Web & communication software

Seven essential privacy extensions for Firefox

NoScript

The NoScript extension by Giorgio Maone prevents JavaScript, Java and other executable content from running on any Web page you haven't expressly allowed to run scripts. This is crucial protection against cross-site scripting (XSS), where hackers insert code into Web pages using vulnerabilities in the various scripting languages the sites use to deliver content. Hackers use XSS to install arbitrary code on users' machines for keylogging, hijacking passwords or phishing; it's currently one of the most effective methods of delivering malware.

NoScript is also effective in blocking an emerging form of user tracking called browser fingerprinting. A recent study by the Electronic Frontier Foundation (EFF) showed that even without cookies or malware, Web sites can pull enough information about a user from the browser itself to build up a profile that can be used to track the user from site to site. The EFF singled out NoScript as an effective safeguard against this kind of tracking.

Since so much of the Web relies for basic functionality on the scripting languages that NoScript blocks, an Options button at the bottom of the browser window pops up a menu with options that you can use to temporarily or permanently allow scripts on sites you trust.

Tor-Proxy.Net Toolbar

The Tor Project is an anonymizing service that tunnels your Web traffic through a network of random routers to make it virtually impossible for an outside observer to track any Web activity back to your computer. You can install the Tor program on your computer and route all your Web traffic through Tor, but because your packets are bounced off servers around the world, you will experience much slower Internet response.

Using the Tor-Proxy.Net Toolbar, though, you can choose to use Tor on a case-by-case basis, visiting chosen sites anonymously while maintaining non-anonymous connections in other Firefox tabs. Just enter the URL of the site you want to visit into the Tor-Proxy.Net Toolbar instead of Firefox's own address bar and click "by Tor."

The toolbar also offers two other options: You can click "by JAP/JonDos" to use the less popular JonDonym service, which offers slightly better performance but slightly weaker anonymity, or you can click "by Express-Service" to use Tor-Proxy.Net's own anonymizing server. It's a little quicker than the others but isn't as secure, since it's not an established anonymity service.

FireFound

One of the greatest threats to privacy is the loss or theft of a laptop or desktop computer, giving whoever finds or steals it access to everything stored on it. Chris Finke's FireFound extension notes the location of the network your computer is on whenever it connects to the Internet. If it has changed locations, FireFound sends a message to a central server with the new location.

So if the computer has been stolen or misplaced, you can log onto the password-protected FireFound server to find out approximately where it is. You can also set FireFound to send you an alert via e-mail whenever the computer is more than a specific distance away.

FireFound lets you remotely send instructions to delete browser passwords, page cache, surfing history, form data and other personal information from Firefox, so that whoever is in possession of your computer won't be able to use your browser to access your online accounts or derive personal information from your cache.

The extension relies on the free service at FireFound.com, or you can set up your own open-source FireFound server. A $1-per-month premium account allows you to remotely encrypt and back up your saved passwords before wiping them from your lost computer; the premium account also lets you designate "safe areas" within which your computer's movement will not trigger an e-mail alert.

OptimizeGoogle

Google offers an impressive array of services that help make the Internet useful, but all that assistance comes with a cost: your privacy. If you use a number of Google services, you're giving the company access to your search history, your e-mail, your video and picture uploads and a wide range of other data, all of which can live on Google's servers for months or even years.

Phlogenix's OptimizeGoogle extension offers some neat tricks to improve your Google experience, such as adding links to results pages from Yahoo, Ask and other search engines for your searches in case you're not satisfied with your Google results. The extension also offers a number of privacy-increasing options, most notably the ability to default to HTTPS secure browsing on all Google services and disabling tracking by ads or Google Analytics.

[Logan Kugler is a frequent Computerworld contributor.]

Products mentioned in this article

(2 items)

Subscribe to the Apple @ Work Newsletter

Comments