Basic Privacy Precautions on the Web

We've all absorbed the idea by now hopefully that everything we do on
the web is in public - that email is roughly equivalent to a postcard,
that anything your name is attached to will come up in routine vetting
by employers and dates, and that facebook and other sites you might use
regularly will turn over all your activities and interactions over to
the authorities with the slightest encouragement. "Privacy policies" are
not binding, and subject to quietly change without notice. If you want a
truly private conversation, you and the other person must take
responsibility for encrypting it (fortunately this is not too hard these
days - for instance this email client, Thunderbird, has it built in)
But even if you've accepted the fact that your web activities occur in
public, as in a public square, if you keep imagining it, it gets more
concerning - that this public square has thousands of cameras trained on
it; those cameras are operated by giant corporations; the cameras are
capable of recording your every movement, word and gesture; and storing
them in a database forever, tied with your identity, suitable for
various sophisticated crossanalysis to extract nuances of your life and
behaviour patterns.

The point where I started to get the creepy crawlies was when half the
websites I visited added Facebook "Like" buttons, and all of a sudden
they were greeting me by name - and telling me whether my friends had
"Liked" that site or not. I'm used to the feeling that when I'm browsing
the web I'm just observing, as in a library. Instead I was not just
observed, but recognized, by an entity . I also recently learned that
clearing cookies is not enough - two new types of cookies have been
discovered by internet sleuths, flash cookies and HTML5 cookies, that
advertisers were sneakily using to track people who even specifically
did not want to be tracked. Clearly we need a little protection.

So I did a little research and found a few steps that can significantly
increase your web privacy with less than 20 minutes of effort all in
all. The criteria is that they shouldn't interfere with the web
experience - though as the links will show, a few changes in habit are
necessary - and that they be open source, so that we can make sure
they're the good guys. Finally, they're free, which is important both
because I'm cheap and because I'd prefer my tools to come from people
motivated by an even greater paranoia than me, rather than by profit
(for example, if you have Ad Aware installed, ironically it will pop up
its own ads from time to time)

Note that some of these can cause websites not to work, so that you
might have to fiddle around with the settings, but that's the tradeoff.
1. Switch to Firefox. It's open source, and since it's popular it's
under great scrutiny by privacy freaks. It also is necessary for many of
the easy steps below. I think the above-average awareness of security
and privacy issues by its user and developer base will keep it close to
the forefront of incorporating these kind of protections into its user
interface.
2. Read this webpage (I got a lot of this stuff from this and other
pages by the Electronic Frontier Foundation):
http://www.eff.org/wp/six-tips-protect-your-search-privacy If you think
about it, what you search for is one of the most intensely personal
things you might want to protect. As I read somewhere, "People are never
more honest than in the search box"
3. Get your cookies under control. Otherwise you are easy to track
across the web. EFFs recommended settings for Firefox:
1. From the "Edit" menu, select "Preferences"
2. Click on "Privacy"
3. Select the "Cookies" tab
4. Set "Keep Cookies" to "until I close Firefox" 12
5. Click on "Exceptions," type in the domains of all of your search
sites, and choose "Block" for all of them
I think it is also a good idea to uncheck "Accept 3rd party cookies",
which sounds like it would help protect against advertising companies.
4. Install the firefox add-onBetter Privacy. This appears to be the best
protection against the flash cookies I mentioned earlier, which are
*not* affected by the previous tip or by clearing cookies. It also seems
to provide protection against a few other things that can help to track
you. It's here: https://addons.mozilla.org/en-US/firefox/addon/6623/ I
can't find out whether it's open source actually, so that might be a
reason for concern. But the people behind it seem motivated by their
hatred of what they call "super cookies", so that's a good sign.
5. Take a lot of care with your facebook privacy settings. If I was a
couple degrees more paranoid, I wouldn't touch facebook - remember that
you are telling a giant, for profit company much of the detail of your
life and social network - but I do get a lot out of it. But I would
estimate that a large majority of people who use it are making public
things that they wouldn't want to be public (at least after a little
reflection). It's also constantly shifting, in a way that almost seems
designed to trick you into being more public than you intend, but
googling should point to recent guides on steps to take. Like this one:
http://www.allfacebook.com/facebook-privacy-2009-02
This used to be a good tool to automatically check your settings, but as
of writing is not up to date and so not functional.
http://www.reclaimprivacy.org/
Two more little fb tips to be aware of:
- Make sure that *all* of your photo albums are set to "Friends only" -
in particular your Profile album, which seems to be public by default.
That means that anyone on the internet could click your picture and see
your who past history of profile pictures.
- Be aware that your "Likes" are completely public - anyone googling
your name can see them. That was probably the most pissed I've been so
far at fb, when I realized that fb had suddenly, without my permission,
published my favourite movies, music, and tv shows across the web,
rather than to just my friends. After that I tried to be a lot more
careful about what I told it.
6. Consider taking steps to not be tracked by your IP address. If you
browse from home, your internet connection has a unique identifier that
could easily be used to cross reference you. It also pinpoints your
location within a hundred kms or so. Apparently unplugging and plugging
in your modem after a wait will give you a new ip address, so that might
be good to do from time to time. If you are a little bit technical, and
being recognized by your ip address bothers you, look into Tor, a
sophisticated system for anonymizing your point of connection with the
internet. I don't know enough to comment on it, but these people look
really freaking serious.
(UPDATE: Through learning a bit more, I now believe this one is not that big of a deal. When you browse from a university network or a workplace, you usually show up as having the same IP address as everyone else on the network. So even though your home broadband internet IP usually does uniquely identify your computer, it is not a reliable way to track peoples' identity in general, so big companies probably put their efforts into other means of tracking. It could be used if you were being personally targetted, but as I say below if you're active on the internet there are a ton of privacy vulnerabilities you would need an  expert to close properly, not these basic precautions.)

So it's an ongoing war: corporations are going to keep coming up with
sneaky ways to spy on us on the internet, and we're going to have to
keep alert and be mindful of tradeoffs we're making. (though I'm more
bothered by this stuff than the average, like with fb and amazon.com I'm
willing to "pay" in privacy for services I really want - I just want to
understand the deal) Perfect privacy isn't possible if you're a net
addict like me, in fact there are many little things I do that would be
easy to piece together into a way more complete picture of me than I'm
comfortable with (and writing this blog is one of the riskiest things,
privacy-wise, I do). But taking these steps should at least put some
speed bumps in front of the spies and help with the in-your-face
personalization.