> If you’re in that category, Ms. Winterton recommended Ghostery, a free plug-in for most web browsers that “blocks the trackers and lists them by category,” she wrote.
> We need to stop treating knowledge of public data like this as some sort of identity metric.
And one step further, such public data should not be used by corporations / governments to validate (or inform much, beyond "details") the identity of someone. It's just too unreliable and can't be verified.
Maybe PGP or similar, hashed from some source biometric data, to allow multiple 'IDs' over a lifetime but 100% verifiable.
After Apple destroyed safari extensions and forced everyone to use declarative net requests, there are few options. I’m pretty sure Ghostery is now unable to perform the analytics or data collection from previous versions. KaBlock and others are worth trying. There are few options, so I’ve settled on Ghostery for safari on macOS
> We need to stop treating knowledge of public data like this as some sort of identity metric.
I love how it's easier to steal my identity than to intercept my encrypted web traffic.
Society really could do with a cryptographically sane method of authentication - think an PKI-type verification but in replacement for '100 points of id' / Social Security Number / Tax File Number etc.
Surely the cost of implementation wouldn't outweigh the cost of identity theft and other types of fraud which can occur due to the current flawed system?
Maybe the costs are/would be paid for by different parties, but indirectly we all pay for them through insurance premiums and taxes which cover the (preventable) financial damage anyway.
The omission of "Disable third party cookies" is fairly shocking. From my understanding, it might be the single most effective thing you can reduce tracking. Whenever I get the chance, I recommend the following pieces of Internet hygiene to anyone and everyone I can:
* Disable 3rd party cookies
* uBlock Origin
* Privacy Badger
* HTTPS Everywhere
These things are all dead simple and will significantly reduce your trackability. Of course they are far from comprehensive or perfect, but it's the Internet equivalent of washing your hands after you go to the bathroom.
Won’t disabling third-party cookies render certain payment gateways unusable? While such advice may be very welcome among savvy computer users who know when they should temporarily turn third-party cookies back on, the NYT is unlikely to give advice that will break online shopping for large numbers of people.
-Use a private cloud, so that your data is in your control.
We've actually developed a self-hosted private cloud solution as a substitute to Dropbox for exactly these reasons. Basically a private Dropbox at home (no complicated installation and no server needed)
The point is to have a product that works just like a Dropbox, as simple and straightforward, but that is actually private with no one interfering, playing, accessing or reading your data.
Somehow I don't understand how you say Syncthing's disadvantage in comparison is that it's a P2P system[1], but at the same time your website says duple doesn't need a server.
Maybe I've misunderstood, but this sounds just like Syncthing with an always-on client - except for the file versioning, that sounds like an interesting feature to me.
But there's no mention of Tor, which is arguably the best available way to "avoid leaving tracks around the Internet". And better yet, using Whonix, which prevents leaks around Tor.
Using multiple email addresses is good. But if you're sloppy about browser hardening, they'll all get linked.
More generally, there's compartmentalization. Not just multiple email addresses, but multiple VMs, connecting through different VPNs, and/or Tor instances. Modern machines can run several Linux VMs, and switching among them is as easy as switching among app windows.
So basically you can present online as many different personas. Even if everything that each persona does gets linked, it won't get linked to other personas. If you're careful, anyway.
> More generally, there's compartmentalization. Not just multiple email addresses, but multiple VMs, connecting through different VPNs, and/or Tor instances. Modern machines can run several Linux VMs, and switching among them is as easy as switching among app windows.
Shout out to https://www.qubes-os.org/ Qubes OS, an Open Source research implementation of this concept on the OS level. BYO OPSEC.
I was able to read the article by opening it on a browser I rarely use. But even then, an email ask isn't "tracking", and you can always use a throwaway account if you want. As the article itself suggests, use a different email for each service you sign up for.
The NYT is a content website in a sea of content websites. Getting you on their email list is valuable in the way that getting you to install their app is valuable; they can send you notifications and a few free articles that can maybe upsell you into a subscription.
They have no choice but to do this because we still think text and pictures on the internet should be free. We've come around to paying for music and videos, but it still seems too much of a hurdle for traditional news outlets.
Install uMatrix and block all 3rd party JavaScript. It breaks functionality in some sites that embed social networks' widgets, but other than that works like a charm. As a bonus sites load at least 30% faster.
I use uMatrix lazy style - if go to page and it works without changes I use it - if it breaks but I need to use it allow all - if it breaks but I don't care that much close the tab.
Exactly my experience, going on 3 to 4 years now. Spend the time to learn uMatrix. It's an incredible investment into yourself and your web experience. I barely browse on mobile anymore since I don't have uMatrix, although Brave does allow blocking scripts and some stuff quite easily. Highly recommend Brave on mobile.
> Apple’s privacy website reveals many examples: You don’t sign into Apple Maps or Safari (Apple’s web browser), so your searches and trips aren’t linked to you.
Google is just one of 100+ ad networks that show you personalized ads. You can turn off ads personalization from Google or any of the other participating ad networks here at http://optout.aboutads.info/
As others have said, there's a huge difference between "not showing you personalized ads" and "not tracking you".
But I really wanted to opine about the optout.aboutads.info link. I suppose that using that can't hurt, but I didn't find it to be particularly helpful. I gave up on it entirely quite a while back.
> Nearby patrons, using their phones or laptops, can easily see everything you’re sending or receiving — email and website contents, for example — using free “sniffer” programs.
Is the author assuming the absence of https encryption here, or is there some widely available exploit I don't know about?
What about fingerprinting? Fingerprinting allows to track browser even in private mode or if you anonymize your IP address. You should disable WebGL right now because it is absolutely unnecessary, almost never used and its only purpose is to collect information about your video card.
> “Create a different email address for every service you use,” wrote Matt McHenry. “Then you can tell which one has shared your info, and create filters to silence them if necessary.”
Obligatory mention - for gmail you can suffix your email address with a service name by using +, e.g., [email protected] will be delivered to [email protected]. So if a service leaks your data or sells your email, you’ll know who to blame.
Although the article recommends not to use gmail, it’s a neat trick if you’re stuck with it.
"Forget password" becomes unusable though, since you’ll probably forget what suffix you used for each service.
Oh companies have become smarter about it! Even the scammers I suspect! Many won’t accept + in the email address and I think now it’s well known enough that most scammers will run a regex to detect and remove the + sign.
Useful workaround is to have unique aliases on a domain name you control. Can’t get around that with a minute of work!
CVS receipt coupons are based upon previous purchases + like 15% randomization in related categories (or maybe just random promotions they have going).
My CVS coupons are nearly always for an antacid, nicotine cessation, or allergy medicine - then I usually get a few extra coupons for something that surprises me like beauty products or facial cleanser.
There’s nothing Google involved with the CVS coupons, I’d bet money on that.
I don’t know how one would know short of a leak if Facebook’s track_ip_addresses.php, but is there any sense of how IPv6 is being aggregated by trackers to track identity?
We have a /48 at home using IPv6 privacy extensions for the full address but that isn’t a useful component of a strategy if I’m being identified by the /48 rather than the full 128-bit address.
Unreadable . Does it mention E2E? It's way past time for tech to get serious about E2E , ignoring warnings and pleas from greedy governments. People have a right to communicate without being constantly surveilled, and it's the most serious track they leave.
[+] [-] saagarjha|6 years ago|reply
I’m not sure I can recommend Ghostery, as their business model is a bit suspicious: https://en.wikipedia.org/wiki/Ghostery#Criticism
> Using websites whose addresses begin with https are also safe; they, too, encrypt their data before it’s sent to your browser (and vice versa).
Safe from your public Wi-Fi operator. Not from the company with a tracking script on the page.
> You don’t sign into Apple Maps or Safari (Apple’s web browser)
You sign into the OS, though.
> You never want to tell Facebook where you were born and your date of birth. That’s 98 percent of someone stealing your identity!
I can literally Google this information. We need to stop treating knowledge of public data like this as some sort of identity metric.
[+] [-] pteraspidomorph|6 years ago|reply
[+] [-] K0SM0S|6 years ago|reply
And one step further, such public data should not be used by corporations / governments to validate (or inform much, beyond "details") the identity of someone. It's just too unreliable and can't be verified.
Maybe PGP or similar, hashed from some source biometric data, to allow multiple 'IDs' over a lifetime but 100% verifiable.
[+] [-] deftturtle|6 years ago|reply
[+] [-] yoloClin|6 years ago|reply
I love how it's easier to steal my identity than to intercept my encrypted web traffic.
Society really could do with a cryptographically sane method of authentication - think an PKI-type verification but in replacement for '100 points of id' / Social Security Number / Tax File Number etc.
Surely the cost of implementation wouldn't outweigh the cost of identity theft and other types of fraud which can occur due to the current flawed system?
Maybe the costs are/would be paid for by different parties, but indirectly we all pay for them through insurance premiums and taxes which cover the (preventable) financial damage anyway.
[+] [-] 9dl|6 years ago|reply
You should stop printing nonsense
[+] [-] not_kurt_godel|6 years ago|reply
* Disable 3rd party cookies
* uBlock Origin
* Privacy Badger
* HTTPS Everywhere
These things are all dead simple and will significantly reduce your trackability. Of course they are far from comprehensive or perfect, but it's the Internet equivalent of washing your hands after you go to the bathroom.
[+] [-] Mediterraneo10|6 years ago|reply
[+] [-] doctoboggan|6 years ago|reply
[+] [-] cloudyo|6 years ago|reply
We've actually developed a self-hosted private cloud solution as a substitute to Dropbox for exactly these reasons. Basically a private Dropbox at home (no complicated installation and no server needed)
We're currently in beta, could interest a few in this thread! https://www.duple.io/en/
The point is to have a product that works just like a Dropbox, as simple and straightforward, but that is actually private with no one interfering, playing, accessing or reading your data.
[+] [-] alpaca128|6 years ago|reply
Maybe I've misunderstood, but this sounds just like Syncthing with an always-on client - except for the file versioning, that sounds like an interesting feature to me.
[1] https://blog.duple.io/what-is-the-point-of-duple/
[+] [-] badrabbit|6 years ago|reply
Good luck on your product. Seems promising. But I didn't like how your site loaded slowly (just a subjective feedback)
[+] [-] 9dl|6 years ago|reply
Where is link to github with ALL code?
[+] [-] mirimir|6 years ago|reply
But there's no mention of Tor, which is arguably the best available way to "avoid leaving tracks around the Internet". And better yet, using Whonix, which prevents leaks around Tor.
Using multiple email addresses is good. But if you're sloppy about browser hardening, they'll all get linked.
More generally, there's compartmentalization. Not just multiple email addresses, but multiple VMs, connecting through different VPNs, and/or Tor instances. Modern machines can run several Linux VMs, and switching among them is as easy as switching among app windows.
So basically you can present online as many different personas. Even if everything that each persona does gets linked, it won't get linked to other personas. If you're careful, anyway.
[+] [-] cartoonworld|6 years ago|reply
Shout out to https://www.qubes-os.org/ Qubes OS, an Open Source research implementation of this concept on the OS level. BYO OPSEC.
[+] [-] dt3ft|6 years ago|reply
[+] [-] rchaud|6 years ago|reply
The NYT is a content website in a sea of content websites. Getting you on their email list is valuable in the way that getting you to install their app is valuable; they can send you notifications and a few free articles that can maybe upsell you into a subscription.
They have no choice but to do this because we still think text and pictures on the internet should be free. We've come around to paying for music and videos, but it still seems too much of a hurdle for traditional news outlets.
[+] [-] seriocomic|6 years ago|reply
[+] [-] elorant|6 years ago|reply
[+] [-] ozim|6 years ago|reply
[+] [-] freedomben|6 years ago|reply
[+] [-] okasaki|6 years ago|reply
Not linked... in a way visible to you.
[+] [-] hbcondo714|6 years ago|reply
Google is just one of 100+ ad networks that show you personalized ads. You can turn off ads personalization from Google or any of the other participating ad networks here at http://optout.aboutads.info/
Source: https://adssettings.google.com
[+] [-] joosters|6 years ago|reply
[+] [-] JohnFen|6 years ago|reply
But I really wanted to opine about the optout.aboutads.info link. I suppose that using that can't hurt, but I didn't find it to be particularly helpful. I gave up on it entirely quite a while back.
[+] [-] 9dl|6 years ago|reply
Evil corporation never lies to you
[+] [-] savvyraccoon|6 years ago|reply
[+] [-] semiotagonal|6 years ago|reply
Is the author assuming the absence of https encryption here, or is there some widely available exploit I don't know about?
[+] [-] 9dl|6 years ago|reply
All "antiviruses" use it
[+] [-] known|6 years ago|reply
[+] [-] dt3ft|6 years ago|reply
Edit: sorry, my bad, cloudflare 1.1.1.1 resolves it as 127.0.0.5. Someone ought to check that out...
Edit2: apparently this is a deep rabbit hole: https://community.cloudflare.com/t/archive-is-error-1001/182...
[+] [-] codedokode|6 years ago|reply
[+] [-] brassattax|6 years ago|reply
[+] [-] orangepanda|6 years ago|reply
> “Create a different email address for every service you use,” wrote Matt McHenry. “Then you can tell which one has shared your info, and create filters to silence them if necessary.”
Obligatory mention - for gmail you can suffix your email address with a service name by using +, e.g., [email protected] will be delivered to [email protected]. So if a service leaks your data or sells your email, you’ll know who to blame.
Although the article recommends not to use gmail, it’s a neat trick if you’re stuck with it.
"Forget password" becomes unusable though, since you’ll probably forget what suffix you used for each service.
[+] [-] inapis|6 years ago|reply
Useful workaround is to have unique aliases on a domain name you control. Can’t get around that with a minute of work!
[+] [-] nishmastime|6 years ago|reply
[+] [-] mandeepj|6 years ago|reply
You can put that in a safe wallet. OneDrive provides that now
[+] [-] pmlnr|6 years ago|reply
[+] [-] zowie|6 years ago|reply
[+] [-] muterad_murilax|6 years ago|reply
[+] [-] Moeg|6 years ago|reply
[+] [-] vonseel|6 years ago|reply
My CVS coupons are nearly always for an antacid, nicotine cessation, or allergy medicine - then I usually get a few extra coupons for something that surprises me like beauty products or facial cleanser.
There’s nothing Google involved with the CVS coupons, I’d bet money on that.
[+] [-] gorgoiler|6 years ago|reply
We have a /48 at home using IPv6 privacy extensions for the full address but that isn’t a useful component of a strategy if I’m being identified by the /48 rather than the full 128-bit address.
[+] [-] oriettaxx|6 years ago|reply
* declare you are from EU even if you are not
then any provider is damned scared of messing with your privacy
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] buboard|6 years ago|reply