Basic Tips for Privacy on the Web

In the light of recent news about N$A practices, you may wonder how to take a little more control of your Web presence and experience. Here are some steps to consider if you value privacy…

Email:

  • Make sure the connection to your email provider/server is a secure connection. Webmail providers (those where you check your email in your browser) usually are. Others (server-based) should be double-checked to be using SSL/TLS connection.
  • If you’re in Europe, consider using an European provider, such as ProtonMail.
  • For an additional security layer, if you’re not using ProtonMail, consider encrypting your messages. Thunderbird users can use the Enigmail add-on. For Webmail, there are some browser extensions for encryption. Click here for more guidance on this.

Encrypted Searches:

  • Use encrypted.google.com as your default search engine, thus preventing eavesdropping from random people when browsing in unsecure connections. Better yet, try DuckDuckGo — a search engine that doesn’t focus on personalized results.
  • Note: this won’t prevent your Internet Service Provider (a.k.a. ISP / your Internet access company) from knowing the sites you visit and the terms of your searches. Google might also keep track unless you turn off their web history. For this, you’d need to setup custom DNS servers (in your browser or internet connection settings) or use a VPN.

Proxies/VPN [advanced]:

Enable HTTPS browsing:

  • HTTPS Everywhere
  • Enable HTTPS / secure browsing in Facebook’s privacy settings. Double-check your other settings there, in case Facebook sneaked in another “feature” with dubious purposes. Better yet, avoid facebook altogether.

Blocking ad trackers, social plugins (and any scripts):

  • The absolute best privacy extension is uBlock Origin, period.
  • With this ad blockler active, you don’t even need to worry about browser cookies much, as the advertising cookies used to track you won’t get set on your browser.
  • If you don’t use an adblocker, however… see next.

Hold your cookies:

  • Control the “cookies” stored by webpages (and their ads) on your computer. For example, you can configure your browser to keep cookies only until you close the browser. I suggest doing a complete cleanup of all cookies once before you configure this. Be ready to remember the passwords you have used in the past, because…
  • You will need to login again to any site requiring login on your next browsing session. You can counter this by letting your browser save passwords. Personally I prefer that to having all that cookie data on my computer, as I trust browser developers more than advertisers.
  • The privacy options of web browsers usually provide a Do Not Track setting, which in theory it can help prevent advertisement tracking. Google Chrome also provides prediction and spell checking services which you might not really need.

Personal mentions and profiles:

  • If you’re being mentioned on the web and would like to disappear, SafeShepherd can help with that.

Online Storage:

  • Avoid storing all your personal files in the cloud, at least with companies from countries with snoopy governments.
  • For what you must, try Proton Drive.

Chat:

  • Whatsapp is owned by facebook; Telegram doesn’t encrypt chats by default. Use Signal.

First published June 26th, 2013. Last update: Sep 2, 2021.

Third-party Comment Systems Gone Wild

2013 must be the year of third-party commenting systems. Facebook’s comments were already popular and integrated into several sites. This year I’ve seen Disqus take over the comment sections of some websites, apparently increasing their lead over Livefyre, while Google is already deploying their Google+ comment integration in Blogspot.

These solutions might be interesting for the business owner / novice webmaster who wants to save some time on implementing comments on a plain, non-CMS site. On the other hand, I don’t really understand why many CMS-based sites are dropping their native CMS option in favor of a solution with so many drawbacks. This is what’s happening…

  1. Third-party commenting systems own the comments. They feed them to the webpages through scripts that don’t actually make the comments part of the source code or (in other words) visible to search engines. It gets worse with Google+ where many comments are actually not comments, but Google+ shares of the webpage. Sometimes you can’t even follow a proper line of discussion in the original site.
  2. External systems can fail independently of your site being up and running. I’ve personally experienced a case where externally hosted comments just wouldn’t load. It also happened that I lost my comment for failing to realise that I needed to log in.
  3. 3rd party comment systems track comments of a user across all the sites using the same system. Just the kind of centralization that your favorite government intelligence loves.
  4. These systems also force the user to either create another account (adding complexity to the user’s own account/password management process) or to give them access to some of your social profile data.
  5. They can simply not work on mobile devices. With smartphone and table use on the rise, you’re losing valuable interactions with your site.

I wonder if there’s any study out there that measured user engagement before and after the switch from native to third-party comment systems… So far I only found similar opinions. [1,2,3]