Avoiding tracking and profiling on the Web

Today I wanted to share something about a topic that is really important for people concerned about privacy just like me. As many of you may certainly know, the Internet is crawling with advertisements. Advertising companies are using many advanced methods to identify and track user presence on many websites, creating detailed dossiers about each and every single person using the Web. Leader in gathering sensitive private data is Google. Every time you visit a website you’re leaving a footprint that can be used to identify your interests, likes and dislikes, your preferences and opinions, so the advertisers can target you more specifically. This is the way they choose what they call “relevant ads” that is presented to you.

Despite the fact that it can have some positive outcomes for you (what certainly means more money for the advertiser), there are many negative sides to it, most notable being invasion of privacy. Nobody can guarantee that the data gathered by advertising companies would stay safe in their data banks. Identity theft from such data bank can have far more reaching consequences than ordinary person can ever imagine. This data collected on you can be used by criminals, your enemies and pranksters to gain significant knowledge about you. Since I don’t have much time to dig deeper into topic, I’m going to show you some techniques that can be used to avoid tracking on the Web to some extent. This is by no means complete tutorial for avoiding tracking at all.

First things first. I’m using Firefox for browsing the web, because this browser has plugins which are developed especially for things like tracking and profiling your presence on the network. Advertisers use so called “cookies”, which are unique identifiers downloaded by your computer each time an advertising is shown on the website you’re browsing. I must be specific here. Such cookie is saved by the browser on your computer the first time application requests download of an advertisement from specific ad-company. Whenever your browser requests download of the advertising from the ad-company, even when it is on another website, previously saved cookie is sent to the advertising company immediately identifying you. When you surf the web and your browser downloads advertisements from the ads-provider, they are also gathering data about which websites you are visiting, how often, what content are you browsing and much more. That way, even when they don’t have your sensitive private data, like for example your name, address and credit card number, etc. advertisers are building silently extensive dossier about you. This dossier is assigned unique identifier and can be then correlated with other dossiers if you are for example using other computers and so on, building even more database information about you. And if you happen to buy something from such advertisement or give out your sensitive private data – boom, they have a complete profile about you.

What can be done about this? First thing that comes to mind. Disable cookies. Unfortunately, many sites use cookies as means for storing your logins and site preferences, so this is not really very good option to do. However, Firefox has a little nifty plugin that will block most advertisements for you which is called AdBlock Plus. Most of you probably know about it and use it. Not showing ads has many positive effects. Your browsing experience is cleaner, faster, you are conserving bandwidth and without advertisements there are no cookies that can be used to track your presence on the network. AdBlock does really good job, but occasionally it will let some ads slip through it’s filter. AdBlock can be downloaded here.

Getting rid of advertisements is certainly a serious blow to the tracking abilities of advertising companies. However it is only one side of the tracking problem. There are many far more advanced techniques to gather data about you. I won’t get into it today. So let’s get to another side of the tracking and profiling problem. Search engines, especially Google. Google and other companies in the search business are building dossier about you whenever you query the search engine. By the means of your IP address, cookies, login information and more, profile is built. Search engine companies are saying this is mostly for serving you more relevant content for your searches. However what are they doing, especially Google which is primarily an advertising company (sic!), is gathering even more data so they can fill up their data about you to serve you targeted advertisement (sponsored links, AdWords, etc.).

What can be done about it? Don’t use search engines. Impossible right? Right. However there are some nifty little plugins that will fool Google. First I’d like to introduce you TrackMeNot. What it does is working in the background and randomly querying specified search providers with random phrases. This way Google would think you were searching for things you didn’t, creating a false dossier about you. You can download TrackMeNot here.

However this is not the only thing Google uses to profile you. When you use their search engine, whenever you click on the link in the result list, it is saved in their database. Google gathers data about every so called “exit link” from their search engine. This way, they can see what web pages you have visited using their search system. There is also another plugin that will disable this tracking. It is called OptimizeGoogle. It will change each link in the search results so it will point directly to the website you want to get to, eliminating any redirecting techniques used by Google that are used for tracking your behavior. Also OptimizeGoogle does much more than that, but I won’t get into it. OptimizeGoogle can be downloaded here.

There’s also one other technique except cookies that advertisers and others are using to track and monitor your activity on the Web. Whenever you load a Flash animation it can save a Flash Cookie, which is called “Local Stored Object” or LSO for short. This is even more dangerous than cookies, because it can save much more data about you than a simple identifier. Unfortunately many people are not aware about the existence of LSO’s. Again there’s a solution to this problem. It’s called BetterPrivacy and is a plugin for Firefox. BetterPrivacy will clear LSO’s after you’ve closed your browser. It can be downloaded here.

With this set of plugins you should be fairly safe from tracking and profiling on the Web. These plugins should make your surfing experience more private. Unfortunately there’s one serious blow to all those tracking avoidance techniques I have shown you. There’s a way you can still be identified with nearly a hundred percent probability. Your browser is always sending what is called “User-Agent” string to each web page it visits. This alone doesn’t give website owners or advertisers any relevant information that the user currently browsing their page is you. However. Each browser has a set plugins (which are not add-ons, as the ones I have mentioned earlier) like Java plugin or Flash plugin or Adobe Reader plugin, etc. Those plugins also have specific versions. Taking your User-Agent, list of plugins and their versions your browser has 99% probability of uniqueness. Websites can gather list of plugins and their versions exposed by your browser by the means of JavaScript. This way you can again be identified and tracked on various websites.

What can be done about it? Well. Not much really. You can resort to changing your “User-Agent” in the Preferences of Firefox. This is however an obscurity, which still doesn’t guarantee that the website won’t try to gather information about plugins installed in your browser. You can use for example NoScript add-on for Firefox to disable JavaScript on every site and then re-enable it temporarily or permanently on websites according to your needs. NoScript is very good add-on which will guard you from pop-ups, bugs in JavaScript engine of the Firefox, won’t allow any statistics gathering code and most of all would disallow websites to gather your browsers plugin list. NoScript however can be detrimental to user experience and I’d not recommend it for anyone, but advanced users. I’m using it all the time and I have to say it is single best add-on for FF except for AdBlock. You can download NoScript here.

For more advanced users still concerned about their privacy I’d recommend installing a third party tool like privacy enforcing proxy server like e.g. Privoxy. It is a content filtering proxy server that is installed on your computer which has many advanced capabilities I won’t get into. If you’re interested in giving it a try download it here. Of course you would have to configure it according to your needs and then install Firefox add-on like FoxyProxy configuring this add-on to use your Privoxy as it’s primary HTTP proxy server. FoxyProxy can be downloaded here. Of course you can setup your proxy server directly in the network preferences of your Firefox.

Using these add-ons and techniques I’ve just presented to you should give a level of privacy for your browsing experience. This is by no means complete list of tracking avoidance techniques nor it was intended to be. Remember that the best way to ensure your privacy on the network is to use your head. Also remember that privacy is not anonymity. Putting into practice these advices can give you a slight anonymity, but taking into account each computer is identified for example by IP address and many other things, this won’t stop anyone who has the knowledge to identify you. Those techniques are merely intended to avoid greedy advertising companies building dossier about you, not to hide your presence on the Web. Ensuring anonymity is another pair of boots that I may write something about in the future.

About Wolverine

If you are looking for IT consultant, let me know! karol at karoltomala dot REMOVE com Just remove the REMOVE word from the e-mail above!
This entry was posted in Internet, Privacy, Web and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *