Just as the rust which develops on iron, derives from it but then proceeds to eat it away, so a person of unrestrained behaviour is drawn to hell by his own actions.
I am writing this overview in response to growing 'privacy' concerns expressed on the Ubuntu Forums.
Privacy is a broad topic and although there is some overlap with security there are many considerations that are unique to privacy.
Privacy considerations may include :
- Biographical data (name, address, social security number).
- Financial information (banking, shopping/online (financial) transactions, investments).
- Tracking of browsing habits by third parities.
- Data stored on the hard drive.
- OS fingerprinting / targeted advertising.
- "local" privacy - Information stored locally, in the browser or on the hard drive (history, bookmarks, passwords, preferences, logs, cache, swap, cookies).
- "network" privacy - What information is being sent to what sites? (snooping or packet sniffing, tracking web surfing, fingerprinting).
Well that is the short list =)
Although I have seen the use of a live CD advocated, IMO such a live CD is a partial solution at best. If your only concern is "traces on the hard drive" a live CD may be the easiest option.
IMO it is far better to install an OS and 'privatize' your browser as outlined below. The advantages are:
- Security updates. Keep your system up to date in terms of (security) updates to the operating system, bug fixes, and updates to both the browser(s) and any extensions you may use.
- You can customize your browser, as outlined in this page, to significantly increase privacy.
- Privacy concerns extend beyond data stored on the hard drive and live CD do little to address these additional concerns.
- Encryption - You can encrypt your home directory and swap.
Running a live CD for 'privacy' would thus entail a custom CD with privacy modifications built in as well as routine maintenance / updates to the CD.
It is, IMO, far better to learn to 'properly' configure your browser.
In the same vein, some of the blogs about privacy and new technologies such as html5 and OS fingerprinting are nothing short of alarmism or sensationalism. I am sure as html5 or OS fingerprinting becomes more popular, so will browser extensions which block these techniques. You may recall, flash cookies were all the rage a few years ago and are now easily managed via a number of browser extensions. I am not advocating ignoring these new privacy concerns, but I would not overreact either. The hype will pass and we will have a new rich features in our browsing experience, and new extensions to maintain privacy.
The point is, as with security, maintaining privacy is an active process and requires continuing monitoring and education.
Disclaimer: This page addresses http / https traffic and you will need to apply these practices to other protocols (ftp, ssh, instant messaging, IRC, torrents, etc). This page is intended to guide you through some of the potential privacy concerns and there is no guarantee that following any or all of the advice on this page will completely protect your 'privacy' or somehow make you invisible and/or untraceable on the internet.
Location / access point
An often over looked aspect is browsing habits. We tend to be habitual creatures and you should consider your behaviors. Where do you connect to the internet from ? home ? work ? Public wireless access point ?
When you connect to the internet from places your frequent, such as home / work / your favorite wireless access point (Starbucks FTW) you can potentially be traced via the physical location you use to connect to the internet and/or by your IP provider.
Search engines have increased the ease with which we find online content, but they can also track our search and browsing habits and target up for advertisements.
If you use Google, for example, I highly suggest you do not accept cookies from Google and install the Firefox extension Optimize Google .
There are alternate private search engines. ixquick (Rebranded to Startpage), for example, offers increased privacy in performing internet searches and there is the option to open the link via a proxy server (further increasing privacy) if you so choose.
To change your default search engine in Firefox, enter 'about:config' into your address (url) bar. In the Filter box enter 'keyword.url' , change the value to:
To change the default search engine in Chrome/Chromium, install the ixquick (Startpage) search engine and set it as the default in your preferences (Options ⇒ Basics tab ⇒ 'Manage' button)
If you are connecting to an open (wireless) or untrusted wired network, your network communications can potentially be monitored by a packet sniffer. There are several options for sniffers from tcpdump, to wireshark, to snort.
A detailed description of packet sniffing is beyond this tutorial, a packet sniffer basically intercepts and monitors / logs all network packets. Since the majority of the traffic is not encrypted, the payload or content of the packets is readable. This can include login information including user names and passwords. For additional information see this link and or specific tutorials on tcpdump, snort, and/or wireshark.
This means anyone on your lan (your boss or more likely your IT department), or even your IP provider, could potentially use a packet sniffer to monitor your internet activity and potentially read your email.
- Use encryption (WPA) on your home wireless network
- Use a firewall on untrusted networks
- Use encryption to connect to the internet. This might include using https (rather then http), tunneling over ssh, or a VPN.
Understand that with a wireless connection, WPA (encryption) can be cracked, so while it helps, it may not completely effective. Also know that WPA only encrypts traffic to the WAP, but communications between the WAP and the internet are not necessarily encrypted.
If at all possible, use ssl (https) to connect to web pages. ssl (https)encrypts the communications and thus guards against packet sniffers and man in the middle attacks. At a bare minimum, you should connect to email (gmail) , banks, and internet shopping, etc over https, and not http. Unfortunately not all web servers use https, but all financial transactions should be https.
You may tunnel your traffic over ssh or connect to a private (proxy) server via VPN. Doing so will alleviate local concerns on your LAN, but you still need to be concerned with privacy of communications from the proxy server to "the internet".
Similar to http, you should avoid unencrypted communications if possible. Additional examples to be avoided include ftp (use ssh), VNC (tunnel over ssh or use FreeNX).
Identity theft occurs when your personal or financial information is compromised and I will briefly cover Phishing, man in the middle attacks, and key loggers here.
Social engineering is a method used by crackers to obtain personal information. Examples would potentially include:
- "Free trials" or demonstrations where one has to register to obtain the wares. This could include anything from trial versions of applications to books to registering for a web site.
- Read up on How to Avoid Phishing Scams
- Watch the url in the address bar of your browser very carefully, specifically watch for minor mispellings.
- Use https (ssl) to encrypt financial transactions.
- Use browser extension (WOT - Web of Trust) to identify and avoid phishing sites.
- Read these 4 articles Understanding Man-In-The-Middle Attacks by Chris Sanders. Do not let the appearance that they were written for windows fool you, this advice applies to browsing the internet.
- Do on give out personal information to untrusted sites or fall victim to 'Free trials'.
There are a variety of key loggers available, with both hardware and software 'solutions'. Software key loggers have been problematic on Windows, but not as much on Linux. There are software key loggers available for Linux, but they require root access to run, thus they are not seen "in the wild", although you certainly can install and run one for yourself.
Regardless of the operating system, it is possible the system administrator may have installed a hardware of software key logger so do not enter personal information on untrusted hardware, including kiosks and internet cafe's.
In general, with the use of these tools, use a whitelist, ie block all access by default, then allow a white list of sites you trust and wish to allow.
As with many security tools, you will have to balance 'features' and 'convienience' against 'privacy', only you can determine the balance of settings that is right for you.
Use Private browsing to increase privacy. While not necessarily 100 % effective, it does reduce the amount of information stored on your system.
NoScript is, IMO, the single most important extension you can use to increase your privacy and security. Additional privacy extensions include:
- Optimize Google Go through the options and disable adds and review the privacy settings (or do not use google, of course, but it is hard to feel most search engines are 'private'.
- User Agent Switcher
- Better Privacy
- Flash cookies & privacy
- Disable flash cookies
- Beef taco
- Startup master
- WOT - Web of Trust (anti-phishing)
See also The paranoid kit , a set of Firefox extensions "The collection aims to consolidate a package of add-ons, whose overall goal is to reduce/eliminate ads, web tracking, and other privacy sensitive matters involved in day to day browsing."
Note: Take care to review any and all extensions you install. Although they may increase your 'network privacy' (or the information available to various web sites), many extensions may keep logs or submit information to various third parties, and thus may decrease other aspects of privacy.
I suggest several modifications to the default configuration profile with a goal of improving both security and privacy.
Personally I choose to "Close it (downloads window) when all downloads are finished" and "Always ask me where to save files".
- Select "Block pop-up windows" (no brainer there).
- Click the "Colors" tab, unselect the "Allow pages to choose their own colors, instead of my selections above" option. This prevents a site from tracking your browsing history by examining the color of your links.
Use (from the drop down options) "Firefox will 'Never remember history' " This hides the cookie management "Exceptions" button and every session is essentially a "Private" session.
Alternate: Use (from the drop down options) "Firefox will 'Use custom settings for history' " This allows you to see the cookie management "Exceptions" button.
- "Tell web sites I do not want to be tracked"
- "Clear History when Firefox Closes" .
- Under the "settings" tab (below the "Show Cookies" tab), select everything.
- If you store passwords , keep (unselect) saved passwords, site preferances, etc)
- I clear History, cookies, active logins, and cache (at a minimum).
- "Remember my browsing history for at least ... days".
- "Remember download history".
- "Remember search and form history".
- "Accept cookies from sites".
- White list sites you trust with "Exceptions".
I block all cookies and allow session cookies from trusted sites only. Any commercial/banking site (Amazon.com) is allowed for a session, but then deleted from the list (I do not keep these permissions stored if that makes sense).
Unselect "Remember passwords for sites" . White list web sites if you wish to keep a few, I NEVER whitelist banks/financial institutions.
If you store passwords, set a master password.
An alternate to storing passwords is KeePassX (cross platform encrypted keys).
- "Warn me when sites try to isntall add-ons".
- "Block reported attack sites".
- "Block reported web forgeries".
General tab -> Select "Warn me when web sites try to redirect or reload the page".
- Clear offline storage ("Clear Now" button) and set it to zero.
- Select "Tell me when a website asks to store data for offline use".
In the "filter" box, enter "browser.cache" without quotes.
Disable / set to zero
Do not use them or store them in an external file.
Firefox see also :
Chrome obviously has both advantages and disadvantages. Advantages include speed (Chrome is faster then Firefox at some tasks), (Web) development tools, and security (Chrome has an interesting sandbox). Disadvantages include privacy concerns (how much do you trust Google ?), less extensions, and some privacy concerns (passwords are not encrypted or password protected, not as many privacy options in the configuration menu or as extensions).
As with Firefox, I believe the single most important privacy and security enhancement is to use NotScripts
Use an alternate (I am partial to SRWare Iron).
- SRWare Iron
- Chrome vs Iron (privacy concerns)
- Download Iron (Portable version available)
- Chrome Plus
- Chrome Plus Privacy Features
- Download Chrome Plus(Portable version available)
Both Iron and Chrome Plus are available for Windows and Linux and will run from an usb drive (portable). The Chrome Plus Linux version lags behind windows version.
To improve privacy in these browsers takes some time and effort.
Under the Hood
Make sure you have enabled "Enable phishing and malware protection".
Click the "Content settings" Button. Here you will need to block cookies, Plugins, Popups, and Location. You then white list trusted sites (if any). Yes it takes a bit of time ...
You can clear private information by using the "Clear browsing data" button.
There are not as many extensions for Chrome/Chromium, here is a list of my favorites for privacy:
- Click&Clean ~ Does not work on Linux or OSX.
- NotScripts ~ Blocks flash as well.
- Vanilla ~ Cookie manager.
- Better Pop Up Blocker ~ An improvement on the built in pop up blocker.
- Tab Cookies .
- WOT - Web of Trust (anti-phishing)
There is overlap with privacy and security and I will touch on the major issues here. If you want more detailed information, see the relevant security documentation.
Choice of browser
Each browser has advantages and disadvantages:
- Firefox is more Private and less susceptible to fingerprinting then Chrome/Chromium
- Chrome/Chromium has a built in sandbox to increase security and may be a better choice from a general security perspective.
It is more important to learn to privatize the browser you use as, IMO, they all need significant configuration to optimize privacy.
Do you store passwords ? If so are they password protected ? Encrypted ? Consider storing passwords in an external application such a KeePassX. KeePassX encrypts your passwords, is cross platform, and runs on a portable (flash) drive.
If you do store bookmarks in your browser, at least password protect them but be warned most browsers do NOT encrypt your passwords.
Browser history / bookmarks
Most browsers keep track of the sites you visit (history) and offer Bookmarks or favorites. I suggest you deactivate your browser's history or at least clear your history with some regularity. Most bookmarks are visible to other people who open your browser, so keep bookmarks to a minimum or again keep the information in an external database.
Another devious method of tracking your history is by examining the color of links on web pages. Normally browsers change the color once you visit them (with css). See this section on Firefox options above to disable this behavior.
You can increase your browser security with tools such as NoScript, Apparmor, and SELinux. Chrome/Chromium has a built in sandbox to increase security. See also How to Secure Firefox on the Ubuntu Forums.
Information stored locally, on your computer
Browsers may store information locally in your home directory (cache, various data bases, extensions), /tmp , and in swap. IMO the best method of increasing privacy is to encrypt your home directory and swap. You can run many browsers, including Firefox and Chrome/Chromium from a flash drive as well.
You can minimize the storage of private information by reviewing and limiting extensions, disabling your browser's cache, and by using the built in "private browsing" functionality.
Cookies / Active logins
I highly advise you clear your cookies and active logins when you close your browser.
Proxy servers increase privacy by requesting web content on your behalf. They can filter http headers and obfuscate your IP address.
Perhaps the best example is to use a proxy judge or OS fingerprinting with and without a proxy server (see the Testing section for further information and links to demos).
On this page I will review Privoxy and TOR, although there are other options including polipo, squid, and a number of proxies available either on the internet or as a Firefox Extension.
Personally I would start with privoxy. It is easy to install, faster then TOR, non-caching (privoxy does not use a cache to store browsing information), highly customizable, adds adblock, can be configured for multiple users (helpful on a LAN), and may be sufficient for most people.
The downsides of privoxy are that there is a bit of a learning curve if you wish to change the defaults (white/black list sites) and out of the box it is slow (see below for configuration settings to improve speed).
Privoxy speed / performance settings
As an oversimplification, privoxy downloads an entire page, then applies any filters, and finally serves the page to your browser. There is a noticeable delay in loading a page, and when the content then appears in your browser. You can increase the speed of Privoxy by editing the configuration file (/etc/privoxy/config) and adjusting the timeout values lower. With lower settings, privoxy proceeds with processing the filters sooner (rather then waiting for additional information from the server). Use the following adjustments (lines with comments = the default values).
Using any editor, open /etc/privoxy/config and make the following changes:
You can tune your settings in firefox in about:config.
Some people claim that privoxy is faster if you disable the adblocking filters.
Privoxy privacy settings:
Follow This guide , skip the section re: adblock, IMO the Neil Van Dyke list is outdated (it has not been updated since 2008).
In addition to this page, I also have a TOR page.
You can use TOR is you wish, I personally find it to be a bit slow and it seems to me people are overconfident about TOR. I suggest you read the limitations of TOR from their site (links included in the References section below).
Graphical configuration tool - Vidalia .
To enhance tor, you should also use the Torbutton and Vidalia.
Vidalia has a number of settings to improve privacy, peruse them at your leisure.
The torbutton not only enables/disables TOR, but also adds some additional privacy features .
The TOR Bundle includes TOR, Vidalia, Firefox (with TOR button), and polipo. It is available for Linux and Windows and runs from a flash drive.
OS fingerprinting seems to be the newest rage. While there have been "active" techniques (nmap) for some time, "passive" techniques have received recent press. Your browser can be uniquely identified by information it sends to a server including http headers, browser identification, available plugins, information on your monitor (size/resolution), time zone, fonts, etc. See the following two technical references for details:
If that did not get your attention, perhaps you are dead ?
It is somewhat tricky to evade these methods and most methods to increase privacy tend to stand out like a sore thumb to these techniques. Interestingly the bet method I have found is to install User Agent Switcher and spoof as Internet Explorer on Vista. With this setting my "uniqueness" falls to one in 2,665 (lower numbers = less unique = better privacy).
Apahce (http) headers
Browsers send a variety of information to servers in what is termed "headers". Normally this information is used for "content negotiation" so that the server will deliver content in a way your browser understands. For a brief overview, see:
For a more detailed description see: HTTP Headers for Dummies .
To see what kind of information you are sending you can use a number of browser extensions, wireshark, and / or proxy judges.
You can also use firebug, which is available for both Firefox and Chrome/Chromium.
In Chrome/Chromium you can use the built-in development tools. See also : View html-headers in Firefox or Chrome/Chromium .
You can also use a proxy judge to see your headers. See : Proxy Judge
Testing adblock / browser extensions
You should see interesting information from your extensions on these sites. Who knew ?
Demonstration of Fingerprinting
See Panopticlick - How Unique and Trackable Is Your Browser ? for an interactive example of OS fingerprinting.
If you are interested in additional more technical information see: