1. Moderately private, moderately secure, browsing

    It’s a common assertion that you have no privacy on the web.

    You have zero privacy anyway. Get over it

         - Scott McNealy, then Sun CEO

    Most people don’t care. After all, their supermarket loyalty card lets the store track and store all their purchases.

    In the other corner, we have the tin-foil hat world where the Illuminati/Goldman Sachs/Lizards are following your every move. 

    The middle of an argument isn’t always right (evolution is 100% real, creationism is 100% wrong) but here it has relevance. We are tracked: ad cookies, flash cookies and targetted advertising driven by databases of behaviour do exist and contain a lot of information.

    Coming at it from another direction, ad networks are a common source of malware and flash is, to be kind, not the most secure part of the browser tool chain.

    So, what do we do? Well, let’s start by looking at what it takes to be really private or really secure

    Really private browsing

    How do you do really private browsing? Easy. Always use Tor and browse EVERYTHING in ‘Private Browsing’/’Incognito’ mode.

    Great. Until you get a trojan from downloading a “codec to view this content”. Then all your privacy is subverted at source. Which is why governments like this approach

    Doing this is also slow. Slow enough that for most people, the trade off is too high. Even for those for whom the privacy matters, it’s fragile. One mistake exposes your misdeads

    A moderately practical solution is to leave out Tor, but still use Private Browsing mode for everything. This leaves logs at the ISP, but none on the local device. However, both Firefox and Chrome share cookies within a private browsing session, so website A and website B will still see the tracking cookie from ad broker C. This means that avoiding tracking means always starting new sessions in addition to doing much of the things I discuss below. For my use, the extra privacy is far outweighed by the impracticality.

    This method also doesn’t improve security much. Flash is still enabled, ditto javascript so the attack surface is not reduced.

    So, to get really, really private browsing, we’ve going to have to combine this with really secure browsing

    Really Secure Browsing

    This is possible, but it’s not going to catch on.

    For a good idea of what is needed, and the software needed to make it happen, see the Invisble Things/Qubes blog

    The basic idea is that we run a large number of virtual machines, and are very, very carefully about how data flows between them. Then if one VM gets compromised, no other data is lost. By limiting ‘dangerous’ browsing to an untrusted VM we get security, and byusing Tor in every VM where we need privacy, we get privacy as well

    All in all, it’s not going to catch on for the same reasons we’re not all running Trusted Solaris. It’s too much of a pain for most users. If I was working on Top Secret Nuclear Explosions then this would be the way to go. But I don’t

    The Middle Way

    So here’s what I actually do. I start from these asumptions:

    1. I’m not trying to hide anything illegal, or worried about hiding from our ISP’s logs
    2. I wish to avoid advertising cookies and targeted advertising as much as possible
    3. For security, I want to control flash
    4. I want security against random ‘drive-by’ attacks, but am not trying to defend against a sophisticated, well resourced attacker such as a nation state security service. 

    So what do 

    1. Choose your browser and base OS carefully. I currently use Linux on Chrome
    2. Don’t run flash at all 
    3. Use extensions to control tracking cookies, advertising etc.

    Most of the security comes from point 1 and 2. Most ‘drive-by’ malware is targeted where it’ll make money. That means Windows, with some recent excursions into OS X. By running Linux I gain a good deal of security for free. I also use OS X for dealing with my digital photos, but by avoiding doing general web browsing within OS X, there’s no extra risk.

    For the browser, Chrome is my choice but Firefox would work just as well. Both of the other major browsers (IE9 and Safari) have reasonable basic security (we’ll pass lightly over IE < 9), but don’t meet my needs as they have no eco-system of extensions around them.

    Now, to get control over where our data goes, we need a set of browser add-ons.

    First up, the indispensable Adblock (Chrome, Firefox). When used with one of the auto-updating block lists, this will stop most ads from ever being shown. Even better, since the ads are never loaded, a malware infected ad broker can no longer attack us.

    Next up, Ghostery (Chrome, Firefox) . Cookies aren’t the only way of tracking. One pixel images, beacons and more are used to track visitors across sites. Ghostery, set to auto-update it’s block list, works in a similar way to adblock and blocks all of these. 

    Now we get into belt-and-braces territory: Many ad networks allow users to opt out of tracking by setting a cookie. The problem with this is that any time cookies are cleared, the opt-out has to be set manually, and there’s a lot of ad brokers to go and do this for. Keep My Opt Outs (Chrome, Firefox) ensures that these cookies remain set at all times.

    I mentioned that I don’t run Flash. This isn’t always practical. If you need it, a good solution is to use FlashBlock (Chrome,Firefox) to create a white list of sites which are allowed to run flash, blocking it everywhere else

    Finally, something I don’t do, but can be worth it for some people. NoScript (ChromeFirefox) works like FlashBlock but for Javascript. Using FlashBlock and NoScript along with the extension above gives a major increase in security, but, for me, the pain is to much. Nearly every website needs Javascript so the blocking becomes a pain very fast.

    So is it worth it?

     Like many things, it depends. For me, it’s worth it just to get a nicer web browsing experience with a reasonable increase in security. The lack of tracking is just a bonus.

     
  2. Comments