Mar 102012
 

TL;DR: Install Do Not Track Plus, use Duck Duck Go (with !sp sometimes) for web searches., To go the extra mile also install Straight Google (requires Greasemonkey), Cookie Whitelist and BetterPrivacy.

I don’t like the idea of advertisers, search engines, and social networks building extensive profiles about what I do online (why). A short-list of tools to avoid such tracking:

Prevent Inter-Website Tracking

  • Abine’s Do Not Track Plus is nearly a one-stop shop. I wish more details were available about what it does, but the gist is:
    • Install and maintain a large number of generic do-not-track-me cookies for many ad networks and tracking services. When content is fetched from these sites, the generic cookie is sent rather than one which is unique to you
    • Special handling for social buttons (e.g. Like this on Facebook), in which the button is fetched anonymously, but, should you choose to click on it, the veil is lifted and the Like associated with your account
    • Many ads are blocked from rendering too, which I hadn’t expected. Those that remain are innocuous enough that I do not use Ad Block Plus any more.

Reduce Google Information Gathering

I store some personal information on Google (thanks to Google+, Google Calendar, etc.). I do not want to Google to associate that personal information with all the web searches I do every day. Do Not Track Plus is of limited value here: if you sign in to Google, Do Not Track Plus will be obliged to permit your identity to be sent. Additional steps are needed:

  • Don’t search with Google. I prefer Duck Duck Go for most searches, thanks to their Zero-click Info and other goodies.
  • For needle-in-the-haystack searches, I find Google often has the best results. Startpage is an anonymous Google Search proxy. Rather than use it directly, I just prefix my Duck Duck Go searches with !sp when needed.
  • Straight Google (requires Greasemonkey) prevents Google’s click-tracking. This is less important if you follow the above steps to avoid doing your web searches at google.com. However, they still track links clicked on their other products, which Straight Google can prevent.

Control Intra-Website Tracking

The above steps should take care of attempts to track your movement across the web. However, most websites will still store long-term cookies in your browser to track your history of interaction with that particular website.

  • Cookie Whitelist is designed to only allow white-listed cookies from being accepted. In practice, this breaks too many websites. For less hassle, configure as follows:
    • Cookie button (the red one): ON. This lets any website set a cookie, but it will be deleted at the end of the session
    • For the few websites you wish to remain logged in to (or otherwise personalized) click the green button to whitelist as needed
    • Do not accept third-party cookies
  • BetterPrivacy is to Flash LSOs (local shared objects, or Flash cookies) what Cookie Whitelist is to regular cookies. Alas with a more confusing set of configuration options.

Note: this post is (obviously?) not about how to avoid your employer/ISP/government monitoring what you do online. To hide what you are doing from someone who has access to all your traffic, you need encryption and proxying. A good first stop to get some encryption is EFF’s HTTPS Everywhere. This goes a long way to prevent the person nearby in the coffee shop from stealing your Facebook account.

Originally published 2012-03-10. Updated 2012-03-14 with intra-website tracking steps.