|
|
Posted by Dave
5 Star Support Security Specialist
03/18/07
Many people are aware of threats to their privacy from the Internet. Most
are concerned with cookies, spyware, or Web sites tracking and analyzing
their surfing habits. I would like to make you aware of what is possibly an
even greater threat to your privacy while you are online. That threat comes
from the use of Internet search engines.
Search engines collect and store records of your searches. They track your
search terms, the sites you visit as a result of those searches, the times
you conduct those searches and your IP address. Unfortunately this makes it
possible to figure out who you are as well as your likes and dislikes and
what you do online.
Search records can be subpoenaed by courts or the federal government for use
in investigations, and have also, in some unfortunate instances, been
released to the public by accident. In August 2006, AOL LLC accidentally
published the search histories of 650,000 of its users. This information was
all over the Internet in a matter of hours.
Keeping your privacy while using search engines is not impossible. You just
have to be smart about how you go about it. That is easy for me to say, but
not necessarily easy for you to do unless you know how. To that end, let me
give you a few suggestions that just might help in your struggle for
privacy.
*Suggestion
Do not use your Internet service provider’s search engine. It may be
convenient, but don’t do it.
Your ISP already knows your IP address and can use it to track every Web
page you visit. If you use your ISP’s search engine as well, your IP address
can be correlated to all your searches and help build a very comprehensive
profile about you and your surfing habits. These files are up for grabs to
anyone armed with a subpoena.
*Suggestion
Do not include any personal information in your searches.
I can’t tell you how many times I have heard someone say they have gotten
curious and “Googled” themselves, or searched for themselves on the Internet
just to se what might be there. They have used their name, address, phone
number, and in some cases, even their social security number. They often
proudly announce their findings as well, as if to say “look here – I’m
famous”.
My thoughts come from a security standpoint instead. I am tempted to say:
“Great – here’s your sign”. You see, by doing this, it has now been made
very easy for a search engine to know who you are, and match your name and
other personal information to your IP address, and correlate that to your
searches. Worse yet, you have helped others that may be interested in an
attempt at identity theft, namely yours. If search records are ever
retrieved, everything about you is now all there in one neat and complete
package. Avoid including any personal information about yourself in
searches.
*Suggestion
Do sensitive searches from a public spot.
If you feel that a search including personal information is an absolute
must, try using a notebook computer with wireless capability from a public
hotspot. Or, you can use a public PC at a library. Just make sure you use a
source and a search engine that does not require you to log in to anything,
or your privacy can certainly be compromised.
*Suggestion
Change your IP address on a regular basis.
This may be easy or can be problematical, depending on the service offered
by your Internet provider. If you don’t know what kind of service you have,
consult your documentation, or contact your IP provider and they will be
able to tell you about the type of service they provide. If you have a
typical broadband DSL or Cable modem setup, you will most likely have a
dynamic IP address for using the Internet. That dynamic IP address will
typically stay with your computer for a very long time. You can, however,
change that IP address yourself. To change the address, you simply unplug
the DSL or cable modem and leave it off for about 10 minutes. Then restart
the modem by plugging it back in. This will clear your old IP address and
give you a new one.
If you have a PPPoE service option available from your IP (att.net or Covad
for example) you are all set already as you will have a different IP address
every time you connect to the Internet.
Users who have a static IP address (sometimes the case with DSL, Cable,
dial-up service, or connecting at work) you will have to look into anonymous
surfing with third party software, &/or use of a public proxy server. A
couple of good sources for this can be found at:
http://www.anonymizer.com/
http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm
If you want to see what the outside world can see about your computer when
it is on the Internet, you can try one of the free IP mapping services
available on the Internet. You might want to try going to one of these
addresses:
http://www.geobytes.com/IpLocator.htm
http://www.2privacy.com/www/privacy-protection/privacy-test.html
*Suggestion
Use a search engine that does not retain history of your searches.
There are search engines available that delete your search history on a
regular bases, some within 48 hours, so your information is simply not
around for anyone to collect. Perhaps the best known of these search engines
is called Ixquick Metasearch. You may want to give this one a try. It can be
found at:
http://www.ixquick.com/
*Suggestion
Don’t log into search engines or their tools.
If you log into a search engine, it is very easy for that engine to build a
comprehensive file about you because they already know your identity as you
search. It may sound great to have a customized search engine that ‘knows’
you and can offer and can supply you with customized searches based on your
known preferences, but just think about what kind of profile you are
allowing to be built about you.
Google and Yahoo are probably the best examples. Google, including Gmail,
online office software, blogging service, etc, offers many services, and
customizable options. They also offer a Google deskbar and a Google
searchbar. Although these seem to be great conveniences, remember that they
regularly dial home with collected information. Yahoo also offers many
custom services. The more custom and convenient everything is, the more
information you are sharing. All those extra services that are offered just
increase the amount of data they collect about you.
*Suggestion
Protect yourself when using Google (and other search engines)
I hate to seem like I am picking on Google, but I think users need to know
what they are dealing with. Google has one of the largest data storage
capabilities on the planet, if not the largest. The overall storage capacity
is both staggering and mind-boggling. Everyone seems to love to use Google
as the search engine of choice. It is fast, capable, and delivers more
results than any other engine around. It also has stored enormous amounts of
cached web pages. But, it also has stored all of your searches from every
time you have used it. Because it places cookies on your computer, it is
able to track your every move from session to session, and stores all of it
away in a file on you. To me, this is a very frightening prospect indeed.
The simplest solution to this for Internet Explorer users is to block Google
from setting cookies on your PC. To block the cookies, go to | Control
panel| Internet Options | Privacy | Web Sites – edit | and type
www.google.com in the Address of Web site bar. Then click on the block
button. (For other browsers such as Firefox, I have more suggestions below.)
From now on, Google will not be able to place cookies on your PC.
I actually recommend using the above cookie blocking technique for all the
search engines you use, not just Google. Be aware, however, that if you do
set up Internet Explorer to block Google cookies, you will not be able to
use various Google services such as Gmail.
*Suggestion
Consider using an alternate browser.
I am not by any means recommending that you drop Internet Explorer by saying
this. I still Internet Explorer quite a bit. I’m just saying you should
consider using more than one browser. For example, use Internet Explorer for
your email and news reading, and another browser for surfing and searching.
Using multiple browsers will make you much harder to track. I know of some
people that use as many as five different browsers, each for a different
purpose. Doing all this can be confusing, but I have another suggestion that
may simplify things for you.
My personal solution involves the use of only three programs, Internet
Explorer, Firefox and Thunderbird. And, I keep all of them updated and
patched all the time. I use Internet explorer for Microsoft updates for
Windows, Office and Works. I use Firefox for all my browsing and searches. I
use Thunderbird for my email and newsreader (both rss and xml feeds). Here’s
how it works.
I set up Internet Explorer for maximum safety in all settings, and use it
primarily for all Microsoft software updates, and other programs and
Websites that specifically require use of this browser.
I use Thunderbird for all my email accounts, and as my newsreader for rss
feeds and xml feeds.
I use Firefox for everything else – general web surfing, research, and Web
searches with search engines. In the privacy settings, I block cookies from
all the search engines that I use. I also use the privacy settings to delete
all cookies when I close Firefox. I also use Firefox privacy settings to
‘Always clear my private date when I close Firefox’. I have also added
NoScript and Adblock Plus to the browser.
Here’s another plus. Unlike Internet Explorer, Firefox can be set up for use
with separate identities that you can use for different purposes. I use
three different identities, one for personal and general Web use, a second
one for my security research, and a third for searching with search engines.
Each identity is set up with a different name describing the purpose, and I
simply choose which identity to use when the browser is launched. I will
explain how to do this and more in the section below.
By using this choice of programs you can also take advantage of their
programming and compatibility in that if you want to you can also have all
three of them running at the same time and switch between them at will.
Thunderbird-
Thunderbird is available as a free download and install from the Mozilla
foundation located here:
http://www.mozilla.com/en-US/thunderbird/
Thunderbird is an easy to use email and newsreader. It is similar in look
and feel to Microsoft Outlook in a number of ways. It does not, however,
include a calendar feature. Setup is also similar to Outlook in many ways.
You will need to know your account name, type of email service (POP3 etc),
security settings used (TLS, SSL) if any, and the address if the incoming
and outgoing mail servers used. This information can usually be obtained
from your Internet provider, or your email service provider. You can review
these settings at any time under the tool section in account settings.
The help wizard will guide you through the account setup and allow you to
enter all the needed information as you go. After setup, you can click on
the view button on the top toolbar and choose the layout you prefer. There
are also many options available under the tools, options selection. The
included help section is very good and can provide information about all the
settings available.
I do have a few recommended Thunderbird settings for you to consider. The
settings are found under the tools section in ‘Options’:
Under the General tab, set Thunderbird as the default application for Mail,
News, and RSS Feeds.
Under the Privacy tab, check the box to ‘Use a master password to encrypt
stored passwords’, and set a master password. This encrypts your passwords
so they cannot be read without entering the master password.
Under the Advanced tab, open the ‘Update’ tab and check both boxes under the
‘Automatically check for updates to’ section. Then, in the ‘When updates are
found’ section, select to “Automatically download and install the update’.
Firefox-
Firefox is a very fast alternative browser that I highly recommend. It is
available as a free download and install from Mozilla here:
http://www.mozilla.com/en-US/
After installation, you have a number of options and settings available to
you. The tips I discussed above for helping you keep your privacy come next.
If you are already using Firefox, check your version and be sure you are
using the newest one.
Left click on the ‘Tools’ button on the top toolbar and select ‘Options’,
and the Options window will open. Then you left click on the ‘Privacy’
button at the top of the window. I recommend you uncheck all three boxes in
the ‘History’ section.
In the ‘Cookies’ section, you check the box to ‘Accept cookies from sites’
but in the ‘Keep until:’ window, choose ‘I close Firefox’. In this way, you
have full functionality on the Web pages you visit, but the cookies are
discarded when you close the browser. You can choose to retain cookies for
certain Web pages if you desire to by clicking on the ‘Exceptions’ button
and typing in the address of the site followed by clicking on the ‘Allow’
button.
In the ‘Private Data’ section, I recommend you check the box to ‘Always
clear my private data when I close Firefox’. If you don’t want a nag box to
open asking for confirmation every time you close the browser, uncheck the
box labeled ‘Ask me before clearing private data’. After this, click on the
‘Settings’ button and a ‘Clear Private Data’ window will open. I recommend
you check all the boxes in this window. You may be tempted to not check the
box to clear saved passwords, but I recommend not having a browser store and
remember passwords for security reasons. If you decide otherwise, just don’t
check the passwords box. If you decide to go this way, I highly recommend
you then go the ‘Security’ tab and set up passwords properly. How to do this
is next.
Under the ‘Security’ tab, check the box to ‘Tell me when sites try to
install add-ons’. Then, under the ‘Passwords section, you can decide if you
want Firefox to remember passwords for you. If you decide to do this, check
the box labeled ‘Remember passwords for sites’, but I highly recommend you
also check the box to ‘Use a master password’ and set a password you can
remember to protect all the saved passwords. This will encrypt your stored
passwords.
To be sure your browser stays updated at all times, you next click on the
‘Advanced’ button at the top of the Options window, and select the ‘Update’
tab. Check the boxes to ‘Automatically check for updates to:’ and select all
three boxes. Below this you will find ‘When updates to Firefox are found:’
and you should select ‘’Automatically download and install the update’ so
that the browser will always stay up to date. After this you can explore
other settings available if you desire. When you are done, close the options
window by selecting the “OK” button at the bottom of the options window, and
all your settings will be saved.
As our last step, we will use the profile manager to set up as many
different profiles for the browser that you want to use. The profile manager
is not located in any of the options, so you will need to access it another
way. To do this we need to open a command prompt off the start menu. To do
this, be sure to first close any open windows on your desktop. Then you left
click the start button on the bottom toolbar, and select ‘Run’, which opens
the Run box. In the ‘Open’ box you type in “cmd’ (minus the quotes), or in
Windows 98 and ME type in “command” (minus the quotes).
In the ‘Open’ box, type in “firefox.exe –ProfileManager” (minus the quotes,
and remember the space after exe) and hit ‘enter’, or click ‘OK’. This opens
the ‘Firefox – Choose User Profile’ window. The usual display at this point
will show one profile that is normally labeled ‘default’ or ‘default
settings’. You can rename it at this point by clicking ‘Rename Profile…’ on
the left side of the window and typing in whatever name you want for the
default profile (your first name perhaps). Then, by left clicking on ‘Create
Profile…’ the ‘Create Profile Wizard’ box opens. To create a new profile,
click the ‘Next’ button at the bottom of the window, type in whatever name
you want for the new profile, and then click ‘Finish’. This closes the
Wizard window and you will now see the newly created profile in the ‘Choose
User Profile box. You can repeat this procedure as needed to create as many
profiles as you want or need. All that remains is to uncheck the box labeled
‘Don’t ask at startup’ and you are done. This is important. If you forget to
uncheck this box, you will not be able to choose a profile as Firefox will
automatically choose the first (default) profile whether or not you renamed
it.
From now on, when you launch the Firefox browser, you will see the ‘Choose
User Profile’ box before the browser starts. Left click to choose the
profile you want, and then left click the ‘Start Firefox’ button. That’s all
there is to it. Each of the profiles you have created will now have it’s own
custom settings and preferences that you can set up as you wish, and Firefox
will retain them in the settings folder for the browser. The appropriate
settings and preferences will be loaded along with the browser based on
which user profile you select before opening the browser.
Summary-
I hope these suggestions help you to stay safer and help protect your
privacy while you are on the Internet. I know it works for me. I have used
the Internet since its infancy and it works well for me. I know from testing
that my identity and personal information is not found anywhere on the
Internet regardless of what search engine or search service is used. I
simply don’t exist on the Internet. Follow these suggestions and you can do
the same.
[Top]
|
|
