include the ability to serve you with targeted adverts and improved customized search results “for your benefit”, the fact remains that large troves of personally identifiable information often unknowingly falls into the hands of third parties.

For an illustration of information that is collected by search engines you should take a look at the database of user searches that America Online released to the public in 2006. This database contains the searches of more than 650,000 AOL users over a three month period and illustrates the privacy nightmares that can arise when even small amounts of private search data becomes publicly available. You can browse this database and see the search queries that the users entered and which links were followed by the user.

For instance, user #2258946 searched for boat motors, golf club grips and sport back braces; user #98280 searched for pregnancy calculators, whether bi-polar personality disorders are hereditary and spiritual beliefs on abortion; and user #110602 searched for Star Wars music, sex games and pornography. People have claimed to have been able to pinpoint the identities of various users using only the search data which was released.

If you have a Google Account and use Google’s services you can take a trip down memory lane and look at some of your own past search queries by logging into your Google account and going to www.google.com/history

Methods Used to Track Internet Users

The most common and simple methods used to keep track of internet users are through tracking cookies, internet browser referrers and IP addresses.

Cookies are small pieces of data which are sent by a web server to your computer when you access a website. These pieces of data, the cookies, are stored on the visiting computer. These are referred to as “first party cookies”. Each website visited may also be linked to and request content from third parties which deliver services to the website, for instance
advertisements or analytic services. These third parties may also upload and store tracking cookies on the visiting computer. These are referred to as “third party cookies”.

Cookies are a way for a website to identify and store information about each visitor. They are used to maintain data related to the visitors during navigation across various visits, store a visitors personal preferences and may also track a visitors web browsing in conjunction with the computers IP address and browser referrer fields.

An IP Address is a unique numerical address which is assigned to any device which connects to the internet. Because it is generally unique and is assigned based on your geographical region and internet service provider it can be used to track the device to the country and city in which the device is connecting to the internet. The IP address can be used to track recurring visitors to the same site or the same visitors across various sites, as visitors with the same IP address will generally be the same person or someone using the same internet connection. To see the IP address and location
information of the device you are currently reading this article on you can visit https://www.dnsleaktest.com/

A referrer is information about which page your request to the web server originated from, the referring page [8]. When you follow a link from a search query or a link on another website the website which you visit receives information about the website that directed you to it.

By analysing stored tracking cookies, IP addresses, referrers and other information made available it is possible to discover the pages the user has visited, in what sequence, and for how long.

What Can Be Done to Increase Online Privacy?

There are some easy tactics that can be used to limit the amount of information that is gathered about your online activities, which will be discussed.

A word of caution: None of these methods will give you anonymity on the internet. Your internet service provider and any local law enforcement will still be able to use methods to track your movements across the internet and record the websites that you visit.

The methods presented here will only minimise the amount of personally identifiable information that can be gathered by private companies across the internet.

Replace Your Internet Browser

The first thing to consider is replacing your proprietary internet browser (such as Microsoft’s Internet Explorer or Google’s Chrome browser) with one that is Free and Open Source Software. Using a free and open source browser allows the community of users to ensure that the browser is secure, does not contain any intentional security back doors and does not do anything unknown that could be malicious or could be used to identify you.

Install Mozilla Firefox, the recommended Free and Open Source internet browser:

Change Your Browser Cookie and Tracking Settings

It is possible to easily minimise the information collected by means of cookies by simply changing some settings in your internet browser. Settings that you should consider changing are:

  • Disable third party cookies, which will immediately reduce the amount of cookies received from third parties and advertisers, reducing the amount of information that these companies can collect. A guide on how to do this in Mozilla Firefox is found at https://support.mozilla.org/en-US/kb/disable-third-party-cookies
  • Set your browser so all cookies are deleted when the browser is closed. This setting is found on the same setting page as third party cookies settings, so after deselecting “Accept third-party cookies”, right below it select “Keep until I close Firefox”. This will ensure that all cookies are deleted when you close your browser and are not stored for years.
  • The browser plugin “Self Destructing Cookies” destroys cookies as soon as a tab is closed and no longer used. This can be installed from https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
  • Turn on your browsers “do not track” feature. This tells websites not to track you, but unfortunately it is up to the individual websites whether they want to comply with your request. A guide on how to do this in Mozilla is found at https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

Install a Browser Plugin to Eliminate All Online Advertising

Install Adblock Edge to get rid of advertising on websites and to make sure that you do not accidentally click on any of these unwanted links. Adblock Edge is a fork of Adblock Plus software. Both these plugins are popular advertising blockers, but by default Adblock Plus allows adverts that it classifies as “acceptable adverts”. It may be noble to want to support websites and advertisers who promote advertising that does not destroy your viewing experience, but this would may contrary to the objective of increasing privacy. The business model of Adblock Plus, which allows advertisers to pay the company to have their adverts automatically white listed, has also raised some concerns.

Adblock Edge can be found at https://addons.mozilla.org/en-us/firefox/addon/adblock-edge/

Install a Browser Plugin to Prevent Social Networks From Being Sent Data by Websites Visited

Facebook, Twitter and other social networks have buttons which websites can incorporate to make sharing content easier for visitors. An example is Facebook’s “Like” button which is now found on many internet websites and not only on facebook.com. One feature that most internet users are unaware of is that these buttons collect and send information about your browsing back to the company (Facebook, Google or Twitter) regardless of whether or not you use or click the button. The process used is described in detail in this research paper.

Each time you visit a website incorporating a Facebook “Like” button the website sends a request to Facebook to retrieve the button for display, along with a cookie. If you are logged into Facebook at the time, or have visited Facebook and still have a Facebook cookie on your computer, then the cookie that is sent to Facebook will incorporate your unique Facebook user ID. This allows Facebook to monitor every website that you visit whether you are logged into Facebook or not.

Even if you do not have a Facebook account Facebook collects and stores this information about your browsing, creating what it calls “shadow accounts”.

You can prevent this by installing the Disconnect browser plugin, which blocks these requests and information sent to social networks. Disconnect can be downloaded from https://disconnect.me/

One criticism of Disconnect is that it does not go far enough because it only blocks cross-site requests from the largest known social networks and advertisers. To prevent all cross-site requests you can install the Request Policy plugin. This plugin does, however, break most websites but if you are willing to make the effort to configure it properly for the websites that you visit often it will greatly increase your privacy and security.

Install HTTPS Everywhere Browser Plugin

The HTTPS Everywhere browser plugin maximises your use of HTTPS encrypted connections and ensures that your browser will use a secure encrypted connection to a web server if one is available.

HTTPS Everywhere is found at https://www.eff.org/https-everywhere

Use a Search Engine That Does Not Track You

The major search engines, Google, Yahoo and Bing, record each search query entered into their search engine along with the links followed. This information is used together with your computers IP address to track your browsing habits and build databases containing all information and location details. This information is then used by the companies and their partners to attempt to increase their own revenue by serving you personalised, targeted, adverts.

Your search results can contain very personal and intimate details about you as highlighted in the released AOL database of user searches, and will likely contain personally identifiable information.

To prevent a company from building up a detailed database like this you must not use a search engine which generates income through advertising, but should instead use an alternate search engine which takes its users privacy seriously. Two search engines to consider are:

I personally use startpage.com because it provides search results as if you are using Google. When you search with Startpage the web results are generated by Google and not by Startpage itself. Startpage takes your search query and
sends it to Google without providing Google with any identifying information about you. Startpage then delivers the Google search results to you. Startpage does not collect or store any personal information, including your IP address, and has been awarded the European Privacy Seal.

Set Startpage as your homepage, add Startpage search to your browser, and configure your internet browser so you can search Startpage from your URL bar.

Other Privacy Improvements to Consider

There are many other methods that can be considered to improve privacy and security online, but each of these topics would require a separate guide on their own. These include:

  • turning off your internet browsers “referers”, so websites are not sent information about the links you followed to arrive on their page; I have, however, found that this breaks some websites which requires a login;
  • increasing the strength and uniqueness of your online passwords;
  • using services to hide your IP address, such as through a virtual private network (VPN) or Tor (the Onion Router);
  • taking steps to change and protect your internet browsers fingerprint;
  • installing browser plugins to prevent websites from loading java script; this has the benefit of increasing both privacy as well as security; and
  • encrypting emails.

This work by Clinton Pavlovic is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.