The browser privacy handbook

Last updated: September 18, 2017

This document is intended to help users configure their computers to protect their privacy while browsing the web. Easy stuff is at the beginning, and harder stuff is toward the end. This howto guide is intended for a general audience, so wording is necessarily simplified.

For the greatest benefit, use as many tools/methods as you can, in combination.

Table of contents

  1. Ad Blocking
  2. Cookie management
  3. Private browsing mode
  4. Do Not Track
  5. Pro-privacy search engines
  6. CCleaner
  7. BetterPrivacy addon
  8. HTTPS Everywhere
  9. Disable the Java browser plugin
  10. NoScript & javascript blocking
  11. Compartmentation: Different browsers for different functions
  12. Useragent spoofing
  13. Encrypted DNS
  14. Google services tightening
  15. Social Networking
  16. Referers
  17. MVPS hosts file
  18. Additional hosts entries
  19. Tor
  20. VPNs
  21. SSH Tunnels
  22. Panopticlick

Ad Blocking

Benefit: high

IANIX recommends uBlock Origin for ad blocking in Firefox. It is also available for Chrome.

For IE there is Adblock Plus.

In addition to giving users a cleaner and faster browsing experience, ad blocking reduces malware infections since advertising networks are infested with malware.

Cookie management

Benefit: medium/high

Cookies are just the tip of the iceberg, but still pose a real privacy danger. The "sweet spot" between privacy and functionality is to:

In Firefox: Preferences, Privacy. Select options to match above behavior.

In Chrome: Preferences, Privacy, Content Settings, Cookies:

Alternatively, with compartmentation, use a browser with all cookies disabled for normal browsing, and a different browser for sites that require cookies.

Private browsing mode / Incognito

Benefit: minimal

Private browsing mode is misleading — it mostly applies to privacy when using shared computers and provides minimal protection against web tracking.

In Firefox: Edit, Preferences, Privacy.
In Chrome: Menu bar, New Incognito Window

Do Not Track

Benefit: probably harmful to you, if anything

Do Not Track is a stupid idea. If you wanted to protect your home from robbers, would you:

  1. Put a note on your front door asking people not to rob you, or
  2. Install a solid hard wood or metal front door with long screws in the door frame and good locks

Best policy for Do Not Track: keep your web browser's default setting.

The kind of people you have to worry about don't care if you don't want to be tracked, and there's no legal incentive not to track you even if you say pretty please. Numerous companies have announced publicly that they won't respect Do Not Track, and again, the worst ones won't bother letting you know.

Sending a non-default Do Not Track request only makes your browser more unique and therefore more identifiable/trackable. Furthermore, the false sense of security can limit your motivation to implement real privacy controls.

Bottom line: don't ask your attackers for protection.

Pro-privacy search engines

Benefit: medium/high

Two come to mind: DuckDuckGo and ixquick. Privacy-respecting search is crucial when some companies, such as Google, offer search, webmail, and ubiquitous web tracking via Google Analytics and doubleclick.net. Tie it all together and you have just about everything. A privacy service once asked: Who knows more about its citizens: Google, or North Korea?

DuckDuckGo is a privacy-oriented search engine with pretty decent results. Have a look at DDG's page on tracking for more information. You can install a DDG search bar for Firefox or Chrome.

ixquick also has a strong privacy policy, and is available for your browser.

CCleaner type tools

Benefit: medium

CCleaner is a small program for Windows that clears browser history. It protects you from websites that use javascript, CSS, or other technologies in clever ways to determine your browsing history. I recommend using it at least once a day, but preferably before or after closing your browser. UPDATE: CCleaner was compromised for over a month by malware. Please note there are alternatives such as ATF Cleaner.

BetterPrivacy addon for Firefox

Benefit: medium

Flash cookies are super creepy, and are not the same as normal cookies. Fortunately there's a Firefox addon called BetterPrivacy which deletes Flash cookies from your computer.

HTTPS Everywhere

Benefit: medium

The Internet's most loved freedom & privacy organization, The Electronic Frontier Foundation (EFF), has an addon for Firefox and Chrome called HTTPS Everywhere. Its goal is to automatically encrypt communication with websites known to support TLS. Once installed, it requires no configuration or upkeep. It works quietly in the background to protect you. In addition to the privacy benefit of increased encryption, it can also protect against some browser history attacks. It's a great tool!

Disable the Java browser plugin

Benefit: minimal
(Security benefit: high)

First, Java and Javascript are different technologies. They are not the same. If you block one, you don't automatically block the other.

Java can be used to compromise your privacy, and it isn't used by legitimate websites anymore. Disable it in the browser, and if you don't use it at all, uninstall it from your computer.

Javascript blocking via NoScript

Benefit: high

Javascript has its uses, but the web would be dramatically safer, faster, and more anonymous without it. In addition to being implicated in a majority of exploits for browsers (in other words, it's terrible for security), it's also used by a large percentage of web stalkers. Fortunately, for Firefox there's NoScript, which blocks javascript while containing a (configurable) whitelist of allowed sites that most users trust. A side benefit is big bandwidth savings, making browsing a lot faster. For Chrome there is ScriptSafe, although the reviews are less enthusiastic than those for NoScript.

Different browsers for different functions

Benefit: medium/high

Using multiple browsers is helpful because each one has its own "fingerprint." The idea is to use one browser (e.g. Firefox) for general browsing, and another (e.g. Chrome) for any sites that strongly identify you (webmail, social networking, merchant sites). From a privacy standpoint, Chrome is best for sites you identify yourself to, because it's the hardest to make privacy-aware. The point is to disassociate your general browsing from your identity (compartmentation).

Useragent spoofing

Benefit: medium

Your web browser tells every website you visit unique details about it that can be used for tracking purposes. Here are some real useragents from my webserver logs:

Which useragent tells trackers the least about itself? Clearly the second to last, as it gives no operating system, browser, or other software version information.

Trackers can combine the useragent with other connection details to strengthen tracking. Some people promote useragent spoofing (i.e. pretending Firefox is Chrome), while IANIX promotes sending an empty useragent. This reduces the number of identifying bits as seen in the Panopticlick tool at the bottom of this page.

To set an empty useragent in Firefox, go to the URL about:config and create a new string called general.useragent.override without giving it a value.

To instead use a useragent spoofer, there is Random Agent Spoofer for Firefox.

Please note that a small percentage of websites will refuse service if your web browser sends an empty useragent. This is actually a good way to identify either aggressive tracker sites, sites with inexperienced sysadmins, or both. If this is a problem, simply delete the general.useragent.override string in about:config and consider trying the useragent spoofer above instead.

Encrypted DNS

Benefit: medium

Normally your ISP, and/or anyone nearby (if you're using open wifi), can easily compile your entire browsing history.

Currently, the best way to protect your DNS queries, both in terms of security and privacy, is to use DNSCrypt from OpenDNS.

Google services tightening

Benefit: high

It's best not to use Google services, if possible. However, if you do, it's best to:

Remember: If you don't pay for the product, YOU are the product.

Social Networking

Benefit: high

Social networking may be the single biggest source of tracking on the web. Most of the big sites have one or more "like" or "share" buttons which notify social networking trackers in real time of your browsing activity. For social networking, compartmentalize: Have one web browser (Chrome) that's just used for social networking, webmail, and merchant sites. Use another browser (Firefox) for all other browsing.

Referers

Benefit: high

When your web browser downloads an image or webpage, it tells the remote webserver where it "heard about" that image or page. This is a big problem for web browsing since the great majority of websites put trackers on their webpages. The result is that tracking companies receive your almost complete browsing history.

Using Firefox as an example, there are generally three options in web browsers for referrals:

  1. Never send referral information
  2. Only send referral information to the current site/same FQDN (best)
  3. Always send referral information (default)

Option 1 (same FQDN) means, only send referral information to a site that hosts both the referral and the webpage or object that instructed your browser to download it. For example, with this setting, if the ianix.com website contains an image that is hosted on the ianix.com website itself, a referral would be sent. But if the ianix.com site contains an image hosted on user-tracking.example.com, your browser would NOT tell user-tracking.example.com what webpage your're currently browsing.

In Firefox, type into the URL bar and hit return:

     about:config

You may see a joke (and it's only a joke) about voiding the warranty. Hit OK. Type into the search box:

     network.http.sendRefererHeader

Double-click on that option under "Preference name" and change the value to 1. Close the configuration page. Congratulations, now you're not sending your near-complete browsing history to tracking companies.

For Chrome, there are a couple add-ons that purport to remove referer info: NOREF and Referer Control.

MVPS hosts file

Benefit: medium/high

A hosts file is just a text file that tells your computer where on the Internet to connect to certain hosts. The most common usage is to redirect unwanted sites to a sort of blackhole, so your computer won't actually talk to them. Kind of like a restraining order.

The best hosts file for such protection is the MVPS hosts file. The organization that hosts it has instructions on how to "install" the file. Use it!

Additional Hosts Entries

Benefit: medium/high

IANIX has a small but potent list for inclusion in your operating system's hosts file. The following items can be added to the same file modified by the MVPS hosts file, described above.

     127.0.0.1       connect.facebook.net
     127.0.0.1       connect.facebook.com
     127.0.0.1       google-analytics.com
     127.0.0.1       ssl.google-analytics.com
     127.0.0.1       www.google-analytics.com

Tor

Benefit: high

Tor stands for The Onion Router. It's an anonymity network run by volunteers. The traffic of Tor users is routed through three hosts in addition to their own: an entry node, a relay, and an exit node. The entry node only knows the user (you) and the relay, but not the exit node or site you're connecting to; the relay only knows the entry node and exit node, but not you, or the site you're connecting to; and the exit node only knows the relay node and destination, but not the entry node or the person connecting to the destination site. The Tor website, linked above, has pictures of the network that may make this more clear.

It is recommended to use the Tor browser when browsing the web with Tor. This will help prevent information leakage.

VPNs

Benefit: medium/high

VPN stands for Virtual Private Network. In the case of web browsing anonymity, a VPN is used like an SSH tunnel (below), except that all of the user's network traffic passes over the VPN. Many companies provide VPN access at reasonable rates.

SSH Tunnels

Benefit: medium/high

An SSH tunnel can be used to provide security and anonymity, depending on how used. Since SSH is encrypted, it provides secrecy over the local network, and some level of security because its traffic cannot be modified by an attacker without the user's knowledge.

The more common usage, though, is to provide a channel that essentially "hides" the user's IP address from remote web servers. Such servers only see the SSH server, and not the user making the connection. Like VPNs, lots of SSH Tunnel services are available, and are typically cheaper than VPNs.

NB: To prevent DNS leakage you should tunnel your DNS queries, unless you're using DNSCrypt, which will provide DNS security and privacy. Go to about:config and type:

    network.proxy.socks_remote_dns

Then change the value from false to true.

Panopticlick

Benefit: high, as an educational tool.

Panopticlick is a resource hosted by the EFF. It shows you your browser fingerprint and estimates how easy it is to identify you among all web users. Its function is to educate users, with the intention of helping them make informed decisions that protect their privacy.

With Firefox, it's easy to change browser configuration, such as by blocking cookies or JavaScript, and then redo the test to see how these changes affect the browser's fingerprint. Don't just read Panopticlick, put it to use!