Archive for the ‘privacy’ Category

File Under: privacy, Social

Social Sharing Buttons That Respect Your Visitors’ Privacy

A more honest “Like” button. Image: Webmonkey.

Social sharing buttons — Facebook “Like” buttons and their ilk — are ubiquitous, but that doesn’t mean they’re a good idea.

Designers tend to hate them, calling them “Nascar” buttons since the can make your site look at little bit like a Nascar racing car — every available inch of car covered in advertising. Others think the buttons make you look desperate — please, please like/pin/tweet me — but there’s a much more serious problem with putting Facebook “Like” buttons or Pinterest “Pin It” buttons on your site: your visitors’ privacy.

When you load up your site with a host of sharing buttons you’re — unwittingly perhaps — enabling those companies to track your visitors, whether they use the buttons and their accompanying social networks or not.

There is, however, a slick solution available for those who’d like to offer visitors sharing buttons without allowing their site to be a vector for Facebook tracking. Security expert (and Wired contributor) Bruce Schneier recently switched his blog over to use Social Share Privacy, a jQuery plugin that allows you to add social buttons to your site, but keeps them disabled until visitors actively choose to share something.

With Social Share Privacy buttons are disabled by default. A user needs to first click to enable them, then click to use them. So there is a second (very small) step compared to what the typical buttons offer. In exchange for the minor inconvenience of a second click, your users won’t be tracked without their knowledge and consent. There’s even an option in the preferences to permanently enable the buttons for repeat visitors so they only need to jump through the click-twice hoop once.

The original Social Share Privacy plugin was created by the German website Heise Online, though what Schneier installed is Mathias Panzenböck’s fork, available on GitHub. The fork adds support for quite a few more services and is extensible if there’s something else you’d like to add.

File Under: Browsers, privacy

New Adblock Plus Doesn’t Need No Stinking Google Play Store

It may have been kicked out of the Google Play Store, but you can still get your Adblock Plus for Android.

In fact, even if you already have Adblock Plus installed on your Android phone you should install this latest release direct from the source since the older, Play Store-based versions will no longer be receiving updates.

To install Adblock Plus manually you’ll need to make sure that you’ve enabled your phone to install software from “unknown sources” (you can enable this in Settings under either Applications or Security, depending on which version of Android you have). Then just head over to the Adblock Plus site and hit the download link.

A number of people in the comments on the Adblock Plus site have reported installation problems with various Android phones, but I had no issues installing Adblock Plus on a Galaxy Nexus using the latest beta of Opera Mobile.

Among the notable changes in this release are the automatic updates — which no longer require the Google Play version — a new user interface theme and a fix for a bug that would sometimes cause blank pages in Chrome for Android. For the full details on everything that’s new, be sure to check out the release notes.

File Under: Browsers, privacy

Firefox 22 to Stop Eating Third-Party Cookies

If advertisers gave you actual cookies while you browsed there would be less resistance. Image: scubadive67/Flickr.

Mozilla has announced that, starting with Firefox 22, the popular open source web browser will begin blocking third-party cookies by default. That means only websites you actually visit will be allowed to set cookies; advertisers on those sites will no longer be able to easily track you by setting a cookie.

While there has long been the option to block third-party cookies, by default Firefox has always allowed them.

Apple’s Safari pioneered the on-by-default approach to third-party cookies and indeed its third-party cookie policy is still more strict than what Mozilla is proposing. Google’s Chrome browser, not surprisingly, allows third-party cookies by default, as does Internet Explorer.

Mozilla developer Jonathan Mayer says the change will “more closely reflect user privacy preferences.” Mayer has set up an FAQ for users and developers, but for the most part, given that Safari has always behaved this way, the changes for developers should be minimal.

The main thing to note as a Firefox user is that the change won’t affect your current settings, nor will it remove any third-party cookies already set. So to get the benefit of the new policy you’ll need to clear out your cookies after you update.

It’s also worth noting that, while blocking third-party cookies is a step in the right direction, if you’re serious about not being tracked while you browse the web you’ll need to take stronger action, installing third-party plugins like Ghostery or DNTMe.

Currently available in the Nightly channel, Firefox 22 is set to arrive in final form in roughly 18 weeks.

Forget ‘Do Not Track’ — Protect Your Privacy Today With ‘DoNotTrackMe’ Add-On

The World Wide Web Consortium is currently working to standardize a “Do Not Track” mechanism to stop advertisers from following your every move around the web. Unfortunately, while the DNT tools are already supported in most web browsers, hardly any advertisers actually honor it. In fact, some advertisers seriously proposed an exception be made to DNT to allow web tracking.

If you’re serious about online privacy you’re going to have to do more than hope that advertisers voluntarily stop tracking you, you’re going to have to actively block them.

There are several tools that make it easy to stop the tracking. One of the best, DoNotTrackPlus, was recently renamed DoNotTrackMe (DNTMe). The new name arrives alongside a major upgrade that blocks more trackers, adds some nice analytics and offers per-site tracking reports.

The DNTMe add-on is available for Chrome, IE, Firefox and Safari. You can grab a copy for your browser from Abine’s download page. Once installed you’ll see a new “cross hairs” icon in your browser’s menu bar, which you can use to access DNTMe’s settings and any blocking info about the current page.

The DoNotTrackMe add-on for Chrome. Image: Screenshot/Webmonkey

DNTMe is easy to set up and defaults to blocking nearly everything. You can customize that by going through and allowing sites you don’t mind setting cookies. For example, I generally allow analytics packages like Mint or Piwik. You can also customize tracking on a per-site basis, allowing, for example, a site you trust to run analytics packages, but not every site you visit.

I currently use Ghostery to block online tracking, and it stacks up well next to DNTMe, though DNTMe does have one feature that might be an advantage for some users — blocking suggestions. That is, DNTMe suggests not blocking certain sites if blocking them has a high probability of breaking something on the page — say, Brightcove for example, which sets tracking cookies, but without which the site’s videos won’t work.

If you don’t mind enabling sites by hand and troubleshooting any potential problems yourself then either add-on will work. But if you’re installing a tracking blocker in someone else’s browser (who may not realize why a video suddenly doesn’t work) then DNTMe might be the better choice.

File Under: privacy, Web Standards

New W3C Co-Chair Steps Into the ‘Do Not Track’ Fray

Image: Footprints by Kimba Howard/Flickr

The W3C, the standards body charged with overseeing the development of HTML and other web standards, has announced a new co-chair for the group that’s hard at work creating the Do Not Track (DNT) privacy standard.

Peter Swire will now co-chair the Tracking Protection Working Group alongside Intel’s Matthias Schunter.

The Do Not Track header is a proposed web standard for browsers to tell servers that the user does not want to be tracked by advertisers.

This isn’t Swire’s first foray into the controversial waters of the Do Not Track standard. The Ohio State law professor previously testified about DNT before the U.S. Senate and has been critical of the advertising industry’s attempts to derail DNT.

“I personally would not like to have an internet where I believed that each moment of my browsing might easily be breached and shown to the entire world,” Swire testified to the Senate. He also called out the Digital Advertising Alliance’s proposed exceptions for “market research or product development,” as “so open-ended that I have not been able to discern any limits on collection under them.”

While Swire has a good track record supporting user privacy, he clearly has his work cut out for him. All the major web browsers now support Do Not Track, but some of the biggest advertisers on the web — notably Google — are not, thus far, paying any attention to users that actually broadcast a DNT signal as they browse.

Swire’s new job will be a potentially Herculean task — to get advertisers to actually comply with the DNT header. (Co-chair Schunter is in charge of the specification.) As I’ve written before, asking advertisers not to set tracking cookies is like asking Cookie Monster not to eat them.

Microsoft recently further muddied the DNT waters by shipping IE 10 with DNT effectively enabled by default. Critics argue that having DNT on by default means it’s no longer a user-controlled setting and does not comply with the intent of the standard — which is to make DNT something users explicitly opt into. The Apache web server and Yahoo have both already announced they plan to ignore DNT when it comes from IE 10.