How to prevent companies from snooping into my web searches?
July 15, 2011 6:32 PM Subscribe
Soo...I was doing a search on buses that run to Vegas and the next day, I get email from a couple of Groupon style websites I subscribe to toting their discounts on Vegas bus rides. Note that I did not enter my email address anywhere during my previous search. Coincidence? I think not. How did they make the connection and how can I prevent this type of internet sleuthing by companies?
Try using a browser extension like Ghostery or NoScript. They detect and block "beacons" and other sneaky scripts. When I started using these I noticed a sharp decrease in the amount of targeted ads coming my way.
posted by wowbobwow at 6:44 PM on July 15, 2011
posted by wowbobwow at 6:44 PM on July 15, 2011
I hit the Enter key too soon. You also have to manage cookies, and other identifying files Web sites store on your computer more effectively. Not all cookies are "bad," but they are one way Web analytic companies can easily track your cross site activities, as are Adobe Flash Locally Shared Objects. You may be able to install some blocking software extensions in your browser, or set your privacy settings to delete any cookies, LSOs. or other locally written files regularly.
posted by paulsc at 6:46 PM on July 15, 2011
posted by paulsc at 6:46 PM on July 15, 2011
It takes a little work and requires some changes in your browsing habits.
1. Firefox addons: some combination of NoScript (blocks javascript-related trickery), Ghostery (but turn off the pop-over window of what it blocked or it will drive you nuts), AdBlock (no more tracking ads), BetterPrivacy (deletes Flash cookies when you close Firefox)
2. set your history policy in Firefox to "custom." Then uncheck "accept third-party cookies" and for Keep Until pick "until I close Firefox."
3. use Firefox's "Start Private Browsing" when you go surfing in the weeds.
You'll want to, eventually, go back to that Privacy tab of settings and click on the Firefox cookies "Exceptions." For sites that you trust, type in the domain there (metafilter.com) and click "Allow" which will keep those cookies from being deleted when you restart FF. This will keep you from having to log-in to your trusted sites each time.
You'll find a number of sites won't work correctly with NoScript blocking their JavaScript. When that happens, click on the NoScript button sitting on your toolbar and there will be a list of things it blocked. You can re-enable them one by one, if you like. For instance, at metafilter, you'll want to click on that button then "Allow metafilter.com" and also "Allow mefi.us"
It's a pain at first, honestly, but after you've allowed scripts and cookies at the various sites you trust, it becomes pretty quiet in the background and you'll only have to poke the buttons every so often.
Another solution is to keep two browsers for surfing: one for sites that know you (email, metafilter, amazon, whatever) and one where you stay logged out and anonymous. My work setup is like this, using Firefox for one and Chromium for the other. But still, ad companies can figure out a LOT about you even if you never log in anywhere, so you still ought to do some of the protecting steps above, always use Private Browsing, etc.
posted by introp at 8:24 PM on July 15, 2011 [13 favorites]
1. Firefox addons: some combination of NoScript (blocks javascript-related trickery), Ghostery (but turn off the pop-over window of what it blocked or it will drive you nuts), AdBlock (no more tracking ads), BetterPrivacy (deletes Flash cookies when you close Firefox)
2. set your history policy in Firefox to "custom." Then uncheck "accept third-party cookies" and for Keep Until pick "until I close Firefox."
3. use Firefox's "Start Private Browsing" when you go surfing in the weeds.
You'll want to, eventually, go back to that Privacy tab of settings and click on the Firefox cookies "Exceptions." For sites that you trust, type in the domain there (metafilter.com) and click "Allow" which will keep those cookies from being deleted when you restart FF. This will keep you from having to log-in to your trusted sites each time.
You'll find a number of sites won't work correctly with NoScript blocking their JavaScript. When that happens, click on the NoScript button sitting on your toolbar and there will be a list of things it blocked. You can re-enable them one by one, if you like. For instance, at metafilter, you'll want to click on that button then "Allow metafilter.com" and also "Allow mefi.us"
It's a pain at first, honestly, but after you've allowed scripts and cookies at the various sites you trust, it becomes pretty quiet in the background and you'll only have to poke the buttons every so often.
Another solution is to keep two browsers for surfing: one for sites that know you (email, metafilter, amazon, whatever) and one where you stay logged out and anonymous. My work setup is like this, using Firefox for one and Chromium for the other. But still, ad companies can figure out a LOT about you even if you never log in anywhere, so you still ought to do some of the protecting steps above, always use Private Browsing, etc.
posted by introp at 8:24 PM on July 15, 2011 [13 favorites]
Best answer: I use the following to keep ad tracking to a minimum. It seems to work quite well. This assumes that you're using Firefox, which you should be if you're at all concerned about security on the net.
Firstly, NoScript. It turns off Javascript until you enable it for a specific site. You can whitelist or blacklist individual sites permanently, or be asked every time if you want to allow the scripts to run.
Secondly, RequestPolicy. This will prevent Cross Site Scripting (XSS) requests. You know how you can be on a website and Facebook will have a button on there? Or you can be on a site and it will have a Youtube embedded player on there? That's a XSS request happening. RP will behave in a similar way to NoScript, asking you if you want to allow the XSS to occur. If you allow them, it makes it easier for advertisers to track you. Consider that in the above example, Facebook will know you were looking at a blog post about cakes if you Like that post. Facebook now knows that you like cakes.
Thirdly, Cookie Monster. This is a much better cookie manager than the default Firefox one. I have it set to block all cookies by default and only specifically allow those cookies I need. Doing this also blocks third party cookies by default. It also makes it easier to quickly allow a session cookie if you're on a site that needs a cookie to load.
Fourthly, Better Privacy. This will block/remove Flash cookies for you. Your browser will not remove these automatically. They can be shared between browsers. Most "cleanup" apps won't remove them either. They're used to store things like your Youtube volume preferences between sessions. Of course, because they're hidden and not easily removed, advertisers like using them. BP can be set to delete these LSO's (Locally Shared Objects) after 10 seconds of them being deposited.
Fifthly, Close 'n' Forget. You can set a hotkey combination or have an option in the tab menu to close a tab and make all of the history for that tab be removed instantly. Doing this will remove the cookies for that site straight away, making it harder for you to be tracked.
Sixthly, GoogleSharing. You can force any Google related things to go through a proxy. Works for searches on google.com and for XSS requests, such as maps for directions to a hotel on the hotel's website.
Finally, FoxyProxy. Set a proxy that will be used when you enter a specific URL string.
posted by Solomon at 2:23 AM on July 16, 2011 [8 favorites]
Firstly, NoScript. It turns off Javascript until you enable it for a specific site. You can whitelist or blacklist individual sites permanently, or be asked every time if you want to allow the scripts to run.
Secondly, RequestPolicy. This will prevent Cross Site Scripting (XSS) requests. You know how you can be on a website and Facebook will have a button on there? Or you can be on a site and it will have a Youtube embedded player on there? That's a XSS request happening. RP will behave in a similar way to NoScript, asking you if you want to allow the XSS to occur. If you allow them, it makes it easier for advertisers to track you. Consider that in the above example, Facebook will know you were looking at a blog post about cakes if you Like that post. Facebook now knows that you like cakes.
Thirdly, Cookie Monster. This is a much better cookie manager than the default Firefox one. I have it set to block all cookies by default and only specifically allow those cookies I need. Doing this also blocks third party cookies by default. It also makes it easier to quickly allow a session cookie if you're on a site that needs a cookie to load.
Fourthly, Better Privacy. This will block/remove Flash cookies for you. Your browser will not remove these automatically. They can be shared between browsers. Most "cleanup" apps won't remove them either. They're used to store things like your Youtube volume preferences between sessions. Of course, because they're hidden and not easily removed, advertisers like using them. BP can be set to delete these LSO's (Locally Shared Objects) after 10 seconds of them being deposited.
Fifthly, Close 'n' Forget. You can set a hotkey combination or have an option in the tab menu to close a tab and make all of the history for that tab be removed instantly. Doing this will remove the cookies for that site straight away, making it harder for you to be tracked.
Sixthly, GoogleSharing. You can force any Google related things to go through a proxy. Works for searches on google.com and for XSS requests, such as maps for directions to a hotel on the hotel's website.
Finally, FoxyProxy. Set a proxy that will be used when you enter a specific URL string.
posted by Solomon at 2:23 AM on July 16, 2011 [8 favorites]
Best answer: I use TACO (Targeted Advertising Cookie Opt-Out), NoScript and Adblock in firefox. Every so often I'll delete all my cookies too, just for good measure.
posted by a womble is an active kind of sloth at 7:38 AM on July 16, 2011
posted by a womble is an active kind of sloth at 7:38 AM on July 16, 2011
Before going down the rabbit hole of "OMG privacy", are you sure the groupon websites aren't affiliated with the websites you did the searching on?
And, are you sure it isn't a coincidence? It's not like a Vegas bus tour is an uncommon thing.
posted by gjc at 9:50 AM on July 16, 2011
And, are you sure it isn't a coincidence? It's not like a Vegas bus tour is an uncommon thing.
posted by gjc at 9:50 AM on July 16, 2011
Bluekai.com is one tracking company that actually voluntarily tells you the dirt it has on you. They're only one of many companies, but it's still really interesting to use their site to get an idea how web tracking works and what they can learn about you from your searches.
posted by miyabo at 4:00 PM on July 16, 2011
posted by miyabo at 4:00 PM on July 16, 2011
Response by poster: Doh! I totally forgot I asked this question. Serves me right for posting on a Friday evening before going out (but here I am doing it again).
I considered the possibility that the emails could have been a coincidence, as yes, of course bus tours are pretty common, but I've been on a bunch of these special deal mailing lists for awhile now and if they had sent me the info before I would have consulted them first. So the fact that I had never received any bus deal offers before and the suspicious timing of it (I do keep my email open in my browser and am constantly checking my email when I am doing other things on the internet) made me really wary. I do use No Script but the problem is that to access some websites in order to view the content I have to permit some scripts to run. But I know now that there are other tools that I can use on top of No Script. Thanks everyone!
posted by tastycracker at 7:03 PM on July 29, 2011
I considered the possibility that the emails could have been a coincidence, as yes, of course bus tours are pretty common, but I've been on a bunch of these special deal mailing lists for awhile now and if they had sent me the info before I would have consulted them first. So the fact that I had never received any bus deal offers before and the suspicious timing of it (I do keep my email open in my browser and am constantly checking my email when I am doing other things on the internet) made me really wary. I do use No Script but the problem is that to access some websites in order to view the content I have to permit some scripts to run. But I know now that there are other tools that I can use on top of No Script. Thanks everyone!
posted by tastycracker at 7:03 PM on July 29, 2011
« Older How does one cultivate genuine gratitude? | $700 laptop for grandpa that does *not* have a... Newer »
This thread is closed to new comments.
posted by paulsc at 6:40 PM on July 15, 2011 [1 favorite]