Please do yourself a favor and quit using Bing, Yahoo, Google, and AOL.

LOL!

I see a lot of Google, Bing, Yahoo, and AOL search users. When I log on to my WordPress account, I see things about you (yes, you) that I shouldn’t know, because your search engine is telling me.

They spy on you. They have a history of turning over the information they save about you to marketers, profilers, advertisers, and law enforcement without a warrant. You really don’t want them saving information on what you searched for and what you clicked on and associating it with your Internet Protocol address (or even worse, your Google Account if you have logged in.). This information is ripe for abuse.

What’s worse is that most of your searches go out unencrypted, in plain view (although Firefox 14 fixed this problem, at least with Google), which makes your searches plainly visible to your ISP and subject to alteration/censorship at your ISP’s level. This is one reason why you should install HTTPS Everywhere.

I deleted Bing, Yahoo, Amazon, Twitter, and EBay out of my Firefox search list a while back and added IxQuick, Startpage, and DuckDuckGo instead. (I left Google in there but moved it to the bottom of the list.)

None of these three record any information about you.

Startpage is a subsidiary of IxQuick, and it gives Google results to you behind their proxy, which keeps Google from knowing who is doing the searching. IxQuick is a metasearch engine with the same privacy policy. DuckDuckGo can be useful, they have their own unique features (like Zero Click boxes) and search index.

Each one of them has a link to add their search engine to your browser, it’s really easy to do, and the only thing you’ll miss is your current search engine spying on you/”bubbling” you.

See more about how most search engines “track” and “bubble” you at these sites created by DuckDuckGo: http://donttrack.us/  and http://dontbubble.us/ (Startpage, IxQuick, and DuckDuckGo don’t track or bubble you.)

One last note for AOL and Yahoo users: Yahoo is just Bing with another layer of privacy issues and AOL Search is just Google with another layer of privacy issues. In fact, AOL once publicly released a bunch of personally-identifiable (but somewhat obscured) information that they had stored about user searches.  That link I added takes you to a searchable database of all that information that AOL collected about those people. Much attention was paid to a User 927, who searched for things like “skin mold”, “tranny bondage”, and how to make sangria.

The Wikipedia article about the AOL search data leak has this to say about the now-infamous User 927:

User 927

One product of the AOL scandal was the proliferation of blog entries examining the exposed data. Certain users’ search logs were identified as humorous, disturbing, or even dangerous.

Consumer watchdog website The Consumerist posted a blog entry by editor Ben Popken identifying the anonymous user number 927as having an especially bizarre and macabre search history. The blog posting has since been viewed nearly 4,000 times and referenced on a number of other high-profile sites.In addition to sparking the interest of the Internet community, User 927 inspired a theatrical production, written by Katharine Clark Gray in Philadelphia. The play, also named User 927, has since been cited on several of the same blogs that originally discovered the real user’s existence.As time has passed, more artistic renderings of individual user logs have appeared. A series of movies on the web site Minimovies.org called “I Love Alaska” puts to voice and imagery to user 711391which the authors have labeled as “an episodic documentary”.

Don’t be a user 927, ditch your current search engine in favor of one that isn’t spying on you and install HTTPS Everywhere today.

Google is being sued by some idiot using Safari on a Mac. US Congress critters investigate.

I noticed this yesterday and decided to comment.

There’s a big stink going on right now. Someone found out that Google was setting “third party cookies” (for their advertising servers) in Apple’s Safari browser, which defaults to not loading third party cookies (which I’ll get to in a moment).

Now it appears that someone using Safari on a Mac that expected privacy somehow, is suing Google. (The PC World article on the first link has a more accurate technical description of what’s going on)

In short, someone found a bug in Safari, and now Google is being sued and is under investigation by Congress. We know how much Congress can be expected to know about the internet based on their hilarious to horrifying attempts to regulate it as many of them uttered things like “I don’t know how this here internet thing works, but they tell me….” or the late Senator Ted Steven’s infamous “series of tubes” comment. To say nothing of the fact that Congress flip flops between mandatory tracking for all and bullshit “consumer privacy concerns” such as this one. (For those concerned with the former, the bill is called HR 1981, but a more fitting name would be HR 1984)

If this was a bug in Firefox, it would be fixed. If it was a bug in Chrome, it would be fixed.

Somehow, Microsoft and Apple users seem to think they can use proprietary secret software when they’re not allowed to know how it works and have privacy at the same time. Software which has a history of many bugs,  with vendors that typically take weeks/months/years to patch them once they’re made public. These companies also slip back doors into the software for various government agencies.

Apple was recently caught with a back door that they put into iTunes, it remained there for 3 years, undetected, which facilitated man in the middle attacks. (A government could use this to run a counterfeit iTunes server and load malicious software onto the victim’s computer. The article calls it a flaw, but we know what was really going on, and that it was likely just moved.).

There’s no way you can trust Microsoft or Apple’s software to protect your privacy. Anyone who has actually read the EULA for Windows (especially XP, Vista, and 7) should know that there are at least several dozen Windows components that phone home to Microsoft with your personal information. Most do it over an encrypted connection so that the user has a very hard time telling what is actually being sent to them. Apple isn’t any better.

Let’s get back to cookie controls. They’re a red herring. They’re totally bogus. They don’t do anything for you. Every browser has them, even Internet Explorer 6. They don’t do anything to protect you because cookies are passe. Tracking and spyware sites have developed data mining techniques that work well even if the user clears every cookie they ever set.

One method is to associate IP addresses with log ins. Facebook, Google, and Microsoft all do that. Even after you log out, it’s possible for them to track you personally. There’s other methods. Browsers like Firefox and Chrome are just now starting to implement watered down privacy controls for Adobe’s Flash software (which is proprietary software and a frequent cause of cross platform/cross browser security problems).

Flash has “supercookies”, or what is more technically known as Local Storage Objects. Flash LSO’s can be up to 150 KB (which is 37.5 times larger than a cookie), a site can store as many as they want on your computer (just like a cookie), and (unlike cookies), most browsers do very little to nothing about them. Silverlight has something similar, users of Windows where Silverlight is sneaked over the fence by Windows Update should take notice of that.

The take home message here is that it was ludicrous for this guy to expect any kind of enhanced privacy just because Safari has some lame cookie controls which are a piss poor clone of something Mozilla introduced well over 10 years ago. I really doubt that will stop this frivolous lawsuit, and I fully expect the anti-Google interests called Microsoft and Apple to play this up for all the drama it’s worth.

Microsoft hired the scumbags over at  Waggener Edstrom a while back to launch a smear campaign against Google, and Microsoft is already jumping on this Safari problem like a dog in heat. (I won’t link since I can’t seem to find an article that is telling people the truth about where the anti-Google smear is coming from. Waggener Edstrom specializes in astroturfing and attack ads. They’ve worked for companies like BP and Walmart, and for many a corrupt politician. (When you see that disgusting outrageous pants-on-fire “GMail Man” attack ad, that’s who made it).

If you’d like to know more about these people, Techrights has occasionally blogged about what they’re up to and who they work for.

So now that we’ve covered the facts about Microsoft and Apple, IE and Safari’s lack of real privacy controls, and why cookie controls do nothing.

There’s a number of things you CAN do to really prevent or limit how sites track you. Here’s some suggestions.

Firefox users can use Adblock Plus (just remember to opt out of the “acceptable ads nonsense). Delete Easylist’s filter subscription, and add these instead.

Better yet, use Chrome/Chromium with Chrome Adblock, remove Easylist, and use these instead. (Chrome Adblock is better than Adblock Plus for Chrome, the two are unrelated)

Firefox or Chrome 17+ users can install HTTPS Everywhere (The Chrome version is an alpha for the time being, but it does work)

Opera users can use Opera’s content blocker to block advertising and stat/tracking sites. Pre-made lists here. Remember to manually update them now and then or skip the process and let Opera Adblock do the same thing for you if you have Opera 11 or later.

Firefox and Chrome can also block Flash applets from automatically loading, saving you bandwidth and making flash applets that track you or load malicious software less effective. Firefox has Flashblock, Chrome users can enable the Click to Load option in the advanced settings for plug-ins.

Weaker protection for users who insist on inferior browsers with government spyware built in.

Internet Explorer 9 supports “tracking protection lists”, which are a small/watered down subset of true content blocking. Pre-made TPLs for IE here.

Safari users can use Safari Adblock, it’s from the same guy that made Chrome adblock. I’ve never used that one, but if it comes with Easylist, rip it out and add these.

The bottom line is that the only way to protect yourself from tracking servers is to not connect to or run applets from them to begin with.

Trueblock Plus gives users Adblock Plus without the “Acceptable Ad$”

Just a quick note.

I was (and still am) outraged that Wladimir Palant sneaked into people’s browser preferences and turned on some ads for big companies and parking page parasites that were paying him the big bucks.

There’s now another option; a fork of Adblock Plus called Trueblock Plus. It is derived from Adblock Plus code and is under the same Mozilla Public License as Adblock Plus. Both are free and open source software.

The freedoms that make up “free software” include using the software for any purpose and being able to modify, improve, and redistribute it. In other words, the freedom to “fork” if the upstream dies off, becomes unresponsive to new features that people want, or in the case of Adblock Plus, start to add malicious features that nobody really asked for. (Or for any other reason.)

Right now, the only real modifications to Trueblock Plus are to re-brand it (The name and logos that Adblock Plus uses are trade marks, and are not covered by the free software license of the source code) and to turn off that annoying “Acceptable Ads” antifeature that Wladimir Palant cooked up.

There are also some rough edges in Trueblock Plus. The author of the fork notes that there’s going to have to be some more purging of Adblock Plus branding before Trueblock Plus can progress beyond “preliminary review” status at Mozilla Add-Ons.  For example, the Contribute button still links to Adblock Plus’s website. I’m not sure if that’s intentional or not but it says “Contribute to Trueblock Plus”, so I am thinking he may have just searched for and renamed each occurrence of Adblock Plus.

The other problem is that the “Acceptable Ads” code is still there, just disabled by default. Since this code is hardly vital to the operation of the extension, it might be better if Trueblock Plus were to simply revert the commit that added it in the first place. More code in a program means more potential for bugs and security issues, plus the only reason it’s there is so Wladimir Palant can make money by allowing spyware and tracking garbage through by silently switching it on without the user’s consent upon “upgrading” to Adblock Plus 2.0 or later. It is doubtful that any user would opt into something that directly counters the problem that led them to install the software in the first place.

Users who pay attention can still uncheck Wladimir’s Acceptable Ad$ , but he even admits on his website that he’s banking on people not doing that since most people don’t like to tinker and may not even notice what has changed that is allowing ads to get through.

If you have less computer literate friends or relatives, or if you personally don’t want any more nasty surprises from Mr. Palant, then Trueblock Plus might be the way to go.

Homepage

Mozilla Add-Ons site (I always recommend installing add-ons from here in every possible case.) Install for Firefox. / Install for Seamonkey