Simple Steps to Increase Online Privacy

Since the revelations by Edward Snowden on the online data tracking done by the government of the United States of America, the current state of online privacy has been thrust into public attention, in particular how much information is willingly, and more often unknowingly, given away by internet users.

Your online activities are tracked by every internet service you use, by every web site you visit and by the advertisers and content providers on each page you view. These companies track web users invisibly as they surf the internet recording everything that is searched for online, each link that is clicked and each web page that is visited. The list of people acquiring information that can personally identify you is longer than what you might expect.

Regardless of the reasons provided for tracking your online activities, which include the ability to serve you with targeted adverts and improved customized search results “for your benefit”, the fact remains that large troves of personally identifiable information often unknowingly falls into the hands of third parties.

For an illustration of information that is collected by search engines you should take a look at the database of user searches that America Online released to the public in 2006. This database contains the searches of more than 650,000 AOL users over a three month period and illustrates the privacy nightmares that can arise when even small amounts of private search data becomes publicly available. You can browse this database and see the search queries that the users entered and which links were followed by the user.

For instance, user #2258946 searched for boat motors, golf club grips and sport back braces; user #98280 searched for pregnancy calculators, whether bi-polar personality disorders are hereditary and spiritual beliefs on abortion; and user #110602 searched for Star Wars music, sex games and pornography. People have claimed to have been able to pinpoint the identities of various users using only the search data which was released.

If you have a Google Account and use Google’s services you can take a trip down memory lane and look at some of your own past search queries by logging into your Google account and going to www.google.com/history

Methods used to track internet users

The most common and simple methods used to keep track of internet users are through tracking cookies, internet browser referrers and IP addresses.

Cookies are small pieces of data which are sent by a web server to your computer when you access a website. These pieces of data, the cookies, are stored on the visiting computer. These are referred to as “first party cookies”. Each website visited may also be linked to and request content from third parties which deliver services to the website, for instance
advertisements or analytic services. These third parties may also upload and store tracking cookies on the visiting computer. These are referred to as “third party cookies”.

Cookies are a way for a website to identify and store information about each visitor. They are used to maintain data related to the visitors during navigation across various visits, store a visitors personal preferences and may also track a visitors web browsing in conjunction with the computers IP address and browser referrer fields.

An IP Address is a unique numerical address which is assigned to any device which connects to the internet. Because it is generally unique and is assigned based on your geographical region and internet service provider it can be used to track the device to the country and city in which the device is connecting to the internet. The IP address can be used to track recurring visitors to the same site or the same visitors across various sites, as visitors with the same IP address will generally be the same person or someone using the same internet connection. To see the IP address and location
information of the device you are currently reading this article on you can visit https://www.dnsleaktest.com/

A referrer is information about which page your request to the web server originated from, the referring page [8]. When you follow a link from a search query or a link on another website the website which you visit receives information about the website that directed you to it.

By analysing stored tracking cookies, IP addresses, referrers and other information made available it is possible to discover the pages the user has visited, in what sequence, and for how long.

How to increase online privacy?

There are some easy tactics that can be used to limit the amount of information that is gathered about your online activities, which will be discussed.

A word of caution: None of these methods will give you anonymity on the internet. Your internet service provider and any local law enforcement will still be able to use methods to track your movements across the internet and record the websites that you visit.

The methods presented here will only minimise the amount of personally identifiable information that can be gathered by private companies across the internet.

Replace Your Internet Browser

The first thing to consider is replacing your proprietary internet browser (such as Microsoft’s Internet Explorer or Google’s Chrome browser) with one that is Free and Open Source Software. Using a free and open source browser allows the community of users to ensure that the browser is secure, does not contain any intentional security back doors and does not do anything unknown that could be malicious or could be used to identify you.

Install Mozilla Firefox, the recommended Free and Open Source internet browser:

Change Your Browser Cookie and Tracking Settings

It is possible to easily minimise the information collected by means of cookies by simply changing some settings in your internet browser. Settings that you should consider changing are:

  • Disable third party cookies, which will immediately reduce the amount of cookies received from third parties and advertisers, reducing the amount of information that these companies can collect. A guide on how to do this in Mozilla Firefox is found at https://support.mozilla.org/en-US/kb/disable-third-party-cookies
  • Set your browser so all cookies are deleted when the browser is closed. This setting is found on the same setting page as third party cookies settings, so after deselecting “Accept third-party cookies”, right below it select “Keep until I close Firefox”. This will ensure that all cookies are deleted when you close your browser and are not stored for years.
  • The browser plugin “Self Destructing Cookies” destroys cookies as soon as a tab is closed and no longer used. This can be installed from https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
  • Turn on your browsers “do not track” feature. This tells websites not to track you, but unfortunately it is up to the individual websites whether they want to comply with your request. A guide on how to do this in Mozilla is found at https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

Install a browser plugin to eliminate all online advertising

Install Adblock Edge to get rid of advertising on websites and to make sure that you do not accidentally click on any of these unwanted links. Adblock Edge is a fork of Adblock Plus software. Both these plugins are popular advertising blockers, but by default Adblock Plus allows adverts that it classifies as “acceptable adverts”. It may be noble to want to support websites and advertisers who promote advertising that does not destroy your viewing experience, but this would may contrary to the objective of increasing privacy. The business model of Adblock Plus, which allows advertisers to pay the company to have their adverts automatically white listed, has also raised some concerns.

Adblock Edge can be found at https://addons.mozilla.org/en-us/firefox/addon/adblock-edge/

EDIT: The most recommended ad-blocker in August 2018 is “uBlock Origin”. 

Install a browser plugin to prevent social networks from being sent data by websites visited

Facebook, Twitter and other social networks have buttons which websites can incorporate to make sharing content easier for visitors. An example is Facebook’s “Like” button which is now found on many internet websites and not only on facebook.com. One feature that most internet users are unaware of is that these buttons collect and send information about your browsing back to the company (Facebook, Google or Twitter) regardless of whether or not you use or click the button. The process used is described in detail in this research paper.

Each time you visit a website incorporating a Facebook “Like” button the website sends a request to Facebook to retrieve the button for display, along with a cookie. If you are logged into Facebook at the time, or have visited Facebook and still have a Facebook cookie on your computer, then the cookie that is sent to Facebook will incorporate your unique Facebook user ID. This allows Facebook to monitor every website that you visit whether you are logged into Facebook or not.

Even if you do not have a Facebook account Facebook collects and stores this information about your browsing, creating what it calls “shadow accounts”.

You can prevent this by installing the Disconnect browser plugin, which blocks these requests and information sent to social networks. Disconnect can be downloaded from https://disconnect.me/

One criticism of Disconnect is that it does not go far enough because it only blocks cross-site requests from the largest known social networks and advertisers. To prevent all cross-site requests you can install the Request Policy plugin. This plugin does, however, break most websites but if you are willing to make the effort to configure it properly for the websites that you visit often it will greatly increase your privacy and security.

Install the HTTPS everywhere browser plugin

The HTTPS Everywhere browser plugin maximises your use of HTTPS encrypted connections and ensures that your browser will use a secure encrypted connection to a web server if one is available.

HTTPS Everywhere is found at https://www.eff.org/https-everywhere

Use a search engine that does not track uou

The major search engines, Google, Yahoo and Bing, record each search query entered into their search engine along with the links followed. This information is used together with your computers IP address to track your browsing habits and build databases containing all information and location details. This information is then used by the companies and their partners to attempt to increase their own revenue by serving you personalised, targeted, adverts.

Your search results can contain very personal and intimate details about you as highlighted in the released AOL database of user searches, and will likely contain personally identifiable information.

To prevent a company from building up a detailed database like this you must not use a search engine which generates income through advertising, but should instead use an alternate search engine which takes its users privacy seriously. Two search engines to consider are:

I personally use startpage.com because it provides search results as if you are using Google. When you search with Startpage the web results are generated by Google and not by Startpage itself. Startpage takes your search query and sends it to Google without providing Google with any identifying information about you. Startpage then delivers the Google search results to you. Startpage does not collect or store any personal information, including your IP address, and has been awarded the European Privacy Seal.

Set Startpage as your homepage, add Startpage search to your browser, and configure your internet browser so you can search Startpage from your URL bar.

Other privacy improvements to consider

There are many other methods that can be considered to improve privacy and security online, but each of these topics would require a separate guide on their own. These include:

  • turning off your internet browsers “referers”, so websites are not sent information about the links you followed to arrive on their page; I have, however, found that this breaks some websites which requires a login;
  • increasing the strength and uniqueness of your online passwords;
  • using services to hide your IP address, such as through a virtual private network (VPN) or Tor (the Onion Router);
  • taking steps to change and protect your internet browsers fingerprint;
  • installing browser plugins to prevent websites from loading java script; this has the benefit of increasing both privacy as well as security; and
  • encrypting emails.

Free Software and its Security Advantages

Everyone loves free software, but not all free software is Free. With software there is a substantial difference between “free”, “Free”, and “open source”.

As an end user Free Software can in some cases offer advantages over closed and proprietary software, especially in the case of software which is relied on for security.

The definition of “free”

The Free Software Foundation defines Free Software as “software that respects users’ freedom and community. Roughly, the users have the freedom to run, copy, distribute, study, change and improve the software. With these freedoms, the users (both individually and collectively) control the program and what it does for them.”

Free Software is not about price, but about protecting users freedom to use, modify and distribute software. The four fundamental freedoms that are applicable to Free Software are:

  • The freedom to run the program, for any purpose (freedom 0). Does the software do what it purports to do? Does the software only do what it purports to do, free from any nefarious other uses or intentional back doors that are unknown to you? Is the software secure from attackers;
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1);
  • The freedom to redistribute copies so you can help your neighbour (freedom 2);
  • The freedom to distribute copies of your modified versions to others (freedom 3). Access to the source code of the software is a precondition for the practical exercise of these freedoms. This access is the largest difference between proprietary software and Free Software.

Free Software, and its accompanying freedoms, should not be equated or confused with software that does not have a price; it is possible for a company to charge a price for Free Software, just as it is possible for a company to give away its own proprietary software at no cost. Also, just because software is Free, does not necessarily mean it is not subject to copyright; one method used to protect Free Software is to make it subject to a “copyleft” license, such as the GNU GPL License, which requires modifications to the software to be distributed under the same license, preventing persons from modifying Free Software and re-releasing it as proprietary code.

Free Software is about liberty, not price. As the FSF puts it, “[t]o understand the concept, you should think of ‘free’ as in ‘free speech,’ not as in ‘free beer’.”

The term “open source software” is often incorrectly used interchangeably with the term “Free Software”. With open source software you can usually view and modify source code, but open source software does not necessarily grant all the freedoms associated with Free Software.

Security advantages offered by free software

When selecting a software to use there are often various programs available, some proprietary and others Free Software. When using any software it is essential to be able to ensure that:

  • the software indeed does what it says it does;
  • the software does not do anything malicious or contain “back doors”; and
  • the software does not contain any exploitable bugs or security flaws.

These concerns are amplified if the software it being used to preform a critical function, to protect systems or store and safeguard confidential information.

Proprietary software is developed in a closed fashion by a limited development team. Nobody has the right or the ability to examine the source code. This means that you are putting your trust in the software’s development team. Unfortunately trust can be placed in the wrong people.

How certain can you be that your encryption software does indeed encrypt your data using the algorithm that it says it does? Does the encryption program implement the algorithm correctly? Does your software phone home or otherwise send requests or information to an unknown server? Does your software contain intentional back doors to allow third parties or law enforcement to circumvent security? Is your software free from security vulnerabilities that can be exploited?

These concerns are addressed by Free Software.

First, with Free Software you can be certain that the software does indeed do what it purports to do. The source code is available and users are able to examine exactly what the software does and how it aims to do it.

Secondly, because users are able to examine the source code any intentional back doors build into the software can be more easily discerned and anything malicious in the software can be identified.

Thirdly, serious security flaws can be quickly identified and addressed. Linus Law, named in honour of Linus Torvalds, is “given enough eyeballs, all bugs are shallow”. Free Software is often developed by extremely large groups of people, for example the latest Linux report states that more than ten thousand people have contributed to the Free operating system. Arguably the large amount of people actively combing through, improving and adding to the software source code weed out many of the exploitable bugs and security flaws.

Some opponents of Free Software argue that by having code open for inspection it makes software less secure, allowing people to look at the software code, find and exploit flaws. This is an argument in favour of “security through obscurity”, an argument that a security flaw in code is acceptable as long as it is hidden and no body can easily see it. Security through obscurity is never a good idea as it works off of the premise that would be attackers are not looking for vulnerabilities that exist in the proprietary software.

Unfortunately no software can ever provide a guarantee that it is one hundred percent secure, but it should not be necessary to place your trust in a group of developers who may not have your best interests in mind. With Free Software you don’t have to trust so blindly.

Edit: A fascinating perspective on the topic of trusting code is given in this speech by Ken Thompson titled “Reflections on Trusting Trust: To what extent should one trust a statement that a program is free from Trojan horses. Perhaps its more important to trust the people who wrote the software”.

“The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect …”

Ken Thompson, Communications of the ACM, August 1984 Volume 27 Number 8.