Dhammapada

What use is your matted hair, you fool? What use is your antelope skin? You are tangled inside, and you are just making the outside pretty.


Introduction

I am writing this overview in response to growing 'privacy' concerns expressed on the Ubuntu Forums.

Privacy is a broad topic and although there is some overlap with security there are many considerations that are unique to privacy.

Privacy considerations may include :

Well that is the short list =)

Although I have seen the use of a live CD advocated, IMO such a live CD is a partial solution at best. If your only concern is "traces on the hard drive" a live CD may be the easiest option.

IMO it is far better to install an OS and 'privatize' your browser as outlined below. The advantages are:

Running a live CD for 'privacy' would thus entail a custom CD with privacy modifications built in as well as routine maintenance / updates to the CD.

It is, IMO, far better to learn to 'properly' configure your browser.

The final opening observations I would make is that the technology we are discussing (cache, bookmarks, cookies, javascript, flash, html5) are all tools. These tools all have legitimate applications and make the internet more dynamic and offer ease of use. As an example, many financial institutions use cookies to increase security and if you delete these security cookies, the next time you log in you will be asked a number of confirmatory security questions. Blocking the technology discussed on this page may break some functionality of web pages and/or be too much of an inconvenience for some people to deploy.

In the same vein, some of the blogs about privacy and new technologies such as html5 and OS fingerprinting are nothing short of alarmism or sensationalism. I am sure as html5 or OS fingerprinting becomes more popular, so will browser extensions which block these techniques. You may recall, flash cookies were all the rage a few years ago and are now easily managed via a number of browser extensions. I am not advocating ignoring these new privacy concerns, but I would not overreact either. The hype will pass and we will have a new rich features in our browsing experience, and new extensions to maintain privacy.

The point is, as with security, maintaining privacy is an active process and requires continuing monitoring and education.

Disclaimer: This page addresses http / https traffic and you will need to apply these practices to other protocols (ftp, ssh, instant messaging, IRC, torrents, etc). This page is intended to guide you through some of the potential privacy concerns and there is no guarantee that following any or all of the advice on this page will completely protect your 'privacy' or somehow make you invisible and/or untraceable on the internet.

Browsing habits

Location / access point

An often over looked aspect is browsing habits. We tend to be habitual creatures and you should consider your behaviors. Where do you connect to the internet from ? home ? work ? Public wireless access point ?

When you connect to the internet from places your frequent, such as home / work / your favorite wireless access point (Starbucks FTW) you can potentially be traced via the physical location you use to connect to the internet and/or by your IP provider.

Search engines

Search engines have increased the ease with which we find online content, but they can also track our search and browsing habits and target up for advertisements.

If you use Google, for example, I highly suggest you do not accept cookies from Google and install the Firefox extension Optimize Google .

There are alternate private search engines. ixquick (Rebranded to Startpage), for example, offers increased privacy in performing internet searches and there is the option to open the link via a proxy server (further increasing privacy) if you so choose.

To change your default search engine in Firefox, enter 'about:config' into your address (url) bar. In the Filter box enter 'keyword.url' , change the value to:

https://startpage.com/do/metasearch.pl?language=english&cat=web&query=

To change the default search engine in Chrome/Chromium, install the ixquick (Startpage) search engine and set it as the default in your preferences (Options ⇒ Basics tab ⇒ 'Manage' button)

Privacy on your LAN (Local Area Network)

If you are connecting to an open (wireless) or untrusted wired network, your network communications can potentially be monitored by a packet sniffer. There are several options for sniffers from tcpdump, to wireshark, to snort.

A detailed description of packet sniffing is beyond this tutorial, a packet sniffer basically intercepts and monitors / logs all network packets. Since the majority of the traffic is not encrypted, the payload or content of the packets is readable. This can include login information including user names and passwords. For additional information see this link and or specific tutorials on tcpdump, snort, and/or wireshark.

This means anyone on your lan (your boss or more likely your IT department), or even your IP provider, could potentially use a packet sniffer to monitor your internet activity and potentially read your email.

Potential solutions:

  1. Use encryption (WPA) on your home wireless network
  2. Use a firewall on untrusted networks
  3. Use encryption to connect to the internet. This might include using https (rather then http), tunneling over ssh, or a VPN.

Understand that with a wireless connection, WPA (encryption) can be cracked, so while it helps, it may not completely effective. Also know that WPA only encrypts traffic to the WAP, but communications between the WAP and the internet are not necessarily encrypted.

If at all possible, use ssl (https) to connect to web pages. ssl (https)encrypts the communications and thus guards against packet sniffers and man in the middle attacks. At a bare minimum, you should connect to email (gmail) , banks, and internet shopping, etc over https, and not http. Unfortunately not all web servers use https, but all financial transactions should be https.

You may tunnel your traffic over ssh or connect to a private (proxy) server via VPN. Doing so will alleviate local concerns on your LAN, but you still need to be concerned with privacy of communications from the proxy server to "the internet".

Similar to http, you should avoid unencrypted communications if possible. Additional examples to be avoided include ftp (use ssh), VNC (tunnel over ssh or use FreeNX).

Identity theft

Identity theft occurs when your personal or financial information is compromised and I will briefly cover Phishing, man in the middle attacks, and key loggers here.

Phishing / man in the middle attacks

Social engineering is a method used by crackers to obtain personal information. Examples would potentially include:

Key loggers

There are a variety of key loggers available, with both hardware and software 'solutions'. Software key loggers have been problematic on Windows, but not as much on Linux. There are software key loggers available for Linux, but they require root access to run, thus they are not seen "in the wild", although you certainly can install and run one for yourself.

Regardless of the operating system, it is possible the system administrator may have installed a hardware of software key logger so do not enter personal information on untrusted hardware, including kiosks and internet cafe's.

Browser settings

General notes: You will want to block as many cookies, flash, javascript, java, as possible. When you do this you will almost certainly break functionality on most sites. For example you almost certainly will need to allow cookies to log into some sites. You will therefore need to "whitelist" your sites.

In general, with the use of these tools, use a whitelist, ie block all access by default, then allow a white list of sites you trust and wish to allow.

As with many security tools, you will have to balance 'features' and 'convienience' against 'privacy', only you can determine the balance of settings that is right for you.

Firefox

Use Private browsing to increase privacy. While not necessarily 100 % effective, it does reduce the amount of information stored on your system.

Extensions

NoScript is, IMO, the single most important extension you can use to increase your privacy and security. Additional privacy extensions include:

See also The paranoid kit , a set of Firefox extensions "The collection aims to consolidate a package of add-ons, whose overall goal is to reduce/eliminate ads, web tracking, and other privacy sensitive matters involved in day to day browsing."

Note: Take care to review any and all extensions you install. Although they may increase your 'network privacy' (or the information available to various web sites), many extensions may keep logs or submit information to various third parties, and thus may decrease other aspects of privacy.

Options

I suggest several modifications to the default configuration profile with a goal of improving both security and privacy.

General Tab

Personally I choose to "Close it (downloads window) when all downloads are finished" and "Always ask me where to save files".

Content

Firefox Privacy 1

Enlarge

Privacy tab

Use (from the drop down options) "Firefox will 'Never remember history' " This hides the cookie management "Exceptions" button and every session is essentially a "Private" session.

Alternate: Use (from the drop down options) "Firefox will 'Use custom settings for history' " This allows you to see the cookie management "Exceptions" button.

Select:

Firefox Privacy 2 Firefox Privacy 3

Unselect :

I block all cookies and allow session cookies from trusted sites only. Any commercial/banking site (Amazon.com) is allowed for a session, but then deleted from the list (I do not keep these permissions stored if that makes sense).

Security tab

Unselect "Remember passwords for sites" . White list web sites if you wish to keep a few, I NEVER whitelist banks/financial institutions.

If you store passwords, set a master password.

An alternate to storing passwords is KeePassX (cross platform encrypted keys).

Select

Advanced tab

General tab -> Select "Warn me when web sites try to redirect or reload the page".

Network tab

Firefox Privacy 4

about:config

In the "filter" box, enter "browser.cache" without quotes.

Disable / set to zero

browser.cache.disk.enable false
browser.cache.disk.capacity 0

browser.cache.offline.enable false
browser.cache.offline.capacity 0
network.http.sendRefererHeader 0

Firefox Privacy 5

Bookmarks

Do not use them or store them in an external file.

Firefox see also :

Chrome / Chromium

Chrome obviously has both advantages and disadvantages. Advantages include speed (Chrome is faster then Firefox at some tasks), (Web) development tools, and security (Chrome has an interesting sandbox). Disadvantages include privacy concerns (how much do you trust Google ?), less extensions, and some privacy concerns (passwords are not encrypted or password protected, not as many privacy options in the configuration menu or as extensions).

As with Firefox, I believe the single most important privacy and security enhancement is to use NotScripts

Use an alternate (I am partial to SRWare Iron).

Both Iron and Chrome Plus are available for Windows and Linux and will run from an usb drive (portable). The Chrome Plus Linux version lags behind windows version.

To improve privacy in these browsers takes some time and effort.

Preferences

Under the Hood

Make sure you have enabled "Enable phishing and malware protection".

Click the "Content settings" Button. Here you will need to block cookies, Plugins, Popups, and Location. You then white list trusted sites (if any). Yes it takes a bit of time ...

You can clear private information by using the "Clear browsing data" button.

Iron Privacy 1 Iron Privacy 2

Extensions:

There are not as many extensions for Chrome/Chromium, here is a list of my favorites for privacy:

Secure your browser

There is overlap with privacy and security and I will touch on the major issues here. If you want more detailed information, see the relevant security documentation.

Choice of browser

Each browser has advantages and disadvantages:

It is more important to learn to privatize the browser you use as, IMO, they all need significant configuration to optimize privacy.

Password management

Do you store passwords ? If so are they password protected ? Encrypted ? Consider storing passwords in an external application such a KeePassX. KeePassX encrypts your passwords, is cross platform, and runs on a portable (flash) drive.

If you do store bookmarks in your browser, at least password protect them but be warned most browsers do NOT encrypt your passwords.

Browser history / bookmarks

Most browsers keep track of the sites you visit (history) and offer Bookmarks or favorites. I suggest you deactivate your browser's history or at least clear your history with some regularity. Most bookmarks are visible to other people who open your browser, so keep bookmarks to a minimum or again keep the information in an external database.

Another devious method of tracking your history is by examining the color of links on web pages. Normally browsers change the color once you visit them (with css). See this section on Firefox options above to disable this behavior.

Browser security

You can increase your browser security with tools such as NoScript, Apparmor, and SELinux. Chrome/Chromium has a built in sandbox to increase security. See also How to Secure Firefox on the Ubuntu Forums.

Information stored locally, on your computer

Browsers may store information locally in your home directory (cache, various data bases, extensions), /tmp , and in swap. IMO the best method of increasing privacy is to encrypt your home directory and swap. You can run many browsers, including Firefox and Chrome/Chromium from a flash drive as well.

You can minimize the storage of private information by reviewing and limiting extensions, disabling your browser's cache, and by using the built in "private browsing" functionality.

Extensions

A number of extensions can increase security and privacy and are covered in the sections on Firefox extensions and Chrome/Chromium extensions.

Cookies / Active logins

I highly advise you clear your cookies and active logins when you close your browser.

Proxy servers

Proxy servers increase privacy by requesting web content on your behalf. They can filter http headers and obfuscate your IP address.

Perhaps the best example is to use a proxy judge or OS fingerprinting with and without a proxy server (see the Testing section for further information and links to demos).

On this page I will review Privoxy and TOR, although there are other options including polipo, squid, and a number of proxies available either on the internet or as a Firefox Extension.

Privoxy

Personally I would start with privoxy. It is easy to install, faster then TOR, non-caching (privoxy does not use a cache to store browsing information), highly customizable, adds adblock, can be configured for multiple users (helpful on a LAN), and may be sufficient for most people.

The downsides of privoxy are that there is a bit of a learning curve if you wish to change the defaults (white/black list sites) and out of the box it is slow (see below for configuration settings to improve speed).

Privoxy speed / performance settings

As an oversimplification, privoxy downloads an entire page, then applies any filters, and finally serves the page to your browser. There is a noticeable delay in loading a page, and when the content then appears in your browser. You can increase the speed of Privoxy by editing the configuration file (/etc/privoxy/config) and adjusting the timeout values lower. With lower settings, privoxy proceeds with processing the filters sooner (rather then waiting for additional information from the server). Use the following adjustments (lines with comments = the default values).

Privoxy settings

Using any editor, open /etc/privoxy/config and make the following changes:

#keep-alive-timeout 300
keep-alive-timeout 600

#default-server-timeout 60

#socket-timeout 300
socket-time-out 600

Firefox settings

You can tune your settings in firefox in about:config.

network.http.keep-alive true
network.http.keep-alive.timeout 600
network.http.max-connections 30
network.http.max-connections-per-server 15
network.http.max-persistent-connections-per-proxy 16
network.http.max-persistent-connections-per-server 6
network.http.pipelining true
network.http.pipelining.maxrequests 8
network.http.pipelining.ssl true
network.http.proxy.keep-alive true
network.http.proxy.pipelining true

Reference : Hacking Firefox for Maximum Performance with Tor

Some people claim that privoxy is faster if you disable the adblocking filters.

Privoxy privacy settings:

Follow This guide , skip the section re: adblock, IMO the Neil Van Dyke list is outdated (it has not been updated since 2008).

TOR

In addition to this page, I also have a TOR page.

You can use TOR is you wish, I personally find it to be a bit slow and it seems to me people are overconfident about TOR. I suggest you read the limitations of TOR from their site (links included in the References section below).

Graphical configuration tool - Vidalia .

To enhance tor, you should also use the Torbutton and Vidalia.

Vidalia has a number of settings to improve privacy, peruse them at your leisure.

The torbutton not only enables/disables TOR, but also adds some additional privacy features .

The TOR Bundle includes TOR, Vidalia, Firefox (with TOR button), and polipo. It is available for Linux and Windows and runs from a flash drive.

Fingerprinting

OS fingerprinting seems to be the newest rage. While there have been "active" techniques (nmap) for some time, "passive" techniques have received recent press. Your browser can be uniquely identified by information it sends to a server including http headers, browser identification, available plugins, information on your monitor (size/resolution), time zone, fonts, etc. See the following two technical references for details:

For an extremely interesting 'live demo', see : Panopticlick - How Unique and Trackable Is Your Browser ? . Try it with your default settings. To see all possible tracking information, enable cookies and javascript.

If that did not get your attention, perhaps you are dead ?

It is somewhat tricky to evade these methods and most methods to increase privacy tend to stand out like a sore thumb to these techniques. Interestingly the bet method I have found is to install User Agent Switcher and spoof as Internet Explorer on Vista. With this setting my "uniqueness" falls to one in 2,665 (lower numbers = less unique = better privacy).

Test Privacy

Apahce (http) headers

Browsers send a variety of information to servers in what is termed "headers". Normally this information is used for "content negotiation" so that the server will deliver content in a way your browser understands. For a brief overview, see:

For a more detailed description see: HTTP Headers for Dummies .

To see what kind of information you are sending you can use a number of browser extensions, wireshark, and / or proxy judges.

Firefox extensions:

You can also use firebug, which is available for both Firefox and Chrome/Chromium.

In Chrome/Chromium you can use the built-in development tools. See also : View html-headers in Firefox or Chrome/Chromium .

You can also use a proxy judge to see your headers. See : Proxy Judge

Testing adblock / browser extensions

You should see interesting information from your extensions on these sites. Who knew ?

Demonstration of Fingerprinting

See Panopticlick - How Unique and Trackable Is Your Browser ? for an interactive example of OS fingerprinting.

Further reading

If you are interested in additional more technical information see:

TOR site:

Fingerprinting:

HTML5