Keeping my browsing habits secure
February 23, 2012 12:52 PM Subscribe
I have a handful of questions about Google, VPNs and privacy.
All this talk of Google's changes in privacy policy has me rethinking my security settings and I was hoping to get some advice on what I need to tweak to be safer. I want to continue to browse without the worry of being tracked.
I'm on Macbook Pro (OSX 10.7.3) and Chrome is my primary browser (way speedier than Firefox which I have but rarely use). My default search engine is DuckDuckGo with Google Suggest (so it uses google suggest to show me search as you type results in the nav bar but the actual search goes to DuckDuckGo).
I am not signed into Google on my Chrome preferences. I use Gmail through a client (Sparrow) but I am not logged in via any browser. I used to be logged into Google+ but for now I've logged out. Although I have a Facebook account, I almost never login (once or twice a year at best).
Relevant extensions: Ghostery, AdBlock Plus, Disconnect.
I browse from home (DSL), work (a university), or a coffee shop and have a couple of paid VPN accounts (another USA location and Germany). My provider is based in Sweden and they (claim) not to maintain any logs.
My browsing habits: I typically use Chrome 90% of the day (mostly work related stuff). I haven't seen a single ad since 2007 (back then I had Adblock/adblock plus on Firefox).
I turn on my VPN (other USA one) when I'm using credit cards from a coffee shop or when I feel the need to keep certain browsing private from anyone that might have access to that specific router through which I am connected.
Very occasionally I will fire up Google Chrome Canary (which I don't use otherwise), turn on my German VPN, and grab an obscure album from The Pirate Bay. During this time I make sure to close my regular Google Chrome and my email client (otherwise when client pings gmail, Google will have a record of my German IP and could put two-and-two together). If I am downloading a torrent (using utorrent), I keep the VPN on till it's done. I also do this from work because the speed is 30x what I get at home (and use a VPN manager to force quit utorrent if my VPN drops connection so that way I don't continue to torrent fully exposed from my work connection). I'm usually at my desk doing other things but this is a failsafe. If I am torrenting from a cafe, I don't bother turning on the VPN.
I don't use my VPN for general browsing because it tends to slow down my connection (especially the already slow one I have at home).
Questions
1. I have never seen an ad in 5 years. So I have no idea if I am still being profiled. Are there additional tools I should use to protect myself (that works with my existing set up described above)?
2. Is there any gaping security hole in my existing set up? Am I playing with fire with regards to any of the activities I describe above?
3. While DDG is fine for search, I still have to use Google for Scholar, and Images. Should I limit those to a second browser (Google Chrome Canary?). I am under the impression that having two version of Google Chrome keeps things separate (i.e. they don't talk to each other). Is that right?
All this talk of Google's changes in privacy policy has me rethinking my security settings and I was hoping to get some advice on what I need to tweak to be safer. I want to continue to browse without the worry of being tracked.
I'm on Macbook Pro (OSX 10.7.3) and Chrome is my primary browser (way speedier than Firefox which I have but rarely use). My default search engine is DuckDuckGo with Google Suggest (so it uses google suggest to show me search as you type results in the nav bar but the actual search goes to DuckDuckGo).
I am not signed into Google on my Chrome preferences. I use Gmail through a client (Sparrow) but I am not logged in via any browser. I used to be logged into Google+ but for now I've logged out. Although I have a Facebook account, I almost never login (once or twice a year at best).
Relevant extensions: Ghostery, AdBlock Plus, Disconnect.
I browse from home (DSL), work (a university), or a coffee shop and have a couple of paid VPN accounts (another USA location and Germany). My provider is based in Sweden and they (claim) not to maintain any logs.
My browsing habits: I typically use Chrome 90% of the day (mostly work related stuff). I haven't seen a single ad since 2007 (back then I had Adblock/adblock plus on Firefox).
I turn on my VPN (other USA one) when I'm using credit cards from a coffee shop or when I feel the need to keep certain browsing private from anyone that might have access to that specific router through which I am connected.
Very occasionally I will fire up Google Chrome Canary (which I don't use otherwise), turn on my German VPN, and grab an obscure album from The Pirate Bay. During this time I make sure to close my regular Google Chrome and my email client (otherwise when client pings gmail, Google will have a record of my German IP and could put two-and-two together). If I am downloading a torrent (using utorrent), I keep the VPN on till it's done. I also do this from work because the speed is 30x what I get at home (and use a VPN manager to force quit utorrent if my VPN drops connection so that way I don't continue to torrent fully exposed from my work connection). I'm usually at my desk doing other things but this is a failsafe. If I am torrenting from a cafe, I don't bother turning on the VPN.
I don't use my VPN for general browsing because it tends to slow down my connection (especially the already slow one I have at home).
Questions
1. I have never seen an ad in 5 years. So I have no idea if I am still being profiled. Are there additional tools I should use to protect myself (that works with my existing set up described above)?
2. Is there any gaping security hole in my existing set up? Am I playing with fire with regards to any of the activities I describe above?
3. While DDG is fine for search, I still have to use Google for Scholar, and Images. Should I limit those to a second browser (Google Chrome Canary?). I am under the impression that having two version of Google Chrome keeps things separate (i.e. they don't talk to each other). Is that right?
The VPN provides absolutely 0 protection from getting caught downloading torrents. In fact using an American VPN provider might make you more vulnerable. They will issue a subpoena request and the VPN provider will be able to tie it into your account, and since you logged in with a user name and password, you can't even claim an open wireless connection.
posted by empath at 1:48 PM on February 23, 2012 [1 favorite]
posted by empath at 1:48 PM on February 23, 2012 [1 favorite]
The easiest way to determine if you're being tracked is by looking to see what cookies are currently in your browser. go to chrome://settings/cookies and see who has dropped a cookie on your machine. Those sites are tracking you on some levels each time you visit that site or when you load an image or script file from that domain.
You can always simply block all persistent cookies and then it becomes that much harder to track your activities.
Note that no one needs your cookies to track you - I've received harassment emails based on torrent downloads that would have had nothing more than my IP address. Lawyers sent notice to my ISP and my ISP relayed the notice to me. Not much to be done if your ISP is willing to cooperate with requests about your internet activities.
posted by GuyZero at 4:38 PM on February 23, 2012
You can always simply block all persistent cookies and then it becomes that much harder to track your activities.
Note that no one needs your cookies to track you - I've received harassment emails based on torrent downloads that would have had nothing more than my IP address. Lawyers sent notice to my ISP and my ISP relayed the notice to me. Not much to be done if your ISP is willing to cooperate with requests about your internet activities.
posted by GuyZero at 4:38 PM on February 23, 2012
If you want to be paranoid -
running chrome means google has your ip updated every hour as chrome phones home checking for the 'latest' update. At least that's what chrome does on Windows. Haven't checked OSX but I'd assume the same. That's all they need to complete the picture.
If you use 'safebrowsing', (try switching that off in ff) every URL you visit is checked either with google or MS, so that's your complete browsing history you give away right there.
Several sites "need" (aka as too lazy/stupid to roll their own code) googleapis to work properly so that's another method to track you. No cookies involved.
The panopticlick.eff.org site describes several tracking methods that can be used to track you. The fonts installed by flash, etc go a long way to make your fingerprint unique.
I'm still waiting for someone to develop an extension that would allow you to obfuscate these parameters (screen dimensions, fonts, etc) as more and more sites don't work without javascript enabled.
Bit late to worry about your privacy. That was mostly given away when the internet was young and you had no clue what you were giving away for free...
posted by w.fugawe at 3:07 AM on February 24, 2012 [1 favorite]
running chrome means google has your ip updated every hour as chrome phones home checking for the 'latest' update. At least that's what chrome does on Windows. Haven't checked OSX but I'd assume the same. That's all they need to complete the picture.
If you use 'safebrowsing', (try switching that off in ff) every URL you visit is checked either with google or MS, so that's your complete browsing history you give away right there.
Several sites "need" (aka as too lazy/stupid to roll their own code) googleapis to work properly so that's another method to track you. No cookies involved.
The panopticlick.eff.org site describes several tracking methods that can be used to track you. The fonts installed by flash, etc go a long way to make your fingerprint unique.
I'm still waiting for someone to develop an extension that would allow you to obfuscate these parameters (screen dimensions, fonts, etc) as more and more sites don't work without javascript enabled.
Bit late to worry about your privacy. That was mostly given away when the internet was young and you had no clue what you were giving away for free...
posted by w.fugawe at 3:07 AM on February 24, 2012 [1 favorite]
This thread is closed to new comments.
posted by JohnnyGunn at 1:34 PM on February 23, 2012 [2 favorites]