Do We Need A Better Private Browsing Mode? (networkworld.com) 126
Network World's Alan Zeichi recently argued "We need a better Private Browsing mode." Slashdot reader Miche67 writes: As this writer says, Chrome's Incognito Mode "doesn't offer strong protection at all." [Incognito mode "only prevents Chrome from saving your site visit activity. It won't stop other sources from seeing your browsing activity."] And Firefox's Private Browsing with Tracking Protection -- while stronger than Chrome -- is an all-or-nothing option. "You can't turn it off for sites you trust, but have it otherwise enabled by default."
The submission ends, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done." This raises two questions. How do Slashdot's readers browse? And do you think we need a better private mode for web browsing?
The submission ends, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done." This raises two questions. How do Slashdot's readers browse? And do you think we need a better private mode for web browsing?
No, we need to stop doing illicit things online (Score:5, Funny)
If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.
Re: (Score:3, Funny)
If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.
If I weren't also an anonymous coward I would mod this +1 Funny.
I salute you for your masterful satire!
Re: No, we need to stop doing illicit things onlin (Score:2, Funny)
Or close your eyes when you browse, nobody can see you.
Re:No, we need to stop doing illicit things online (Score:5, Insightful)
Re: (Score:1)
Just don't use your real name anywhere on the internet.
Re: (Score:1)
What about LinkedIn or job boards? Maybe you meant don't use your real name for anything political.
Re: (Score:3, Interesting)
Nope, nobody on the internet gets my name. I'm "John Smith". I only give personal info in person.
Re: (Score:2)
Just don't use your real name anywhere on the internet.
You mean like when you sign up for internet service using your physical address? Yes, I'm sure that's going to stop the state government—which probably runs the ISP—from learning who you are. Even if you limit posting your critiques to libraries or other public places, they can use the browsing history to narrow down where to watch for you.
Re:No, we need to stop doing illicit things online (Score:5, Interesting)
What's that "free country" you're talking about? While in countries other than North Korea, Russia, China, Saudi Arabia you can often get away with criticizing the government on superficial matters, there isn't a single country that won't punish you for revealing news that truly hurts those in power.
Case in point: Assange -- Sweden tries to pass as a free country. Or, show me those "free countries" supporting Snowden; Ecuador and Russia stepped up because of a grudge against USA rather than of good will.
Re: (Score:3)
Oppressive regimes? That's funyy, last I looked, US and UK were champions when trying to track every user accessing the net.
Re: (Score:1)
Have you had your h
Re: (Score:2)
You forget that someone controls the cameras, where they're installed, where they're aimed, and who watches them. There will never be zero privacy as you envision, because those who control the cameras will never allow the invasion of their own privacy. Eventually, the post of camera controller will be filled with the worst criminal elements, because that's where it's now safe to be a criminal.
Re: (Score:2, Funny)
Protip: Get rid of all your online accounts, except for one: Facebook. Do everything from your facebook account
Guys - I got this one (Score:4, Funny)
Sat in our parents basements in our underwear.
Yes, my parents get suspicious when I lock the door.
i use tor (Score:2, Interesting)
Common everybody knows that the private browsing mode is just a porn mode that hides your history from other users of your Computer, nothing more.
I just use Tor if i want real privacy.
Re: (Score:2)
I've used private browsing mode to allow my friend to check his email without making me log out of my own email (from the same service of course). From my perspective, it just lets me open a "guest" mode browser that doesn't have all my URL autocompletes, usernames, passwords, etc automatically filling in. It's not to be confused with a security feature when used like that of course, all someone has to do to get back into my side of things is open a new windows, but it's still convenient.
Re:i use tor (Score:4, Interesting)
With browser fingerprinting (check it out on EFF's Panopticlick), it really doesn't matter if you use Tor or not.
What I do if I want a stateless session is vagrant up a virtual machine, have it provisioned with a web browser, usual ad blocker software, my bookmarks as a clicky HTML file locally, and use that. When done, destroy the VM. This way, any changes or stuff saved to the VM are toast, and there will always be a different fingerprint every session.
As for protecting my IP, I just use a VPN service. For me a simple proxy is good enough so that ad companies and behavior tracking sites are blocked/stymied.
Re:i use tor (Score:5, Interesting)
Have you actually tried browser fingerprinting with the TOR Browser? If you set it up right (I recommend Tails) it doesn't work. It can't separate you from many, many other TOR Browser users.
Go try it right now, with the Trails live CD. They fixed this years ago.
Re: (Score:1)
It would be even better if that was all upstreamed and all TOR Browser users looked like all Firefox users, regardless of the versions they run. One way to get started on that, which I cannot believe isn't the default, is to remove specifics from them beyond the program. I mean things like OS, architecture, version numbers, and anything else I forgot. If browsers are not the same across platforms, then that is a bug that should be fixed, not something to be advertised to the server.
Re: (Score:2)
Re: (Score:2)
Why are we still scared of cookies? (Score:1)
99.99% of my browsing I don't care if hosts know that I've been there before, or that I've been to a "partner" site. I rather like that my browser keeps a history of visited sites. Incognito is good if you want to keep your dirty habits secret from someone who might get their hands on your data. There is no such thing as truly private browsing. Yeah, yeah, VPN for your torrents, Great Firewall, etc, but there are holes in the security well past anything a typical user can influence.
Re: (Score:1)
Dude, if you can't at least acknowledge that Big Brother May Someday Use My Data Against Me, then at least acknowledge that tracking is a little creepy.
Re: (Score:1)
Tracking isn't creepy at all Robert /s
Re: (Score:2)
There are cookies and cookies. If I go to foo.com and I get a cookie that is only readable by foo.com and is used to maintain state across visits, then that's fine. If that page on foo.com includes an i-frame that encodes the foo.com URL and contains something from bar.com that sets a cookie, and so do the next hundred sites that I visit, then I do care. I don't have any business relationship with the owners of bar.com and I don't want them to be tracking everything that I do online.
This is something
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
especially disqus is a bad example. If you allow 3rd party cookies, disqus can track what news sites and blogs you're reading without any problem.
Re: (Score:2)
TheRaven64 did comment [slashdot.org] on that situation though.
VPN maybe? (Score:2)
What about VPN's?
Re: (Score:2)
Who are you protecting yourself from? For me, a VPN is good enough, as it stops geolocation tracking, and ISP shenanigans (a few years back, some of the big ISPs would actually attach/inject a unique ID onto each HTTP header being sent up.) A VPN stops that hanky-panky cold, although in theory, they could do it... but if it were found out, it is a lot easier to jump VPN providers than last-mile ISPs.
I'm not hiding from anyone. I just like my privacy and all of what you just said. I don't think anyone could argue your point.
Re: (Score:2)
A VPN combined with an anonymizing and caching proxy.
This, ironically, makes http more secure than https if you consider the server operator the potential bad guy. The proxy server can cache the data and not be forced to disclose that someone else is asking for the content. This is one of the reasons I oppose switching everything over to https. Enforcing https makes it easier, not harder, for web site operators to track you, which is why Google wants it so badly. It helps thwart listening in, but in m
Re: (Score:2)
I never thought of it that way.
Let's revise that quote (Score:3)
Re: (Score:3)
Re: (Score:1)
If you do that, the website owners will simply retaliate by requiring you to explicitly accept cookies each time you visit. And it's no use saying "well I'll go elsewhere then", because they'll all do it.
If you push them too far, they'll push back.
Re: (Score:2)
try:
chromium --user-data-dir=$HOME/mysecondprofile
firefox -P secondprofile # user --ProfileManager to create one
or app modes:
epiphany --application-mode
midori --app
I live in Private mode (Score:1)
And yes an improved private mode would be a good thing.
We dont need a better private mode-- (Score:4, Insightful)
We need a better social dynamic where the forces of greed and graft aren't out to secure everyone's dirty laundry for big profit. (you know. Extortion, blackmail, protection rackets, basically what the NSA is out for, along with the basic "Oh, you like porno with big giant dicks in it? We offer a wide assortment of novelty giant dildos for you to buy! Isn't that GREAT!?" that seems to have infested the internet lately.)
I may be a greybeard by today's standards, but I remember when the internet was more about community, sharing news and jokes, and intellectual pursuits. Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.
Re:We dont need a better private mode-- (Score:5, Interesting)
Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.
In a somewhat-amusing irony, Usenet is much more usable now and has basically-no spam anymore.
Re: (Score:2)
Spam-free??? Can you give an example? Last time I checked (it *has* been a while) misc.rural, comp.lang.pascal.borland and others were a cesspool of spam.
The first thing to note is that a lot of spam is quite old. It's not at all uncommon for unused groups to have a lot of spam listed from ten years ago, if you're using a provider that has 2,500 days retention or something like that. Imagine how much spam your inbox would have if you scrolled for ten years and neither deleted anything nor had much in the way of filtering at that time. I'm not saying it doesn't still happen, but 'sort by date' is your friend.
That said, comp.misc has lots of active users, as d
Re: (Score:2)
Eternal September was the death of the internet.
I too enjoyed telneting into text worlds and using archie to pull scholarly papers. (That is not sarcasm btw).
But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.
Re: (Score:1)
But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.
What kickass stuff exactly? Facebook? eBay? ...?
What of those do we need, and didn't exist in one form or another before?
Re: (Score:3)
I would disagree for the most part. The only real gain we have had would be plain English search engines like Google.
Twitter? That's what IRC is for. .plan file is for and finger.
Someone's wall? That is what a
A blog? Web page.
Local stuff? NNTP groups.
Stuff worldwide? More NNTP groups.
Pr0n? alt.sex.cthulhu
Social networks don't give much other than being one place with a consistant UI. Even worse, unlike USENET where even if someone is a total asshole, their voice is read until people stuff them in th
Re: (Score:2)
Twitter? That's what IRC is for. .plan file is for and finger.
Someone's wall? That is what a
A blog? Web page.
I don't think you really understand what those things are for...
Twitter: Permanent (or at least lifetime of the account) and searchable, where as IRC is at best loggable somewhere.
Wall (facebook?): Searchable and networkable, where as .plan and finger don't create any social links unless you include a list of other addresses you know.
Blog: Easier to use than a web page, you can throw in images with a click or two and comments/spam are handled for you. As much as blogs are derided they did a lot to democrati
It's More Complicated Than That (Score:3)
Better private mode browsing would be a great help, but there's more to that when protecting your identity online. For one thing, private mode browsing is meant to protect your history on your local machine, not across the internet. Secondly, unless you are willing to browse without the aid of javascript and cookies, there's no way to stop web site operators from tracking you. Sure, you can stop cross site scripting, but you can't stop one website from sharing your cookie data with another website, or any other data they can garner.
So do you want to be truly anonymous? Use the Tor Browser, never use javascript, turn off cookies, and enjoy your sterile internet.
Or, you can accept a certain amount of risk and enjoy a rich, vibrant internet experience.
(I don't mean to disparage the Tor browser, it's a great product and I use it for some things.)
I'm Covered (Score:3)
NoScript with only first party scripts allowed by default, and a handful of CDNs whitelisted. CCleaner Pro cleans up all of my browser activity every time I close it. Untangle denies connections to ad servers and trackers at the firewall level.
Am I still being tracked? Probably...but the information obtained is much less juicy. I haven't seen an ad 'follow me' around the internet in quite some time.
Re: (Score:2)
I bought the CCleaner suite really for the SpaceMonger application; CCleaner was just a very useful bonus. The real reason I use it, though, is because it covers all of my browsers. I'll have Firefox, Chromium, Opera, and Internet Explorer all open at the same time; I don't get caught up in browser religion. Thus, CCleaner covers all bases, and I don't have to think about it.
This Article is Ignorant (Score:5, Insightful)
Chrome Incognito and FireFox's Private Browsing are functionally identical. The caveat that the author highlights is how the Internet works. Of course sites have a record of your visit... they have to, to feed you the page! The disclaimer is to make sure that people know Incognito mode is like wearing an Anonymous mask, not like being invisible. And if you go up to an ATM dressed like V, but get money out of your credit card, then obviously the bank knows who visited the ATM despite the mask.
This basic ignorance of how cookies work is pervasive.
Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies. That means Amazon doesn't know who you are, so you can't one-click buy. Your news-reader makes you log in again. It takes longer to access your email because Gmail makes you log in and re-affirm your authenticator. Your ad blocker is disabled. Your CSS fixing plugin is blocked.
This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool. They also have nefarious uses, but saying that the Internet should throw out all convenience to maximize security is ignorant of the reality that people will just switch to the more convenient browser.
What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.
If you really want to improve your anonymity online there are plugins that allow you to whitelist 'safe' cookies, and trash or block all the others. That plus plugins to block third-party widgets allow you to get 99% of the functionality from the Internet with only 1% of the spying. But these plugins take work on your part, to identify what sites and cookies you trust. Most people are too lazy. And the browser has no way of knowing for you. For example, I may want Amazon to remember me so I can buy with one click... you may not because you don't trust Amazon's tracking of what products you look at. The browser shouldn't be deciding that for you, but making choices like that for every site is a pain few users will bother with.
Re: (Score:1)
What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.
Exactly. There's nothing to read into their ramblings except that, as journalists, they have daily/weekly story and word count quotas.
Re:This Article is Ignorant (Score:4, Informative)
Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies.
Then you need a better browser :-) When I use Firefox for private browsing, NoScript, AdBlock and Ghostery are still very much active.
This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool.
I mostly agree there. However, private browsing does allow me to start a session, e.g. to search for regular goods on the internet (because many webshops do require that I allow javascript to run), and clear any cookies and history during that session when I close it.
Re: (Score:2)
I think that the current browser model needs to get refreshed where cross-site cookies and similar stuff shall be killed off in the browser much like what Ghostery do. However some sites are a problem since they have different servers for serving images and the text content. Mostly found on some news sites.
Re: (Score:2)
One trick I use to get lower prices is to find a product I want, the switch VPN end point and look at the same thing in a private browsing window. Don't just copy/paste the URL, there are probably identifiers in it, just go to the shop's main page and search.
Often being logged out and an apparently new customer gets you a better price. Sometimes it helps to use referral links from comparison sites like Google. Once you have seen the lower price you can add it to your guest basket and then log in.
Re: (Score:2)
There is a good argument for making private browsing the default though. For example, reject all cookies by default and have a whitelist requester when the browser notices you are logging in. Many browsers already offer to save your password for you.
More over, if major browsers started to enforce typical privacy enhancements by default, like blocking third party JavaScript, it would force sites to make sure they work without those things.
Something like Privacy Badger could be built in to, automatically bloc
Re: (Score:1)
Re: (Score:2)
A nuanced problem (Score:2)
This is an interesting issue because it's become so complex. To browse privately and still allow a website to function has become a difficult prospect.
You want each website to work, but you don't want any cookies or other data from one site to be able to be read by another. So individually sandboxed pages and cookies are the idea. Even if you block third party tracking cookies, other sites might be looking for cookies set by other discreet sites, not just cookies from tracking firms. The problem is so
Ghostery does this (Score:3)
Privacy Badger is better (Score:4, Interesting)
Ghostery's business model is that they prevent other trackers from tracking their users so that the tracking data gathered by Ghostery itself is more valuable.
There is no need to compromise with commercial interests on this subject. Use EFF's Privacy Badger [eff.org] instead.
Scripts (Score:2)
I run incognito on occasion, but as a rule i'm on Firefox+NoScript+ABP and not actually in 'Private' browsing mode.
I suspect this leaves me much more trackable, but if i am browsing untrusted sites (read:ANY sites), i am way more worried about remote 0day compromise of the week than i am tracking.
Still, if i could auto-incognito and whitelist from that mode or cognito-reload at will (without enabling anything else) I would likely add that to my mix. But again, i run scripts disabled all the time so i'm wi
Cookie whitelist (Score:2)
Preferences / Privacy / Uncheck Accept cookies from sites
Then click on Exceptions and build a whitelist of sites you do want to allow cookies on... probably just the sites you login to. Sites that require cookies to show you content can be placated by allowing them cookies that only last for the browser sesson.
Should be the last piece of the puzzle for ya. :)
Re: (Score:2)
settings: allow cookies until firefox is closed
install cookie culler and "protect" cookies you want to keep
install self destructing cookies and whitelist the pages with protected cookies (and some with cookies, which should survive until you close the browser, not the tab)
better name? (Score:2)
I Use Multiple Profiles (Score:2, Interesting)
FWIW:
I have about 10 different firefox profiles and a menu widget to launch them individually. Most are divided by task - one for all my banking, another for managing utility bills, one for "window shopping," another just for making purchases when I know exactly what I want, another for gmail (actually two different profiles for different gmail accounts), another that has no disk cache configured and wipes everything on exit. I also have two profiles for completely fake identities that I have very lax sec
Re: (Score:2)
Re: (Score:2)
I have one without flash, which is the one I use normally. But yes, one can do such a thing.
If you were really paranoid about snooping, I guess you could set up a Linux VM and browse from there. Roll it back or blow away the profile from time to time if you wish.
Re: (Score:3)
That's how it should work. And yes, the problem is making it easy to create a new profile.
I have long requested that each private browsing window be its own private session, with no sharing of cookies between them.
What if we would start with that, and create new "profiles" from "private browsing" sessions: a single button could be used for "saving" a temporary session.
Re: (Score:2)
The amount of work involved in maintaining your own browser is quite substantial. Even if it is just a fork of Firefox with a handful of things turned off.
There are a handful of other browsers that are out there - I don't know how well they deal with all of this stuff.
also Third Party cookies (Score:2)
We try to make it better (Score:3)
<plug>
We (privavore) are creating a fork for Firefox. (privafox.) By default we change all cookies into session-only. But with twists:
- persistent cookies are allowed for sites that you provide a password to. The assumption is that if you log into a site the you probably want your shopping cart retained, and that by logging in you realize that the site will keep track of you. But we don't allow 3rd-party cookies.
- workarounds for the EU cookie consent (in progress). By disallowing cookies by default you will get the "we use cookies to improve your experience" prompt.
- user-agent is fixed (in-progress). That makes it a lot more difficult to distinguish different users behind the same ip (NAT).
</plug>
Both firefox' and chrome's private browsing mode leaves something to be desired. But that's ok.Their developers focus on creating the best browser. We just provide "after-market" customizations. Not for you, but for your less tech-savvy parents.
Addons to Block Cookies,Analytics,WebBugs&Trac (Score:1)
Block all tracking via cookies, analytics, web bugs and trackers:
Use Firefox in normal mode with the following addons:
CanvasBlocker
FlashStopper
HTTPS-Everywhere
NoScript
Privacy Badger
Random Agent Spoofer
RefControl
RequestPolicy Continued
Self-Destructing Cookies
ShareMeNot
uBlock or Adblock Plus
VPN for Private tabs (Score:2)
Re: (Score:1)
Different profiles for different purposes (Score:2)
Secure browsing? (Score:2)
Given that I'm only aware of two browsers with a built-in VPN, I have to ask - are they working for that Tor browser (based on Firefox) or for Opera (based on Chromium)
Privacy Browser (Score:1)
Firefox private Profile (Score:2)
See https://ffprofile.com/ [ffprofile.com] to create a secured profile. See the github link to contribute with own ideas.