YOUR TRACES ON THE INTERNET

YOUR TRACES ON THE INTERNET Firefox, Internet Explorer and Chrome aim to give their users total privacy. if they do manage it , how anonymous you really are on the Internet.   Browsers were considered perfect for years, when they displayed websites quickly and in an organised manner and could put forth all kinds of add-ons. Since then, they have become the standard, but the users demand a new aspect: more privacy. That’s why Internet Explorer 9, Chrome 10 and Firefox 4.0 have installed all the new protection functions that promise anonymous surfing. We observed the stealth functions of three browsers closely and we’ll show you what they bring, what kind of protection they offer, and where they fall short. Irrespective of how well Firefox blocks cross-page tracking services with its new features, the browser always divulges a certain part of the information about the user and he/she cannot protect himself/herself against it. Even cover-up tools like Tor are of no help here. You will find a complete list of all the data that a tracking service knows about you on the following page. Anti-tracking: Better data protection The new tools are neither classic anonymous services which divulge IP addresses, nor Web blockers like the Firefox plugin Adblock Plus, which displays websites without advertisements. This would also not be in the interest of the browser manufacturers. Google’s business model is based on advertising, and even Microsoft Advertising is a successful advertising marketer. This makes it clear that manufacturers themselves do not spoil the market. Nevertheless, browser developers promise that the advertisements should no longer be user-related. The tools prevent behavioural targeting, which affects advertising enterprises, who tailor ads to the user’s surfing behavior. If, for example, a person views a specific product at an online store, this product is again displayed on other pages. The power of repetition is designed to convince the user to buy. This can be helpful in some cases: If the dealer reduces the price of the product, the user is directed to other pages. However, there are disadvantages. On one hand, there is uncertainty, which comes with collected data. On the other hand, while surfing, even users do not want to look over their shoulders within their own four walls. If a user shares the PC with his partner and looks online for a birthday gift, the surprise would be spoiled if the intended gift is shown on every page before he even buys it. With the tools offered by the browser manufacturers, each user should be able to decide how much he/she wants to reveal about himself/ herself and if he/she wants to have a personalized advertisement. For the latter, Google has a solution at hand: someone who wants an explicitly personalized advertisement can request that via ‘google.co.in/ads/preferences’. For this, the user does not need a Google account. The opportunities to remove individual advertisements have been around for quite a long time. Besides add-ons for browsers, big advertisers offer an ‘Opt-out’ opportunity on their websites. If the user clicks on the corresponding button, he/she receives the cookie, where upon he/she is not tracked anymore. The tick shows that it also removes the anti-tracking cookies, when it deletes all the cookies on the browser function. After that, the advertisement is personalized again. The manufacturers want to offer better adjustment possibilities than the Web advertisers, with new browser features and add-ons. With this, each program proceeds and succeeds differently. Firefox: Signals in the header Mozilla protects its users with the ‘Do Not Track’ application, which the company has designed in Firefox 4.0. This functions on the ‘Opt-out’ principle. A person may sign out if he/she does not wish to be tracked. If the function is activated, the site operator receives a message that the user wants to remain anonymous. This is how it functions technically: Each time a site is called up, a header is also sent with it. ‘Do Not Track’ follows this signal there. There are no lists in which the user can register himself/herself. On the contrary, the process can be compared with the ‘Please do not insert any advertisement’ tag on inboxes with the addition ‘I would like to stay anonymous’. EVALUATION: The user can paste this tag on his/her browser, but he/she has little control over whether the site operator really pays attention to that. Ultimately, a click tracker does run in the background. Experts agree on one thing: As long as there is no globally applicable rule which demands that all services follow the user's request, the user can only hope that the tracking services are honest. Even Mozilla developer Michael Hanson does not see the ‘Do NotTrack’ header as a solution for all the data security problems, as the browser reveals a lot about the users. However, it is a step in the right direction: If a user is not expressly tracked, the boards of control would have evidence, if the advertiser has ignored the signal. ALTERNATIVES: The NoScript add-on takes care that not only are advertisements blocked, but the unwanted scripts and plugins are also removed. The JonDoFox extension sets up an anonymous profile, which you can use if you wish to remain incognito. Internet Explorer: Pixel search Even Microsoft offers the user a magic hood in Internet Explorer 9, with which he/she no longer gets tracked. In the previous version, there was a similar function called ‘InPrivate Filtering’. Redmond has just renamed it to ‘Tracking Protection’ and made it slightly more detailed. There are two different modes: In the first mode the browser checks if the contents of other providers are on surfed websites. For example, Tracking Pixel tracks what the user is surfing. At the same time, the browser checks how often this pixel attaches itself to the latest searched sites. If the pixel pops up more than ten times (the frequency is determined between three and thirty), it is blocked. It is highly likely that it concerns a service, which tracks the behavior or fades in the user-defined advertisement. The add-on even blocks measuring services like Google Analytics or IVW as well as the personalized advertisement. The longer the user surfs, the more extensive the list becomes. According to Microsoft, the data remains on the PC and is not sent to Redmond. The second possibility: The user can subscribe to lists of external providers. Microsoft does not offer any lists, but the format is open, so that the youth protection organizations can make the lists available. Find more information at ‘ie.microsoft.com/testdrive’. EVALUATION: The Microsoft security functions safely because the contents of every third site in the browser are blocked. Despite that, the software giant offers a peek at the lists and takes care of transparency, which is exactly what is blocked. Bonus: Each user can simply edit the lists and then include specific services if they cross their limits. The subscribed lists with providers should be blocked, but still have a tick mark: If the providers change the tracking module of the URL, then accessing the list is of no use. Someone who wants to play it safe should look for providers on the white lists; they are more restrictive. ALTERNATIVES: There are no extensions for the Microsoft browser. That’s why users can protect the private space simply in IE using Windows tools by generally deactivating cookies under ‘Internet Options | More’ or automatically delete them after a session. Chrome: Add-on for privacy The search engine giant Google also offers its users a solution, which supposedly blocks the user-specific advertisement that the user receives. Companies following the self-regulation programs of the Web industry (aboutads.info) no longer show any personalized advertisements after installing the ‘Keep My Opt-Outs’ add-on. According to Google, majority of the advertising companies using behavioral targeting follow the program. Only a small fraction has not included itself in this. EVALUATION: Until now, only US companies followed the agreement; Indian and European companies do not support this. Due to this, there is no guarantee that no personal advertisement will be shown. For example, when a user is not tracked by Google Analytics service, it is intended that Google only deals with advertisement. A Chrome user can block the cookies of another provider in the browser settings under ‘Options | Content Settings | Cookies’. ALTERNATIVES: You can hide the Google Analytics service very easily with an add-on, which originates from Google. There is the Google Opt-out extension for Firefox, Internet Explorer and Chrome under ‘tools.google.com/dlpage/gaoptout.’ Though Google Analytics continues to track the surfer, the tool blocks the entire IP address form being sent. This way the site provider cannot track the user’s location. The NOREF add-on takes care that no referrer is sent. Fact: Less protection The Firefox tools and Chrome prevent the pop-up of personalized advertisements only to a certain extent. Only Microsoft’s Tracking Protection delivers protection even though it dos not entirely stop tracking the user. Lastly, the process of all browsers is meant to be good, but when a service wants to really analyze and track the user, it can still do it. There are still plenty of opportunities to identify the user. If the surfer, for example, activates the JavaScript, the site operator can create a profile in which he/she can read all the fonts installed on the computer. Deactivating JavaScript not only decreases the convenience and user-friendliness on many sites, as menus or other effects are often animated with it, but it would also stops protection against tracking entirely. Even Cascading Style Sheets trickle out webmaster information from the browser. Thus, it can track and find mouse movements, as to how you navigate on the site. Absolute anonymity still remains wishful thinking.    All the privacy tools fail here Anonymous on the Internet? Just for the sake of it. Modern browsers divulge so much information, that each user can be clearly recognized. Even if the user hides himself/herself using cover-up services, there are privacy loopholes. We show you these and tell you how to block them.  SIZE OF THE BROWSER WINDOW Even when JavaScript is deactivated, a person can choose the size of the browser window directly using Cascading Style Sheets. CHIP says: Only standard sizes should be transferred.  Cookies There are no cookie adjustment options which suffice all the data security requirements without limiting its functionality. Cookies are partly deleted automatically, but only after the end of the session. CHIP says: The browser should remove them right after switching to the next site.  COMPUTER TIME Pages can choose the local time of the PC on the Date()-object using JavaScript, lock the time zone at the location and even assess it, whether the user surfs privately or professionally. CHIP says: A user should be able to fake the Date()-object, so that the time shown on each website is different.  FONTS You can install fonts using Flash, Java, JavaScript or CSS to relate to the PC. CHIP says: The user must be able to configure the browser fonts and ideally be able to restrict them to the standard fonts. The user does not really have any disadvantages, as most of the sites use standard fonts.  PLUGINS AND FILE TYPES You can analyze and check plugins up to the version number using JavaScript to check which file types are feasible. All this is not really required for running these pages. CHIP says: A message, whether Flash is installed, is sufficient.  MOUSE MOVEMENT Sites can track the mouse movement with CSS and JavaScript. CHIP says: The user should accept that the behavior is being tracked. However, few sites function only when the user releases the mouse.  HTTP SIGNATURES The browser type can often be easily recognized using the HTTP signatures. CHIP claims: The sequence of the header data sent should be adjustable.   What does the private mode really do? All the common browsers include a private mode. Unlike the Anti-Tracking-Tools, they deliver protection if the user shares the computer with other people. Search hits, browser actions and passwords are not saved. Even the cookies are cleared automatically, which makes it impossible for the tracking services to spot the small text files on the computer for a longer time. Nevertheless, the site operators create the user profile in private mode and recognize the user. As the information is deleted only after ending the browser session, a tracking service can easily access all the information during the session. The disadvantages of online anonymity Someone who wants to be hidden on the Internet has to reckon with a few disadvantages: Besides the comfort features, which do not work with each other anymore, there may be problems in services, which use the surfing behavior as a distinguishing feature. BROWSER AS A LOGIN KEY Some paid services or online banks have hidden security mechanisms that the user does not notice. The provider may record the typing speed or the mouse movement and create a fingerprint of the user. If these features are other than the regular ones,  something like cover-up, then the user cannot login in such situations. INTERVIEW “Covering-up IP addresses is not enough” How anonymous is a person on the Internet? Not at all. The provider can track all the steps of the user on the access account. Even site operators, advertising and analysis services can track the user using the IP addresses. Can a browser protect the private sphere? Browsers would offer protection, had the Net users not been so different, that is to say, had they not been a large group of look-alike surfers. Then it would not have been technically possible to create the user’s profile and track it. This does not sound as if it would work. Modern web browsers send a lot of information using the operating system on visited websites. This data is often so distinct, that a computer can be clearly identified, if it changes its IP addresses often. The cookies mentioned often are only the tip of the iceberg. Where are the additional problems? None of the web browsers are independent of the operating system, especially so, when JavaScript is activated. No adjustable properties are provided in Flash and Java. There are no attachments for a browser or even for an anonymity-platform user profile. What should the browser manufacturers change to offer genuine anonymity in the Net? A good approach would be designing a standard, anonymous profile which can be activated as desired in each Web browser, possibly on the “private mode.