It is easy to expose users' secret web habits, say researchers

post by ChristianKl · 2017-08-21T07:05:43.116Z · LW · GW · Legacy · 7 comments

This is a link post for http://www.bbc.com/news/technology-40770393

Contents

7 comments

7 comments

Comments sorted by top scores.

comment by ChristianKl · 2017-08-21T07:06:09.857Z · LW(p) · GW(p)

What's the best practice for protecting one's privacy?

Replies from: DataPacRat, Shaedys
comment by DataPacRat · 2017-08-21T09:12:09.975Z · LW(p) · GW(p)

Start paying twenty bucks a year for a VPN. Use Linux instead of Windows (even if just through a bootable flashdrive). Download the Tor Browser Bundle and start getting the hang of it. For everyday surfing, use Firefox as your browser, with the extensions Adblock Plus, Adblock Plus Pop-Up Addon, AdNauseum, BetterPrivacy, Decentraleyes, Element Hiding Helper for Adblock Plus, Flashblock, Ghostery, HTTPS Everywhere, NoScript, Privacy Badger, Random Agent Spoofer, RequestPolicy Continued, Self-Destructing Cookies, TrackMeNot, U2F Support Add-on, uBlock Origin, and uMatrix, so that when one add-on fails you another can fill the gap. Use two-factor authentication, including paying ten bucks for a physical U2F dongle to plug into your USB port (and a second dongle to keep at home as a backup), and preferably not using SMS messages sent to your phone. Start teaching yourself about particular items such as various cryptocurrencies, BitMessage, and Ricochet. Don't forget the basics, like clearing your Google and Youtube histories, and turning off personalized ads.

And, even if you start doing all of that right now, it'll still take time and practice to avoid various privacy-destroying mistakes. So it's better to get the practice period over as soon as possible, so you can then spend as much time as possible browsing with a modest level of privacy.

Replies from: ChristianKl
comment by ChristianKl · 2017-08-21T10:30:03.115Z · LW(p) · GW(p)

The article suggests "The pair found that 95% of the data they obtained came from 10 popular browser extensions."

Given that the prime leakage of data seems to be browser extensions, why do you think the solution is to install more browser extensions? Do you have strong reason to believe that the ones you listed (especially adblockers) don't leak any data?

Replies from: DataPacRat
comment by DataPacRat · 2017-08-21T12:26:27.486Z · LW(p) · GW(p)

The leaky extensions in question, like "Web of Trust", phone home with browsing data, and say that they do. The extensions I use either just plain don't do that, or have an option to turn off such feedback. It's just one more detail that an eye has to be kept on.

Replies from: ChristianKl
comment by ChristianKl · 2017-08-21T12:49:59.791Z · LW(p) · GW(p)

How do you know whether an extension such as Adblock Plus or uBlock phones back?

Replies from: DataPacRat
comment by DataPacRat · 2017-08-21T13:07:01.536Z · LW(p) · GW(p)

The obvious way is usually enough: check through the addon's settings to see if there's an option to disable it. Eg, under Ghostery's hamburger-menu is a 'Support Ghostery' setting section, with three different boxes for enabling or disabling phone-home behaviour. Besides that, you can glance at the user reviews on the Mozilla add-on download page, on Reddit, the top few Google results, and so on. It also helps to be careful about where you look for privacy addon suggestions in the first place.

comment by Shaedys · 2017-08-25T08:16:03.606Z · LW(p) · GW(p)

If you want to know more best practices for protecting your privacy, as well as alternative applications (say email) that respect privacy there is a compilation: https://www.privacytools.io/

It also has recommendations on VPN's and such. A common recommendation is to use linux instead of windows, but if you find this to be very inconvenient there are many settings in windows 10 that can be changed to disable telemetry (such as blocking in firewalls), these are gathered into one place by the application: https://www.winprivacy.de/english-home/