Monday, 15 October 2012

Three not so simple but necessary security tips

It should be easier to block Flash cookies, enable security settings in your browser, and rate your Facebook profile's privacy. Follow these steps to accomplish all three essential safety measures.

If you stick with your software's default settings, you're letting the programs' vendors determine how much security is right for your system. Those vendors have their best interests in mind, not yours.

As I pointed out in last week's post entitled "Ten simple, common-sense security tips," PC security doesn't have to be complicated. However, not all important PC security measures are easy to implement. Follow these less-than-intuitive steps to block Flash cookies, lock down your browser, and test your Facebook profile's privacy.
Note that not everyone needs the level of protection offered by the advanced security settings of the four popular browsers, many of which render certain Web content inoperable. But if safety is more important to you than allowing video, animation, and other "enhanced" content to run automatically on every site you visit, these settings will bolster your Web defenses.
Set your browser to delete cookies on exit
The latest versions of Internet Explorer, Firefox, and Google Chrome delete Flash cookies (also known as local shared objects, or LSOs) whenever you remove the standard tracking cookies that sites place on your PC as you browse. Just make sure you're using version 10.3 or later of the Flash Player.
To set Internet Explorer 9 to delete cookies on exit, click Tools > Internet Options and check "Delete browsing history on exit" on the General tab. To accept first-party cookies and block third-party cookies, select the Privacy tab, click Advanced, check "Override automatic cookie handling," make your selection in each category, and click OK.
Internet Explorer 8 advanced privacy settings
Set Internet Explorer 9 to allow first-party cookies and block their third-party counterpart via the advanced settings under Privacy in the Internet Options dialog.

To delete cookies on exit in Firefox, click Tools > Options > Privacy (press the Alt key if the standard menu isn't visible). Check "Clear history when Firefox closes," click the Settings button to the right, and check Cookies and other categories of history you want to delete automatically when the browser closes.
(At this point I am obliged to mention for the umpteenth time the free BetterPrivacy add-on for Firefox that makes it easy to retain helpful LSOs from trusted sites and delete all others, among other options.)
You can delete cookies whenever Google Chrome closes by entering the following in the address bar and pressing Enter:
chrome://chrome/settings/content
Check "Keep local data only until I quit my browser." You can also select "Block third-party cookies and site data" to prevent third-party cookies from being placed at all. Click OK to exit the settings dialog.
Safari doesn't let you delete cookies automatically on exit, but you can block third-party cookies and ask sites not to track you by clicking File > Preferences > Privacy and checking both options.
The Electronic Frontier Foundation's Eva Galperin describes on the DeepLinks bloghow to enable "do not track" in Safari, Internet Explorer 9, Firefox, and Google Chrome.
Microsoft's decision to enable "do not track" in IE 9 by default has online advertisers crying foul, as The New York Times' Natasha Singer reported yesterday. As Singer explains, the Digital Advertising Alliance is promoting its own system for opting out of Web tracking. However, this strikes many politicians and analysts as allowing the fox to safeguard the hen house.
Disable Flash cookies and enable click-to-play in Chrome
Blocking first-party cookies renders most of the Web's popular sites inoperable. Similarly, many big-name Web services rely on Flash cookies to function properly. Adobe's Flash Player Settings page lets you block all LSOs or choose which Flash cookies to save locally.
Select the Global Storage Settings tab (the second from the left) and uncheck "Allow third-party Flash content to store data on your computer." Slide the disk-space control to 0 to prevent all local storage of Flash content.
Adobe Flash Player Settings Manager
Uncheck the option to allow local storage of Flash content in the Flash Player Settings Manager

Windows users can block third-party Flash content via settings in the Flash Player Control Panel applet. In Windows 7, click Start > Control Panel, or press the Windows key, type control panel, and press Enter. (Change the view to small icons, if necessary.) Click Flash Player to open your Flash options.
On the Storage tab of the Flash Player Settings Manager, select "Block all sites from storing information on this computer."
Windows Flash Player Control Panel applet
Choose the option to block all flash content on the Storage tab in the Flash Player Settings Manager.

To delete all stored Flash content, click the Advanced tab and choose Delete All under Browsing Data and Settings.
Make sure no Flash content is stored locally by visiting this location in Windows Explorer:
C:\Users\[profile name]\AppData\Roaming\Macromedia\Flash Player\
Flash content is stored at these two locations in Mac OS X:
Library/Preferences/Macromedia/Flash Player/#SharedObjects
Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/
Google Chrome privacy-content settings
Set Chrome to prompt you to allow or block Flash and other plug-ins by selecting the "Click to play" option under the Content settings.

Google Chrome's click-to-play feature allows you to prevent Flash and other plug-ins from running until you grant permission. Enter the following line in the address bar and press Enter:
chrome://chrome/settings/content
Scroll to Plug-ins, select "Click to play," and click OK.
Lock down IE, Firefox, Chrome, and Safari
As I noted above, many of the advanced security settings in browsers prevent Web pages from loading and acting as the site developers intended. For example, blocking ActiveX in Internet Explorer will prevent videos and animations from playing. If you find these changes impair your browsing experience unnecessarily, revert to the defaults.
Trying to make sense of Internet Explorer's various security "zones" is like deciphering hieroglyphics. The Microsoft Support site offers an explanation for home users that is as clear as mud. The article ends with a long section intended for "advanced users and administrators" that describes custom settings.
If you would rather not spend half a day trudging through Microsoft's customization instructions, you can improve IE's safety by checking these three settings:
1) Click Tools > Internet Options > Security and make sure the slider control is set to medium-high.
2) Click the Advanced tab and then scroll to and select Enable SmartScreen filter.
3) Click Privacy and select "Never allow websites to request your physical location."
To play it super-safe, click Tools > Safety > ActiveX filtering. As noted above, this setting prevents Flash and other active content from playing unless you allow it. The Microsoft IEBlogexplains how ActiveX filtering works.
In addition to installing the BetterPrivacy add-on I mentioned earlier, Firefox users can enhance their security by ensuring the option to "Tell websites I do not want to be tracked" is selected. This option is at the top of the Privacy tab in the Firefox Options dialog.
To enhance security in Google Chrome, open the Settings dialog by typing this line in the address bar and pressing Enter:
chrome://chrome/settings
Click "Show advanced settings" at the bottom of the page and uncheck two options under Privacy: "Use a prediction service to help complete searches and URLs typed in the address bar" and "Predict network actions to improve page load performance."
To open Safari's security settings, click Safari > Preferences > Security. Uncheck "Enable plug-ins," "Enable Java," and "Enable JavaScript" to prevent sites from running active content until you allow it. Click the Privacy tab and check "Ask websites not to track me."
Note that all four browsers have a form of "private browsing" that promises not to record your Web activities, but in many ways this mode is a misnomer because sites are still able to identify you. Privacy mode merely removes traces of your surfing from your own computer, not theirs.
Get a privacy rating for your Facebook profile
One of the tips in last July's "Five-minute Facebook privacy checkup" explained how to view your Facebook profile as the public sees it. Two free services offer to scan your profile and generate a privacy rating.
At the Privacy Check page, you sign into your Facebook account to view your profile's privacy score on a scale of 1 to 21. The check displays the public information in the profile, which may include your name, location, time zone, Facebook ID, relationship status, birthday, hometown, employer, schools, and gender. Also displayed are the names of your friends and exposed wall posts, news items, likes, events, groups, and other activities.
Privacy Check results for a Facebook profile
The Privacy Check page rates the privacy of your Facebook account and indicates the information in the account that's exposed to the public.
(Credit: Screenshot by Dennis O'Reilly/CNET )
At Profile Watch, you can either sign into your Facebook account to rate its privacy, or paste the profile's URL into a text box on the page and click Check Profile. The site generates a privacy rating from one ("exposed") to 10 ("safe") and lists the public information in the profile, including the profile picture.
Profile Watch Facebook checker results
The Profile Watch Facebook-privacy checker rates your profile's privacy and shows your profile picture and other information viewable by the public.

Curiously, Privacy Check's test showed much more of the information in my test Facebook profile than Profile Watch's scan, but it didn't display the profile picture, which was the only public information (besides the account name) detected by Profile Watch. This might suggest that you use both free services to check your Facebook profile's privacy. But if you're going to use only one, go with Privacy Check.

No comments:

Post a Comment