I don’t think you browse like I do
by David. Average Reading Time: about 6 minutes.
In fact, I’m almost certain of it.
This only came to light this week when some of my friends were asking about the virally spread link to Google and who Google thinks you are: http://www.google.com/ads/preferences . Some of my friends were shocked by the accuracy, others were amused by being a decade younger, or offended by being a decade older. Very few had the wrong sex.
I can tell you what Google’s advertising preferences think of me: Nothing.
This isn’t by magic, it’s just a by-product of the way I browse. I don’t leave any traces locally, and unless I log in to a service they don’t know who I am. Additionally, even if I log in to identity tracking services such as Google, Twitter or Facebook, then those services only see a very small view of what I do as I segregate such browsing from the rest of my use of the web.
How is this achieved? I use multiple browsers and I use the privacy features.
My setup:
- Firefox for all identity services (Gmail/G+, Twitter, Facebook, LinkedIn, etc)
- Chrome for all standard web browsing (search, forums, news, tech stuff, music sites, etc)
- Last Pass for all passwords
- Pinboard for all bookmarks
I have configured Firefox using about:config so that browser.privatebrowsing.autostart = true. This means whenever I launch Firefox, it’s automatically in private browsing mode and won’t store anything locally.
I have configured all of the Chrome shortcuts so that the launch path has --incognito on the end. Again, this means that whenever I launch Chrome it’s automatically in incognito mode.
Both Firefox’s private browsing and Chrome’s incognito do much the same thing: They store no history, store no cookies, and leave no local trace of your activity. When you close the browser window, any cookies that were set are lost which results in any company tracking you with cookies no longer knowing who you are.
Obviously there are some side effects to this that you’ll encounter if you try it for yourself:
- You always have to login to everything.
- Google 2 factor authentication for Gmail requires you to enter a code every time.
- Bookmarks in Firefox aren’t in Chrome and vice versa.
- Clicking on links in the identity services opens them in Firefox, clicking on email or identity related links in Chrome opens them in Chrome.
These are all good points and this how I overcame or dealt with each point:
- I use Last Pass to login to sites, it only takes a split second and I only login if I need to do something that required logging in. The upside is that every site I access has it’s own very complex password which is good for security.
- 2 Factor authentication this increases your security and you have your phone with you, don’t you? I log in to Gmail once or twice a day and use Google Authenticator on my phone. I’m not concerned by the few seconds a day to do this.
- I store bookmarks in a browser agnostic and network accessible way: Custom homepage ( http://www.buro9.com/bookmarks/ ) for all repetitive visits. Pinboard for all occasional visits.
- I don’t cross the boundaries between identity services and the rest of the web. It only takes a second to copy the link and switch to the other browser and paste the link, and that is what I do. Surprisingly this happens far less than you think it might.
The very obvious question that arises from all of this is: Why on Earth would you do such a thing?
The answer is that my browsing evolved this way.
I started with just one browser, but moved to two as a result of web development. I was using Chrome’s incognito mode to test fresh hits to a web site and would frequently close and re-open incognito windows. Occasionally I would accidentally close the main non-incognito window too… shutting down my email. So I moved my email and communication to Firefox so that I wouldn’t nuke it with reckless actions (closing all Chrome windows).
Then, with Chrome reduced to web dev work I switched on incognito permanently so that every time I launched it I wouldn’t have to do the merry dance of turning it on (opens another window), it would just be on.
Because Chrome now felt like it was “disposable browsing”, I found that I felt a little liberated from being tracked and I was showing a little less caution about hitting a site that might have implicitly changed some state because it knew who I was. For example: forums in which you become afraid to visit them because of the quantity of “unread” items that would suddenly mark themselves as being read because you had visited. Going full-time incognito meant I was reading a little more, dipping in and out of sites more frequently.
Then, over in Firefox, I started noticing that when I was following links to things that I was beginning to feel creeped out by sites with widgets, or advertising over-personalising their pages to me. It concerns me that I’m being trapped in a little bubble when a web site knows I like cycling… I wonder if I’m missing out on something? Are these searches showing me choices I don’t yet know I want to make? I dislike being put into a pigeon hole and being fed a normalised view of other people’s actions, I wanted the anonymous version but didn’t know how to get it.
My first fix to this was just to copy and paste links into Chrome to get the anonymous version, as I was now using incognito all the time in Chrome. This worked well and became habit.
After a while I just figured I might as well turn on Firefox’s private browsing and just finish what I’d apparently already started, which is to break the bubbles and prevent tracking of myself unless I opted for it (by logging in).
What I have now is a browsing set up that keeps me out of personalised bubbles, and that segregates all identity services from the rest of the web.
As I said, I don’t think you browse like I do.
Edit: There seems to be a little confusion, some people seem to think I’m trying to not be tracked. That’s not the case, and it’s also virtually impossible. A web client will never prevent a web server from logging requests and piecing together a profile of the client. But, using clients in the way that I do helps to prevent a full profile being constructed, and then that profile affecting the way that I use the web.
At the simple end of the scale it means when I read some forums that my profile isn’t updated with “Last Visited” until I want it to be, and at the extreme end it would stop my family member seeing adverts for new born babies when she miscarried a few months back. The web feels more opt-in this way, I feel back in control of when I choose to further the profile attached to my identity, and when I choose not to I’m just creating temporary disposable profiles that won’t be with me one day to another.
They probably can keep track of you through your IP Address, whats the point?
If they’re not then they’re missing a trick.
That said, they don’t appear to be personalising on that basis as it would probably be unsound to do so (too likely that multiple people will be behind the IP address and it being considered a privacy issue).
So today, it works. Perhaps when we all have static IPv6 addresses then they will, but the issue remains that they would have to be careful about how they did so because they couldn’t guarantee 1 person per machine and would have to be conscious of privacy implications.
I just use Firefox + Noscript and the Google demographics page has nothing on me.
OK, that’s cool.
“No interest or demographic categories are associated with your ads preferences so far.”
I use Firefox + NoScript + AdBlockPlus and I manually allow only the cookies that I need. Guess that works.
So much effort for what?
I hit that page and get:
“You’ve opted out, but you can opt in at any time.
Opt in to customize your ad preferences and tell Google which interest-based ads you’d prefer to see.”
Apparently Google honors the “Targeted Ad Cookie Opt-outs” set by the free “Beef TACO” plugin for Firefox; sounds good to me.
I also use NoScript and restrictive cookie settings extensively, though I’m not as systematic about privacy as you are.
That’s actually almost exactly how I browse (if you xchange pin board for xmarks). In addition, each service that requires gmail accounts (android smartphone & rooted android e-reader) have their own seperate accounts which a never utilized for anything else. While it’s all overkill I also have to Ref-Control, and user-agent switcher plugins for my browser as well as a machchanger that randomizes the mac on everyboot.
@David
static IPv6? workstation OSes w/ IPv6 enabled default to SLAAC w/ the privacy setting ON so you get different IPv6 addresses each time you boot.
I use Firefox and AdBlock+, and they have nothing on me. Worth writing an article about? Not sure.
It’s curious. I’m not nearly as heavy into hiding things like you are. As a comparison I do use lastpass,I do use Chrome for everything, I use incognito mode very rarely, I do store bookmarks in Chrome, I do use AdBlock+….Google says it has nothing on me. All AdBlock+ I wonder? I disagree with Sam in that I think the article was worth writing. Always interesting to see other setups.
I wonder: Are you afraid Google is sitting at home drooling over the fact that you bought your shoes from JcPenny?
You’re not a name, you’re not a face, you’re a knode. a cookie. literally, a number in trillions of records.
Secondly, you sit on the web writing openly about privacy issues, while overtly displaying your information on those “Identity tracking” services you use, like Facebook, which If you spent the same amount of time you spend writing about how Google is out to get you, perhaps would understand that while you’re browsing incognito, Google is having a frenzy with your gmail content, building a profile on you that you may never see.
At the end of the day, someone is always going to be collecting information on you, and your information will be again, one dot tied to your one number- among trillions of other records. There will always be internet ads.
To wrap this up, my point is that if you really don’t wan’t to be tracked, then cancel your credit card, pay everything in cash, disable your GPS, avoid connecting via Wi-Fi, forget doing ‘good deeds’ like filling out surveys, or giving your name and number to a blood drive. Oh and completely disconnect your router.
@Katelyn, I think you misunderstand the purpose.
It’s not a paranoia thing to prevent companies recording information, instead it’s a preference for how I like to consume the web. The companies are free to record whatever they wish, they do so by my user of their service. But I’m free to choose how my client consumes their service.
I just prefer web sites that aren’t updating state based on me just reading things.
I like to see opposing sides of the argument, so don’t like the idea of being bubbled by my own preferences.
I feel a little freaked out when one cycling site I go on has adverts for the tyres I looked at 2 weeks ago on an entirely unconnected web site.
And personalisation gets it wrong. In the same way that Amazon recommendations become tainted every December when you do the Christmas shop.
And personalisation can be *extremely* upsetting, such as a family member who still receives new born baby information months after a miscarriage.
It just comes back to how I use the web.
I enjoy it more when it’s made up of many disconnected things giving a consistent experience to the user… me.
so you saw http://www.google.com/ads/preferences in both chrome and firefox i think nothing correlates to firefox!
Thank you for writing about this: the subject of how we browse ought to be more front and centre. What do you think of anonymous surfing and mail accounts via services such as neomailbox? Am seriously considering (especially their .net account, which is based offshore). This is to counter Facebook and gmail tracking and profile concerns. The downside: 1. I don’t know much about neomailbox, nor do I find discussion about who owns/runs it. 2. The email account cost is reasonable, but I can see anonymous surfing charges adding up.
Just use Ghostery + AdBlock.
Ctrl+Shift+Delete every once in a while on a Firefox browsing session is fun too. But, yeah, AdBlock Plus, NoScript and BetterPrivacy are all my friends…
Do you disable disk cache also? We can track you that way too.
Ben, it’s not about stopping tracking. See my previous reply to Katelyn. It’s about how I consume web sites.
So what exactly does that buy you? Are you afraid of target advertising or do you just hate it? To me it sounds like a lot of inconvenience to gain very little or, worse, receive generic, even less-appealing, ads (whenever they manage to escape the ad blocks).
but but, what about tor browser?
I took a look and the categories sucked—everything I do on Google is to obscure. “Male” was about as much as it got.
I only use firefox and I have 9 profiles. I block all scripts with noscript, plus I use adblockplus, betterprivacy and ghostery (in all profiles – some profiles have a lot more addons). I also block all social networks from appearing in other pages using noscript’s abe (http://noscript.net/abe/). That means I can be logged into facebook in one tab and visiting a page with a ‘like’button but facebook won’t be able to track me. Same for g+ and twitter.
I start to use a new profile when either I want to start private browsing or when I want to visit a website that I want to enable some scripts on. The cool thing is that with firefox’s -no-remote option I can do this without leaving my main browsing session.
I think I browse like everyone else on the internet and Google still has nothing on me.
I use chrome for everything, no no-script or anything, and they’ve got nothing.
Tihs reminds me of trying to minimize the evils of having a Facebook account: it can’t be done! Suck it up and leave.
I use DuckDuckGo now instead of Google, and am in the process of leaving Gmail (unfortunately this is not something I can do overnight or I sure as hell would). So yeah you really don’t browse like I do, but you probably should.
i browse exactly as you do too! i was sick of the tracking by google and everyone else. i’ve switched to duck duck go – which isn’t perfect but is fine most of the time. i also cancelled my facebook acct because spying is the default behavior there.
i think there’s a need for a browser plugin that makes cookies private to each window / tab. and when you browse to another domain the cookies in that tab get cleared. a plugin like this would give the best of both worlds: you get the convenience of session cookies for site local things like logins, but they get deleted and 3rd party cookies do not pass from one site to another like they do now! it would also ruin the spying business case as users would not be trackable…
You don’t need all that.
I start Firefox in normal mode and DNT is on. I have Ghostery and adblock+. That’s all.
When I go on Google page, it has zero info on me. To optin I have to manually disable DNT and Ghostery in fact, then I can see theres no data (well, theres no cookies anyway).
Passwords are stored by Firefox and so are bookmarks. Mozilla does not save or read those. If you use sync (i do) all this is locally encrypted, all they have access to is your sync username (yay, so you can use aaaa1111 to be sure).
And on top of it, i don’t have to white list half the web because I don’t use noscript. And my sessions work, because I don’t use the private mode (except for porn, for local privacy reasons)
Actually, I do browse like you, but with a bit of variation. I use three browsers.
1. Safari is for sites I log into with my real identity (email, financials, hosting providers).
2. Chrome is for general browsing, some normal and some incognito; and where I log in using not-fake-but-not-linked-to-RL identities. (Forums, etc.)
3. Firefox is for sites who I want to visit and then blow away traces of, fake identities (eg. fake Facebook account I use in order to use FB apps), and people who borrow my laptop for a moment.
In all of them, I’ve opted out using NAI’s tool. In Chrome and Firefox, I blow away cookies and cache fairly regularly.
Just out of interest – how often do you change your IP address?
@hf As someone pointed out, unless your public IP address is changing Google has all the information they need about you. Why do you think Google set up free Public DNS servers, or a free web caching services… I’d like to believe it truly is to “make the internet better” but it seems pretty likely they want to know what their users are up to. You are a Google’s merchandise, and your primary value to receive targeted ads. Facebook and Google are battling over your personal info, the more personal info they have on you the better. If they don’t know how you smell, how will they know whether or not to show you ads for deodorant?
@mat Fair enough, not the first time I’ve jumped to conclusions :) I’ll stop preaching now
I highly recommend you take a look at Startpage, the world’s most private search engine – https://www.startpage.com/eng/protect-privacy.html
Startpage collects *NO* data on you and does not keep logs of your IP as other tracking search engines do.
Apparently I am the only one left anymore whose primary address is a paid ($20 every December for 10+ years — originally so I could have pop3 service) Yahoo account.
So it’s true, then — everybody else has switched to gmail? Man I am behind the times! Maybe that’s why google’s got nothing on me; adblock is all I use, along with Firefox and Iron.
I’d miss my history function. I use it often.
Thanks for the Google opt-out link though.
Why do you use Google Analytics on this site?
I can highly recommend Piwik. It is self-hosted and supports privacy features that will make you less of a intrusive spy on your visitors.
As a web developer I often find myself closing the very browser I use for internal messaging by accident, having two browsers seperated for “web surfing” and identity services is a good practice and I am employing it at the moment, thank you for the idea.
But two questions arise, first and foremost isn’t securing all of your passwords in the cloud a bit risky? (I am aware that this is not a recommendation post; this is how you consume the web.)
Secondly, I love the way you hold your bookmarks in a browser agnostic way, but if I am not mistaken I couldn’t see a sign up page for büro9, how do you hold those bookmarks?
Thanks :)
Ozgur,
On password management, it’s true that I have to trust another party. I’m willing to do that because of the increased security I get across all my accounts in having unique and complex passwords everywhere. Which means that when companies like Sony get compromised, I don’t panic. It has no further impact on me.
Plus I can make the master password for Lastpass 2 factor… something I know (my lastpass password) and something I have (my phone, because it uses Google Authenticator to extend it), and on my laptop this is further combined with something I am (my fingerprint).
So no, I don’t feel less secure about storing in the cloud. It’s possible to do storage securely, and it’s possible to do access to secure storage securely, and I trust that they’ve done this (a bit like how I trust Tarsnap to be secure backup storage).
On bookmarks access, I simply have http://www.buro9.com/bookmarks/ as my home page in all browsers. Except I use http://www.buro9.com/bookmarks/?style=2 in my identity browser so that green is for email and identity, and blue is for browsing.
The page is unprotected and requires no login at all, anyone can see those bookmarks. When I update it I just use ssh and vim. There is no database or anything. My focus on a bookmark page was always just speed of access (it should be rendered in 0.2 seconds) and high accessibility (it should work on all browsers). I’ve used the same page for over a decade now, just updating it with new links as when I feel the need.
I don’t bother protecting the page as I see no need. There are links to secure things on that page, but those resources should have their own security and me protecting the page would just be security through obscurity. Not a good thing.
The page is actually a PHP page. It uses a reasonably nice data structure so that updating links is easy, and just loops over them spewing out a string to make the page. It’s then cached by Varnish, so the vast majority of the time the page is served from a memory cache. The only part of the page on a short cache timeout is the BBC news feed which only caches for 15 minutes… just enough time to discover any major news stories happening.
A very long time ago (literally, more than a decade), that bookmarks page was an open service that others could use. I had a database, login, various other features. Anyone could create a bookmarks home page. But when I tried to charge for the service no-one was willing to pay, so when I got down to a very few users I allowed RSS export of all links you had and just killed that product and made my own mini-home page. It’s so lightweight that it happily sits on any server I’ve owned since.
Thank you for your answer, David.
It seems I have solved my “paranoid security” problem with KeePass; it holds everything locally and for sync needs I use dropbox for syncing the main db and securing it with an internal password and a keyfile – which is stored in my usbstick. So if someone somehow gets my db, without my usbstick he cannot do anything.
Also, firefox has a nifty addon called “Open With”. Hide the default browser paths, you cannot supply arguments to them. After you add chrome manually you can supply “–incognito” to it with a right click you have access to incognito chrome.
Thanks, again :)
[...] I don’t think you browse like I do – Una navigazione davvero privata (blog.microco.sm) [...]
[...] If anyone is worried about this stuff I highly recommend you look at browser extensions. The very best ones are: http://www.ghostery.com/ AdBlock Plus (search for it in your browser as there seem to be many variants) http://disconnect.me/ Then if you want to be a complete freak I posted on my blog about how I browse, and effectively every day that I go onto the web I am a new person with no cookies to my name: http://blog.microco.sm/2012/02/04/i-…wse-like-i-do/ [...]
[...] dem Blogpost „I dont’ think you browse like I do“ bei Microcosm erläutert der Autor ausführlich, wie er mittels verschiedener Mechanismen für mehr Privatheit im [...]
I started using different browsers for different things when youtube started welcoming me – because I have google mail and am always signed in to that. I’ve used in private browsing in firefox for ages now, but some sites will still leave cookies on your PC, so I have an add-on which erases those, too (it’s called ‘better privacy’. And I have adblock plus. I don’t do anything sinister on the web, but I want to decide myself who I reveal my identity to.
You say:
>>2 Factor authentication this increases your security and you have your phone with you, don’t you? I log in to Gmail once or twice a day and use Google Authenticator on my phone. I’m not concerned by the few seconds a day to do this.<<
Well, I don't do that. I don't want google to know where exactly I am at any given minute when my mobile is switched on. :)
Anyway, good article, I'm glad I'm not the only one who's giving google a hard time. ;)
Thanks David for a good hands-on-overview. I use the Chrome private browsing a lot, because it can go side-by-side with the normal browser window. So when crossing borders I can copy the link, create a new private windows with ctrl-shift-N and paste the link.
Firefox is switching completly into private mode, which I find a bit annoying.
[...] seinem Blog erklärt David, welche Lösung er für sich gefunden [...]
[...] it’s better to try to keep your online activity as private as possible and stick to sites that have tighter privacy and advertising policies, but anything [...]
David,
You mention your bookmarks page several times (and I see in the comments that it was actually a product at some point). Any thought of making any of the code open source, since you aren’t productizing it? I just really like the layout :-)
Anyway, thanks for the ideas and pointers!
Bruce
Hey Bruce, I long stripped down the page so that it didn’t require a backend. If you’re good with a standalone PHP page (all that it’s been for a good decade) I’ll throw it up on github.
I can grok PHP, would love to snag a copy if you don’t mind the work! A simple PHP standalone would be great just like you’re using it (on a personal server, etc.) for a single person’s use. Keeps me away from having to do a database, etc. all for a page of links :-)
Bruce