Basic Tips for Privacy on the Web

In the light of recent news about N$A practices, you may wonder how to take a little more control of your Web presence and experience. Here are some steps to consider if you value privacy…

Email:

  • Make sure the connection to your email provider/server is a secure connection. Webmail providers (those where you check your email in your browser) usually are. Others (server-based) should be double-checked to be using SSL/TLS connection.
  • If you’re in Europe, consider using an European mail provider, such as eclipso.eu. If you have a website hosted in European servers, you can set up your own domain for email.
  • For an additional security layer, consider encrypting your messages. Thunderbird users can use the Enigmail add-on. For Webmail, there are some browser extensions for encryption. Click here for more guidance on this.

Encrypted Searches:

  • Use encrypted.google.com as your default search engine, thus preventing eavesdropping from random people when browsing in unsecure connections. You can also try DuckDuckGo — a search engine that doesn’t focus on personalized results. DDG’s results aren’t always perfect, so personally I stick with Google for searches (logged off).
  • Note: this won’t prevent your Internet Service Provider (a.k.a. ISP / your Internet access company) from knowing the sites you visit and the terms of your searches. Google might also keep track unless you turn off their web history.

Proxies/VPN [advanced]:

Enable HTTPS browsing:

  • HTTPS Everywhere
  • Enable HTTPS / secure browsing in Facebook’s privacy settings. Double-check your other settings there, in case Facebook sneaked in another “feature” with dubious purposes. Better yet, avoid facebook altogether.

Hold your cookies:

  • Control the “cookies” stored by webpages (and their ads) on your computer. For example, you can configure your browser to keep cookies only until you close the browser. I suggest doing a complete cleanup of all cookies once before you configure this. Be ready to remember the passwords you have used in the past, because…
  • You will need to login again to any site requiring login on your next browsing session. You can counter this by letting your browser save passwords. Personally I prefer that to having all that cookie data on my computer, as I trust browser developers more than advertisers.
  • The privacy options of web browsers usually provide a Do Not Track setting, which in theory it can help prevent advertisement tracking. Google Chrome also provides prediction and spell checking services which you might not really need.
  • Update: If you have Flash installed, check the settings to prevent any data from being stored by Flash in your computer. Unfortunately, web companies have now adopted Flash as a cookie-like data-storing mechanism.

Blocking ad trackers, social plugins (and any scripts):

  • As a complement to the point above, or especially if you have issues controlling your cookies so tightly, you can also use browser extensions like Privacy Badger. They can identify and block trackers and social plugins that appear in many sites. If you block social plugins you actually stop seeing those annoying “X people like this page on Facebook” boxes.

Personal mentions and profiles:

  • If you’re being mentioned on the web and would like to disappear, SafeShepherd can help with that.

Online Storage:

  • Avoid storing all your personal files in the cloud, at least with companies from countries with snoopy governments.

Chat:

  • Now this one is a pickle. Microsoft is arguably making Skype less resistant to government snooping; Google has just removed the ability to disable all chat history by default; and Facebook, well, is just not trustworthy regarding how much of your data they keep and access freely.
  • If you want to be fairly confident about the eternal privacy of your chats, you might need to use something like ChatSecure or Pidgin‘s encryption plugin. This is, in practice, very hard because you need every other person to use the same.
  • In the end, you’re probably better off not caring much about it and keeping sensitive talks offline.

Did I forget anything?

Third-party Comment Systems Gone Wild

2013 must be the year of third-party commenting systems. Facebook’s comments were already popular and integrated into several sites. This year I’ve seen Disqus take over the comment sections of some websites, apparently increasing their lead over Livefyre, while Google is already deploying their Google+ comment integration in Blogspot.

These solutions might be interesting for the business owner / novice webmaster who wants to save some time on implementing comments on a plain, non-CMS site. On the other hand, I don’t really understand why many CMS-based sites are dropping their native CMS option in favor of a solution with so many drawbacks. This is what’s happening…

  1. Third-party commenting systems own the comments. They feed them to the webpages through scripts that don’t actually make the comments part of the source code or (in other words) visible to search engines. It gets worse with Google+ where many comments are actually not comments, but Google+ shares of the webpage. Sometimes you can’t even follow a proper line of discussion in the original site.
  2. External systems can fail independently of your site being up and running. I’ve personally experienced a case where externally hosted comments just wouldn’t load. It also happened that I lost my comment for failing to realise that I needed to log in.
  3. 3rd party comment systems track comments of a user across all the sites using the same system. Just the kind of centralization that your favorite government intelligence loves.
  4. These systems also force the user to either create another account (adding complexity to the user’s own account/password management process) or to give them access to some of your social profile data.
  5. They can simply not work on mobile devices. With smartphone and table use on the rise, you’re losing valuable interactions with your site.

I wonder if there’s any study out there that measured user engagement before and after the switch from native to third-party comment systems… So far I only found similar opinions. [1,2,3]