Research Finds that Privacy Tools Don’t Work | Naked Security
http://nakedsecurity.sophos.com/2011/11/07/research-finds-that-privacy-tools-don%e2%80%99t-work/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29 -- Shared with Google Share Button
I've blogged more on ScriptNo here: http://transfermodeawesome.posterous.com/avoid-malware-attacks-using-the-scriptno-chro
Here's an interesting article on security and information privacy.
I tend to be a bit paranoid about how much information about my surfing is tracked by these companies and what they are able to do with it. Moreover, I don't appreciate the fact that advertising can actually become an attack vector for bad guys to take over my computer. That's why I take several steps to prevent such tracking and advertising.
Some of the steps I take do, to some degree, affect the usability of my browser. I have to approve certain sites before they will work as intended, usually for downloads or video. However, that's only the most stringent of my chosen tools, ScriptNo for Chrome. A number of other tools are available that have little to no impact on my browsing and go a long way toward protecting my privacy.
I should note that most if not all of these tools are specific to the browser you use. I don't recommend using IE in any circumstances (except Windows Update, where you are forced to). I prefer Chrome and recommend it to anyone.
The one privacy-related tool I use that isn't browser-specific is Panda Cloud antivirus. It is ant-spyware as well, and occasionally it finds a tracking cookie that it will neutralize for me, but it seems to wait for me to run a scan manually, as opposed to automatically neutralizing it in real-time for me.
The rest are browser extensions or settings.
The first setting I use is Chrome's no-third-party-cookies setting. While I can't get away with this at work, where I have a site that needs a third-party cookie (don't ask), on the Internet this should work without any kind of negative impact in the vast majority of cases. I use it on all my personal computers and it works fine. It also tells me, by virtue of the fact that it shows an icon in the address bar when it blocks one, that just about every site on the Internet tries to set third-party cookies. My assumption is that the vast majority of these are trackers for advertising. I've already blogged about this tool and how to set it here: http://transfermodeawesome.posterous.com/disable-third-party-cookies-in-google-chrome
If you want to get really zealous, you can tell Chrome to dump all cookies after it exits, but I don't recommend this. It forces you to re-login to any sites you use regularly, which is an annoyance, and your actions are still trackable within any given session, just not between sessions.
The second thing I use is Google's Keep My Opt-Outs extension. What this does is adds you to a registry that allows ethical advertising trackers to give you a single opt-out from all of them. While you should never completely trust a single, voluntary measure to keep away prying eyes, this is an easy way to cut a lot of them out.
Third, I use AdBlock, which out-and-out removes the vast majority of ads from my browsing experience. While this may or may not block the trackers that they use to monitor browsing (I don't know), it definitely keeps me from intentionally or accidentally clicking advertising, an action which explicitly gives advertisers information about me. AdBlock is very easy to use.
I recommend all of these tools, as they don't tend to impair browsing and they afford you some extra privacy.
The last tool I use, ScriptNo, is very effective at cutting out these trackers, as it gets rid of multiple types of trackers, including webbugs, and it straight-out blocks browser access to any unknown domain. It also blocks specific ad and malware domains.
In fact, ScriptNo is more of an anti-malware tool than privacy tool, it just so happens it is good at that as well. I *strongly* recommend it if you do any kind of serious financial work on your computer, especially if you run a business. If fact, if you run a business from your computer, you should really dedicate a machine to have access to your bank accounts and do *nothing* else from that computer in order to protect it from infection. There are malwares out there which will allow bad guys to drain your bank account, frequently without you knowing about it until it is dry.
However, ScriptNo radically impacts your browsing. It assumes every site should not be allowed to run scripts nor use a number of other techniques in wide use across the Internet, sometimes for good functions and sometimes for bad ones. You should be ready to put some work into a tool like this, but the safety and privacy it gives are substantial. An ounce of prevention can be worth colossal amounts of cure when it comes to malware.
The impact I'm talking about is that you have to manually approve each site that you want to be allowed to use these tools such as scripts. Unfortunately, almost all sites use them. Fortunately, though, most don't actually need them, since they are using them for "extra", and sometimes unwanted, functionality such as advertising tracking. Still, many sites, including ones that are trying to allow you to download software or ones that show video, will look broken when you visit them. Frequently, you will need train ScriptNo to temporarily or permanently allow the site to use its content, and not only that, you may need to enable one or more third-party sites with unintelligible names as well. This can be rather intimidating and annoying just to see a video, but sometimes that is a worthwhile price to pay. I know this tool has saved my machine from infection more than once, and I'm willing to pay that price in return. Fortunately, ScriptNo allows you to consult the Web on Trust site-safety-rating tool on any of the blocked sites, which makes it easier to be selective about the sites you trust. Unfortunately, there is no way of sharing your training info between machines, so you have to go through this process on every computer you own.
I've blogged more on ScriptNo here: http://transfermodeawesome.posterous.com/avoid-malware-attacks-using-the-scriptno-chro
That's it!