Feeds

The Register Guide on how to stay anonymous (part 1)

How websites use your browser to sell you for cash

Protecting against web application threats using SSL

It has been a year since I have talked about securing browsers against privacy invasion. In that time, things have got worse, not better. In addition to the threat of malware and malicious scripts, we have the frightening new evercookie.

Leaving the criminal misuse of tracking for a later date, there is plenty to worry about from the use – and misuse – of our personal data by legitimate organisations. Advertisers are getting aggressive, and the techniques in use require a stalwart defence if we hope to retain our privacy.

Hello Mr Yakamoto and welcome back to the GAP! How'd those assorted tank tops work out for you?

The most pervasive breach of personal privacy – and threat to online anonymity – is the omnipresent tracking of our every digital move by advertisers and the companies that sell ad space to them. Targeted advertising has already gone so far that it is entirely possible that Google, Amazon and Facebook know more about you than your own mother.

Last night I spent four hours discussing a piece of media distribution software with one of the company’s founders. We went off the rails a little, engaged in some blue sky thinking and came to the conclusion that with some minor tweaking, that firm is sitting on software nearly capable of delivering a Minority Report level of personalised advertising.

minority_report_advertising

It was an interesting thought exercise, and frankly it’s a little scary that such a thing is possible simply by bolting together various different extant technologies. Government surveillance is usually the threat bantered about, but that isn’t a real concern to me. Governments are notoriously terrible at actually implementing technology.

The problem with this is that Mr Yakamoto may not want every website (or store) he visits to have such a personal relationship with him. Knowledge about what we purchase – or research online – when and from whom can have real world impacts.

Flaws in software can leave our entire browsing history vulnerable to malicious websites. Sometimes normally credible websites run by reputable companies simply give your information away.

Having your plans to join the surveillance society revealed inadvertently might not go over well at the next condo meeting. Your coworkers might become disgruntled were they to learn that you read books favouring a political party they despise.

Many of us still share information on our computers by having someone physically look at the same screen we see. The advertisements custom targeted at you can often be seen by those around you, inadvertently revealing more about us than we realise.

Would your employer be upset to see a message informing you about three replies in an advertisement for a job search site? And might there be an awkward moment when your shoulder-surfing girlfriend starts wondering why the advertisements on your nightly news sites have shifted suddenly from being predominantly about video games to predominantly about engagement rings?

What we buy, where and from whom is sensitive information. That this information is often combined with personally identifiable information such as our home address, phone number, credit cards, etc means that putting a real live person behind the data is not that hard. We don’t want to share that information with everyone around us, and yet we unknowingly do so every single day.

But how do they track us, and what can we do about it?

You best defence here is your browser. Since advertising tracking can come in many forms, you need a multitude of configuration changes or plug-ins to keep you safe.

Be wary however, even an up-to-date browser with a full suite of plug-ins – if improperly configured – can still reveal a remarkable amount of information about you. Take the time to run a test if you are concerned. If you use flash, you should go here and review your security settings.

Browser Referral

Every time you click a hyperlink on a web page, your browser sends information to the web server you are visiting. Included in this payload is the website you are currently visiting.

Traditionally, this has been an important source of information to virtually all website owners; it tells them how you found their website. It helps those running websites make the most out of limited advertising budgets and even keeps them informed of forums, complaint websites or news articles they have been mentioned on.

Lately however, more and more web users are becoming aware of the existence of browser referrals, and spoofing them. If you want to block websites from seeing your referral information, there are methods available. (IE, Safari, Firefox, Chrome and Opera)

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.