Cookies. Local Shared Objects. ActiveX Controls. JavaScript. ECHELON. Big government. The risk to your privacy is everywhere but the latest issue i learned about really stunned me. And it’s all the popular browsers that are affected. And it’s been around for years.
Click on over to What The Internet Knows About You to see what i mean. Other sites where you can preform this test include BrowserSPY and StartPanic.com.
From What The Internet Knows About You:
The main goal for this website is to educate Internet users about how much and what kind of data can leak from their browsers’ history and cache. On this page we aim to provide some technical background about the history sniffing techniques we’re using to gather that information. It is important to note (and extremely frightening at the same time) that the techniques themselves have been around for many years and have been successfully used in several more limited scenarios [...]
Leak? I’ll say! More like a flood! I try to run a pretty tight ship and am into security to some extent and privacy to a larger extent. Firefox is my browser of choice because of its virtually infinite tweakability which often involves editing text files, one of which is ‘prefs.js’. The ‘prefs.js’ file contains tons of things to play with, many of which i look up on Mozilla’s site to find out what they do. But i didn’t know about this huge privacy leak and i have to say, it was a shocker!
Note also that although some of these sites require JavaScript to be enabled in order to show you the results, it does not have to be enabled for the offending website to access this data, so if you’re running Firefox with NoScript installed and think you’re safe, think again. Also it appears there’s more than one way to harvest your browsing history, but i haven’t researched this fully yet because i was in a hurry to warn my readers first.
To learn how to plug this leak, at least to some extent, regardless of what browser you’re using, go back to What The Internet Knows About You. Since i run Firefox i chose to change the ‘layout.css.visited_links_enabled‘ option from true (default) to false as described on their page:
Firefox 3.5 users will be happy to learn that their browser has a configuration option which disables visited links. To enable it, type in about:config in the address bar and set the layout.css.visited_links_enabled option to False.
I assume the above works with 3.6 because that option is present by default.
Allot of my readers use Firefox and so i would suggest the following:
- control Flash cookies (Local Shared Objects) with something like BetterPrivacy
- disable regular text cookies entirely and allow them on a per-site basis using something like Cookie Monster
- toggle Adobe Flash with Flashblock
- if you want the Google Toolbar, then install Googlebar Lite instead for better privacy
- for more control over Google’s data-mining shenanigans, install OptimizeGoogle
- control JavaScript with the ultra-popular NoScript
- an easy way to control the referrer you send to a website is to use RefControl