Hardening your privacy #1

July 13, 2008 at 16:43 | Posted in Privacy/Security | Comments Off on Hardening your privacy #1
Tags: , , ,

With the continuing spread of Phorm, Nebuad, and their ilk and the growing trend for governments and ISPs to record where you go and what you do I felt it would be worthwhile writing a series of articles on how to harden you privacy.

The fist thing I’d suggest is that people use Firefox 3. I find it to be more secure by default, easier to configure to be secure and private , and it has a number of security and privacy related add-ons.

First let me talk about the settings in Firefox 3.

on the “Privacy” page:

History

Keep my history for at least x days

I always uncheck this. Having your history hanging around is a privacy nightmare.

Remember what I enter in forms and search bars

Another privacy nightmare. I strongly suggest you uncheck it. There are applications out that that will do their best to pull this information out of your browser.

Remember what I’ve downloaded

I leave this checked but have the browser set to clear all the data from it at the end of the session (when i close the browser). In my more secure profiles (like the one I use for Tor) this option is unchecked

Cookies:

Accept Cookies from sites

I leave this one checked in my standard browser but un-check it in my Tor (secure browser) profile. Again I have the browser set to flush all cookies when it closes.

Accept third party cookies

I always uncheck this one 95% of “third party cookies” are used by advertising and web metric firms to track you. something you definitely don’t need.

keep until:

The most secure setting for this and the one i suggest is “I close firefox“. by setting it this way all cookies are flushed as soon as you close your browser. Which is good. It makes you much harder to track with cookies because the companies are always having to start with a new cookie, It avoids “oopses” caused by forgetting to sign-out of a site. (if the cookie was still there people using the computer after you could/would have access to the account you forgot to log out of).

Private Data:

Always Clear my private data when I close Firefox

I always have this checked and all the options under the associated settings button checked also. doing so returns the browser to a blank slate when you close it. This way even if your machine was broken into the browser cache and settings would be clear (A lot of Trojans, viruses, hackers, go looking in the browsers folder as it can offer a wealth of information if not set to be cleared)

Ask me before clearing private data

This I always uncheck, for me it is just annoying to have the “are you sure” question every time I try to close the browser, and I know I want it cleared.

Now on to the Security Page in the setting:

Warn me when sites try to install add-ons

Best to have this checked and be sure that there are no sites listed under the exceptions that you do not want able to install add-ons (so probably just addons.mozilla.org and update.mozilla.org)

Happily, the next two:

Tell me if the site I’m Visiting is a suspected attack site

Tell me if the site I’m visiting is a suspected forgery

were implemented is a privacy friendly manner and so I’m quite comfortable leaving them checked. I say privacy friendly because Firefox 3 downloads a list of the sites to watch for rather then sending out each URL you enter to a third party for verification.

Remember passwords for sites

Another privacy (and security nightmare). I strongly suggest turning this feature off (unchecking it) and using a secure external password manager such as Revelation or keepass if you are using windows.

Use a master password

I leave this unchecked but ONLY because i never store passwords. If you ever plan to have your browser remember a password for you, I strongly suggest checking this and setting a master password. This will encrypt all the stored passwords. Thus making them a lot harder for someone to retrieve.

add-ons

There are a couple of add-ons I strongly suggest for Firefox. they are Adblock plus, NoScript, and User Agent Switcher.

Adblock Plus:

this is a wonderful add-on that not only will help you get rid of the annoying banner ads everywhere but it can also block tracking sites. I strongly suggest people install this add-on and then subscribe to the following block lists for it. EasyElement+EasyList, ABP Tracking Filter, Fanboy’s List

I find that this blocks 99.9% of advertisements and a huge number of the tracking sites.

NoScript:

This is a wonderful and strongly recommended add-on that blocks java, javascript and plugins by default. It gives you very fine grained control over which sites can do what. It also protects against XSS (cross site Scripting attacks). As the #1 vector of virus infection nowadays is drive by downloads. I can not suggest this add-on strongly enough.

Sadly, it can cause problems with some sites that are poorly written (bounce through 3rd party sites for verification, etc). So some users find it more bothersome then they feel it is worth. I would like to encourage people to take the time and get used to NoScript rather then getting rid of it. I can respect that often people do not have the time or skill to track down why a particular page isn’t working. You can temporarily disable NoScript for such occasions, but I’ve found that people that start going that route tend to start leaving it disables in which case the might as well remove it.

Try it.. Try to stick with it, It really can and will save your computer.

User Agent Switcher:

This add-on allows you to set how Firefox reports itself to websites. you can have it tell the website that is is “Internet Explorer 7”, or “Opera”, you can also choose/set what operating system it says you have. This is a good thing for privacy as you can set it to something like “Internet Explorer 7” on “Windows XP” and blend into the crowd of millions of other using that combination.

As this is getting long I’m going to break this discussion up into several more parts.

People wanting to set Firefox 3 up to use Tor should see this post.

In the upcoming posts

Privoxy

Encryption

Tor

Psiphon

freenet, Gnunet, I2P, JAP, etc

gotchas

Advertisements

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: