Protect your online life from prying eyes with these key Firefox
privacy add-ons.
- Logan Kugler, Computerworld They say privacy doesn't exist on the Web -- but that doesn't mean you
can't try to safeguard your personal information. Our computers are
loaded with details about our personal and business lives, and it's
definitely not acceptable to reveal them haphazardly. With hackers
becoming ever more sophisticated, you have to take precautions. One threat to privacy on the Web is the use of cookies and other
technologies to track your browsing, clicking, searching, social
networking and buying habits as you move from site to site. These
tracking technologies build up an online profile of you that can be
used not only to send you ads designed to appeal to you (useful to
some, intrusive to others) but could also be used for identity theft
if the information fell into the wrong hands. Another threat is the vast number of files that accumulate on your
hard drive -- your browsing history, log-in cookies, cached pages and
more -- that could be accessed either by someone who gets physical
control over your machine or remotely by hackers who have installed
malware on your system. This information can include banking details,
credit card numbers, Web site passwords and records of your visits to
potentially embarrassing sites. The current versions of all popular Web browsers offer some sort of
"private browsing" feature -- you activate it and surf as you normally
would, but your cookies, passwords, Web history and browser cache are
erased when you close the browser at the end of your session. Private
browsing offers some degree of protection if you're willing to forgo
the convenience of having your Web history and saved passwords at your
fingertips. But researchers from Stanford University and Carnegie
Mellon University have found that no browser actually removes every
trace of private browsing sessions. oz In this regard, Firefox's vast
library of browser add-ons is both a blessing and a curse. On one
hand, the researchers found that some add-ons, such as those that
enhance searching, may store information that's supposed to be purged
after a private browsing session. On the other hand, a number of Firefox extensions (some of which are
available for other browsers) can protect your privacy to a degree
that's far above and beyond what private browsing can do. For
comprehensive control over your privacy, install and use at least some
of these eight Firefox extensions. PasswordMaker: A basic security rule is that you should use a unique,
un-guessable password for each site you visit. But how do you
remember LV307gbH(* every time you log into your Web mail account?
PasswordMaker solves that problem by generating a new password for
each site -- all you have to remember is your own master password to
unlock the extension. PasswordMaker uses an algorithm based on your
master password, the URL of the site, your username and six other
factors to generate the password on the fly every time you visit the
site. That means it never needs to store passwords on your computer
(or on a central server) -- so even if someone gets access to your
computer, your passwords are safe since they're not actually stored on
the computer anywhere. Generate safe passwords on the fly with PasswordMaker. Obviously,
it's vitally important not to forget your master password if you use
PasswordMaker. It's also important to remember or back up your
account settings and configuration; the algorithm uses those settings
for password generation, so you'll need to re-create them if your
system crashes. The PasswordMaker site offers some planning tips so
that you can recover from a system crash.KeyScrambler: Personal One of the more insidious threats bad guys can
throw at you is a keylogger, a tiny piece of software that invisibly
captures every keystroke you make and sends it back to its home base.
Your stream of keystrokes can provide cybercrooks with personal
information like your Social Security number or credit card numbers,
and of course your log-in information for Web sites, applications and
your computer itself.An even more comprehensive solution for the two problems above is
to use Roboform - it encrypts and remembers all passwords, makes logging
into any of the many sites we use on a daily basis easy and has a raft of other
useful functions. You can get a free copy here:
http://www.12path.com/StartBusinessMentor/FreeRoboForm/ Ghostery: Cookies placed by ads and Web pages can be used to track you
as you move from site to site: Every time you visit a page with code
from a particular ad or other tracking network, it can check to see
what other sites with its code you've visited, what you did there and
what you clicked on, allowing it to build a rather thorough profile of
your surfing habits. If you prefer more private, less customized Web surfing, using your
browser's security or privacy settings to block third-party cookies
can help, but some tracking services are able to circumvent these
controls. Ghostery identifies the companies behind the tracking code on Web
sites. The Ghostery extension, a part of the Better Advertising
project, identifies code from 200 different ad and other tracking
networks, showing you who is collecting data about you and what data
they are collecting. You can decide whether to allow each service to
track you or to block it. When a Web page is first loading, Ghostery overlays a list of active
trackers at the top-right-hand corner of your browser. If you want to
explore further, you can click the ghost icon in your browser's status
bar to bring up a menu listing all the trackers along with links to
further information. Ghostery provides information about each tracking service so you can
choose whether or not to let it track you. You can even explore the particular code used to see exactly what the
tracker is doing. Clicking "Block" for any tracker will prevent its
JavaScript from loading at all, on the site you're currently visiting
plus any other sites that use the same service. Ghostery is also
available for Internet Explorer and Chrome. BetterPrivacy: NettiCat's BetterPrivacy offers protection against an
increasingly common kind of cookie called a local shared object (LSO)
or Flash cookie. LSOs are used by the Adobe Flash Player plug-in to
store the same kind of information that's usually stored in browser
cookies. However, because LSO cookies are stored in a system folder instead of
in the browser folder, they can't be easily deleted. What's more,
unlike browser cookies, LSOs never expire, and they can hold about 25
times more information than typical cookies. Since these objects are
placed by Flash, your browser's security settings have no effect on
them. And here's where they get really insidious -- some companies
use Flash cookies to duplicate their browser cookies. You may delete
the browser cookie for a site, but the LSO stays -- and it restores
the original cookie the next time you visit the site. This
reanimation capability has given rise to two more names for these
objects: super-cookies and zombie cookies. This is where BetterPrivacy comes in. The extension can be set to
automatically delete all Flash cookies every time you exit your
browser, or you can manually manage and delete unwanted LSOs one by
one so that information can't be accessed or used to track you from
site to site. When you install BetterPrivacy, there's no obvious change to Firefox
off the bat. When you close the browser, however, the extension
checks for LSOs. If it finds any, you'll see a dialog box asking if
you want to delete them. If you hit Cancel, it doesn't do anything;
if you hit OK, it deletes them. There's also a checkbox that lets
BetterPrivacy automatically delete all LSOs every time after that. BetterPrivacy scans for and removes LSOs -- a.k.a. super-cookies --
every time you exit Firefox. To manage LSOs directly, open BetterPrivacy's preferences in the Tools
menu. Here you can remove them one by one or all at once; you can
also add specific LSOs to a whitelist to prevent them from being
automatically deleted in the future.
KeyScrambler: Personal foils keyloggers by encrypting everything you
type into Firefox. QFX Software's KeyScrambler Personal offers a
clever way to defeat keyloggers -- as you type, it encrypts the
keystrokes at the driver level and then decrypts them in the browser.
Any keystroke-logging malware on your computer will capture only the
encrypted signal, which it will see as gibberish. KeyScrambler Personal for Firefox, IE and Flock is free; there are
also paid versions -- Pro ($29.99) and Premium ($44.99) -- that extend
protection to other browsers, e-mail clients, password managers and
many other applications. Note that KeyScrambler works only with Windows; we don't know of any
comparable protection for Mac users. NoScript: The NoScript extension by Giorgio Maone prevents JavaScript,
Java and other executable content from running on any Web page you
haven't expressly allowed to run scripts. This is crucial protection
against cross-site scripting (XSS), where hackers insert code into Web
pages using vulnerabilities in the various scripting languages the
sites use to deliver content. Hackers use XSS to install arbitrary
code on users' machines for keylogging, hijacking passwords or
phishing; it's currently one of the most effective methods of
delivering malware. NoScript lets you selectively allow scripting from sites you trust and
block scripting from sites you don't. NoScript is also effective in blocking an emerging form of user
tracking called browser fingerprinting. A recent study by the
Electronic Frontier Foundation (EFF) showed that even without cookies
or malware, Web sites can pull enough information about a user from
the browser itself to build up a profile that can be used to track the
user from site to site. The EFF singled out NoScript as an effective
safeguard against this kind of tracking. Since so much of the Web
relies for basic functionality on the scripting languages that
NoScript blocks, an Options button at the bottom of the browser window
pops up a menu with options that you can use to temporarily or
permanently allow scripts on sites you trust. Tor-Proxy.Net Toolbar: The Tor Project is an anonymizing service that
tunnels your Web traffic through a network of random routers to make
it virtually impossible for an outside observer to track any Web
activity back to your computer. You can install the Tor program on
your computer and route all your Web traffic through Tor, but because
your packets are bounced off servers around the world, you will
experience much slower Internet response. Using the Tor-Proxy.Net Toolbar, though, you can choose to use Tor on
a case-by-case basis, visiting chosen sites anonymously while
maintaining non-anonymous connections in other Firefox tabs. Just
enter the URL of the site you want to visit into the Tor-Proxy.Net
Toolbar instead of Firefox's own address bar and click "by Tor." Use the Tor-Proxy.Net Toolbar to route your Web surfing through the
Tor anonymous network. The toolbar also offers two other options: You can click "by
JAP/JonDos" to use the less popular JonDonym service, which offers
slightly better performance but slightly weaker anonymity, or you can
click "by Express-Service" to use Tor-Proxy.Net's own anonymizing
server. It's a little quicker than the others but isn't as secure,
since it's not an established anonymity service. FireFound: One of the greatest threats to privacy is the loss or theft
of a laptop or desktop computer, giving whoever finds or steals it
access to everything stored on it. Chris Finke's FireFound extension
notes the location of the network your computer is on whenever it
connects to the Internet. If it has changed locations, FireFound
sends a message to a central server with the new location. FireFound Firefox extension If your computer is stolen or lost,
FireFound can wipe out your Firefox data remotely the next time the
computer is connected to the Internet. So if the computer has been stolen or misplaced, you can log onto the
password-protected FireFound server to find out approximately where it
is. You can also set FireFound to send you an alert via e-mail
whenever the computer is more than a specific distance away.
FireFound lets you remotely send instructions to delete browser
passwords, page cache, surfing history, form data and other personal
information from Firefox, so that whoever is in possession of your
computer won't be able to use your browser to access your online
accounts or derive personal information from your cache. The extension relies on the free service at FireFound.com, or you can
set up your own open-source FireFound server. A $1-per-month premium
account allows you to remotely encrypt and back up your saved
passwords before wiping them from your lost computer; the premium
account also lets you designate "safe areas" within which your
computer's movement will not trigger an e-mail alert. OptimizeGoogle: Google offers an impressive array of services that help
make the Internet useful, but all that assistance comes with a cost:
your privacy. If you use a number of Google services, you're giving
the company access to your search history, your e-mail, your video and
picture uploads and a wide range of other data, all of which can live
on Google's servers for months or even years. OptimizeGoogle Firefox extension OptimizeGoogle provides a number of
options for increasing security and privacy while using Google's
online tools. Phlogenix's OptimizeGoogle extension offers some neat tricks to
improve your Google experience, such as adding links to results pages
from Yahoo, Ask and other search engines for your searches in case
you're not satisfied with your Google results. The extension also
offers a number of privacy-increasing options, most notably the
ability to default to HTTPS secure browsing on all Google services and
disabling tracking by ads or Google Analytics.
privacy add-ons.
- Logan Kugler, Computerworld They say privacy doesn't exist on the Web -- but that doesn't mean you
can't try to safeguard your personal information. Our computers are
loaded with details about our personal and business lives, and it's
definitely not acceptable to reveal them haphazardly. With hackers
becoming ever more sophisticated, you have to take precautions. One threat to privacy on the Web is the use of cookies and other
technologies to track your browsing, clicking, searching, social
networking and buying habits as you move from site to site. These
tracking technologies build up an online profile of you that can be
used not only to send you ads designed to appeal to you (useful to
some, intrusive to others) but could also be used for identity theft
if the information fell into the wrong hands. Another threat is the vast number of files that accumulate on your
hard drive -- your browsing history, log-in cookies, cached pages and
more -- that could be accessed either by someone who gets physical
control over your machine or remotely by hackers who have installed
malware on your system. This information can include banking details,
credit card numbers, Web site passwords and records of your visits to
potentially embarrassing sites. The current versions of all popular Web browsers offer some sort of
"private browsing" feature -- you activate it and surf as you normally
would, but your cookies, passwords, Web history and browser cache are
erased when you close the browser at the end of your session. Private
browsing offers some degree of protection if you're willing to forgo
the convenience of having your Web history and saved passwords at your
fingertips. But researchers from Stanford University and Carnegie
Mellon University have found that no browser actually removes every
trace of private browsing sessions. oz In this regard, Firefox's vast
library of browser add-ons is both a blessing and a curse. On one
hand, the researchers found that some add-ons, such as those that
enhance searching, may store information that's supposed to be purged
after a private browsing session. On the other hand, a number of Firefox extensions (some of which are
available for other browsers) can protect your privacy to a degree
that's far above and beyond what private browsing can do. For
comprehensive control over your privacy, install and use at least some
of these eight Firefox extensions. PasswordMaker: A basic security rule is that you should use a unique,
un-guessable password for each site you visit. But how do you
remember LV307gbH(* every time you log into your Web mail account?
PasswordMaker solves that problem by generating a new password for
each site -- all you have to remember is your own master password to
unlock the extension. PasswordMaker uses an algorithm based on your
master password, the URL of the site, your username and six other
factors to generate the password on the fly every time you visit the
site. That means it never needs to store passwords on your computer
(or on a central server) -- so even if someone gets access to your
computer, your passwords are safe since they're not actually stored on
the computer anywhere. Generate safe passwords on the fly with PasswordMaker. Obviously,
it's vitally important not to forget your master password if you use
PasswordMaker. It's also important to remember or back up your
account settings and configuration; the algorithm uses those settings
for password generation, so you'll need to re-create them if your
system crashes. The PasswordMaker site offers some planning tips so
that you can recover from a system crash.KeyScrambler: Personal One of the more insidious threats bad guys can
throw at you is a keylogger, a tiny piece of software that invisibly
captures every keystroke you make and sends it back to its home base.
Your stream of keystrokes can provide cybercrooks with personal
information like your Social Security number or credit card numbers,
and of course your log-in information for Web sites, applications and
your computer itself.An even more comprehensive solution for the two problems above is
to use Roboform - it encrypts and remembers all passwords, makes logging
into any of the many sites we use on a daily basis easy and has a raft of other
useful functions. You can get a free copy here:
http://www.12path.com/StartBusinessMentor/FreeRoboForm/ Ghostery: Cookies placed by ads and Web pages can be used to track you
as you move from site to site: Every time you visit a page with code
from a particular ad or other tracking network, it can check to see
what other sites with its code you've visited, what you did there and
what you clicked on, allowing it to build a rather thorough profile of
your surfing habits. If you prefer more private, less customized Web surfing, using your
browser's security or privacy settings to block third-party cookies
can help, but some tracking services are able to circumvent these
controls. Ghostery identifies the companies behind the tracking code on Web
sites. The Ghostery extension, a part of the Better Advertising
project, identifies code from 200 different ad and other tracking
networks, showing you who is collecting data about you and what data
they are collecting. You can decide whether to allow each service to
track you or to block it. When a Web page is first loading, Ghostery overlays a list of active
trackers at the top-right-hand corner of your browser. If you want to
explore further, you can click the ghost icon in your browser's status
bar to bring up a menu listing all the trackers along with links to
further information. Ghostery provides information about each tracking service so you can
choose whether or not to let it track you. You can even explore the particular code used to see exactly what the
tracker is doing. Clicking "Block" for any tracker will prevent its
JavaScript from loading at all, on the site you're currently visiting
plus any other sites that use the same service. Ghostery is also
available for Internet Explorer and Chrome. BetterPrivacy: NettiCat's BetterPrivacy offers protection against an
increasingly common kind of cookie called a local shared object (LSO)
or Flash cookie. LSOs are used by the Adobe Flash Player plug-in to
store the same kind of information that's usually stored in browser
cookies. However, because LSO cookies are stored in a system folder instead of
in the browser folder, they can't be easily deleted. What's more,
unlike browser cookies, LSOs never expire, and they can hold about 25
times more information than typical cookies. Since these objects are
placed by Flash, your browser's security settings have no effect on
them. And here's where they get really insidious -- some companies
use Flash cookies to duplicate their browser cookies. You may delete
the browser cookie for a site, but the LSO stays -- and it restores
the original cookie the next time you visit the site. This
reanimation capability has given rise to two more names for these
objects: super-cookies and zombie cookies. This is where BetterPrivacy comes in. The extension can be set to
automatically delete all Flash cookies every time you exit your
browser, or you can manually manage and delete unwanted LSOs one by
one so that information can't be accessed or used to track you from
site to site. When you install BetterPrivacy, there's no obvious change to Firefox
off the bat. When you close the browser, however, the extension
checks for LSOs. If it finds any, you'll see a dialog box asking if
you want to delete them. If you hit Cancel, it doesn't do anything;
if you hit OK, it deletes them. There's also a checkbox that lets
BetterPrivacy automatically delete all LSOs every time after that. BetterPrivacy scans for and removes LSOs -- a.k.a. super-cookies --
every time you exit Firefox. To manage LSOs directly, open BetterPrivacy's preferences in the Tools
menu. Here you can remove them one by one or all at once; you can
also add specific LSOs to a whitelist to prevent them from being
automatically deleted in the future.
KeyScrambler: Personal foils keyloggers by encrypting everything you
type into Firefox. QFX Software's KeyScrambler Personal offers a
clever way to defeat keyloggers -- as you type, it encrypts the
keystrokes at the driver level and then decrypts them in the browser.
Any keystroke-logging malware on your computer will capture only the
encrypted signal, which it will see as gibberish. KeyScrambler Personal for Firefox, IE and Flock is free; there are
also paid versions -- Pro ($29.99) and Premium ($44.99) -- that extend
protection to other browsers, e-mail clients, password managers and
many other applications. Note that KeyScrambler works only with Windows; we don't know of any
comparable protection for Mac users. NoScript: The NoScript extension by Giorgio Maone prevents JavaScript,
Java and other executable content from running on any Web page you
haven't expressly allowed to run scripts. This is crucial protection
against cross-site scripting (XSS), where hackers insert code into Web
pages using vulnerabilities in the various scripting languages the
sites use to deliver content. Hackers use XSS to install arbitrary
code on users' machines for keylogging, hijacking passwords or
phishing; it's currently one of the most effective methods of
delivering malware. NoScript lets you selectively allow scripting from sites you trust and
block scripting from sites you don't. NoScript is also effective in blocking an emerging form of user
tracking called browser fingerprinting. A recent study by the
Electronic Frontier Foundation (EFF) showed that even without cookies
or malware, Web sites can pull enough information about a user from
the browser itself to build up a profile that can be used to track the
user from site to site. The EFF singled out NoScript as an effective
safeguard against this kind of tracking. Since so much of the Web
relies for basic functionality on the scripting languages that
NoScript blocks, an Options button at the bottom of the browser window
pops up a menu with options that you can use to temporarily or
permanently allow scripts on sites you trust. Tor-Proxy.Net Toolbar: The Tor Project is an anonymizing service that
tunnels your Web traffic through a network of random routers to make
it virtually impossible for an outside observer to track any Web
activity back to your computer. You can install the Tor program on
your computer and route all your Web traffic through Tor, but because
your packets are bounced off servers around the world, you will
experience much slower Internet response. Using the Tor-Proxy.Net Toolbar, though, you can choose to use Tor on
a case-by-case basis, visiting chosen sites anonymously while
maintaining non-anonymous connections in other Firefox tabs. Just
enter the URL of the site you want to visit into the Tor-Proxy.Net
Toolbar instead of Firefox's own address bar and click "by Tor." Use the Tor-Proxy.Net Toolbar to route your Web surfing through the
Tor anonymous network. The toolbar also offers two other options: You can click "by
JAP/JonDos" to use the less popular JonDonym service, which offers
slightly better performance but slightly weaker anonymity, or you can
click "by Express-Service" to use Tor-Proxy.Net's own anonymizing
server. It's a little quicker than the others but isn't as secure,
since it's not an established anonymity service. FireFound: One of the greatest threats to privacy is the loss or theft
of a laptop or desktop computer, giving whoever finds or steals it
access to everything stored on it. Chris Finke's FireFound extension
notes the location of the network your computer is on whenever it
connects to the Internet. If it has changed locations, FireFound
sends a message to a central server with the new location. FireFound Firefox extension If your computer is stolen or lost,
FireFound can wipe out your Firefox data remotely the next time the
computer is connected to the Internet. So if the computer has been stolen or misplaced, you can log onto the
password-protected FireFound server to find out approximately where it
is. You can also set FireFound to send you an alert via e-mail
whenever the computer is more than a specific distance away.
FireFound lets you remotely send instructions to delete browser
passwords, page cache, surfing history, form data and other personal
information from Firefox, so that whoever is in possession of your
computer won't be able to use your browser to access your online
accounts or derive personal information from your cache. The extension relies on the free service at FireFound.com, or you can
set up your own open-source FireFound server. A $1-per-month premium
account allows you to remotely encrypt and back up your saved
passwords before wiping them from your lost computer; the premium
account also lets you designate "safe areas" within which your
computer's movement will not trigger an e-mail alert. OptimizeGoogle: Google offers an impressive array of services that help
make the Internet useful, but all that assistance comes with a cost:
your privacy. If you use a number of Google services, you're giving
the company access to your search history, your e-mail, your video and
picture uploads and a wide range of other data, all of which can live
on Google's servers for months or even years. OptimizeGoogle Firefox extension OptimizeGoogle provides a number of
options for increasing security and privacy while using Google's
online tools. Phlogenix's OptimizeGoogle extension offers some neat tricks to
improve your Google experience, such as adding links to results pages
from Yahoo, Ask and other search engines for your searches in case
you're not satisfied with your Google results. The extension also
offers a number of privacy-increasing options, most notably the
ability to default to HTTPS secure browsing on all Google services and
disabling tracking by ads or Google Analytics.
No comments:
Post a Comment