back to article The Register Guide on how to stay anonymous (part 1)

It has been a year since I have talked about securing browsers against privacy invasion. In that time, things have got worse, not better. In addition to the threat of malware and malicious scripts, we have the frightening new evercookie. Leaving the criminal misuse of tracking for a later date, there is plenty to worry about …

COMMENTS

This topic is closed for new posts.
  1. Armando 123
    Black Helicopters

    Huhr

    "Because of a peculiarity of how the Chrome AdBlock works, you need to tweak it to protect yourself from tracking."

    Wait, something for Chrome (by Google) has to be fiddled with to protect your anonymity and keep people from tracking your web habits? I am shocked, *SHOCKED* I say, to read this.

    1. TimeMaster T
      Coat

      I am shocked, *SHOCKED* I say,

      when I think about how many of the "Generation M" probably don't know the origin of that meme.

      Not directed at Armando 123, just a general observation.

      The grey one sharing a hook with my fedora.

      I'll be at Rick's if anybody needs me.

    2. Drew V.

      I am not convinced that any amount of tweaking does the job. It's made by Google, so why wouldn't it have backup surveillance systems? If those systems don't exist yet then they will no doubt be introduced through the many silent updates.

  2. Anonymous Coward
    Anonymous Coward

    I'm surprised you didn't mention the incognito (pr0n) mode most browsers have these days.

    1. Field Marshal Von Krakenfart

      I thought p0rn mode only stopped your dirty habits from being recorded in your history?

      Anybody?

    2. Drew V.

      Those modes are designed to keep your doings hidden from the other people using the same computer, or potentially from hackers or investigators who gain remote or direct access to the machine. They don't enhance your anonymity in any other ways.

      When it comes to computers, there are two types of privacy: privacy from those with access to your computer, and privacy from internet companies who monitor everything. These two types are almost entirely unrelated. I wish people would stop conflating them.

    3. Marvin the Martian

      These blockers also reduce functionality (like remembering where you've been, or you having allowed NoScript a script on a given page, etc), so it's not a practical solution to be surfing like it's 1999 on a routine basis.

  3. DrXym

    Social media blockers

    I think if you want to protect your privacy that you absolutely have to block these in addition to ads.

    I wonder if someone has an add-on that detects requests to these +1 / Like scripts (e.g. https://apis.google.com/js/plusone.js) and replaces the content with a little placeholder which you must explicitly click to enable the script to be included for that site or page.

    1. Old Handle

      Not true!

      You can also handle this threat by not joining any social media sites.

      1. BristolBachelor Gold badge

        @Old Handle

        I haven't joined Facebook, but that doesn't matter. If I don't specifically block their servers, they get to put their little icon on most of the sites that I may browse to. Facebook can then log all the sites that I visit (even though I am not a member), so they can put together a history of my browsing. They can then do what they want with that (even though I'm still not a member).

        However blocking their domains solves that problem, plus the ages it takes to load all the useless Facebook comments about how space probes missed Mars because our theories of gravity are wrong, or similar drivel.

      2. DrXym

        @Old Handle

        Whether you join a social media site or not is irrelevant. These scripts are still handing out cookies and still tracking you. True, if you are not a member of a site they cannot precisely track you. But it can still be used to deliver targetted ads, affect search results, ad keywords that build up over time. And we've seen with the likes of never-cookie research that Facebook, Google et al could restore a cookie a lot of the time and you would never know. I bet just looking at the IP address range and a fingerprint of your browser's public settings (screen res, fonts, plugins etc.) would reinstate a cookie 99.99% of the time.

        NoScript would work to block the scripts but I imagine sometimes the +1 / Like have a use so I would prefer to see something which puts a placeholder where the Like / +1 would go and if you chose to click on the placeholder, *then* it would pull the script in. i.e. unless you click you don't get the script and no script = no cookie.

    2. Ocular Sinister
      Go

      Ummm....NoScript?

    3. KirstarK

      Its called ShareMeNot

      I think its in the article.

    4. Mark40
      FAIL

      Thank you

      Thank you

      Good post

  4. Jason Bloomberg Silver badge
    Thumb Up

    Ghostery

    The nicest thing about Ghostery (beyond the blocking) is that it visually lets the user know just how many trackers a page is using - a frighteningly high number on some sites! I expect other tools have similar capabilities.

    Getting non-experts educated and aware of the issue is an important part of the process and it soon wakes them up to what they would not otherwise see.

    1. Snowy Silver badge
      Thumb Up

      Thank you looks like a useful addon, will be watching what it does with interest.

    2. BristolBachelor Gold badge
      Coat

      Interesting... Looks ok.... But..., wait... What's this? Their home page contains tracking things from Facebook and Twitter?

      Is that Irony?

  5. TimothyB
    Thumb Up

    It's funny how one of the things which makes online advertising so annoying (it coming from other domains, usually via rather slow CDNs) makes it so easy to block. If websites served all their image content and advertising content from the same directory adblock would be a lot harder to use...

    Good on you though Reg, when's the switch to a subscription model coming then? :)

    1. The BigYin

      I the ads...

      ...did not flash, pop over/under or otherwise distract from the content, I wouldn't block them so hard. Advertisers and ignorant content providers have made this problem. If they play nice, it will go away.

      1. Darryl

        I agree with The Big Yin. I didn't really have an issue with ads until they started interfering with my browsing. The worst are the big semi-transparent things that obscure what you're trying to read, forcing you to hunt for a tiny close button or X to get rid of them. When those got more common, that's when I started blocking ads.

        1. Ben 42
          Mushroom

          Everybody's tired of hearing about it...

          ...but NoScript almost completely eliminates those obnoxious ads without blocking the less intrusive ones. I can't remember the last time I had a popover ad while running NoScript. On the other hand, I was on a NoScript-less browser the other day for some reason and ran into a couple of sites with full-page flash ads that had to be closed. I nearly put my fist through the screen.

          I don't understand those ads either. Why would you want me rage-quitting the internet because of your ad? Is that what you want me associating your product with?

  6. Tim 11
    WTF?

    does anyone read adverts anyway?

    to be honest, I don't give a flying fig whether the adverts are for laptops or viagra. I just don't read them

    1. Marvin the Martian
      Thumb Down

      That's what you may think, but not what can easily be shown.

      There's so much priming going on, just like product placement on tv/ in movies; and they're terribly effective [as they have to, to justify their cost]. Especially on those who think that it doesn't have an effect on them.

  7. Anonymous Coward
    Anonymous Coward

    You don't need to read them for them to take over your page or jump out as the cursor inadvertently moves , to obscure your page like a "AC cannot choose icon" distraction. And worse of all the flashing moving ones. But I guess ads and anonymity are different if connected subjects.

  8. Tom Maddox Silver badge
    Headmaster

    One correction

    NoScript blocks all scripting by default, but it's very easy to unblock specific domains on a particular site. For example, on this page, I allow theregister.co.uk but block doubleclick.net.

  9. stuff and nonesense

    I use FF8 FF9 and nightly, Adblock and no script are installed. Google scripts are blocked on principle. Each new site I visit has the minimum number of scripts enabled to show the content.

    Google "do no evil" is a joke. Their data harvesting is vast and every new beta product they release is designed to scrape more information about users. To Google we are product, information for their customers, businesses.

    It won't happen, sadly, but the world and his dog really should block 3rd party cookies, also, use noscript, use ad block, flag do not track, use the tools suggested in the article.

    This could kill off many advertisers, the intrusive ones at least.

    Another trick, click on the "click through" adverts, give google some money in the short term, dont buy anything... make the click through advertising system worthless, persuade the customers, businesses, that they are wasting their time.

    (BTW.. the internet is so much cleaner with noscript and ad block running, pages don't have the messy flash crud blinking up, down and across them)

    1. cyborg
      Pint

      Indeed

      I am always surprised at just how different the web looks when I use a browser without NoScript - UGH, is this what the plebs deal with I say rhetorically? It's just so ugly.

  10. Ejit
    FAIL

    Really?

    "In general, cookies are harmless"

    As El Reg has just dropped 6 of the little blighters on my PC without my informed consent then I hope the ICO also considers them harmless.

  11. Anonymous Coward
    Anonymous Coward

    Additional plugins to use...

    Another couple of Firefox plugins to think about:

    TrackMeNot - issues random search queries to Google et al to obfuscate your actual search queries. has a "query burst" setting to make queries seem more human. Terms for queries taken from RSS news feeds, so very nice.

    ModifyHeaders - some websites use If-Match, If-Modified-Since, If-None-Match, If-Range and If-Unmodified-Since HTTP Etags (http://en.wikipedia.org/wiki/HTTP_ETag) to determine whether you have visited them before, even if your browser history has been deleted. You can stop your browser sending those headers using this (set up a Filter for each of them).

    I would also suggest BetterPrivacy, but I think that the new Adobe Flash plugin manager functionality has mainly made it redundant.

    1. xlq
      Stop

      Modify Headers

      "ModifyHeaders - some websites use If-Match, If-Modified-Since, If-None-Match, If-Range and If-Unmodified-Since HTTP Etags (http://en.wikipedia.org/wiki/HTTP_ETag) to determine whether you have visited them before"

      Unfortunately, the Modify Headers add-on cannot block the caching headers. The add-on modifies the HTTP headers before Firefox adds the cache headers. To test, connect Firfeox to a netcat instance, send it an ETag, and see if it returns it.

      One can use an HTTP proxy (e.g., Privoxy) running locally to block these headers instead.

  12. Drew V.
    Thumb Up

    Thanks very much for this exhaustively researched article.

    Cookieculler is a dream come true: no cookie is kept apart from the ones I really need and want. Configuring it to do that is a gradual process but quite easy.

    Ghostery is, by quite a margin, the best privacy add-on since NoScript, AdBlocker and TorButton. It doesn't conflict with any of those, either, so nothing is stopping you from using them all at the same time. Anonymity is like an onion, after all: several layers of protection are needed.

    I have considerable doubts regarding opt-out tools such as TACO, Keep My Opt-Outs, and Firefox's built-in Do Not Track feature. Voluntary regulation of companies usually doesn't work at all, and internet companies seem par for the course. Nothing is stopping those companies from either ignoring or cleverly circumventing the opt-outs.

    The final bit of the puzzle is how to prevent them from identifying users by the information contained in user agents and other browser configuration info. , as detailed by the Panopticlick project ( https://panopticlick.eff.org )

    Extensions such as TorButton, User Agent Switcher and Random User Agent attempt to remedy this, but so far remain inadequate.

  13. Anonymous Coward
    Anonymous Coward

    It's everywhere and insidious

    I went to memegenerator the other day and entered what I thought was amusing but politically incorrect to post on a notorious imageboard only to be met with 'would you like to include this on your Facebook?' replete with my username and login ready to ship.

    I only made a Facebook so I could get some info from my relatives and have ensured it has as little real life info as possible but it would not be too hard for someone to 'digg' up my real details with a little effort.

    It's really become an issue how this has spread across the web and how every other site has access to your personal details. I've since disabled my Facebook apps and changed some settings, used cookie culler to clear cookies and now make sure I am logged out of Facebook when not in use. But this really should not be required in the first place!

    Now to tackle Google (yeah right. Fat chance with that!).

  14. irish donkey
    Boffin

    Serious Question

    The article mainly talks about tracking your presence around the hintertubes through your browser.

    But what if you use multiple browsers.

    Mainly I use Firefox when cruising about... but when I want something kept private from the family I use k-mellon which is installed on a separate (encrypted) drive. Both browsers would track different things and never the twain shall meet.

    Or am I just being daft?

    1. Trevor_Pott Gold badge

      @Irish Donkey

      Sadly, that is largely wishful thinking. Keep an eye out for Part 2. That article will cover why this is so.

    2. Anonymous Coward
      Anonymous Coward

      Re: Serious Question

      Check out privoxy - blocking is done invisibly by a proxy server rather than a tool in the browser. It allows you to follow links it blocks if you want.

      1. Wile E. Veteran
        Unhappy

        Privoxy has no whitelist feature

        I use deviantART a lot. Even if I set up a domain-specific rule that disables all the other rules, I still cant read any messages. The messages page itself comes up but none of the messages are displayed. If Privoxy has a whitelist feature, I haven't found it.

        BTW putting the domain in the "No Proxy For" feature in the proxy configuration tab of Preferences does not help. Everything goes through Privoxy anyway. Filed a ticket with Mozilla on this one.

    3. Nun of Thee Above

      Unfortunately. . .

      you are still browsing from the same IP address. I would expect that correlating different data based on IP is a big part of this game. Or are you using an anonymizer?

    4. Drew V.

      How hard do you suppose it is for them to tie the two browsers together? It's the same IP address. What's more, as soon as you've logged into Gmail, Facebook, or any major tracker, they know perfectly well it's both you.

    5. irish donkey
      Happy

      thanks for the shouts

      looking forward to part 2 already

      of course what I should have mentioned in the previous post is that I am when I use k-mellon I not surfing anything too dodgy. I would just rather avoid the embarrassed silence when an advertisement for something black and lacy (for the wife not me) comes on ebay when the kids are shopping for DS games.

  15. Stevie

    Bah!

    Never mind the underlying assumption that if you visited site X you are intersted in their products as a lifestyle choice.

    It couldn't be that you went there to buy product X for someone else whose tastes are definitively not your own.

    Data != information.

    Still.

  16. Marty McFly Silver badge
    Alert

    Avoid Cookie Culler

    It blocked a bunch of stuff and subsequently would not unblock it once disabled. Very tough to undo the semi-permanent changes it makes. Other than that, the rest of the tools in the article are great!

    1. Drew V.

      Once a cookie is blocked, you have to unblock it not through Cookie Culler but through Firefox's own built-in cookies list ("Exceptions" under privacy settings). The reason for this is that the extension behaves in a subservient way to Firefox's built-in cookie settings and defers to it. All this is explained in the FAQ ( http://cookieculler.mozdev.org/ffaq.html ) but the developer admits that it can be confusing. Still a very good extension IMO.

  17. jonathan keith
    Big Brother

    Hosts blocking

    If you're comfortable editing your hosts file, there are several good lists available for download that block huge numbers of URLs, including advertisers and tracking servers.

    Very, very useful. There's one here:

    http://someonewhocares.org/hosts/

    1. Anonymous Coward
      Boffin

      Important to note

      that if you are behind a proxy server then the HOSTS file is not used.

  18. P. Lee
    Coat

    In part 2...

    We ask why you didn't read part 1...

    1. Alex Rose
      Thumb Up

      @P. Lee

      I chuckled sir. I chuckled hard!

  19. AdamWill

    except

    "Government surveillance is usually the threat bantered about, but that isn’t a real concern to me. Governments are notoriously terrible at actually implementing technology."

    Well, yes, but they're rather good at exploiting *other people's* technology. Aside from how nasty they are in their own right, a big problem of the very successful systems Google, Amazon, the cable company et al are building to track us all is that they have very little ability to stop quite a lot of governments from demanding to look at their data on any particular person on rather thin pretexts - and, in some cases, preventing the company from even notifying the user (assuming they want to).

    This is _already happening_ with facebook and twitter.

  20. Kanhef
    Boffin

    More tools

    Privoxy (www.privoxy.org) is a locally-run, content-modifying web proxy designed to block ads and privacy/tracking issues. More technical to set up and use than most browser plugins (regexes are everywhere!), but offers more control and finesse than, say, NoScript. Among other things, it can block elements by URL pattern, not just host. Exorcises annoyances such as <blink>, onunload events, JS and HTML content cookies, banner ads by size or link, Google/Yahoo/MSN text ads. Can bypass click-tracking redirection URLs. Also removes/edits HTTP headers, including the ETags mentioned by AC 19:52 .

    Not mentioned in this article are the Flash-based 'zombie' cookies. They can be at least partially dealt with by not loading every Flash object automatically. Some browsers include this as a feature; Safari users can install the ClickToPlugin extension (hoyois.github.com/safariextensions/clicktoplugin).

  21. HipposRule
    Thumb Down

    I'm odd..

    ... and use (because I like) IE9 and have Tracking Protection on. However some sites (Google maps/Finance, Android app market and some retail sites) don't work unless you turn it off.....

    Right PITA.

  22. John Lodge
    WTF?

    Does it really matter?

    All you're gonna get is better targeted ads - and there has to be some method of paying for all this free technology you are all using! Privacy my left buttock. Just use common sense, avoid pr0n and generally be good netcitizens and all will be well.

    1. Ian Ferguson
      Paris Hilton

      I see a flaw in your argument

      "avoid pr0n"

    2. BoxedSet

      "Does it really matter?" - JL

      And after briefly dipping his toe in the waters of reason, the man with no brain happily returned to frolic on insanity beach....

    3. Mike VandeVelde
      FAIL

      "better targeted ads"

      You can't get any better at targetting ads at me than just doing it randomly. Seriously. Do not want. Have never ever bought something because I saw it in an ad. The ad could be for a brand new life extending pill that also make you handsomer and that's just gone on sale for 95% off, and I would pass right by it or get up to use the bathroom while it played. I don't want to know about any "product" unless I am out looking for it, just make it convenient for me to find the information WHEN I WANT IT and that's the best you can do. If you try to cram information down my throat just because you think I might be interested you are pissing in the wind at best, more likely planting the seed of annoyance with your "brand" in my head.

      "All this free technology" - so everything isn't hugely more expensive because of all the utterly ridiculously pointlessly retarded amount of resources that go into marketing in all its parasitic forms? The unholy triumvirate of financial and legal and promotional, doing their best to make capitalism into way more of an unworkable joke collapsing under its own weight than communism ever was.

  23. Neal 5

    strange

    no mention of the many different toolbars often installed by lots of people into their browsers, notable ones being offered by Google, Yahoo and MSN, perhaps representing somewhere near 100% of all advertising.

  24. h4rm0ny

    When handing over privacy becomes necessary.

    Increasingly though, you're being forced to hand over your data. For example, I blocked Google on my network to see what difference it made and found a number of websites could no longer be used. They outsourced searching of their site and captchas used for posting on their site, to Google. So you could sort of use their sites so long as you didn't want to leave a comment or search their articles. Another case is Disqus or other methods of outsourcing discussions on a site. Used to be that you could register on a site and leave a comment. Now its outsourced and if you register on one site, you visit a completely unrelated site and suddenly find you're already logged in under your Disqus identity. Instant loss of privacy!

  25. Ian Ferguson

    Good article.

    "blocking advertisements altogether deprives the websites you love of the revenue they need to survive"

    True. I use AdBlock on The Register. If you banned animated adverts, I'd be happy to turn it off again. I don't mind advertising, but I do mind distractions from what I'm trying to read.

  26. Richie 1

    Also useful

    The RequestPolicy extension for FireFox. (https://www.requestpolicy.com/)

    It stops cross-site scripting requests.

  27. Anonymous Coward
    Anonymous Coward

    Great, but probably not in the real world

    A great article. Many thanks. It's articles like this that make you sit up and think again.

    Unfortunately I'm not sure how far I'll get. In the real world, a lot of these privacy features can get in the way of convenient browsing. I got fed up with NoScript when I had to do yet another whitelist exercise on the 99th website that's not working properly.

    Then there are the niceties, when the website automatically does something for you. Scary invasion of privacy? Probably. Is it nice and convenient? Definitely.

    This is all down to my laziness and technical ineptitude, which is my loss. And the advertiser's gain :-(

  28. BoxedSet
    Flame

    I do wonder why every single time people mention the invasion of privacy by tracking every single movement on the web or using the inprivate browsing somehow means we must all be visiting p0rn websites?

    Do we really need to have our purchases and movements known to all websites? No is the answer and bravo the folk who write the excellent addons and extensions to block this insidious work to track browsing sessions. <applause>

  29. BoxedSet

    Toolbars - rubbish software used by tools. Avoid

  30. Anonymous Coward
    Anonymous Coward

    Yes it really annoys me that I am simply another product to these scumbags but what really gets on my nerves is that all the fun of discovery is taken out of life. With brand recommendations I am held in a narrow field of interest and could miss out on seriously interesting things but "the machine" determines I am happier without any surprises.

    I got into heavy metal simply because my mate's brother wouldn't lend me his Iron Maiden album way back when, so I simply went and bought it. I had absolutely no idea what to expect, I was used to the Moody Blues and a little bit of C&W and 60's rock my parents listened to. Being a rebellious sort of 12 year old I simply took a chance with my pocket money and entered into an amazing world which I am still more than happy to be in 28 years later! If I hadn't taken a leap of faith but stuck with what I knew best, I would never have known the wonders of thrash, death and black metal.

    I took up archery as a hobby when I was 8 years old simply because we happened to flick through the TV channels one day and my mum asked if fancied trying it. 7 years later I was in the Great Britain Youth squad training to shoot at international level. Just one of life's flukes that lead me off on another of life's wonderful journey's.

    I fear for the new generations, they will be locked into little comfort zones, unwilling to simply try something for a laugh and see where it leads. I just hope the arrogance of youth is enough to push through the bullshit, if not then life is going to be come a whole lot more boring.

  31. Richard Pennington 1
    Go

    Anybody up for putting together a comprehensive cookie-faker add-on?

    1. Detect cookie

    2. Substitute random garbage

    3. Replace original

    4. User interface to guide your browser as to which cookies get the treatment.

  32. Guido Esperanto
    Holmes

    hmmm

    "blocking advertisements altogether deprives the websites you love of the revenue they need to survive."

    I see what you did there.

    However I take the typical "If a tree falls and no one is around, does it make a sound?"

    In translation. "If I'm not swayed by adverts at all, so will never click on them, whose harmed if I block the ads?"

    I'm sure there are many sites that supplement or generate total income through PPC ad revenue. But they make nothing from me directly. Never have, never will.

    And while it would pain me to lose a site to a financial defecit, I've got to be honest, I'm quite fickle and just google the subject matter until I find another suitable site.

    Additionally, I have to second Big Yins comment about advertisers using underhand tactics to have their ads displayed, only makes me more determined to block them.

    With that in mind ,I've found I only ever need to use noscript for all my blocking needs.

  33. Jan 0 Silver badge
    Paris Hilton

    "blocking advertisements altogether deprives the websites you love of the revenue they need to survive"

    Why can't website owners be arsed to set up subscriptions?

    Paris, cos she doesn't pay for advertisements.

  34. Wile E. Veteran
    FAIL

    Better Privacy website wants to track you

    If you visit the Better Privacy website (see the link in the article) it WILL NOT let you see anything if you have the "Do Not Track" feature enabled. Just a page telling you the feature is enabled and a picture of a pretty girl next to some marketing crap. You MIGHT be able to get in using the "help us understand" feature but my take is any site that won't show me its content without allowing some sort of tracking is not worth my time figuring out how to get around their demand.

  35. Dance of light
    Megaphone

    Don't forget to

    Contribute to the development of tools like NoScript and others that help us maintain privacy.

This topic is closed for new posts.

Other stories you might like