Tuesday, January 28, 2014

An Introduction To Tor, Lightbeam, and Adblock

In a world increasingly dominated by surveillance from marketers, tech firms, and big governments, privacy can be tough to come by these days. In an effort to help our readers gain more control over what data is exposed during their web browsing I’ve decided to cover some of the most prominent and easy to use privacy oriented programs.
Lightbeam is a plugin for the Firefox web browser that allows you to view what third party websites your data is being shared with. Tor is a web browser bundle that seeks to anonymize your web browsing. Finally AdBlock and NoScript are programs that prevent ads for the former and prevent javascript from running in your browser for the latter. Using one or a combination of several of these programs can help to give you more control over who has access to your personal data.
Note: The following services are very user friendly and as such I won’t be doing tutorials on them. If you have issues I’d love to hear your questions in the comments area.


Firefox

firefox-256While you might think of your web browser as a simple gateway to the web the reality is far more disheartening. Many web browsers are purported to include tracking code which shares data with outside sources. For instance, while I like Google Chrome’s simplicity I’ve also heard it described as Malware due to its propensity for tracking its users’ web browsing. Firefox on the other hand is an open source browser with a host of plugins and add ons aimed at keeping users’ data more secure. Some of the following programs require Firefox and I’d highly suggest its use over other web browsers.

Lightbeam

lightbeam_logoLightbeam is an add-on for Firefox which was released in late 2013. Lightbeam provides Firefox users with a visual representation of who is sharing their data and how web sites are connected. Most web sites use third party plug-ins such as analytics software or ad servers. This plugin helps users to see just which sites and services are being connected to without having to wade through lines of code. Lightbeam is more of an educational resource as to who your data is being shared with and how websites connect to each other. You may not check LightBeam often, but using it even once can do worlds in informing you as to how the websites you’re connecting to are working.

Tor

Tor_logo1Tor is a browser bundle consisting of a version of Firefox as well as some other software that serves the purpose of anonymizing your internet traffic. Originally developed by the US Naval Research Laboratory, Tor and the Tor network now consists of thousands of servers which help to relay your traffic. Your traffic enters into one entry node, is passed among one or more relay nodes, and exits at an unknown exit node. To an outside observer it is difficult to determine which traffic relates to whom (Though some attacks on the network have been successful, check this wikipedia article for a list of weaknesses).
All you have to do to run Tor on your machine is to download the Tor browser bundle from the Tor Project and start it up. The homepage for the instance of Firefox running Tor will either state that you are or are not running the latest version of Tor.

There are a few limitations with Tor. For instance, navigating to certain sites with Tor you might find that the IP has been blocked or that posts from that IP have been disabled. Since Tor relies on a series of independent servers, once an IP is blocked for one user it will be blocked for all subsequent users exiting the Tor network from that IP.
As pointed out by Karen Reilly of the Tor project, there are some potential issues with using a combination of Tor and VPNs as VPN providers could potentially compromise your anonymity (Link with details to use of Tor with VPNs). Additionally sending plain text over the Tor network is still sending plain text, just like any other network. It is possible that data such as usernames and passwords could be compromised at several places along the way. As such it is important to use a combination of HTTPS and Tor.
It is possible to support the Tor network by running your own exit node. However, this is not advisable if you’re running it from a home or work network. Because of Tor’s anonymity it has a propensity for attracting some nefarious characters, and you don’t want their traffic emerging from your home network as it is possible that it could draw the attention of law enforcement agencies.
It is also possible to route other programs through Tor providing additional anonymity for things like chat rooms.

AdBlock Plus and NoScript

adblock_logoAdBlockPlus is a plug-in for Firefox that disables ads on websites that you visit. Aside from the possible privacy implications, blocking ads can create a much better web experience. AdBlockPlus is extremely easy to install and requires a total of two clicks once you get to the installation page. By default AdBlockPlus allows some unobtrusive advertisements, though settings can be adjusted to block all ads. A quick test run shows that the advertisements on this site (google adsense ads) are blocked. Meanwhile the default ads on Reddit are not blocked.

NoScriptLogoWhile blocking advertisements is all good and fun, blocking all client side scripts can greatly improve your individual privacy. Many sites use snippets of javascript and cookies to track information about their visitors. At times this information is sold and passed on to third party sites without the user’s knowledge or consent. Like Ad Block Plus, No Script is extremely easy to install, though it does require you restart Firefox. Note that NoScript doesn’t disable all client side programs, but rather let’s you choose which ones you want to let run.
I’d encourage you to test out a combination of Lightbeam, AdBlock and NoScript on this site and others. You’ll quickly see that a site like Hacker News doesn’t appear to connect to any third party sites, while a site like Yahoo appears to connect to dozens. CryptoJunky.com connects to several as we currently have analytics software, as well as adsense and several social media scripts running. At the moment we’re strongly considering removing most or all of these in order to better preserve user privacy. If you have an opinion one way or another we’d love to hear it in the comments.

Search Engines

duckduckgo-logoWhile google has reigned on high for over a decade as the preferred search engine of the internet, recent privacy concerns have put a chink in their armour. If you don’t want your search history tracked, recorded, and probably passed on then I’d suggest going with an alternative such as DuckDuckGo. In addition to anonymizing your searches, using DuckDuckGo has the added benefit of keeping you out of the filter bubble which encircles an increasingly large amount of our online activities.
Since DuckDuckGo doesn’t quite have the funding of Google or Bing, you’ll see less in the way of advanced search options such as news, images, video, etc. What you get with DuckDuckGo is a crude yet refreshing search experience akin to Google’s early days.

Contributing


If you’re interested in contributing to any of the above projects most accept donations. Some, such as Mozilla (Firefox) are actively pursuing open source developers to help them improve Firefox and related services. Another group to consider donating to is the Electronic Frontier Foundation which aims to protect individual user rights and privacy online (and they accept Bitcoin!).

Conclusion


A man walks into a jewelry store to shop for an engagement ring for his future bride. He gets advice, browses a few options, and after some time makes a purchase. Awhile later he proposes to his now fiance with complete surprise.
Some years later his son is shopping for an engagement ring online. The son gets some advice, browses a few options, and after some time makes a purchase. Later that night he’s with his future fiance when a few ads get played on their internet radio station, promoting deals for engagement rings. Later she uses his tablet which is chalk full of ads targeting men shopping for engagement rings. No surprises to be had.
We all have things we’d like to keep private from time to time, hopefully these programs help you in keeping what’s important to you private.

4 comments:

  1. Have you tried Ghostery? That's my current favourite privacy plug in, handles ads and tracking scripts all in one go, and allows you to block/allow them individually. The most interesting thing about it though is that it shows a list of all the stuff that's being used in the page, some of the bigger sites have scarily long lists!

    I'd also recommend HTTPS everywhere by the EFF.

    Thanks!

    ReplyDelete
    Replies
    1. I heard about this addon but never tried, thanks for sharing your view. i will surely give a try :)

      Delete