Browsing and privacy: How to not get tracked

If you're old enough to remember the Cold War, you know what an arms race is. One side comes up with a new weapon, the other side matches it, and then the first comes back with something even bigger and so on and so on. That also describes the ongoing battle between computer users who value their privacy and the Web sites and their advertisers that don't.

Every time browser developers and others come up with a defense against tracking -- the use of tiny bits of computer code that tells Web sites where you've been on the Internet -- the other side ups the ante with a new trick. And it's happening again.

A researcher at Stanford University recently found that Microsoft has been using an online tracking technology that allowed the company to sneakily track users on MSN.com even though it had used some of the standard techniques developed to avoid tracking.

Another group of researchers found that other sites, including Hulu.com, employed super cookie techniques to track users for advertising purposes. They wrote: "We found two sites that were respawning cookies, including one site -- Hulu.com -- where both flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used Etags, and is capable of unique tracking even where all cookies are blocked by the user and 'private browsing mode' is enabled." (The authors are from The University of California at Berkeley, Worcester Polytechnic and the University of Wyoming. The emphasis is mine.)

Shortly after the report by Stanford's Jonathan Mayer surfaced last week, Microsoft announced that it would stop the use of the so-called super cookies on MSN. A few days after the UC Berkeley report was published, Hulu announced in a blog post: "Upon reading the research report, we acted immediately to investigate and address the issues identified. This included suspending our use of the services of the outside vendor mentioned in the study."

Hulu says that the super cookie technology was used by two of their outside vendors, an attempt, the report notes, by Hulu to absolve itself of responsibility. You can decide for yourself if you buy that. But more to the point, what can you do to defend yourself?

Some super cookies live in the cache, which is where the browser stores Web pages you've visited recently. By clearing the cache, you'll get rid of them. That works, but there are two caveats: Dumping the cache will slow down your browser. That's because cached Web sites load right away; without the cache the browser has to render them from scratch. And when you visit that site again, a new super cookie will glom on to your browser.

Clearing the cache is easy: In Firefox, go to "tools," then "clear recent history." In Internet Explorer 9, go to "tools" and "safety," then "delete browsing history." In Chrome, go to settings and then "under the hood." Then click "clear browsing data."

But remember. We're talking arms race here. The UC Berkeley report also talks about a nasty technique called "respawning," which means just what it sounds like: The cookie recreates itself. These are hard to defeat. One way is to block any caching at all, but as I mentioned, not having a cache will slow your browser down.

There are two Firefox add-ons that are probably helpful, but I haven't had a chance to try them yet. One is called SafeCache, which doesn't yet work with Firefox 6 and RequestPolicy, which does work with Firefox 6.

RequestPolicy blocks what are called "cross-site requests," which means that a site you're visiting requests data about a site you've visited in the past. That's important information for advertisers and for Web sites that want to know where people are coming from.

But you may think that's intrusive, which is why you may want to use RequestPolicy. (Note: This add-on is probably not suitable for you if you're not comfortable digging under the hood of a browser and making changes.) If other browsers have similar add-ons, I haven't heard of them.

Lastly, let's go over the basic defenses you can use against the most common and less sophisticated tracking techniques.

All of the major browsers have some built-in defenses. The first is called private browsing, which stops your browser from making note of where you've been in its history file. That's worth doing if you're visiting sites that you don't want other users of that computer to know you've visited. It's very easy to turn on private browsing; in Firefox for example, simply click the "Firefox" button and select private browsing. IE 9 has an option called "inPrivate" browsing you can find on the tools tab and Chrome has incognito mode.

But private browsing isn't necessarily all that private. In addition to the super cookie issue, some of the extensions you might add to those browsers can reduce their effectiveness. Still, it's certainly worth using private browsing modes if you're concerned about tracking. You can also check a box that says something like "tell Web sites I don't want to be tracked", and as you'd expect, some Web sites will honor that and others won't.

Finally, drill down. Each of the three major browsers has quite a few settings involving privacy, and it's worth a few extra clicks to check them out.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at bill.snyder@sbcglobal.net. Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from CIO.com on Twitter @CIOonline

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyMicrosoftinternetmozilla

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Shane O'Neill

CIO (US)
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?