Jump to content


Getting an "Insecure Connection" warning for Exisle? No worry

Details in this thread

Social Network privacy/security

security privacy facebook twitter Google plugins

  • Please log in to reply
8 replies to this topic

#1 Orpheus

Orpheus

    I'm not the boss of you!

  • Administrator
  • 17,757 posts

Posted 02 August 2012 - 12:39 PM

They say "the perfect is the enemy of the good" --which can mean a lot of things, but for me it means that I put off or drop a lot of projects because I don't have time to do it better or "right".

This thread is one of those things. I get a lot of questions about facebook (and other social networks), but I don't know when I'll get a chance to do a proper write-up, so from now on, 'll just stick any good links I find here, so you can figure it out yourself. I hope you'll do the same.

Lifehacker did a good article on cross-site tracking by social networks. In its simplest form, the social networks host the scripts and icons for their "like"-type buttons, and other services on their own server, which means that every time you load a page containing them, the request shows up in their server logs. It may not be "personally identifiable" but it does tell them the IP making the request (otherwise they couldn't send you the script/icon embedded in that page), and if you have an account with that service (or its partners, affiliates, etc.) or otherwise spill the beans, they can usually link you to any IP you use frequently, from your home connection to your favorite coffee shop

The article suggests several tools to display all the outside services embedded in a certain page and to block them. If your browser doesn't ask for Facebook's "like" icon every time you load a page (and those icons are everywhere), Facebook doesn't know where you're surfing. If you browser DOES ask to load those icons, Facebook knows every place you, whether you are logged in or not

The only one of the plug-in they list that I have tried extensively is Ghostery -- and I like it. I gives me an easy display of all the tracking that is going on, and a link explaining each site/service on the list

BTW, on Ex Isle, Ghostery will list Viglink (not a tracker, but a service that helps us get commissions) and on the index page, eBay. We'd prefer if you didn't block those, but we understand if you must.

#2 Mikoto

Mikoto

    Rejected on all levels.

  • Islander
  • 9,304 posts

Posted 02 August 2012 - 08:46 PM

Thanks Orph.

I've gotten one of the plugins so  hopefully I have some privacy now.
Rejected and gone.

#3 foborg

foborg
  • Islander
  • 2,263 posts

Posted 05 August 2012 - 06:54 PM

There are lots of ways to tie a javascript or an image load to an account without using the IP adress or cookies. One of the trickier ways I've seen is to send a unique ETag on each full load for the file. The browser will then send back the same ETag when it checks cache freshness, as long as the script is in the browser's cache.
Please don't spoil future episodes, even if they've been previewed.

#4 Mark

Mark
  • Islander
  • 5,269 posts

Posted 06 August 2012 - 04:05 PM

Mark: Here's what I use...I love it!  It's called Do Not Track Plus, and it's a free program. http://donottrackplu.../howitworks.php  My program has blocked 14,0908 companies (including ad networks, social networks, and companies). The program also allows me to allow certain sites if I choose to...I never do. It also has other features, but I'll let you explore those for yourselves. I highly recommend this program.   Right now, this program is working flawlessly with my up-to-date Firefox browser (version 14.0.1).

Edited by Mark, 06 August 2012 - 04:07 PM.

Mark
Discussion is an exchange of knowledge: argument is an exchange of ignorance.
Peace is not the absence of conflict, but the ability to cope with it.
APOGEE MESSAGE BOARD

#5 JudasRimmer

JudasRimmer

    Emperor of Incompetence

  • Islander
  • 682 posts

Posted 06 August 2012 - 10:29 PM

Thanks Mark and Orph,some good stuff I hadn't heard of there. My tip is Noscript,the script blocker : http://noscript.net/ It basically gives you total control over what javscript files you allow and for which domains and sub-domains,and this is a great thing because not only does it stop the loading of a lot of crap,by blocking 3rd party scripts on a website it stops said 3rd parties tracking you,adding their cookies,and prevents malware and viruses from being installed if said 3rd party scripts are on a site hacked by pirates and criminals.

Dave.

#6 Mark

Mark
  • Islander
  • 5,269 posts

Posted 06 August 2012 - 10:59 PM

Mark: Wow, thanks Dave. I'll have to read up on that program, it looks a bit complicated, but some of the best programs are. Thanks again. :smile2:
Mark
Discussion is an exchange of knowledge: argument is an exchange of ignorance.
Peace is not the absence of conflict, but the ability to cope with it.
APOGEE MESSAGE BOARD

#7 JudasRimmer

JudasRimmer

    Emperor of Incompetence

  • Islander
  • 682 posts

Posted 06 August 2012 - 11:11 PM

YW! One thing I forgot which it also does is to block embedded flash files. This is useful if you're on a site that embeds loads of YT vids because they won't load and gobble b/w and resources. If you're on YT itself,it'll block any vids from playing too,so you can just read the comments and description before clicking on the placeholder to play the vid if you wish to. It does a lot more too,some of which I don't really understand,but those abilities alone are worth it for me. You can also permanently or temporarily enable javascript for specific domains/subdomains and the flash embeds still stay blocked until clicked on.

Dave.

#8 Orpheus

Orpheus

    I'm not the boss of you!

  • Administrator
  • 17,757 posts

Posted 06 August 2012 - 11:38 PM

I love NoScript. If I had to use one plugin, that would be it. It covers a broad range of threats to a good depth, but I'm afraid that it doesn't -can't- entirely block all social networking privacy issues unless you understand those issues yourself, because those elements are part of the normal and intended (but usually nonessential) functioning of many high-respectability webpages.

NoScript isn't for everyone. Its default settings (pretty tight) may interfere with pro-consumer features of many commercial sites (customer service, shopping, reviews). Over time you develop a whitelist of valuable third-party sites, often by trial and error. I made the mistake of wiping my whitelist at the start of this year, and I'm still rebuilding it (though I don't surf nearly as much as I did in years past). It may only be a one-time 1-minute process to fix a given site, when a desired feature doesn't work, but there isn't always a telltale clue that NoScript is causing the problem (or that there even IS a problem)

I recommend social privacy plugins because those authors monitor such networks and update accordingly. Unlike other security/privacy concerns, Social networks (and their affiliates) are DELIBERATELY added to most of the web: Webmasters don't realize, or little care, about the side effects, because they value the added features more, and the abuse is already widespread whether they participate or not.

Someone recently asked me "if it really matters". I admit that a prudent webuser may validly decide that (e.g.) NoScript and prudent browsing offers quite good SECURITY and acceptable PRIVACY (the two are distinct). One might even validly set the bar a bit lower than NoScript's defaults. Alas, to make that decision, one must better informed than most users can be expected to be.

I'm only seeking to make you somewhat better informed.

Ultimately, the security landscape will (MUST) change over the next several years, due to public and legal pressures. US adoption of EU-style privacy laws would be a good start, but only a start. Though it may not seem like it, public/legal pressures have effected major changes in many generations of privacy/security threats. You might not want to rely exclusively on commercial self- interest, however, because black-hats aren't motivated by the same interests. It's better to make it so they *can't*, than trust that they *won't*

#9 Mark

Mark
  • Islander
  • 5,269 posts

Posted 06 August 2012 - 11:43 PM

Mark: Quite right, Orpheus. More users need to educate themselves on the tactics and electronic capabilities of these new threats to our Internet security and privacy. We can't really be careful enough.
Mark
Discussion is an exchange of knowledge: argument is an exchange of ignorance.
Peace is not the absence of conflict, but the ability to cope with it.
APOGEE MESSAGE BOARD



Also tagged with one or more of these keywords: security, privacy, facebook, twitter, Google, plugins

0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users