Pete's Privacy Tips

Listed below are some personal recommendations for improving your online privacy.

Choice of Internet Service Provider
Choice of Router/Firewall
Choice of Browser
Browser Add Ons
Privoxy
Tor Anonymity Network
Disable Geolocation
Cookies
Clearing Your History Automatically
Flash LSOs
Firefox Add On Recommendations
Disable Third Party Images
Protecting Personal Data
DNS Black Hole Lists
SSL Encryption
SSL Protected Search
The Future - Cloud Computing?

See also 'What does privacy mean?'

Choice of Internet Service Provider

If you value the privacy, security, and data integrity of your internet connection... don't use BT, Virgin Media or TalkTalk as your internet service provider.

There are many other internet service providers who will not compromise privacy or quality of your data communications. I can confidently recommend Aquiss, UKFSN,  Orpheus, but there are many others that have been recommended to me. Andrews and Arnold,  Bethere, and The Phone Coop are often cited by people I trust. And the AntiPhorm League ISPs have all undertaken to avoid Phorm.

I'd recommend you AVOID buying your broadband, phone, mobile, and television service from one provider. Spread your service contracts around, and use DPA section 11 notices to require that your data is not used for marketing.

I'd also recommend you AVOID at all costs mobile broadband provided by Vodafone, 3UK, Telefonica/O2, Orange, and T-Mobile  for reasons obvious from this Guardian article. Mobile operators are able to combine your profile with your location data too. Vodafone and 3UK are using hardware provided by Bluecoat to intercept, divulge, and covertly replay subscriber's unencrypted web requests from servers in the USA.

Choice of Router/Firewall

A good hardware router will help protect your network from privacy instrusions and other external security threats.

You should AVOID using routers/firewalls supplied by your ISP (like the BT Homehub).

These devices frequently include 'backdoors', allowing the device to be modified by the ISP, without your consent.

Reputable manufacturers of routers/firewalls include firms like Draytek, D-Link, Zyxel, SMC, and Buffalo.

If you cannot avoid using a device supplied by the ISP, you should use a second firewall to block access from the ISP supplied device to your network.

Choice of Browser

I currently recommend Firefox  rather than Internet Explorer or Chrome. Firefox has better privacy protection features, and can be extended using add ons to further enhance your privacy.

Because both Internet Explorer and Firefox are funded by corporate sponsorship, the privacy defaults tend to favour the interests of their sponsors.

Browser Add Ons

Firefox can be extended with a range of helpful add ons.

It is probably best to install privacy enhancing add ons one at a time. By design many of them will stop some content types being downloaded and displayed by your browser. If you install them all at once it can be difficult to understand what's going on. Over time, you will become familiar with their features, and you can tune them to match your personal browsing habits.

For beginners I'd recommend the following essential Firefox add ons;

  • Adblock Plus will prevent Firefox downloading content that appears to be advertising material, and does so very effectively without spoiling the browsing experience.
  • Flagfox will indicate where the web site you are viewing is physically located. The domain name can often be very misleading, for example web sites on .co.uk or gov.uk domains are often served by machines that are physically located outside the UK. Flagfox will warn you when this occurs.
  • HTTPS Everywhere will automatically rewrite your unencrypted web requests, and send them to SSL encrypted sites where possible.
  • TACO (Targeted Advertising Cookie Optout) is a useful add on, which maintains various targeting opt out cookies for marketing networks.
  • TrackMeNot is an interesting add on which submits fake queries to search engines, foiling attempts by the search engines and your internet service provider to profile you.

For more advanced users, you might want to try;

  • The Secret Agent add on (another Dephormation project) can randomise your browser's 'User Agent' with every web request, making it more difficult for crooks, rogue ISPs, and instrusive web sites to correlate your clicks.
  • RefControl can stop your browser leaking your referrer navigation history to web sites. RefControl default settings should be changed, to block or forge the referrer header for all sites. Without RefControl, as you follow links, the 'referer' (sic) header sent by your browser with each page request tells the target site where you came from, or what you were searching for.
  • NoScript will allow you to manage and control the execution of Javascript on specific web pages. Javascripts are small programs embedded in web pages which can be used to compromise your privacy and security.
  • RequestPolicy ensures the content you see on web pages originates from sites in the same DNS domain. For maximum protection, RequestPolicy can be configured to block third party content which did not orginate from the same web server. This will help to suppress tracking beacons, the 1x1 invisible images used to track your use of web sites using 'cross-site requests'.

If you're concerned to navigate the net in anonymity, you might want to consider;

Note that I don't recommend you use Dephormation unless you are an experienced technologist who fully understands the risks associated with Phorm. Dephormation does not protect you from Phorm. If you find you need to rely on Dephormation (or other similar browser add ons) to protect you from a malicious ISP, you need to find a new ISP who respects the privacy, security, and integrity of your data communications.

Privoxy

Privoxy is a web proxy server which processes your browser requests, and the resulting pages, stripping out content which might compromise your privacy (see also the Vidalia bundle below).

Tor Anonymity Network

Tor is a volunteer network that protects your anonymity by relaying your web requests across the globe securely and anonymously.

Using Tor makes it practically impossible for your surfing behaviour to be monitored.

The Vidalia Bundle is an easy to use package for Windows and Mac comprising a Tor client, a Privoxy proxy server, the Torbutton Firefox add on, and the Vidalia GUI control panel.

Using Tor is slightly slower than conventional web browsing, your traffic has further to travel for the sake of anonymity.

It is important to note that while Tor improves anonymity, you should not use unencrypted authentication methods over Tor (because you never know where your communications will 'exit' from Tor).

Disable Geolocation

Firefox 3.5 (and other recent browsers) include a feature called 'Geolocation' that can, albeit after prompting for your consent, obtain and disclose your present location (often accurate to within a few metres).

This feature reveals your current location both to Google, and the web site you are visiting (thus allowing a link to be made between your location and your IP address). If the web site you are visiting is unencrypted, surveillance systems like Phorm will also be able to determine your location from your communication traffic.

This presents serious personal privacy risks, and a serious safety risk to young children or vulnerable adults.

To disable Geolocation in Firefox 3.5, enter "about:config" in your address bar. Accept the warning, and enter "geo." as a filter term. Double click on "geo.enabled" to toggle the setting to "false".

Set the value "geo.wifi.uri" to be "localhost", or some other value.

(If you need to supply fake location information, you can enable geolocation, and use https://www.dephormation.org.uk/geolocation/geolocation.php as a source of bogus location data).

 

Cookies

Ideally, you should disable cookies entirely in Firefox, and only permit sites to store data on your machine when it is in your interest to do so.

In practical terms, this can sometimes be difficult for non-technical users.

Suppressing 3rd party cookies, and ensuring that cookies expire when the browser is closed will prevent many tracking methods.

Using the Tools menu, click on Options, select the Privacy tab.

Ensure that 'Accept third-party cookies' is unchecked, and the 'Keep until' option is set to 'I close Firefox'.

Even this level of caution may not be sufficient. Flash LSO's (see below) can be used to reinstate the tracking cookies you delete, as this article explains.

Clearing Your History Automatically

Clearing your browsing history and cookies when you exit Firefox helps limit the information that can leak.

Using the Tools menu, click on Options, select the Privacy tab.

Ensure that 'Always clear my private data' is checked, and the 'Ask me before clearing private data' option is unchecked.

Click on the 'Settings' button. Ensure that the options shown right are checked.

Javascript

Javascript can be used to gather private information or compromise your security.

Using the NoScript add on for Firefox, you can control Javascript on a site by site or even page by page basis.

Flash LSOs

Flash LSOs (locally stored objects) are rather like ordinary browser tracking cookies. They are enabled by default.

Tracking systems are increasingly using LSOs to identify web users, because they are so difficult to erase.

You should disable LSO's entirely using the following procedure.

Note that Macromedia track visits to their site using Omniture; you should add the host 'stats.adobe.com' (which is an alias for a Omniture '2o7.net' tracking host) to your DNS black hole list.

Visit this Macromedia page.

Select the Global Privacy Settings tab (the first tab) and click on the 'Always deny' option;

Select the Global Storage Settings tab (the second tab). Adjust the amount of storage space that web sites can use to 'None'. Uncheck 'Allow third party Flash content to store data on your computer';

Select the Global Security Settings tab (the third tab). Choose 'Always deny' to prevent sites obtaining unauthorised access to information.

Firefox Add On Recommendations

Once a day, Firefox (v4.0+) sends a summary of the browser add ons you have installed to addons.mozilla.org; "This involves sending the identifiers of each add-on you have installed to Mozilla" (source). This data is used to recommend other add ons to you.

    Opting out of this daily ping will stop Firefox from sending the add-ons you have installed and most recent start-up time to Mozilla, and will also stop displaying updated metadata for your add-ons and discontinue personalized recommendations if they were displayed in the Get Add-ons pane of the Add-ons Manager.

If you'd prefer to keep the list of your installed browser add ons private, and the configuration of your browser more secure, you need to set the preference "extensions.getAddons.cache.enabled" to "false".

To disable this feature, enter "about:config" in your address bar. Accept the warning, and enter "extensions.getAddons.cache.enabled" as a filter term. Double click on "extensions.getAddons.cache.enabled" to toggle the setting to "false".

Disable 3rd Party Images

When you visit a web site, the content you receive from the web site is called 1st party content. Within the page may be content drawn from other web sites, called 3rd party content.

3rd party content may include so called 'tracking beacons', 1x1 pixel images which allow a third party to record your visit to the first party web site.

In early versions of Firefox it was possible to prevent this behaviour. While the option has been removed from the configuration dialogs, it is still possible to set the preference manually, if you're feeling brave.

Instructions are here http://kb.mozillazine.org/Permissions.default.image.

To set the required parameter, type "about:config" as the URL (or click on the link provided), promise to be careful, then scroll down to the permissions.default.image entry, double click it and set the default value to 3.

This may prevent some web sites working as intended, for example Google image search may not display the image results.

Alternatively, consider using the RequestPolicy add on, and configure the preferences to require a full domain match.

Protecting Personal Data

Never disclose personal data online unless you absolutely have to.

Consider the information you publish on social network sites carefully. Once you have published information it can be very difficult if not impossible to regain control over it.

Think carefully too about providing data relating to friends and relations. Is it fair to reveal their personal information to a social networking site, without first asking permission?

If you're required to register for a site, consider whether you can provide false details. In many instances, it is simply not possible for a web site to validate address details you supply. If you are asked for a valid Post Code, why not offer the Post Code for your nearest rubbish tip (that way cutting out the middleman).

Once your relationship with a firm ends, corrupt your personal data, by setting a bogus name, address, and telephone number for example.

DNS Black Hole Lists

Host lists allow you to configure your computer so that it is unable to establish connections to known malicious web sites, by over-riding the Domain Name System (DNS) with false IP addresses.

I recommend the MVPS host list, and the SomeoneWhoCares host list.

With these lists installed on your computers, many of the worst privacy threats on the internet vanish into oblivion.

Note that in Windows, you will need to run your text editor with administrator priviledges before you can modify the host list.

SSL Encryption

When visiting a web site, look for an option to use SSL encryption. The padlock icon in the address bar, or sometimes the bottom right hand corner of your screen, will confirm your communications are encrypted.

SSL will ensure that the privacy, security, and integrity of your communications cannot be easily compromised.

If possible, avoid using sites which are not encrypted, particularly those which do not transmit your personal information in encrypted form.

If you have HTTPS Everywhere installed in Firefox/Chrome, your browser will automatically default to SSL encrypted sites where possible.

Beware of browser warnings about sites which fail to offer valid SSL certificates. Never ignore these warnings.

If you operate a web site, particularly if you have customers/visitors in the UK. you should be using full SSL encryption for all of your communications. Not just  to protect your users, but to protect your own communications with your users from industrial espionage and copyright theft by UK ISPs.

SSL Protected Search

Using an SSL connection to your preferred search engine will ensure that only your chosen search provider can see the terms that you search for.

IXQuick (EU) were the first search provider to offer a fully encrypted service. IXQuick in particular claims to actively protect your privacy.

In recent years, other providers such as Google, Wikipedia, DuckDuckGo have recognised the threat to their users and their own business interests, and now offer SSL services too.

You can add IXQuick to your browser search bar by following their instructions.

You can add SSL search engines to the Firefox search bar using the Mozilla Mycroft site to configure your browser.

If you have HTTPS Everywhere installed in Firefox/Chrome, your browser will automatically default to SSL encrypted sites where possible.

The Future - Cloud Computing?

Cloud computing, and personal privacy, is simply nonsense. Its drivvel.

Handing some of your personal data to someone requires a degree of trust. Handing the entirety of your personal data to a commercial organisation, particularly one with BT, TalkTalk, Virgin Media, Vodafone, or Telefonica O2's track record is borderline insanity.

That's not just my view, it is also shared by Richard Stallman.

Given the debacle over the corporate handling of private data in the UK, and the inaction of regulators, you should not trust or use cloud computing services.

Particularly, sadly, those hosted or provided in the UK.

And especially those offered by BT, TalkTalk, Virgin Media, Vodafone, and Telefonica O2.