Tag Archives: Privacy

HOWTO: Securing Chrome and Chromium

Posted on 2012-03-17 | 1 Comment
Secure browsing

Unnecessary and probably ineffective against most threats

With the recent Pwn2own 2012 results now available, I thought the moment seems ripe to look at securing Chrome (or Chromium, in my case). When I talk about browser security, though, I don’t only mean trying to prevent exploits, but also trying to maintain the user’s privacy. Users can’t necessarily protect themselves against fresh exploits like the ones found during Pwn2own, but we can significantly raise the bar.

Below is my recommended setup, and I welcome your additions, corrections, and suggestions.

Settings

In Preferences, I’ve set the following:

  • Basics
  • Personal Stuff
    • Not signed into Chrome / Chromium. This means you don’t have settings stored on their servers, but it also means you don’t have automatic backups and synchronization of your bookmarks and other stuff. Security involves tradeoffs.
    • Set Passwords to “Never save passwords”.
    • Disable autofill so that personal information does not get stored, including sensitive info.
  • Under the Hood
    • Privacy – Content Settings
      • Allow local data to be set for the current session only
      • Block third-party cookies and site data. If you choose “block sites from setting any data”, many sites just won’t work at all due to losing session IDs and such).
      • Allow all sites to run JavaScript. This actually isn’t the most secure setting, but until Chromium supports the model that NoScript uses, I’ve had to make this usability concession.
      • Do not allow any site to track my physical location
    • Uncheck “Use a web service to help resolve navigation errors”
    • Uncheck “Use a prediction service to help complete searches and URLs typed in the address bar”
    • Uncheck “Predict network actions to improve page load performance”
    • Leave “Enable phishing and malware protection” checked, as this is handled in a secure fashion involving a list on your client.

Extensions

Extensions by their nature involve running foreign code within your browser. So think carefully about extensions that can help you, but also be careful with what you enable – because one bad extension could ruin your whole day. I use the following:

  • Adblock Plus. I can’t stand the web without it.
  • Ghostery does an outstanding job of managing tracking cookies and other web bugs. Chrome will occasionally complain about Adblock Plus misbehaving when you have both of these installed, due to the fact that sometimes they both want to modify a request.
  • HTTPS Everywhere allows you to ensure that you only communicate with certain sites over SSL. My home browser only has WordPress.com and Twitter.com enabled, so clearly I need to spend a little more time finding which sites have HTTPS support.

Practices

I personally do most of my web browsing from a Unix-style operating system (Xubuntu GNU/Linux), and essentially all of my sensitive browsing like managing my finances. You might consider doing some of this from within a dedicated virtual machine using VirtualBox, but that might also be overkill for some needs.

Think before you click. I never go to any of my financial sites from a link via email or anything else, and if I’m using a public network, I never visit anything insecure and remotely sensitive.

Keep your browser up-to-date, no matter what operating system you use. Chrome can do this automatically in Windows, and under Linux you should run your update manager periodically. Most modern distributions do this for you already, but check your settings.

Keep your plugins up-to-date as wellespecially Flash and Java. I believe Chrome has its own built-in Flash interpreter, at least on Windows, but you will want to do this in any case. And Java has had all sorts of problems over the last few years. If the malware I see in my day job is any indication, then this hasn’t slowed down at all.

Conclusion

A little due diligence can go a long way. Use the tools available and try to maintain situational awareness. Hey, let’s be careful out there.

→ 1 Comment

Posted in Notes

Tagged , , , ,

Secure HTTP via SSH proxy

Posted on 2012-03-15 | Leave a comment

Insecure gate
Sometimes, your existing outbound connection doesn’t meet your privacy or security needs. Perhaps you need to use a public wifi network and don’t want to log into something that doesn’t support SSL. Or perhaps you want to log into a site and not have it immediately trace back to your IP address. You can achieve these goals by using an SSH proxy from a server in the cloud.

Before you proceed, though, you should always think about your risk model, as you should anytime you consider whether and how to implement a security control.

  • This process does nothing to secure the connection from your shell server to the endpoint. In other words, this will encrypt your traffic on your local connection but not across the wider Internet. If you just want to log into Reddit without allowing somebody to steal your session cookie, this is okay, but do not depend on this to protect activity that could lead to legal problems in the jurisdiction hosting the server.
  • Law enforcement or other legal processes can still identify you, because you’ll usually be using an account tied to your real life identity (assuming you use Amazon Web Services). You will only be anonymous as long as you don’t do something that could get the legal system involved.

The scope of this post does not include addressing the issue of OPSEC for possibly illegal activities and the ethics of documenting that. However, I will note that activists in truly repressive regimes have a need for secure communications. Perhaps I’ll discuss that in more detail in the future.

A number of good tutorials already exist for this, so I don’t need to document the entire process again. Assuming you use a proper operating system (e.g. a Unix derivative like Linux or OS X), then the process literally takes one command-line argument:

ssh -D 1337 username@server.example.com

Then configure your browser to use localhost port 1337 as a SOCKS5 proxy. If you must use Windows, then you might check out Kimmo Suominen’s Proxy through SSH document.

If you don’t already have access to a shell account someplace, then Amazon Web Services should have you covered. Amazon has a very simple process to set up a new server using their Elastic Compute Cloud (EC2), and you may want one anyway depending on your confidence your existing shell server’s security. I suggest using the default Amazon Linux image on a micro instance. You can use these at no cost for the first year, after which it comes to less than 10 USD per month. The server costs even less if you stop it when you don’t need it.

→ Leave a comment

Posted in Notes

Tagged , , , , ,

Shrinking my Googleprint

Posted on 2012-02-21 | Leave a comment

As you can imagine, the recent revelations about Google doing bad things with Safari (and now IE too) have driven me to question why we share so much data, though in a larger context. The New York Times recently published a spectacular article about data mining by retailers, for example: a teenager hadn’t yet confessed to her father that she’d gotten pregnant, and he discovered this upon seeing ads from Target for her based on purchases that might have seemed otherwise innocuous. I don’t believe that we’ve reached the end of the road for privacy intrusions, either. Google has a long history of accusations of evil. I’ve tried to make excuses, but once is an accident, twice is a coincidence, and thrice is a conspiracy.

Choice-making

I’ll allow for power differentials here: despite the recent Path fiasco, that doesn’t look like a major issue because users can decide to avoid that network. Similarly, we can choose not to shop at Target or use a “loyalty card”, although residents in small-town areas may have limited choices. But Google pervades too much of the Internet for us to avoid it completely, especially for people like me who have loyally stuck with them for years now. Still, what if we try to reduce our “Googleprint”? As a side note, take a look at the excellently-named Data Liberation Front for moving data out of Google. This post focuses on what to use instead, but the DLF may help a lot of folks along the way.

We can start with some easy things. And fortunately (?), we Morlocks have additional options not open to the Eloi. (That’s part of the problem, I suppose, but fixing that lies way outside the scope of this post.) Even though dropping Google completely would incur a lot of pain, we can look at starting to make changes in important areas.

  • Latitude just cannot continue to work for me. While I only rarely shared my check-ins publicly, I did use it quite a bit to track my location for later analysis. For now, I have suspended that project until I can figure out a better way to do it.
  • Chrome has an obvious substitute in Firefox, albeit inferior in several ways. (Why should I have to choose nice-looking fonts in Linux over privacy? What decade is this?)
  • Search has a number of competitors; DuckDuckGo has gotten a lot of attention lately. And I can stay logged out of Google for the times I do want to use it for searching, then use a private browsing window or even a dedicated alternate browser.
  • Gmail requires effort: a price I will pay. I’ve used Google Apps to host mail for my private domain for years. My wife uses that interface directly, and my account just forwards over to my regular Gmail account, which I’ve had for nearly a decade now. I can move to an alternate hosting provider of some sort. Hushmail looks good at the moment, but I haven’t really started the research. Anti-spam measures seem to prevent me from hosting my mail completely, like via EC2 or similar. Apart from the really nice handling of “conversations” (threads), I don’t think I’d miss too much.
  • Reader doesn’t have an exact analogue anymore with the demise of Bloglines, although I may still find one. However, I will try an alternate workflow here by combining Yahoo! Pipes and Paper.li to get something a little more modern and focused.
  • Plus doesn’t really need an alternative, at least past Twitter. Despite my enthusiasm for it at first, lately that’s waned for different reasons. The gaming community over there has thrived and I’ve found lots of people with whom to discuss my hobby. But lately, I just haven’t played MMORPGs like I did, except for first month of SWTOR, and Mass Effect 3 doesn’t launch for a few more weeks. I might check in there again sometime, but it doesn’t really matter much. Twitter does a pretty decent job as a lightweight replacement, albeit with less deep discussion.
  • Docs has a well-known competitor, Zoho, but a good wiki might fill most of my needs that Evernote can’t already handle. I don’t use this service nearly as often as I did in the past, and only spreadsheets still give me pause.
  • OpenID providers exist all over the web. Even better, I can do that myself.
  • Voice provides a real sticking point. I like the ability to manage my voice and SMS communications with such granularity. Skype doesn’t really do the same thing, and apparently other providers have spotty records. I might dump this one last.
  • Android may have a competitor in iOS, but for me that’s not much of a choice. I don’t like Apple any more than I like Google, and owning thousands of dollars worth of Android systems provides a powerful reason not to switch immediately. I will continue to use this OS for now and watch this space in the future.

Action this day

In any case, I think I’ll start by looking for a new mail provider, as well as setting up a new reading workflow. Firefox will take some additional tweaking before I feel like it can handle the big-time, particularly on Windows where malware protection matters a great deal. Setting up an OpenID provider looks like a fun project all on its own anyway. Therefore, my current choices look like this:

  • Latitude → nothing
  • Chrome → Firefox
  • Search → DuckDuckGo
  • Gmail → Hushmail
  • Reader → Pipes + Paper.li
  • Plus → Twitter
  • Docs → self-hosted wiki plus Evernote (or Zoho)
  • OpenID → self-hosting

Voice and Android will remain as-is for now. But one key difference for the future: I’m willing to pay for services to avoid advertising, as well as to keep promising startups from tanking. In fact, I’d rather pay you an appropriate subscription fee than deal with incessant ads and loss of personal data. Call it the public radio model: I’ve had a membership to my local public radio station for years. I’ve kicked in money to community we sites when they needed it, and I’ve bought stuff from web comics to help them thrive. I happily do the same for service like Kanbanery that provide significant value to me.

I’ll post again in the future with lessons as I learn them, including services I may have forgotten this time around.

→ Leave a comment

Posted in Notes

Tagged , ,

Does Google exploiting browsers qualify as evil?

Posted on 2012-02-18 | Leave a comment

No one could properly characterize me as a Google opponent. I’ve used Google for many, many years, and much of my online activity lives in their ecosystem: Reader, Docs, Plus, Mail, Android, Voice, Currents, Chrome, etc. But the news of Google using a bug/feature in Safari to bypass privacy settings troubles me. At some point we have to draw the line and stop falling back.

A little melodramatic in this context? Sure. But where do we draw the line? By auto-submitting an empty form, Google could set a third-party cookie on a browser even when the user had enabled settings to prevent that. (This is a step I usually take in my browser settings, myself.) From that point, Google can then track users across all sites that use their ads. Apparently, other ad networks do the same thing, though we typically try to hold Google to the higher ethical standard they set for themselves: “don’t be evil”.

To be fair, Google sees it differently. In part, they state:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

I have trouble with the phrase “known Safari functionality”. This sounds to me like they excuse their activity in part based on not using a 0-day browser vulnerability. They also state that they allow users to opt out of the behavior with their Ad Preferences Manager. I find that just as inexcusable, because they basically say that they’ll respect an opt-out setting on their site but not coming directly from the browser.

At a minimum, I need to start evaluating the pain of moving off of Google’s platform.

UPDATE: EFF said it better.

→ Leave a comment

Posted in Links

Tagged , , ,

Musings on personal data mining

Posted on 2011-11-23 | Leave a comment

"Can House at Nettleton's First Shaft" by Garry

Unless you live in a Montana shack, you’ve heard concerns about governments and corporations mining your personal data for various purposes, not all of which you may like. Surveillance and marketing probably top that list. But, like in most other cases,  we can use the basic approach and technology for good instead of evil.

If a pervasive culture of data gathering and access has already started to exist, what insights could we glean from collecting and mining our own personal data? Some obvious answers include health, social connections, news, purchases, locations, and more. So as a first pass, I’d like to look at doing something like the following:

  • Social media (Twitter, Google+, Delicious, blogging): What am I reading? What am I missing that might be more relevant than some things I read now? Who do I talk to? Where can my expertise be more useful?
  • Email: Am I handling it efficiently? What slips through the cracks? How can I process it more effectively?
  • Browser: Where is that article I read last week? Have there been any follow-ups to that story? Have I missed some relevant data sources? Do I waste too much time on some sites without getting enough value in return?
  • Transactions: Where do I spend my money? Which vendors get most of my money? Where should I cut expenses? Can I make my expense reporting for work more efficient?
  • Location: How much time do I spend in my commute? Would alternate routes be more effective? Could I improve my gas mileage?
  • Productivity: What sorts of tasks in my personal kanban get the most attention? Am I estimating task size properly? What keeps getting left behind? What have I not tracked but should?
  • Health data: Besides the obvious things like vital signs (weight, BP, etc.), how do my various choices correlate with my mental state? What times of the day work best for exercise and increased activity? What affects the quality of my sleep?

The really big value comes when you correlate this stuff. At least two dimensions make immediate sense here: time (maybe via an annotated, filtered timeline) and location (plotting social activity, purchases, etc. on a map). We could find more, of course, but those make good starting points.

Of course, the core idea itself has been around for a while, but we’d want to approach it with security in mind. After all, if you gather all that information in one place, it needs good protection, both at rest and while processing it. This gets even more important when you consider financial data, location over time, and perhaps reading material. Privacy matters, and this entire project focuses on getting the benefits of our own data for ourselves rather than for others.

I have a few ideas of things I want to test over the long weekend, so I should report back next week on early results.

→ Leave a comment

Posted in Notes

Tagged , , , , , , , ,