Web & communication software

Seven essential privacy extensions for Firefox

They say privacy doesn't exist on the Web, but that doesn't mean you can't try to safeguard your personal information. Our computers are loaded with details about our personal and business lives, and it's definitely not acceptable to reveal them haphazardly. With hackers becoming ever more sophisticated, you have to take precautions.

One threat to privacy on the Web is the use of cookies and other technologies to track your browsing, clicking, searching, social networking and buying habits as you move from site to site. These tracking technologies build up an online profile of you that can be used not only to send you ads designed to appeal to you (useful to some, intrusive to others) but could also be used for identity theft if the information fell into the wrong hands.

Another threat is the vast number of files that accumulate on your hard drive (your browsing history, log-in cookies, cached pages and more) that could be accessed either by someone who gets physical control over your machine or remotely by hackers who have installed malware on your system. This information can include banking details, credit card numbers, Web site passwords and records of your visits to potentially embarrassing sites.

The current versions of all popular Web browsers offer some sort of "private browsing" feature; you activate it and surf as you normally would, but your cookies, passwords, Web history and browser cache are erased when you close the browser at the end of your session. Private browsing offers some degree of protection if you're willing to forgo the convenience of having your Web history and saved passwords at your fingertips. But researchers from Stanford University and Carnegie Mellon University have found that no browser actually removes every trace of private browsing sessions.

In this regard, Firefox's vast library of browser add-ons is both a blessing and a curse. On one hand, the researchers found that some add-ons, such as those that enhance searching, may store information that's supposed to be purged after a private browsing session.

On the other hand, a number of Firefox extensions (some of which are available for other browsers) can protect your privacy to a degree that's far above and beyond what private browsing can do. For comprehensive control over your privacy, install and use at least some of these eight Firefox extensions.

PasswordMaker

A basic security rule is that you should use a unique, un-guessable password for each site you visit. But how do you remember LV307gbH(* every time you log into your Web mail account? PasswordMaker solves that problem by generating a new password for each site; all you have to remember is your own master password to unlock the extension.

PasswordMaker uses an algorithm based on your master password, the URL of the site, your username and six other factors to generate the password on the fly every time you visit the site. That means it never needs to store passwords on your computer (or on a central server), so even if someone gets access to your computer, your passwords are safe since they're not actually stored on the computer anywhere.

Obviously, it's vitally important not to forget your master password if you use PasswordMaker. It's also important to remember or back up your account settings and configuration; the algorithm uses those settings for password generation, so you'll need to re-create them if your system crashes.

Ghostery

Ghostery launches an Web-based wizard after you install the plug-in.
Cookies placed by ads and Web pages can be used to track you as you move from site to site: Every time you visit a page with code from a particular ad or other tracking network, it can check to see what other sites with its code you've visited, what you did there and what you clicked on, allowing it to build a rather thorough profile of your surfing habits.

If you prefer more private, less customized Web surfing, using your browser's security or privacy settings to block third-party cookies can help, but some tracking services are able to circumvent these controls.

The Ghostery extension, a part of the Better Advertising project, identifies code from 200 different ad and other tracking networks, showing you who is collecting data about you and what data they are collecting. You can decide whether to allow each service to track you or to block it.

When a Web page is first loading, Ghostery overlays a list of active trackers at the top-right-hand corner of your browser. If you want to explore further, you can click the ghost icon in your browser's status bar to bring up a menu listing all the trackers along with links to further information.

You can even explore the particular code used to see exactly what the tracker is doing. Clicking "Block" for any tracker will prevent its JavaScript from loading at all, on the site you're currently visiting plus any other sites that use the same service.

BetterPrivacy

NettiCat's BetterPrivacy offers protection against an increasingly common kind of cookie called a local shared object (LSO) or Flash cookie. LSOs are used by the Adobe Flash Player plug-in to store the same kind of information that's usually stored in browser cookies.

However, because LSO cookies are stored in a system folder instead of in the browser folder, they can't be easily deleted. What's more, unlike browser cookies, LSOs never expire, and they can hold about 25 times more information than typical cookies.

Since these objects are placed by Flash, your browser's security settings have no effect on them. And here's where they get really insidious: some companies use Flash cookies to duplicate their browser cookies. You may delete the browser cookie for a site, but the LSO stays, and it restores the original cookie the next time you visit the site. This reanimation capability has given rise to two more names for these objects: super-cookies and zombie cookies.

This is where BetterPrivacy comes in. The extension can be set to automatically delete all Flash cookies every time you exit your browser, or you can manually manage and delete unwanted LSOs one by one so that information can't be accessed or used to track you from site to site.

When you install BetterPrivacy, there's no obvious change to Firefox off the bat. When you close the browser, however, the extension checks for LSOs. If it finds any, you'll see a dialog box asking if you want to delete them. If you hit Cancel, it doesn't do anything; if you hit OK, it deletes them. There's also a checkbox that lets BetterPrivacy automatically delete all LSOs every time after that.

To manage LSOs directly, open BetterPrivacy's preferences in the Tools menu. Here you can remove them one by one or all at once; you can also add specific LSOs to a whitelist to prevent them from being automatically deleted in the future.

Products mentioned in this article

(2 items)

Subscribe to the Apple @ Work Newsletter

Comments