How to combat history sniffing and other privacy threats: Internet Scambusters #447
This week we take a close-up look at two activities that affect your Internet privacy -- history sniffing and Flash(R) cookies.
Although the people who create our web browsers have acted to block some of the things companies can do to track our Internet behavior, it's your responsibility to implement the changes.
Among other things, you may need to update your current web browser. And while you're at it, check your Flash player online privacy settings. We explain how.
And now for the main feature...
Update Your Browser to Block History Sniffing
History sniffing. It's as sneaky and creepy as it sounds.
And despite improvements to web browsers -- the programs we use to surf the Internet -- this dubious tactic for tracking the sites we visit remains a threat to hundreds of thousands of people who haven't upgraded browsers to the newer versions.
Towards the end of 2010, a new report showed how dozens of sites were checking visitors' surfing history by exploiting a browser feature most of us know well.
A visit you make to any site is "remembered" by your browser so the next time the site name shows up in a search you make or on another website, it's colored purple instead of blue. That way, you instantly know you've been there before.
But this handy feature, which has been around almost as long as the Internet, means your previous Internet activity potentially could be "read" by simply looking for the color purple in your browser's records.
There's one limitation: A spy program can't just "ask" your browser for a list of purple addresses.
It has to ask: Has this person ever visited such-and-such website? In other words, it must name the websites whose name-color it wants to check.
That's not as big a problem as it sounds though because history sniffing spies are usually interested in your interaction with a narrow range of other sites and the programs they use are capable of asking for a check on 20,000 names a second!
Here's an example. You visit a site selling jeans. As soon as you arrive, the site checks for "purple" names of all its competitors on your computer to see if you visited them.
Maybe it also checks for names of sites popular with male or female surfers and scores of other special interest sites, which help create a picture of you, your gender, age range, fashion taste, whether you're an impulsive or cautious shopper and what your likely budget is.
All in less than a second.
It can then present you with a specially-made page that will appeal to you, with jeans that match your spending profile. It can even adjust prices to make sure it beats competitors.
How to Avoid History Sniffing
That may or may not be a bad thing, but the point is that users don't even know it happened -- that they're effectively being spied on via this history sniffing.
Hardly surprising then that these antics recently led to the launch of a class action suit against one online company, alleging invasion of privacy.
Worse, the technique can be used for much more dubious purposes like providing you with links that target your interests, increasing the chance you'll click on them, but which really link to malware and phishing sites.
Most popular web browsers have now been changed to block history sniffing. Apple's Safari and Google Chrome were reportedly first. But Firefox and Internet Explorer eventually followed suit, though Firefox pointed out that it's possible to switch off the color feature from within some earlier versions of their browser.
But how is the average user supposed to know all this and, equally, how to make any settings change required to switch it off?
And how are they supposed to know about the need to upgrade? Although, for instance, Google Chrome automatically upgrades, others generally don't.
Instead, they bombard users with messages that a new version is available, but many users get stuck in their ways and often are reluctant to upgrade for fear they'll lose bookmarks and settings (even though they probably won't).
The result is that hundreds of thousands of users, possibly even more, haven't upgraded to the more secure versions.
Action: There are two things you need to do here.
First, make sure you are using the latest version of your browser.
How you do this depends on the browser. Rather than us going into detail here, if you don't know how, just do a search with the words "How do I check my version of" followed by the name of the browser.
Second, in addition to blocking history sniffing, most recent browser versions also have tightened up on other aspects of security and privacy.
Take the opportunity to get to know your browser by reading the help files or visiting its website.
Most PC attacks come via the Internet, so it's just plain common sense to know how to use your browser to protect yourself.
Another Privacy Issue
Although it's not strictly history sniffing, the whole question of websites storing information about your visits to their pages remains a controversial issue for the security minded.
As many subscribers know, this is most commonly done via storage of "cookies" -- small bits of data that "remember" your identity and other stuff on your computer.
You can learn more about cookies at the website of our friend Leo Notenboom.
What you may not realize is that a very common PC program -- Adobe Flash Player -- can collect cookies that may be stored on other computers rather than your own PC.
You might be surprised to learn what records it already has and how its clients can use that data. It even has a setting that could let someone switch your webcam on or off (with your permission).
Fortunately, to be fair to Adobe, they make it fairly easy to see this information and alter your privacy settings -- provided you know where to look!
From your own computer, if you have Flash installed (and you probably do), check out the Global Storage Settings panel documentation.
Then, you need to check out every tab on the settings panel. There's an explanation of what each one does.
If you want, you can delete all the records it currently has and forbid it from collecting details again (or allowing your camera to be switched on).
There's no doubt that Internet privacy will continue to hit the headlines and that whatever protections are put in place, someone will find a way to get around them or abuse them.
When it comes to issues like tracking and history sniffing, getting to know your browser and how to use privacy controls is the key weapon of self-defense.
That's all we have for today, but we'll be back next week with another issue. See you then!
