fear of (a) average mind

you are human, no thing you do is wrong

Firefox Lock-down #

Zapping around the internet these days is nasty business, you have to assume every site you visit wants to track you (or help their partners track you) or infect your PC. Here are a few things i do to make my FF a bit more secure and private:

NoScript
Of course the first one is the great NoScript, you know what it is. Doesn't allow sites to run java-scripts unless you allow them. Simple and it works.

CookieSafe
CookieSafe is the NoScript for cookies, no site is allowed to place cookies on your PC unless you allow them. A lot of companies track your browsing habits though the use of cookies and partner companies web-sites. They say they profile you to better serve you ads but who knows what they do with these profiles of you.

i have come across a few sites that do not work unless you let them place a cookie on your PC, they go into a weird loop where as soon as you arrive at the site your browser is redirected to a "no cookie" script which then redirects to another page (probably because you haven't allowed scripts for this site) which then loops back to the no cookie page, it is stupid to see. Any site that forces you to accept a cookie just to view the site is dodgy.

If you join a site, say... You Tube then of course you are going to let YT put a cookie on ya PC, it's how it knows it's you when you log on, but just to look at a site (not join) then it wrong. Whenever i get to a site like that (cookie needed just to view site) i stop, copy the URL and put it in my hosts file thereby making it impossible for my PC to ever go to that site again (more on the hosts file later).

BetterPrivacy
This is where cookies get really nasty, in XP look in: "C:\Documents and Settings\your user-name\Application Data\Macromedia\Flash Player\#SharedObjects\random code\", oh look cookies, WTF are these (other locations here). These are flash cookies or "Local Shared Object" (that's a nice name isn't it). These are cookies that any site that uses flash can put on your PC, i only found out about these recently and i was shocked, all this time i was blocking HTTP cookies and every site with flash on (and some without flash) were planting these cookies all up in my PC.

Just as i started this post i went to PortableApps for a little look at what was going on over there, funny new app, Billy Mays Caps Lock 1.0, lol cool, on that page that was a link to John T. Hallers blog. On his blog i found this, Warning: AddThis Puts Flash Tracking Objects on Your Website. You have got to be kidding me, i use AddThis (it's the little icon down there below this post with the plus sign on), well i used to, that icon used to be red, now it's blue because i now use AddToAny instead of AddThis. ClearSpring bought AddThis and used it (it is java-script after all) to plant LSOs (Local Shared Objects/flash cookies) on the PCs of anyone who visits a web-site using the AddThis widget. It is a coincidence that on the very day i start to make a post about how nasty flash cookies are i find out my own blog has been planting them on peoples PCs without my knowledge, ClearSpring are worms.

Anyway back the the subject, BetterPrivacy dose not, like CookieSafe, block LSOs, it lets flash cookies get planted. What it does is delete those cookies when you open/close Firefox. Unless these cookies stay on your PC permanently they are useless (:

Man, i am so pissed off about ClearSpring/AddThis. Seriously, ClearSpring are fucking dodgy cunts.

RefControl
i like this one. When you go to a web-site it knows what site you came from by using the HTTP referrer header. This could be use to track you browsing habits by a site.

RefControl lets you set which site the site you visit thinks you came from, i set mine to the Wikipedia Referrer spoofing page so now every site i visit thinks i came from that page :D

It can break on some sites but RefControl let you set sites you trust to see the normal referrer.

Stylish + Ad Blocking FiltersetP
i don't use Adblock Plus as i always have Stylish installed and Ad Blocking FiltersetP does the same job without the overhead of having another add-on installed.

SSL Blacklist
This one just informs you if a site uses the unsafe MD5 algorithm for RSA signatures.

hosts file
Not really Firefox but the hosts file is a useful little chap, in XP it is in: c:\windows\system32\drivers\etc\. As you know all site have a IP address. When you put www.google.com into your browser it uses DNS to tell which IP address is associated with www.google.com.

It used to use the hosts file (when the internet wasn't that big that all the web-site addresses could fit in a text file). Your browser still looks at your hosts file first before DNS. If you haven't edited it it should just have: 127.0.0.1 localhost (this is your PC and you shouldn't mess with this line). 0.0.0.0 is an invalid IP address so if i put: 0.0.0.0 www.google.com in the hosts file and typed www.google.com into Firefox it would look in the hosts file (before DNS) and see it as an invalid IP and not go there.

So you could put in something like: 0.0.0.0 ads.example.com, you can still go to www.example.com, Firefox just would not (could not) connect to their ad server so no ads. You can google around for lists of nasty sites to copy/paste into your hosts file.

It's hard work surfing the internet these days but i hope these few things make it a bit safer/private for you (:

Labels: , , , , , , , , ,