A small collection of Firefox add-ons you can install to improve (a little bit) your privacy – Part 3

In the past two years the EFF – Electronic Frontier Foundation –  has released a couple of add-ons specifically created to improve your privacy when you are on Internet. Just for a quick information, EFF is a no-profit organization specialized in, but not only, the defense of  privacy and free expression in the contemporary “world of emerging technologies”.

The first interesting EFF add-on is HTTPS Everywhere  that forces websites to provide https webpages also when you (better: your browser) asked for a “common” HTTP connection to their servers. This happens automatically and you don’t usually notice any delay in your navigation speed. HTTPS Everywhere is a precious add-on because it improves the number of “secured” connections when you are on Internet and decreases the risks of information leaking during Internet navigation. Moreover, this add-on is available not only for Firefox but also for Chrome and Opera and, at the moment, could be considered as the most versatile and -simple to use- tool you have to increase the use of HTTPS navigation. HTTPS Everywhere could not be considered as a bullet-proof privacy guarantee but it really does what he promises. Last but not least, it seems that if you adhere to their anonymous data collection about usage, you can really help them to discover false HTTPS certification disseminated through the web and contribute to a safer Internet.

If you want a little bit of security and think that every website should allow to connect through HTTPS, you should try HTTP Nowhere  that blocks all the unencrypted web communications. As for what we described for Flash add-ons (Flash Control and Flash Block) the level of security depends on your choice. HTTP Nowhere is a more “radical” choice but, i any case, it can be widely configured to your needs. For example it allows you to create a whitelist of HTTP websites that will be never blocked. Moreover HTTP Nowhere can be configured to visit .onion websites through TOR.

In  any case don’t forget that HTTPS connections are only relatively more secure than HTTP ones. As someone commented, HTTPS effective privacy depends on Certificate Authorities reliability and seriousness and, in some cases, HTTPS could be easily eluded. 

The other EFF add-on I’d like to focus your attention is the Privacy Badger . This add-on has the same goals of the most famous Ad Block or Disconnect but it works in a different way. In fact its work is not based of previously compiled list the needs to be updated frequently but on an heuristic examination of trackers behaviour. It could be considered “democratic” because it doesn’t automatically ban trackers at all but analyzes if they are looking for your web habits or they are “just” recording your passage in a specific website. In this last case the Privacy Badger will observe their behaviour during your next navigation and, if they persist to track you, it will label them with different colours (green to yellow to red) blocking them when they become too intrusive for your privacy. The PRO is that also a brand new tracker -never reviewed by security advisers- will be promptly discovered and neutralized but the CONS is represented by the fact that also the most known intrusive tracker will be initially allowed to register your habits.

For its intrinsic features, the Privacy Badger could be added to Firefox as an extra barrier to fight trackers and improve your privacy. In the next post we will examine other add-ons that can be matched with it.

A small collection of Firefox add-ons you can install to improve (a little bit) your privacy – Part 2

I already described the privacy concerns related to Flash files in the my last post about Firefox add-ons and privacy. Today I want to talk about some interesting Firefox add-ons that could be helpful to reduce privacy risks during Internet navigation.

The first add-on is Flash Control  that “controls as and when to display the Flash player and the HTML5 player”. Another similar add-on is Flashblock  that does not allow Flash player to send information about your computer until you will decide to allow it. Personally I prefer Flash Control that is very intuitive and you decide when and what to watch just clicking on the Flash icon in the middle of the player. 

But, if you are a purist and you want to be able to control not only Flash player but also Javascript, SilverLight, images and proxies, QuickJava is what you are looking for. QuickJava is intuitive, easy to control and really effective.

In fact, you must not  underestimate Javascripts that are dangerous too if you think that they are equally able to remotely discover many information about your Ip, User-Agent, Architecture, OS Language, System Time, Screen Resolution. Statistically, when you have all these details, you have semi-unique fingerprints of the computer… and so someone could be also able to  know who are you. For this reason an add-on as Disable WebRTC is recommended because it blocks JavaScripts to access your local IP(s), without any user prompt.

References:

https://discourse.mozilla-community.org/t/support-flash-control/2479

http://flashblock.mozdev.org/ 

http://quickjavaplugin.blogspot.com/ 

https://addons.mozilla.org/it/firefox/addon/happy-bonobo-disable-webrtc/?src=api 

A small collection of Firefox add-ons that you can install to improve (a little bit) your privacy

When I read news and reports about modern spyware I am a little bit discouraged about  my privacy. But I also think that something can always be done to improve privacy levels.

This time I don’t want to talk about password strength but I will try to focus your attention on some Firefox add-ons can could positively impact on your privacy.

The first is about Random Agent Spoofer that is able to obfuscate your computer configuration (better: identity) when you connect to a remote server = Internet.

This add-on is really flexible and you will spend just a couple of minutes to decide what  configuration can be useful for you. In particular you can decide how often you desire to change your agent profile and if you prefer to use just desktop agents or to appear as if you were connected through a mobile device. 

Moreover, you can choose if you want to:

  • Send spoofed ‘If-None_Match’ headers (ETags)
  • Send spoofed ‘X-Forwarded-For’ headers                         
  • Send spoofed ‘Via’ headers                                                                     
  • Accept headers match the selected browser profile
  • Spoof accepted documents
  • Spoof accepted encoding
  • Spoof accepted language (US English)

And if you have time you can also play with the many extras as:

  • Use standard font set
  • Disable local dom storage
  • Limit tab history to 2
  • Disable browsing and download history
  • Disable browser cache
  • Disable geolocation
  • Disable link prefetching 
  • Disable dns prefetching
  • Disable webgl

If you prefer a less complex agent spoofer or you are planning to use it seldom, you can use User-Agent Switcher that contains fewer features and needs to be manually configured but it’s intuitive and equally effective.

The second add-on I suggest to install is TrackMeNot that will help to defend your privacy contrasting web search engines profilation with a (huge,-if you want-) number of false queries from your browser. The (huge) number of queries about general topics will obfuscate search engines’ profile about your personal preference. Also in this case this add-on allows you to decide what kind of false queries you want to submit and how often TrackMeNot will “search” the web.

The third recommended add-on is ZenMate, a free VPN service that has obtained positive reviews by the Electronic Frontier Foundation (EFF) also because ZenMate is “based in Berlin and operates under strict German data protection laws”. ZenMate is free, easy to use and let you choose between four different exit node also if using the free base version:

– Germany 

– Romania

– Hong Kong

– USA

Last but not least, keep attention on Flash Files. Do they are so essential for you? You have to keep in mind that sometimes, also if you use a VPN as Zen Zone, you can be betrayed by Flash files. In fact, videos based on Flash can potentially leak your identity also if you try to hide your IP behind a VPN or a proxy.