Tuesday, September 27, 2011

What is really needed for web privacy

I've blogged in the past about various tools that help keep your web-wanderings to yourself. Facebook has recently come under some scrutiny for not erasing some tracking cookies (https://nikcub.appspot.com/logging-out-of-facebook-is-not-enough), and while it's no surprise, it does remind us that the big brothers of the world are watching!

What we should be aware of is that, while such cookies make it more convenient for facebook to track you, they can do it without them! Browser fingerprinting is amazingly effect (see http://panopticlick.eff.org/), and when intelligently tied together with IP-address information, can give the big brothers an excellent idea of who it is that's pinging them and from where. That is to say, they probably know, to a disturbingly-large extent, where you've been online. If they haven't actually analyzed their logs to figure that out, they could! (Though the browser fingerprinting would require that they have more than just a typical web server log of your traffic).

CSFire and Adblock Plus with customized filters can do a great job of keeping our wanderings to ourselves (see http://albosure.blogspot.com/2011/02/block-facebook-ads-on-other-websites.html and http://albosure.blogspot.com/2010/04/plugging-privacy-leaks-with-csfire.html). But what is really needed in order to be invisible to the big brothers, but to still be able to see their content, is a selective-proxy tool that will suck down facebook, google, etc, content via proxies while on third-party sites, but plugs you in directly when you're actually browsing their sites. As it stands now, privacy requires a level of geekiness and paranoia such that only a few tenths of a percentage point of folks out there (probably even less than that) will actually go through the trouble of implementing what's necessary. We need a plugin (and some laws too). Anyone out there feel like developing it?