Article on how to block online tracking
July 5, 2014 |
On line tracking can be irksome if not alarming for those who want some anonymity in searching the net. It is a key privacy concern as well. In a Pro Publica article Privacy Tools: How to Block Online Tracking. The author identifies three apps, Ghostery, Disconnect and Privacy Badger to deal with and defeat trackers.
It provides:
Many sites (including ProPublica) track user behavior using a variety of invisible third-party software. This means any time you visit a web page, you’re likely sharing data about your online habits, from clicks to views or social shares, whether you realize it or not. But there are a few ways to combat online tracking – although none can block some of the more sophisticated tracking techniques, such as ‘fingerprinting‘ and ‘onboarding.’ Here are three tools that block the most common trackers.
Ghostery
Featuring an ever-growing database of over 1,900 tracking entities, Ghostery’s browser add-on can detect online trackers as you browse specific pages.
If you don’t mind being tracked by the third parties on a particular website, you can “whitelist” the site using the extension’s dashboard.
Ghostery users are encouraged to opt in to Ghostrank, a service that sends anonymous information to a Ghostery server about where and how users encounter trackers. Ghostery is a for-profit company that analyzes the Ghostrank information and sells it to companies that want to manage their tracking businesses.
Ghostery is maintained by a team of analysts who keep the list of trackers up to date, according to Andy Kahl, Ghostery’s Senior Director of Transparency.
Ghostery’s add-on is available for most widely-used browsers, including Chrome, Firefox, Opera, and Safari. It’s also available for mobile devices on iOS and Firefox Android.
Disconnect
The Disconnect tracker add-on takes a user-friendly approach of blocking trackers by default, but allowing requests that it considers to be necessary for loading content.
Full disclosure: Disconnect gave ProPublica $7,759.54 last year in donations from its users and expects to contribute another $1,500 after featuring us as a Charity of the Month for May 2014.
Disconnect detects trackers based on the number of requests they’ve made for your information, and displays them in one of four categories: advertising, analytics, social and content. Users can re-enable a tracker or whitelist a website from the dashboard in the upper right hand corner of the Web browser.
The extension also features a nifty visualization of all of the requests surrounding the page you’re on, with a graph of each third-party request connected to the current page, and a rundown of web resources saved by disabling trackers, like bandwidth and browsing speed.
Disconnect maintains its database of trackers by crawling popular websites for third-party requests, then categorizing those requests by type, according to co-founder Casey Oppenheim. The Disconnect database is open source, unlike Ghostery’s library of trackers.
Disconnect also provides a separate browser extension that allows you to search anonymously on engines including Google, Bing, Blecko and DuckDuckGo. Disconnect routes your search queries through their own servers, so Google, for example, would effectively see and store your search as a request from Disconnect instead of you.
Disconnect also lets users view ratings for each website’s privacy policies in nine color-coded icons designed to correspond to a variety of privacy concerns, from the expected collection and use of data according to the site’s privacy policy, to SSL encryption and HeartBleed vulnerability. So far, Disconnect has evaluated and assigned icons to over 5,000 websites.
The site’s own privacy policy promises never to collect IP addresses or any personal info except for the email addresses of users who sign up for their (opt-in) newsletter.
Disconnect tracking and security extensions are currently available for Chrome, Firefox, Safari, and Opera. The service also provides tracker-blocking options for iOS devices with its Disconnect Kids app. Disconnect’s tracker-blocking code and database are available on Github.
Privacy Badger
This tracker-blocking tool is a new project of the Electronic Frontier Foundation and uses an algorithm to “learn” which social or ad networks are tracking you over time.
That means the tool takes awhile to get going. It initially allows third-party trackers until it detects patterns in third-party requests. Then it will start automatically blocking what it considers “non-consensual invasions of people’s privacy,” according to its FAQ.
EFF decided to use an algorithm over a compiled filter list of trackers to make the extension harder to circumvent.
“Blocking algorithmically…is more responsive and is able to better protect users from all trackers, not just the ones we have identified as a problem,” Cooper Quintin, a technologist working with EFF, wrote in an email.
Users can manually adjust blocking by using sliders that control access to their data in three levels: Completely blocking all requests from third-parties, blocking cookies from third-parties, and unblocking third party requests.
By default, the Privacy Badger will whitelist domains that it believes are necessary for web functionality. Those domains will automatically be blocked from leaving cookies, but will not be blocked completely unless the setting is manually adjusted, according to its FAQ.
Like Ghostery and Disconnect, users can also manually “whitelist” any site by disabling Privacy Badger on it.
In an interesting twist, Privacy Badger will allow trackers to unblock themselves if they post a privacy policy that honors users’ “Do Not Track” requests. Currently, only a few tracking companies have agreed to not track users who check the “Do Not Track” button in their Web browsers.
Privacy Badger is available for Google Chrome and Firefox. A list for its “whitelisted” sites are available on Github along with the code for the extensions.
A note on methods for flagging trackers
If you install all three or any number of these add-ons concurrently, you will notice that they often detect a different number of trackers on any given page. That’s because each service classifies tracking slightly differently.
Ghostery displays individual trackers per page based on its own database. Meanwhile, Disconnect displays the total number of requests made by detected trackers. And Privacy Badger flags third-party domains, not the number of requests made by those domains.
What do you use to keep yourself from being tracked online? Let us know in the comments section.
On that theme Slate in an article Yes, Online Privacy Really Is Possible pointed out that while total internet privacy is not guaranteed functional privacy is possible with a little bit of diligence.
Perversely, in Use or Look at Online Privacy Tools? NSA Labels You an ‘Extremist’ The Daily Beast reports that those who use or search for privacy tool like Tor attract the attention of the NSA. The BBC reports along the same lines in NSA ‘targets’ Tor dark web servers and users
The article provides:
Online privacy tools like Tor have become incredibly popular in the wake of Edward Snowden’s surveillance revelations. But according to an analysis of leaked source code from the National Security Agency, using or merely searching for information about those tools is enough to label someone an “extremist” in the eyes of the National Security Agency.
A series of articles published in German news outlets NDR and WDR seems to show that exhibiting any interest in tools used to hide one’s identity is interpreted as suspicious and marked for extra surveillance under the agency’s XKeyscore system—unless that activity comes from one of the nations of the “Five Eyes” surveillance alliance (the United States, Canada, the United Kingdom, Australia, and New Zealand). The code, which is believed to still be in use by the NSA today, contains rules which monitors anyone communicating with services and email addresses associated with the Tor anonymity network, as well as websites such as the Linux Journal, a popular and long-running computing resource which Xkeyscore chillingly labels an “extremist forum.”
While shocking in its inclusiveness, the focus on privacy tools is not at all surprising to security experts. A previously published top-secret NSA document called “Tor Stinks” illustrated the agency’s ongoing frustration with trying to break the anonymity software. Ironically, Tor was originally developed by the U.S. Navy, and includes among its major financial benefactors the U.S. State Department, which touts its ability to help foreign dissidents circumvent government censorship. U.S. law enforcement including the Drug Enforcement Agency makes use of the tool for investigations, and the Federal Bureau of Investigation has even admitted that it has “known legitimate uses.”
Instead of connecting directly to websites, Tor, also known as The Onion Router, redirects a user’s web traffic through a zig-zagging network of relay computers run by volunteers around the world. By wrapping the communications inside “layers” of encryption, the relays obscure the true IP address of the user, both from the site’s owners and anyone else who happens to be monitoring the network. The NSA source code shows rules for specifically targeting volunteer-run Tor “directory servers” located in Germany, the U.S., Sweden, Austria and the Netherlands.
The report also names the administrator of one such targeted directory, a German computer science student named Sebastian Hahn. “Millions of people use it to stay safe online, and by watching the server and collecting metadata about its users, those people are put at risk.” he told German TV network Das Erste.
Another tool specifically named in the NSA’s code is Tails, a Linux-based operating system specially designed for privacy and security which filters all of its Internet traffic through Tor and can be run from a CD-ROM or USB stick. Law enforcement often complains that these tools create a haven for child traffickers, terrorists and other serious criminals, but they are also routinely used by security researchers, journalists, human rights activists, private companies, and regular folks who just want some online privacy.
The Xkeyscore code shows that the NSA also targets other privacy tools such as HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy and MixMinion. The rules contain filters that provide exceptions for servers in countries that are members of Five Eyes. But some appear to be written broadly enough to allow targeting inside those countries. For example, one rule targeting MixMinion includes all traffic sent to or from a server located on the campus of MIT, the report says.
There are a few ways Tor users can still be identified if they are not practicing good operational security, but the good news is that Tor itself has been so far proven secure—even from the NSA. The agency’s “Tor Stinks” presentation says that there are no practical ways of consistently identifying Tor users, concluding that “We will never be able to de-anonymize all Tor users all the time.”
But if that’s the case, why bother targeting privacy-conscious users at all?
A likely answer is that the NSA is waiting for them to slip up. While Tor encrypts traffic as it bounces around its anonymizing network, it will still be transmitted in plain text at the beginning and end of the network if the site is not secured with transport encryption known as SSL/TLS, commonly seen as a “lock” icon inside the browser’s address bar. That means there is still an opportunity to collect the contents of emails sent over the Tor network, if the connection isn’t secured and a criminal or spy agency is listening in the right places. Indeed, the report shows that the NSA does collect and store the contents of emails sent over Tor, whether or not they can read them.
When questioned about the surveillance of people interested in privacy, the NSA would only offer a statement saying that agency “collects only what it is authorized by law to collect for valid foreign intelligence purposes—regardless of the technical means used by foreign intelligence targets.”
It’s unclear whether or not the source code came from the material leaked by Snowden. But cryptography expert Bruce Schneier, who has worked with Glenn Greenwald on the Snowden documents, seems to think that both this story and a previous report in Der Spiegel about the NSA’s hacking tools are the result of a “second leaker.”
“It’s hard to tell how extensive this is. It’s possible that anyone who clicked on this link—with the embedded torproject.org URL above—is currently being monitored by the NSA,” he writes.
“Whatever the case, this is very disturbing.”
[…] Article on how to block online tracking […]