Adventures in privacy sitting

In the aftermath of revelations that the NSA is watching everything they possibly can on the internet, I’ve been reviewing how I interface with the ‘net and pondering if I can do things better. I’m pretty lax about my online privacy, at least where cookies/ad networks/NSA metadata collection would be concerned, and I also understand that there is an exchange going on for some of the services I use. The furor that hit over claims that there was “no expectation of privacy” as a GMail user washed right over me because I understand that Google is programatically trying to understand my interests based on the e-mail I receive and present me targeted advertising with that information – there is not an underpaid intern sitting there hanging on my every word. I accept that exchange because I’m happy with the service that I receive as a GMail user; conversely, I stopped using Facebook in any serious fashion quite some time ago as I didn’t really feel like what I was being sold was worth what I was selling.

Anyway, back to the present and my review of how I browse. I’m pretty happy with my general browsing habits (my primer on browsing security is here), but what about the remnants of that browsing? Tracking cookies, browser history, and cached data – oh my! I wondered what the impact would be of cleaning all this data on a regular (and preferably automated) basis, if it would cause negative fallout on my internet experience, and I suppose more importantly, if it would yield any benefit.

One of the first things that goes out the window as you clean up cookies are websites that have remembered your login information. Having to type this stuff in every time you visit a site is not only frustrating, it can lead to password laziness – using the same password in many places so you don’t have to figure out what goes where. Thankfully, as a user of Lastpass I didn’t have to worry about this. All of my passwords are unique, stored separate from my browser, and automatically filled in for me when I visit a site – I just need to click the “Login” button. The same can be accomplished with Keepass or other alternatives, Lastpass just happens to be what I like and use.

Having a password manager alleviated most issues I was going to have by clearing my cookies out, but what about my browser history? How often did I rely on my browser remembering where I’d been and just going back there based on history rather than another mechanism? The answer to that question is probably “all the time” but thankfully there’s also a very simple answer to this – bookmarks. I’m notoriously bad at keeping bookmarks, but it’s also a very easy problem to fix. I just have to stop being bad at them! ;)

With that behind me, I dove into what it would take to clean these things up for me in an automated fashion. My primary browser is Chrome, and it was very simple to clean up cookies on exit. However, what wasn’t easy to clean up in Chrome was browsing history – there is no built in setting for clearing history automatically. I investigated a plugin to accomplish this task, but they either required excessively liberal permissions which went against the point of trying to tighten up my browser security, or they just plain didn’t work. At this point I dove into writing an extension of my own to accomplish this task – I just wanted to delete my history on shutdown, how hard can it be? Well, the answer to that is… harder than I expected. Mostly this is due to Chrome not actually having a mechanism for extensions to do cleanup tasks on shutdown, and even when I investigated doing cleanup on start instead, I couldn’t make my hand rolled extension work consistently.

This led to the biggest change of all I’ve made through this particular process – a switch back to Firefox as my primary browser. With history cleaning built in (in fact it appears this is something every browser but Chrome does), my last problem was solved. I made this final change last night after giving up on my Chrome extension, and so far things are working great. Firefox supports synchronization so my bookmarks and everything else still move between the different devices I use with ease, and of course there is a Lastpass plugin for it. A little tweaking of the cookies settings lets me keep a few that I want between sessions while everything else gets deleted. The primary reason I moved away from Firefox – slow startup – is a thing of the past, so I’ve generally been happy so far. Time will tell whether this becomes a permanent switch for me or not.