Avoiding Tracking - Now with Data

For discussions about security.
Message
Author
User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

Avoiding Tracking - Now with Data

#1 Post by playdayz »

There is now a version of Firefox that incorporates some of the information from this discussion -> http://www.murga-linux.com/puppy/viewto ... 375#751375

I just started this investigation a couple of days ago after I signed the petition urging clemency for Edward Snowden. I hope to be instructed by those who know more. Maybe we can build a Browser pet for Puppies with as much protection as possible.

Edit: I am revising this message in line with the discussion. I have also added a message that imho describes a useful and usable option for minimizing tracking http://www.murga-linux.com/puppy/viewto ... 858#746858 This option is supported by a study from Stanford that imho will be of interest to everyone who is taking the time to read this discussion -> http://cyberlaw.stanford.edu/node/6730

If it is a matter of your life or liberty, use the TOR Project. It hides your IP address behind a wall of constantly shifting proxy servers around the world, donated by people who believe in web privacy and political freedom. Here is what you can do to help and get TOR -> https://www.torproject.org/getinvolved/ ... er.html.en I am not sure if Version 3 of TOR is available yet for Puppies. Evidently Flashplayer can reveal your real IP address, so TOR Project blocks flashplayer. TOR is slower than most people are probably used to. Add: In the discussion it is demonstrated that your computer can be identified uniquely even through a proxy.

Don’t use Google Chrome. It was designed to track you. You can disable some tracking options but would you bet it was all of them?

Don't use Gmail. Your emails are scanned routinely for Google's convenience in selling ads.

Don’t automatically log on to Google or Microsoft, or stay logged on. They want you to of course so they can track you. If you use Gmail or Hotmail, then log on to get your mail and log off, because logging on to any service is the same as logging on to the whole network. You do not have to log on to Youtube to use it, but if you do, say, in order to keep playlists, then log off when you are done.

The solution would be for all web sites *and* mobile apps to offer a clear and effective Do Not Track option. There is discussion of such a law.

I mention "mobile apps" because this discussion only applies to computers. It is hopeless to try to interfere with tracking on smartphones and tablets.
Last edited by playdayz on Wed 15 Jan 2014, 18:39, edited 7 times in total.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#2 Post by bark_bark_bark »

I would not recommend DontTrackMePlus! It doesn't work and invades your privacy even more. Ghostery works best.

But disabling JavaScript is also important to web security (I use NoScript for this).
....

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#3 Post by playdayz »

bark_bark_bark wrote:I would not recommend DontTrackMePlus! It doesn't work and invades your privacy even more. Ghostery works best.

But disabling JavaScript is also important to web security (I use NoScript for this).
I see that Ghostery has better reviews, 5 out of 5 stars versus 4 out of 5 for DontTrackMePlus. Thanks.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#4 Post by mikeb »

My google for gmail account had a history of every websearch I have ever done on google during the time I had the account....discovered while in the process of deleting said account.
They also used my gmail login and password for a you tube account based on access via the same computer...fortunately it was ours and not one in say a library.
Another bonus is broadcasting your email on the chat network which is a nice way to draw in spam...without asking of course.

I rarely use Google now...ask.com get decent results...not sure of their policies but keeping out of google's way seemed a good move generally....and as suggested if you do avoid being logged in unless you have to (if that makes a difference)

perhaps tor's restictions are more to do with bandwith with regard to flash.... some were using it to watch the likes of the bbc for example.... bit of an abuse unfortunately.

Interesting this passing of data.... one example was I was looking on amazon for an specific item. A totally unrelated site pops up jolly adds for amazon and said product.... its all fun.

One note on javascript...if i spoof google search with firefox 1.5 version i get a javascript absent search results....its much faster and might be less intrusive too...

mike

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#5 Post by Barkin »

mikeb wrote:... I rarely use Google now...ask.com get decent results...not sure of their policies but keeping out of google's way seemed a good move generally....
The search engine https://startpage.com/ will act as a proxy and do a Google-search for you without Google knowing it's you , (see attachment).

DuckDuckGo search engine has a do not track policy ... http://donttrack.us/
mikeb wrote:One note on javascript...if i spoof google search with firefox 1.5 version i get a javascript absent search results....its much faster and might be less intrusive too...
FireFox is now on version 24, you can disable javascript in firefox 23 onwards by changing the status of "javascript.enabled" in firefox config[uration] ...https://support.mozilla.org/en-US/questions/971170

Alternatively restrict which sites can use javascript with an addon like NoScript , which operates a white-list.
Attachments
startpage looks up Google for you (proxy) so Google doesn't know it's you asking.gif
(32.5 KiB) Downloaded 929 times

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#6 Post by mikeb »

Yes tried startpage but just felt was still supporting google and their lxquick just lacked results.... by the way that wonderful wellminded search is pure google...just thought I'd mention that.

well spoofing was a way of preventing the javascript in the first place which also might shed some light on why google are always pushing for browser updates so heavily....newer browsers...more ways to track you.

I sit here on firefox 3.6... updated this year...thought I should...knew I would....I am not in the hood...this is no brotherhood....see ya :D

mike

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#7 Post by playdayz »

perhaps tor's restictions are more to do with bandwith with regard to flash.... some were using it to watch the likes of the bbc for example.... bit of an abuse unfortunately.
TOR project now says it blocks Flashplayer because flashplayer can reveal your true IP address, but I found that flashplayer could be re-enabled. If people in repressive countries use TOR to watch BBC news that is OK with me, but TOR still does say it is a security risk.

I am having trouble with NoScript interfering with function. Buttons don't work, etc. I am trying to find the balance between privacy and function. I know that one might have to do some extra work to insure more privacy. I am looking for a good balance between privacy and function--mainly I am just irritated about tracking.

Is there a new ad at the top of the Forum?

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#8 Post by mikeb »

Hmm well perhaps one area to look at is talking back to third party sites.

Using google as an example there are several additional domains they use...I added them to a block list in our router which does not seem to affect sites and has a bonus bunny of removing google ads on other sites too....I mainly got them from examining images plus scripts listed in the html <head>..if the unwanted scripts cannot get through they cannot talk back basically.

Blocking javascript does get fiddly as many site use it for legitimate purposes. Some are funny...ebay works so much better without but their 'punishment' is that only the first half of search results will show pictures...how's that for a cyber sulk :D

Oh must not forget flashblock...I am sure having that running must remove some unwanted prying not to mention improve page responsiveness and no real penalty in page access.

mike

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#9 Post by playdayz »

I should say my goal is to figure out what to install and enable in a Firefox pet for Puppies that will give people the best balance of privacy, non-trackability, and functionality I should have said that I do routinely use Adblock as well as the others I have mentioned. It is all in progress--thanks for the help. Does anyone else have preferences about Ghostery versus DoNotTrackMe? DoNotTrackMe is a bit less intrusive it seems to me. And doesn't Firefox also have an add-on that will redirect or hide Google searches? And finally, my inclination at this early stage would be to include NoScript but not enable it, since it is "fiddly."

Currently using Ghostery, HTTPS Everywhere, Adblock, Do Not Track set. Function good, https active often, Will look at Google search hiders and flashblock.

Firefox add-on Remove Google Tracking. Does anyone know about it?

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#10 Post by greengeek »

i don't believe it is even possible to 'hide' what you are doing anymore. Using Tor simply puts up a massive flag that ensures every data packet you send is trapped for later analysis.

http://nakedsecurity.sophos.com/2013/12 ... -418528781

There are now massive data centres worldwide that are used for storing your data for further indepth scrutiny as required. Special routers have been installed in server complexes such as Microsoft, Google. Apple etc in order to trap, copy, echo and redirect data in order to suit the "needs" of those who wish to monitor and/or control us
http://www.murga-linux.com/puppy/viewto ... 938#707938

ISPs are now required by law to allow and even facilitate access to your data.

The greater the efforts you go to in order to anonymise your data flow, the more unique and therefore visible your internet activity becomes. Check out panopticlick and consider how much every puppy user stands out like a sore thumb:
http://www.murga-linux.com/puppy/viewto ... 746#673746
Throw Tor and puppy into the mix together and you can guarantee raising eyebrows.

Now that huge quantities of data (especially from specific users) is trapped and stored there is no way to escape scrutiny, except by using encryption that is of such high quality that it is impossible to break. Apparently that hasn't been invented yet.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#11 Post by Barkin »

playdayz wrote:... doesn't Firefox also have an add-on that will redirect or hide Google searches?
There used to be a FireFox addon called GoogleSharing , which was a Google search via a proxy, but it doesn't seem to work now,
(Google doesn't like being scraped and has blocked such proxy search services in the past like Scroogle).

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#12 Post by playdayz »

i don't believe it is even possible to 'hide' what you are doing anymore. Using Tor simply puts up a massive flag that ensures every data packet you send is trapped for later analysis.
Yes, greengeek, I had no hope of 100% anonymity. And yes, no doubt at all in my mind that NSA and others can break any encryption--often the author of the encryption program tells them how. But I did hope to at least minimize tracking. I will admit that might just be for personal psychological reasons. Is it your opinion that it is better just to do nothing--and maybe just use Firefox with Adblock, say, just for your own convenience.

Https-Everywhere from Electronic Frontier Foundation appears not to be listed in Firefox add-ons. Am I wrong. Or why not does anyone know?

Haha. I picked up some malware in doing this research. Start over.
Last edited by playdayz on Mon 23 Dec 2013, 22:34, edited 1 time in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#13 Post by nooby »

greengeek wrote:i don't believe it is even possible to 'hide' what you are doing anymore.
I have that view too. I am a pessimist.

If the NSA and similar bodies wants to know
then they sure will see to it that they find the means.

That does not mean I would discourage those
that want to feel secure. Tell us about the means
you use and who knows maybe some of them do actually work?

playdayz I think that is a good goal but I would
warn people that maybe it help with some privacy
but not all. It all depends on how interesting they find you to be :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#14 Post by greengeek »

playdayz wrote: Is it your opinion that it is better just to do nothing--and maybe just use Firefox with Adblock, say, just for your own convenience.
I'm really undecided about this. I'm basically paranoid but doubt much can be done to improve security so I just try to focus on the following:

1) Speed of browsing
- this involves things like Adblock - not because of tracking, but just discarding the rubbish that slows my machine down.
- Avoidance of sites that spend five minutes sending data to google.api.whatever that I see flashing along the bottom line of the browser. If the site wants to use up my time and my paid bandwidth I just try not to go there. The page should load within a few seconds or else I'm out of there.

2) Non-collection of malware
- I think the best thing I can do in this regard is to avoid Windows. However, even though Puppy is probably more secure (as are most *nixes I guess) the 'run as root' thing probably makes it less secure than some might imagine. Still, I'm sticking with Puppy. I'm probably going to regress back to running from CD so that I at least feel my code is not being secretly modified. (doesn't stop harm being done while I'm running in RAM and surfing online of course...)

3) Avoidance of tracking
- I don't worry about this any more. I simply assume that every bit of data I send and receive is visible or accessible to someone. I will never use the internet for banking or for any vital personal information if I can avoid it.

Overall, the thing I seek most is speed of browsing - I want the data I requested to appear on my screen without delay and I don't want my bandwidth used up by companies collecting data from my browser. - it is not necessarily that they are tracking me either - it is just that they are collecting information that they sell to third parties. Sort of like having a census inspector stood at your front door checking out what brand of socks each of your visitors prefers to buy. Just a damn nuisance.

Anything that can be done to make the browser turn down requests for information is a good thing, although there is so much going on in terms of pixel tracking, redirecting etc, that I don't know how much a browser can actually do to shut the doors.

Did you do the panopticlick test to see how unique your system is when on the net? For puppy users it's like walking down the mainstreet with no pants on.

gcmartin

#15 Post by gcmartin »

@Playdayz, thanks for this thread. Wonderful for all the contributions flowing in. Good technical aspects and findings which are useful in understanding and approaches.

Want to highlight 3 things I think might be useful:
Snodon Amnesty: The US Congress passed a law almost a decade ago that took away the protection rights of "Whistle Blowers". This is one prime reason why he had to escape. I am hoping that somet6hing positive lands for him, but it have to be in a non-western country that absorbs him. What's interesting to me in the number of Western countries who have denounced the NSA-US practices, while at the same time, not offering amnesty in their countries. Some hypocrisy at play, on that, by those countries.

Secure features for popular browsers; i.e. Firefox. One idea that comes to mind is one/more thread(s) that provide PETs that add security to each existing browser that are the mains in PUPs with a name like "Firefox Security PET" or "SeaMonkey Security PET" which would collect several add-ons into a simple secure addition to such. Even if such a PET existed, it does NOT need be the greatest to provide usefulness to any user who just want to expand security, even a little.

Google: I am not proposing advocacy of Google as I have knowledge that the company did NOT create, instigate, or offer any government a pathway to exposures. If accounts are accurate, they have been a thorn in governments backsides on govt requests. So much so, that they have been fined or "turned-off" when they don't allow themselves to be bullied. And, YES, their model has always been to advertise to raise operating revenue for the good innovation.they have brought to the planet of uses and users. Because that is their business model, does NOT mean they or ANY ISP are willing participants in International Convert Security. Acknowledgement of this by me does NOT make me a FAN. But, understanding this, I am sensitive to the decision any one of us can make to have a comfort level of internet use. And understanding this, I think ALL ISPs are operating with levels of government oversight where govts want access to ISP records and information.

Hopefully, sometime in our future, it would be hoped that all of access to any information we seek or view, will be contained ONLY on a single fob that we take everywhere with us where ONLY YOU would have access to it. Let's hope that some the ideas being batted around in the UN could bring a new global approach. ... But, don't count on my level of optimism as I don't ever see that happening.

majorfoo
Posts: 448
Joined: Mon 07 Mar 2011, 22:27
Location: Wish I knew

#16 Post by majorfoo »

I use current seamonkey 2.23 with preferences set up as shown

Do you think this helps me to really avoid tracking?
Attachments
seamonkey privacy-1.png
(45.98 KiB) Downloaded 500 times
seamonkey privacy-2.png
(50.97 KiB) Downloaded 498 times
seamonkey privacy-3.png
(55.12 KiB) Downloaded 508 times

gcmartin

#17 Post by gcmartin »

@MajorFoo points out some of the standard elements browsers provide to allow reasonable use and protection. Yes those settings will filter certain kinds of activities and provide a level of behavior to control comings and goings on the Internet.

Beyond these elements, many people have personal preferences to certain kinds of settings and even certain browsers. So expect others to offer their ideas to security as its seen. I have been a Seamonkey user since the original Netscape==>Mozilla days.

But, as others have pointed, there are add-ons which can be added to add more hardening to the surface of your browser with add-ons. Some to the problems we are asked over the years is about which add-ons and what settings must be done so that any given user will have the protection they anticipate by the use of the browser settings AND the setting in each add-on that is added to your browser. The unfortunate issue is that each add-on has its own structure, controls, and setup which are different than EVERY OTHER add-on. So arriving at a consistent level of protection can be a little-bit of a challenge in desired behavior.

Again if a Security Add-on PET exist for each browser with some standard add-on items contained (vs. downloading each add-on individually) it could deliver a consistent start for users in their use negating each user having to remember locate and download helpful protective add-ons, as is done today.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#18 Post by Barkin »

majorfoo wrote:I use current seamonkey 2.23 with preferences set up as shown

Do you think this helps me to really avoid tracking?
If the objective is to avoid tracking by Google don't tick the boxes I have coloured red (below) as they are Google services ...
mozilla.org wrote:What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?

...in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
Attachments
redboxes.gif
the anti-phishing antimalware services in Seammonkey and FireFox [here coloured red] are provided by Google.
(16.95 KiB) Downloaded 425 times

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#19 Post by mikeb »

If the objective is to avoid tracking by Google don't tick the boxes I have coloured red (below) as they are Google services ...


they also generate large files which is why I untick them and delete those large files ... I don't consider what they do worthwhile...malicious sites are pretty much a problem for IE users anyway.

Like the other poster I am interested in browser efficiancy...if reducing data harvesting helps then so be it.

If someone feels their life is richer by logging my search for washing machine bearings then so be it. No government agency is the slightest bit interested in my crappy habits or the other 99.99999% of traffic on the net... sure they could target a suspect but who is sitting there sifting through unimaginable piles of data on the offchance a terrorist is buying explosives off ebay...

ok must go.... got some secret documents to post on facebook...and does anyone happen to have my bank details cos I seem to have mislaid them?

mike

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#20 Post by playdayz »

I am seeing a lot of agreement. First, we are all pessimists. "There is nowhere to run and nowhere to hide," (except to stop using the internet)
greengeek: I don't believe it is even possible to 'hide' what you are doing anymore.
nooby: I have that view too. I am a pessimist.If the NSA and similar bodies wants to know then they sure will see to it that they find the means.
Also, greengeek and I, and others I see, have the same goals (see his message above for details). http://www.murga-linux.com/puppy/viewto ... 903#745903
1) Speed of browsing
2) Non-collection of malware
3) Avoidance of tracking
gcmartin wrote:
Secure features for popular browsers...which would collect several add-ons into a simple secure addition to such. Even if such a PET existed, it does NOT need be the greatest to provide usefulness
Yes, that's a/the goal. And I agree with nooby again
playdayz I think that is a good goal but I would warn people that maybe it help with some privacy but not all.
Tentative first conclusion: it is complicated as heck trying to find anything that would be "one-size-fits-all." Experienced users can configure add-ons and browser settings the way they want for their own browsing uses, but as a designer my goal would be to find a package that would work for most everyone and make some improvement without interfering with ease of use, etc. I think that means that add-ons should work with defaults for the popular web sites--luckily most are trying to do that.

Right now I am running NoScript and DoNotTrackMe together in Firefox 27 and my websites seem OK. An added benefit is that they seem to be blocking ads also, so I am not running AdBlock Plus as usual. I will keep experimenting and reading this thread and try to correlate something that may satisfy greengeek's priorities and be useful to newbies--and nooby :wink: Then I would post it for comment.

Question: Barkin and mikeb, Does Firefox have those phisihing and malware options as in Seamonkey--they are also able to be turned off in Google Chrome. In general, is there any reason to prefer SeaMonkey to Firefox in this regard?

Question: bark_bark_bark, Why did you say that DNTM doesn't work and compromises privacy itself? And as I say, DNTM is less intrusive on weather.com--as Ghostery blocks the radar map. Ghostery seems very good otherwise. Ghostery does have better ratings, but they both have 500,000-900,000 users. I cannot see on first glance what blocked url is killing the radar map or I could customize.

Comment: I freely admit that part of my opposition to tracking is personal and philosophical (the other part is greengeek's #1). If you want a laugh here is a short explanation: Tracking treats people as objects to be marketed to, and I regard treating people as objects to be ethically wrong. "Consumerism is an abomination because it degrades the Earth and the human spirit." I would like not to participate and even interfere to the extent possible, even though I know it will not make any difference to the world at large.

Thanks for the comments. It is good to be communicating with greengeek, mikeb, majorfoo, nooby and other old friends. Happy holidays to all.
Last edited by playdayz on Tue 24 Dec 2013, 17:04, edited 2 times in total.

Post Reply