Tuesday, June 26, 2012

The Fight For Internet User Privacy

--
"Eternal vigilance is the price of liberty."- Thomas Jefferson 
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."- Benjamin Franklin

Today we learned that advertising groups have FAILed to approve full support of the Do Not Track system. They insist upon user surveillance with or without targeted ads. Surprise. :-P

Mike Zaneis of the Interactive Advertising Bureau trade group says his industry will suffer if people can just switch off data collection. [Bolding = mine.]
I say:
THEN SUFFER, MARKETING-MORON BOZONS! User surveillance is NOT your right. Personal privacy is everyone’s right. Deal with it.

Let’s read from the USA Constitution Bill of Rights:
Amendment IV 
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
As an actual US patriot (as opposed to hypocritical political blowhards) and supporter of all US citizen rights, I hereby present:

The anti-tracking browser tools I use with Apple Safari. 

I'll start with the small stuff and work up to the all-out nuke solutions.

1) Do Not Track Plus, a free Safari extension from Abine. It provides ad sources with the 'Do Not Track' notification. The Plus is that it blocks over 600 tracking cookies and self-updates its tracking cookie list. It is compatible with Mac or PC for the following web browsers: Chrome, Firefox, Safari and IE. I use the Firefox extension version as well. It's not perfect, but it's a nice deal. Install it and forget it.

2) Incognito, a free Safari extension from Orbicule. This is another simple install it and forget it extension. It only blocks tracking cookies from Google Adsense, Google Analytics, embedded YouTube videos, Facebook, Twitter and B kontakte. Orbicule provide regular updates.

3) Ghostery, a free Safari extension. It is also available as a Firefox add-on and works in exactly the same way. Here's where we get more complicated. Ghostery is different in that it focuses specifically on what are called 'web bugs' and scripts, not tracking cookies. Web bugs are used as a more limited but sneaky method of user surveillance by advertisers and spammers. Therefore, use it in addition to a tracking cookie control extension or application. You can read about web bugs HERE.

Once Ghostery is installed, you have to go through an options setup process. I highly advise going through the setup carefully:

A) I prefer checking GhostRank ON. It helps the Ghostery developers to identify web bugs active on the Internet which allows them to be blocked in the future.

B) You will most likely want to UNcheck "Show alert bubble'. It drives me crazy and blocks part of web pages. You'll only want it on if you're getting serious about the surveillance at specific websites.

C) Leave 'Show bug script sources' ON. It's unobtrusive and may be interesting on occasion.

D) Leave 'Enable bug list auto-updating' ON.

E) Next we come to the Blocking Options. This is where Ghostery can cause you nasty troubles. It is possible here to check ON the blocking of something you actually do NOT want to block.

My favorite example of a problem is the web bug that Google forces you to use if you want to be able to use iGoogle, their terrific website where you can set up for RSS feeds, widgets and small games. I use iGoogle constantly. Having Ghostery block Google's forced web bug causes major problems. (Screw you Google for making me gag on your user surveillance! But I do like iGoogle a lot). In this example you will want to make sure you UNcheck 'Google Widgets'.

The best approach is to check ON the top box, which checks ON all the blocking. You'll then have to go down the list of well over 1,000 web bugs to UNcheck the web bugs you're required to use at particular web sites. This can be an obnoxious and tedious process.

My approach is to wait until I run into a problem accesses some aspect of a particular web page. I then go into the Safari (or Firefox) and turn OFF Ghostery. I reload the troubled web page and see if the problem went away. If it did go away, you'll want to go into the Options for Ghostery and figure out what you must now UNcheck. I like keeping a list of the UNchecked items I must use in Ghostery. I do this in a text file I keep with a folder I made for notes about Ghostery. (BTW: If turning off Ghostery didn't solve your web page problem, try turning off ALL your Safari extensions, via the convenient OFF - ON switch, and reloading the page.

Another approach is to use Ghostery to create a list of web URLs where you do NOT want Ghostery to block anything. You simply paste in the URL, hit the 'Add' button and it is added to the list. Clunky, I know. But if you want control, this is the state of the art.

If you'd like to learn more about Ghostery, they have a fairly active blog HERE.

4) Safari Cookies, free Safari extension from SweetPProductions, the makers of the Cookie app, #5 below. You may find the extension version of Safari Cookies to be adequate for your needs. Some people may be concerned that the installation requires SIMBL (aka SIMple Bundle Loader) which essentially adds some useful APIs not supplied by Apple. At one point in the past it caused Mac problems. Thankfully, I have had no problems with SIMBL for years since.

Compared to the full Cookie application, it requires the user to do a lot of manual maintenance of their cookies. Compared to the crap cookie control in every web browser I have ever used, this extension is a  nice godsend. But it does require some work. There are no automatic features apart from automatic updates via Safari. Also, it does not point out actual tracking cookies. That's for you to figure out. Therefore, you end up periodically killing off piles of cookies that you might rather keep.

This extension had a long series of bugs at one point, while the developer was getting a handle on it. I felt like a beta-tester, regularly sending bugs into the developers. But they were responsive and eventually stamped them all out. These days it is well worth using, especially for free.

5) Cookie, the $10 (on sale) application from SweetPProductions. This is the Bells-And-Whistles cookie control application. I like it a lot. I bought it, I use it. It has one silly bug whereby it typically brings up its preferences window when it boots, even when you've checked the box to tell it not to. Otherwise, this thing is well worth the cost if you want total cookie control with the least amount of effort. It has a 14 day trial period. Highly recommended.

When you open the Cookie preferences, the first thing you'll notice is that the thing is thorough: It lists not just plain old website cookies, but Flash cookies, Silverlight cookies and Databases dumped on your computer by various websites. Every one of these methods of placing data on your computer can be used for surveillance. I hate that.

There is a concept called "The Evercookie" that potentially allows user surveillance via any of a number of data sources retrievable from your computer. Plain old web browser cookies are only one of several sources of surveillance data. You can use the Cookie application to wipe out just about all the rest of these surveillance sources. Well, that is until HTML5 becomes standard on the Internet. HTML5 creates a number of new and obnoxious ways for websites to grab surveillance data. I'm expecting Cookie to keep up with all of them with time.

Setting up Cookie:

A) Preferences tab. Initially you do NOT want Cookie to remove any of your cookies. Leave the 'Remove' checkboxes UNchecked. This is recommended specifically during the period when you want to collect cookies in order to sort them as wanted or unwanted in the other four tabs. Read ahead and you'll see what I mean.

Once you have finished the period of time when you sort out the good cookies from bad, I recommend checking ON everything EXCEPT:
- Browser History, if you are the only user on your computer. Otherwise, you might want to periodically dump the history related data.
- 'and Hide Dock Icon'. I like the menubar icon for accessing the Cookie app. Alternatively, you can access it by Command-Tabbing over to it then hitting Command-Comma to bring up its preferences.
- Initially you do NOT want to have cookies removed

Where you may disagree with me is the use of the preferences for 'Remove'. The third checkbox is for remove "Every [ ] minutes while Browser is Open". This can potentially cause some problems with you being logged OUT of certain websites when a tracking cookie is removed. Again, Google has sunk to using this trickery on some of their websites. Therefore, you end up having to log into affected pages again and again. This can get annoying. But I found for my own personal use that setting up regular unwanted cookie removal was preferable. I have Cookie dump tracking cookies every few minutes. Test it and see what works for you.

B) Cookies Tab: Now we get into the initial setup tedium. I found the best approach was to spend some days surfing around the web to my usual places, then set aside a time to comb through the cookies list in order to check ON the cookies I like and leave the rest unchecked. The unchecked cookies will be from sites you've never heard of or from sites where you never log in.

For example, right now I have 41 cookies from google.com that are NOT tracking cookies. I log into the various Google sites for these cookies and want to keep them. Therefore, after hitting the 'Remove All Tracking Cookies' button, I check ON the rest of them via the check box for their directory header. Meanwhile, I see a pile of ad-rat websites that snuck a barrage of crap cookies onto my machine from gawd-know-what website. No way am I checking them on. Once I have checked on all those I want, I hit the button to 'Remove All Non-Favorites' and good riddance.

C) Flash Cookies Tab: I can't imagine ever wanting to keep any Flash cookies. Why isn't Flash dead already? But perhaps you have some very useful Flash game, app or video you use and would like to keep the related cookie. This is the place. It works just like the Cookies tab.

D) Silverlight Tab: If you use NetFlix, you'll want to keep its Silverlight cookie so you won't have to log into the Netflix site every time you visit. Etc.

E) Databases Tab: This list gets as complicated as the Cookies Tab list. It works the same way. Check ON the sites you visit regularly. Remove all the rest. If you don't recognize a listed website, you're most likely safe killing its database. If you figure out that you want that database, check it on later.

Where the Databases tab gets a bit strange is with the databases for Safari extensions. These websites will probably seem obscure to you, but they will keep returning over and over. The 'Type' column can help you as it will tell you when a database is for a "Safari Extension" or "Chromium Extension" etc.

--> For me, the Cookie app is well worth the investment. I want total control over my cookies and over who gets to surveil me on the Internet. I haven't found a better cookie control app. Combining it with Ghostery is as good as it gets at this time.


Other tools with which I am not well acquainted:


Cookie Stumbler from WriteIt! Studios. It has had a spotty reputation. Therefore, I have not worked with it. The 'basic' version is $7.90. It uses a 'heuristics engine' only for tracking cookie detection. The 'standard' version, including a single year 'known tracking cookie' subscription, is $19.90. There is also a free Safari extension version with 'basic protection against most common tracking cookies.' This summer there is also supposed to be an iOS version available. I personally don't see the point of an annual tracking cookie subscription. Any decent cookie analysis can detect a tracking cookie. The standard version is also is not as functional as the Cookie application.

Flush, formerly from MacHacks.tv. This abandonware was a free Flash cookie removal tool. It had good reviews while it lasted. I have no idea whether it still works or where you can download it. The developer's website has been abandoned as well.

If you know of other kewl or new user privacy tools, please let everyone know in the comments!


A good place to watch the progress (if any) of the Do Not Track system is the Electronic Frontier Foundation. Among other things, EFF offer instructions HERE about how you can turn on Do Not Track in various web browsers, including Safari. Just keep in mind that, for the time being, Do Not Track is merely a concept attempting to become reality. That's why the tools listed above, annoying as they may be, are likely to remain important for some time to come.

FIGHT for user privacy! Win it!  \(^_^)/
--

2 comments:

  1. thanks for sharing information there lots of spy program that are installed in computer may get all the private information.

    ReplyDelete
    Replies
    1. The general term is 'Spyware', created by Steve Gibson of GRC.com, one of my computer security heroes. There are quite a few 'legal' spyware/keylogger apps for Mac. They are commonly used in work environments to keep track of employees and by parents to keep track of their kids. But anyone with physical or network access to a computer can install them and have them send out logs to the person who installed them. The MacScan program at http://macscan.securemac.com/ is specifically dedicated to detecting all Mac spyware. The app is a bit clunky and I recommend running it more than once in order to catch everything. From my contact with the developer, he's sincere. It's not a great solution for detecting and removing tracking cookies from my experience, but it's an alternative.

      Delete