Simple ways to enhance your Internet privacy

Fortify your browser, opt out of location tracking, and use a virtual private network to hide your IP address.

Recent disclosures of U.S. government surveillance of our phone and Internet activity have heightened interest in services that promise not to collect or share our personal information.

One such service is DuckDuckGo, a privacy-focused search engine that has seen its traffic jump since news broke earlier this month of the National Security Agency's PRISM electronic surveillance program. The Guardian's Stuart Dredge reports that DuckDuckGo's daily search count reached an all-time high of 3.1 million on June 17, well above its daily average of 1.8 million daily searches prior to the PRISM revelations.

Those numbers are dwarfed by Google's search traffic. According to research firm ComScore, Google handled 13.4 billion search queries in May 2013 for a daily average of more than 400 million searches per day.

In a post from May 2011 I described privacy-centric alternatives to Google, Gmail, and Facebook, one of which is the Ixquick.com search engine that, like DuckDuckGo, promises not to record your IP address or any other information about your search. (The service was recently rebranded in the U.S. as Start Page.)

The fact is, the Internet is a public network. There's no such thing as complete privacy online. Most people like being remembered at their favorite sites and having access to their Web history. Many of us don't mind seeing ads based on our Internet profile and consider targeted ads a small price to pay for "free" services.

Even folks who broadcast their location 24-7 and liberally post other details of their life want to know the information isn't being used against them. Fortunately, it's not difficult to exert some control over the personal information you share with Web sites and their partners (not to mention other interested third parties).

Note that many sites require JavaScript, your IP address, or other features that these steps disable, so you may have to turn the features back on to open the page correctly. Also, there are many times when you want a site to know your IP address, and some services will not recognize you without knowing your IP address, which is masked by virtual private networks such as those I describe below.

Step 1: Block ads, screen scripts, and clear cookies
Last month's post on how to improve security in Firefox, Chrome, and IE explained why enabling the browsers' do-not-track feature may be a waste of time. SFGate's James Temple reported earlier this week that members of the World Wide Web Consortium's do-not-track working group recommend disbanding the group following its impending failure to meet a July 2013 deadline for a "Last Call" consensus -- a deadline that has already been pushed back four times. Group members believe a compromise between online advertisers and privacy advocates is unlikely.

Who's tracking you? Besides the government, every Internet service you've ever used, nearly every Web site you've ever visited, and nearly every advertiser who's ever bought space on a page you viewed, nobody in particular. Did I mention the people who developed the software you use? They may be keeping tabs on your activities, too.

Three browser add-ons eliminate many of the trackers: AdBlock Plus removes ads (available for Firefox, Chrome, and in beta form for IE); NoScript blocks scripts until you allow them (available for Firefox only); and Better Privacy lets you control Flash cookies (also available only for Firefox). I've written about all three programs in the past, so here's a quick overview:

Adblock Plus was one of the programs I described in last month's " Three essential security add-ons for Firefox, Chrome, and IE ." That post also recommends using the Ghostery extension to block some or all online trackers. Earlier this week a reader alerted me to an article by Tom Simonite on the MIT Technology Review stating that Evidon, the company that bought Ghostery in 2010, is selling the data some Ghostery users volunteer to the company back to online advertisers so the marketers can improve their products.

When AdBlock Plus removes an ad, it also removes the ad's tracking component, so you don't really need both AdBlock Plus and Ghostery. I'm not aware of AdBlock Plus making money from online advertisers. In fact, the program is a "community-driven open-source project" that accepts contributions in many different forms.

Likewise, the day-earlier post on " How to improve security in Firefox, Chrome, and IE " recommends using NoScript to allow JavaScript to run on a site-by-site and script-by-script basis. As that post states, JavaScript has become a favorite medium of malware authors. Since viruses often target your contacts, the malware is a privacy threat to you and to the people you know.

NoScript is donationware; the developer suggests a $15 donation.

Another method used by Web trackers is the Flash cookie. As I explained in last October's " Three not so simple but necessary security tips ," the latest versions of Firefox, Chrome, and IE delete Flash cookies along with all the other cookies you remove from your browser. That post explains how to set your browser to delete all cookies each time you close the program.

Some Flash cookies may be worth retaining, particularly those deposited by sites you visit frequently. As last October's post mentioned, my favorite Firefox add-on for managing Flash cookies is Better Privacy, a free Firefox extension that lets you view, allow, delete, and block specific Flash cookies. I went into detail on how to use Better Privacy in July 2010's " Five great Firefox privacy add-ons ."

Windows 7 users can control their Flash cookies via the Flash Player Control Panel applet. (In Windows 8 it's called the Flash Player Settings Manager.) The post from October explains how to use the Windows applet as well as the settings on Adobe's Flash Player Settings page.

Browsing with these three extensions enabled in Firefox will keep the majority of Web trackers in the dark.

Step two: Don't let iPhone and iPad apps follow you around
Montana recently became the first state to require that law enforcement agencies acquire a probable-cause warrant before they can use the location information from a person's phone, social-network check-ins, or any GPS-enabled device. Allie Bohm of the American Civil Liberties Union reports that similar legislation is pending in Texas, Maine, and other states; the federal equivalent Geolocational Privacy & Surveillance Act currently has a 1-percent chance of being enacted, according to GovTrack.us.

BBC News' Jason Palmer reported last March on a study published in Scientific Reports that found researchers were able to identify a person based solely on four data points retrieved from the location data broadcast by their smartphone.

The Electronic Frontier Foundation's Surveillance Self-Defense page points out that since cell phones can be tracked even when turned off, the only way to prevent your phone from broadcasting your location is to leave it at home or remove its battery.

Which might make you wonder, why have a cell phone at all if you can't take it with you or if you have to install the battery each time you use it? For most people, the benefits of a cell phone far outweigh the risks of some entity using its signal to track their whereabouts.

The Privacy Rights Clearinghouse fact sheet titled "Privacy in the Age of the Smartphone" recommends ensuring that your phone's apps request only the personal data they need to function. The fact sheet points out that the Android install screen indicates the data each app you install is able to access.

To limit an app's access to your location on an iPhone or iPad, open the device's Settings and choose either General > Location Services, Privacy > Location Services, or simply Location Services, depending on your device and version of iOS.

iPad Location Services settings
Limit access to your location on an app-by-app basis via the Location Services options in the iPhone/iPad Settings. Screenshot by Dennis O'Reilly/CNET

As the Apple Support site points out, location services allow you to find nearby services, such as restaurants and gas stations. Even with location services disabled, your iPhone may broadcast your location to allow emergency responders to find you, for example.

(Note that one good reason to disable all location services on your phone is to conserve battery life.)

Disabling all location services impairs the functionality of many apps as well as features of the iPhone and iPad itself. In addition to allowing or disabling location tracking app by app, press General > Privacy > Location Services > System Services (scroll to the bottom of the screen, if necessary) to manage location access for the iOS device's built-in functions.

Status Bar Icon setting in iPhone System Services
Set your iPhone to indicate when a service requests your location by changing this setting in Location Services > System Services. Screenshot by Dennis O'Reilly/CNET

To view the Location Services icon in the status bar whenever one of the services requests your location, scroll to the bottom of the System Services screen and slide the Status Bar Icon setting to On (it's off by default).

To disable location services on an Android phone, open its Settings, press Location Services under Personal, and uncheck the boxes. The Windows Phone site explains the location controls in Windows 7 and Windows 8.

Step three: Keep your IP address private by using a VPN
As I stated above, there are plenty of good reasons for sharing your IP address with the sites you visit, particularly those you return to regularly. However, your IP address can be used to identify you, although doing so may require a warrant, as explained in an article on WhatIsMyIPAddress.com.

In February 2012's " How to use VPN to defeat deep packet inspection ," I tested the free versions of two VPN services: ProXPN and OpenVPN's Private Tunnel.

A post that appeared one year earlier described the free, OpenVPN-based Security Kiss service. I've also covered the Electronic Frontier Foundation's free HTTPS Everywhere Firefox extension in previous articles.

More recently I tried the Cocoon Firefox extension that encrypts all your Internet activity and hides your IP address. The add-on includes Cocoon for Kids, which lets parents control and track their children's online activities.

Cocoon creates a private browsing history, but access to saved sites, notes, and history-management features requires the paid version of the service, which costs $5 a month or $29 a year (the company offers a 30-day free trial of the paid service). The paid version also scans for viruses, blocks ads, stores passwords, and lets you create throwaway e-mail addresses when signing up for Web services.

When I tested the service I was unable to sign into my ISP mail account because the e-mail server didn't recognize my IP address. I was also prevented from previewing music tracks on Amazon.com, and other popular sites, such as ESPN.com and CNN.com, opened with video and other features disabled.

Searching with Cocoon's customized Google search engine restricts the types of sites displayed in the results, but you can select the standard Google search as well as other search engines via the drop-down menu on the Cocoon toolbar.

Cocoon's custom Google search and other search options
The Cocoon extension for Firefox hides your identity from the Web sites you visit, but it may prevent some services from working. Screenshot by Dennis O'Reilly/CNEt

After several hours of browsing with Cocoon enabled I determined that the Web functionality the service blocks is worth more to me than the high level of privacy the program delivers. For those times when you want to browse without allowing the sites you visit to identify you, Cocoon fits the bill nicely. (Note that Cocoon may conflict with other Firefox extensions.)

About the author

    Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Looking for an affordable tablet?

    CNET rounds up high-quality tablets that won't break your wallet.