Security Bytes - Dec 2015 - Who Is Watching
Readers, this month I want to shed light on the problem with 3rd party trackers that track your every click on the Internet. In the past I have talked about ways to increase your privacy and anonymity on the Internet, however just as one becomes more aware of how to evade snooping, the people that want your information have found better ways to gather information from you indirectly.
Many of us browse the web and shop online without concern for what is done with the information one provides to a merchant or online website that asks for you to fill out a form. Many times we blindly fill out the needed forms to finish a transaction or get to information that one wants to see. What one does not realize is that many web sites also have 3rd party trackers embedded into them that are there to gather as much information as possible from users. All of the information is gathered and put into massive databases and then sold to other merchants so that they can better provide appropriate ads to their customers based on their specific interests. Here is an example of this in action: Lets say your interest is in travel and you browse a website that has information about Hawaii. Next you go to a shopping website that you have NEVER been to before and they put bathing suits on the first page. That information got to them by a 3rd party tracker.
To some, this might not be alarming, but to others this may seem a but creepy. Luckily there are ways to mitigate this intrusion on one’s privacy by using a few browser plugins and for the really paranoid that want to be as anonymous as possible by using a secure web proxy to mask your location on the Internet. The key here is to block 3rd party scripting in the browser that will prompt you when any extraneous data may be sent to a site other than the one you intend to visit. Luckily there are Plugins or extensions available for most web browsers to accomplish this. For Firefox and Chrome users there is Ublock origin which when installed will tell you what a website is trying to do and gives you the option to either allow or block the parts of the website that are potentially intrusive. You can also click on a big button to allow the website to be put on a whitelist if needed. While it may take some time to become used to understand what to allow and what to block it will block most of the 3rd party scripting that is trying to gather your information. In rare cases a website might not display properly if all the scripts are blocked.
Another tool that is a way of anonymizing you connection on the Internet is an anonymizing proxy such as ProXPN. This application allows one to “tunnel” their connection to an alternate exit point on the Internet so that 3rd party tracks cannot gather you physical address location from the Internet Service Provider.
I have found that by using the combination of script blockers and web proxies, one can evade quite a few of the 3rd party tracking tools out there. Nothing is perfect however and one should get educated about how these trackers work by using Google to search the topic further.
-Paul Mavrovic, CISSP