Why the NSA Piggybacks On Consumer Tracking 62
An anonymous reader writes "'Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There's no central system for identifying or locating individuals, so it's hard to keep track of who is online and what they're up to. What's a spy agency to do?' In a Slate op-ed, Ed Felten explains how consumer tracking makes the NSA's job much easier. Felten was the first-ever Chief Technologist at the Federal Trade Commission, serving as the agency's lead technical expert on privacy issues. Now back in academia, he argues that the NSA gets a 'free ride on the private sector,' from distinguishing users, to pinpointing geolocation, to slurping up network traffic."
Re:What else can you do? (Score:5, Informative)
Encrypt everything, make life as difficult as possible for those who would snoop your traffic. You mention Firefox plugins, perhaps you should also be using the HTTPS Everywhere plugin: https://www.eff.org/https-everywhere [eff.org]
Also make sure you are using the SSL Observatory function, this should at least help prevent MITM type attacks against you.
ISP routers (Score:4, Informative)
Re:What else can you do? (Score:5, Informative)
A post in a thread a few days ago gave a good list. (I'd link back to it, but I can't find it.)
I didn't list Lightbeam because while it is good at visualizing tracking, it doesn't actually stop it.
I also currently use
I'm also looking into running a YaCy [yacy.net] server so that I don't depend on centralized (and therefore inherently trackable, even if some say they don't) search engines at all.
Re:What else can you do? (Score:4, Informative)
Re:What else can you do? (Score:5, Informative)
You can also play games with your browser sessions. Both firefox and chrome support multiple browser sessions running simultaneously. I have one just for google searches, another just for youtube, another just for banking, etc. That keeps your cookies and other fingerprinting information like extensions, browser history, etc unique to each task.
If you run firefox with these arguments it starts up with a picker that lets you choose which profile to run:
firefox --ProfileManager --no-remote
I give each profile a different theme and change the titlebar to start with a prefix (like "GOOGLE: xxx" or "BANK: xxx") with the customize_titlebar add-on [mozilla.org] to make it easy to visually distinguish between different sessions.
I also use the user-agent switcher extension to give each browser session a different user-agent. I usually set them to say the OS is Windows (I'm on linux) to blend in better with all the other Windows users and then each one is set to report a slightly different version of firefox (like 25.0 or 25..0.1 or 24.0 etc).
It is not just about hiding yourself it is about polluting their databases. Switching the user-agent isn't 100% -- some javascript can figure out the browser version via other means. But it is low-hanging fruit because the user-agent gets transmitted with every single http request your browser makes, so anyone passively sniffing the wire will get whatever you set it to.
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ [mozilla.org]
There is a similar add-on for chrome by a different author, haven't used it myself:
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en-US [google.com]
For firefox you have to make an additional change in about:config in order to have your user agent stick permanently because java gets confused on startup if it is spoofed. Create a new preference 'useragentswitcher.reset.onclose' and set it to false.