Browser Privacy: RequestPolicy and Panopticlick

The experienced paranoids amongst you may find this old hat.

For everyone else, there’s Panopticlick. You’ve swallowed your cookies with a glass of milk, disposed of Flash in a pan, and filed a lawsuit over scalding hot Java on your laptop. But you’re still fucked.

How?

It’s called browser fingerprinting. Without knowing your IP address or having any other way of tracking you, the data your browser sends to a webserver is often still more or less unique to your machine. Unlike cookies, this fingerprint doesn’t change. Want to know how unique your fingerprint is? Try the EFF’s Panopticlick tool.

Browser fingerprinting is one reason hosts-file based site blocking has seemed so neat. No browser plugin means no additional bit of data in the browser fingerprint to identify you.

It turns out I was misinformed, or things have changed since I last tried it. At least as of my version of Firefox, browser extensions and the like don’t show up in Panopticlick — just media player plugins. (This doesn’t mean there’s no way to enumerate them, but it reduces the odds.)

We can therefore put a very neat tool to use in the name of privacy.

RequestPolicy is a plugin that prevents you from being tracked in a centralized fashion as you travel across the web. (Except by “global observers.”) Horrendously annoying to use initially, it’s nevertheless an extremely effective tool. Every time you visit a website, RequestPolicy prevents your browser from snitching to 3rd parties (at the behest of the website’s owner) that you were there.

Consider the Google problem. Lots of websites will use one of Google’s enticingly free services in some minor way, which means that (even if you never use that search engine) your browser fingerprint is showing up in Google’s databases whenever you traverse those websites.

RequestPolicy solves that problem. Whenever you visit a website, the only website that finds out about it is the website you meant to visit… unless you allow otherwise.

As it happens, you’ll end up doing a lot of allowing. Turn it on the first time, and you’ll experience just how dependent many popular websites are on other ones for basic functionality. Tons and tons of them host images, formatting style sheets, and data heavy applications on CDNs or AWS instances. And all of a sudden YouTube embedding is utterly broken (unless you allow it).

On the upside… the web gets a LOT faster. And ads? Almost all gone.

So give it a try… you can grab AdBlock Plus / Adblock Edge as well for an extra safety net.

http://panopticlick.eff.org/
http://www.reddit.com/r/privacy/comments/1f408k/request_a_way_to_prevent_detection_of_plugins_in/ https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/?src=ss https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/

Advertisements
%d bloggers like this: