Solutions: Web Surfing, Personal Information, Web Bugs, and More
This section discusses several programs you can use to control your Web surfing experience. You can control many things in addition to what we have addressed in this chapter, including pop-up widows, banner advertisements, and active content such as Java and ActiveX. First we cover Web browser settings because your Web browser is the most important piece of software you use, and it is important to understand its configuration options.
Web Browsers
The following sections discuss some of our recommended settings for both Netscape Navigator 6.1 and Internet Explorer 6.0. Although the best settings for you really depend on your needs and habits, this is a good reference point. We recommend reading through the documentation and help files that come with your Web browser to understand the full range of configuration options it provides. The recommendations we make provide security in exchange for convenience. It is up to you to decide the balance that you want. Today's Web browsers store personal information about you, store words you commonly type in forms and search engines, and try to enable features that allow for the most diverse and rich Web experience. You must understand the features of your browser to decide what to turn on and off and what personal information to make available.
Netscape Navigator 6.1
Netscape offers many options for adding security and privacy. You get to the main controls by selecting Edit, Preferences, Privacy and Security. Table 7.3 covers some of the subcategories under Privacy and Security and tells you whether each setting should be enabled or disabled.
| Privacy and Security Subcategory | Recommended Settings | Setting |
|---|---|---|
| Cookies | Enable Cookies for the Originating Web Site Only | Check |
| Warn Me Before Storing a Cookie | Check | |
| Forms | Save Form Data from Web Pages when Completing Forms | Uncheck |
| Web | Remember Passwords for Sites that Require Me to | Uncheck |
| Passwords | Log In | |
| Use Encryption when Storing Sensitive Data | Check | |
| Master | Change Password—Add a Master Password | Select |
| Password | Netscape Will Ask for Your Master Password: | Check |
| Every Time It Is Needed | ||
| SSL | Enable SSL Version 2 | Uncheck |
| Enable SSL Version 3 | Check | |
| Enable TLS | Check | |
| All of the SSL Warnings | Check | |
| Certificates | Client Certificate Selection: Ask Every Time | Check |
In the SSL section, we choose to uncheck SSL Version 2 because SSL version 3 has been found to be more secure. Sometimes sites using SSL try to negotiate an SSL version with your Web browser. If SSL version 2 is offered in addition to version 3, oftentimes it becomes the negotiated choice. By unchecking the option to use version 2, you force a negotiation to use version 3 if it is provided. Be aware, though, that some sites can use only SSL version 2, in which case you would have to enable this option to negotiate.
Netscape offers other ways to get to some of its privacy controls. By selecting Tasks, Privacy and Security, you can access the Cookie Manager, Form Manager, and Password Manager. By selecting Tasks, Tools, you can access your History files, Java console, and JavaScript console.
Internet Explorer 6.0
A large number of configuration options are available for Internet Explorer. You can organize Web sites into one of four zones, each of which is set with certain configurations. Aside from zones, you have control over forms, personal profiles, cookies, and active content.
Security Zones
Four security zones exist in IE—Internet, Local Intranet, Trusted Sites, and Restricted Sites. By placing domains such as google.com, amazon.com, or mifavorita.com into these zones, you can organize and secure your Web surfing. Access the zones by selecting Tools, Internet Options, Security. The default configurations for most of these zones are fine, but we will customize the Internet zone to make it a bit more secure. By default, any site or domain you have not specified in another zone is considered a part of the Internet zone and is handled according to the Internet zone's configuration. For this reason, you need to tighten it up a bit more. If you have sites you frequent and trust content from, such as Amazon.com or Microsoft.com, you can specify them in the Trusted Sites zone by clicking the Sites button. If you know of sites that you should never trust, just specify them in the Restricted Sites zone. The Local Intranet zone is reserved for Web sites that exist inside your company's or home network. The default is that these sites would be trusted more than the Intranet zone but less than the Trusted Sites zone.
We are not covering all the options available for configuration—just the ones we want to change from default. By default, the Internet zone is set to Medium. Click the Custom Level button to get to the settings shown in Table 7.4.
| Internet Zone Option | Recommended Setting |
|---|---|
| ActiveX Controls and Plug-ins: Run ActiveX Controls and Plug-ins | Prompt |
| ActiveX Controls and Plug-ins: Script ActiveX Controls Marked Safe for Scripting | Prompt |
| Scripting: Active Scripting | Prompt |
| Scripting: Scripting of Java Applets | Prompt |
| User Authentication: Logon | Anonymous Logon |
Beyond zones, IE provides cookie control. The recommended settings for cookies, located under Tools, Internet Options, Privacy, are Advanced, Override Automatic Cookie Handling, and Prompt for Both First-Party Cookies and Third-Party Cookies.
IE also provides controls over content you store by and provide to Web sites. Access the Content controls by selecting Tools, Internet Options, Content. Click AutoComplete, and uncheck each option to Use AutoComplete for: Web Addresses, Forms, Usernames, and Passwords on Forms. To remove anything you might have had previously stored, click the Clear Forms and Clear Passwords buttons.
Under Tools, Internet Options, General, you can access controls for your history files, cache, and stored cookies. To clear these traces and any remnants of unwanted cookies or cache, click each button: Delete Cookies, Delete Files, and Clear History.
There are still some more advanced options you can configure. We cover only the options that we are changing from the default settings. Under Tools, Internet Options, Advanced, set the recommended options shown in Table 7.5.
| Advanced Option | Recommended Setting |
|---|---|
| Browsing: Enable Install on Demand (Internet Explorer) | Uncheck |
| Browsing: Enable Install on Demand (Other) | Uncheck |
| Security: Check for Server Certificate Revocation | Check |
| Security: Do Not Save Encrypted Pages to Disk | Check |
| Security: Enable Profile Assistant | Uncheck |
| Security: Use SSL 2.0 | Uncheck |
| Security: Empty Temporary Internet Files Folder when Browser Is Closed | Check |
Third-Party Software
Several packages are available that can assist you in tracking bugs and cookies. These help you understand what a Web site is trying to do to your machine and what information is being sent out to a third party. You can also stop information from being sent out with these programs.
Bugnosis
From Richard Smith and the team at www.bugnosis.org, Bugnosis is a plug-in available only for Internet Explorer. It gives you a visual and audio alert whenever a Web bug is encountered on a site you are visiting. It also gives you more information about the bug, including the complete URL and why it determined this was a bug.
In its current version, Bugnosis does not do anything about Web bugs, other than just letting you know that they exist. In Figure 7.12, you can see the flag Bugnosis gives you when it finds a Web bug, as when we visited eBay.
Figure 7.12. Bugnosis analysis of eBay Web bugs.
The next version is expected to actually let you block Web bugs. Even without this feature, though, Bugnosis is good for letting you see just how many Web bugs are out there and which of your favorite Web sites are using them.
AdSubtract
This is a wonderful program for sale at www.adsubtract.com that works for Internet Explorer, Netscape Navigator, Opera, and AOL browsers. AdSubtract is developed by Intermute, a leading company dedicated to providing solutions for letting Internet users protect their privacy. AdSubtract gives you a range of privacy controls, including
Cookie management, with a color-coded listing of existing cookies on your system
Ability to block referrers from tracking your movements across the Web
Ability to block ads, images, Web bugs, Java applets, JavaScript, pop-ups, animations, autorefreshes, and sounds
AdSubtract is thorough because it also keeps a log of everything it filters, as well as every HTTP request your Web browser makes to AdSubtract. This can be an interesting log to review to learn what is really going on behind the scenes because it shows you the raw HTTP traffic. It also includes a statistics screen that breaks down the numbers of different items blocked per site.
AdSubtract works by acting as a proxy, sitting between your Web browser and the Web site you are visiting. It intercepts requests from your Web browser to the site and then intercepts the data coming from the site you are visiting to your browser. The Filters screen can be seen in Figure 7.13.
Figure 7.13. AdSubtract filter options.
FilterGate
FilterGate is marketed as a privacy filter for Windows, available for purchase from http://www.adscience.co.uk/. It consists of three main components—the Adult filter, Ad filter, and Privacy filter. The Adult filter provides controls to make surfing the Web safer for your children and includes protection from pornography, bad language, and violence. The Ad filter protects against all types of advertisements, including banners, pop-ups, music, and header ads.
The Privacy filter has configuration options that are easy to set up. You simply check a single box to turn on cookie protection, for example. It protects against Web bugs, advertising cookies, and referrers, and you just check a box to enable each option. There is not much flexibility in configuring the options, which makes it easy for you, but it might not be as granular as you need. For greater cookie control, you will need another tool.
FilterGate has some bells and whistles, though, including an easy update feature that downloads the latest FilterGate database of ads and other objects that should be blocked.
WebWasher
WebWasher, shown in Figure 7.14, is another tool with a wide range of surfing controls. It is available from the German company Webwasher.com AG at http://www.Webwasher.com/, and it actually runs on Windows, Linux, and Macintosh. Its features allow for control of many of the same things as the other programs, including ad control, banners, pop-ups, scripts, and animations.
Figure 7.14. WebWasher configuration.
More related to privacy, WebWasher has filters for the following:
Web bugs
Referrers
Cookies
Prefix removal
The Prefix removal feature is unique and useful. It disables a site's capability for tracking your movements across it if the site uses a common method that essentially amounts to a link containing two references to HTTP in a single link, as was demonstrated in the section “Web Bugs: Nasty Little Creatures?” For example, consider a link in your Web browser with the following HTML code:
http://search.com/track?url=http://realurl.com
WebWasher safely converts this link into http://realurl.com, removing search.com's capability to track your click on the link. As with most programs that provide a lot of Web surfing control functionality, however, there are usually stripped-down controls on cookie management. You get the basics for cookie management, but you might need to supplement the program with CookiePal or an alternative if you want more cookie control.
You can configure WebWasher for use with a proxy server, or even run WebWasher as its own proxy. Be careful with this setting, though! If you run WebWasher as its own server proxy, and you are not behind a firewall, other computers can use your computer as a proxy, cloaking themselves with your IP address and appearing to be coming from your computer.