h4k.com

Some web sites request personal information from the user before granting them access to certain areas of the web site. Sites like online newspapers, forums, and businesses use this technique in an attempt to get more information about who is accessing the data but this can easily be circumvented by entering in false information. BugMeNot.com is a collection of generic accounts for many different web sites. Go to http://www.bugmenot.com, type in the website address and it will list any available logins sorted by a community-input percentage of either working or not. New accounts are added by visitors to the web site.

There is also a FireFox plugin available for BugMeNot. After installation right click on the login field of a web site and select “Login with BugMeNot”. The plugin will automatically cycle through any available logins to that site in its’ database.

https://addons.mozilla.org/en-US/firefox/addon/6349

Darik’s Boot and Nuke (DBAN) is a utility for completely destroying all the data on a hard drive. To use the program simply download the file, write it to a floppy, blank CD, or USB drive and then boot the computer to the newly created media. It is easy to use with on-screen instructions and works by overwriting all the data on the hard drive multiple times with various patterns and random data. DBAN is commonly ran on used hard drives that may be sold or given away so that none of the data can be recovered. This application destroys all data on the hard drive, including any installed operating systems, and should be used with caution.

http://dban.sourceforge.net/

The Electronic Frontier Foundation is a non-profit organization that works to protect digital rights and civil liberties. Their website contains lots of news and information about past, present, and future digital rights conflicts.

http://www.eff.org/

EFF has an excellent rating as a non-profit organization (see here).

Some web sites request an email address to register for something they are offering. If you don’t want to risk getting spam in your mailbox or never plan on visiting the site again then in some instances it is preferable to use a throw-away email address.

http://www.mailinator.com

If a web site requests an email address type in anystringhere@mailinator.com and replace anystringhere with any set of letters and numbers (ex: dfFx90sR7e2j@mailinator.com, me123@mailinator.com). To check the mailbox go to http://www.mailinator.com and in the “Check your inbox!” text box type in the new string of email address prior to the ampersand.

Warning: Anyone who goes to mailinator.com and types in a string that was used can check the email inbox. There is no way to prevent other people from seeing the contents of the mailbox which is why it s important to only send non-sensitive emails to these accounts. To achieve some basic level of security it is a good idea to use the auto-generated accounts that are listed at the top of the page by the “Check your inbox!” area. The are randomly created accounts that have a low possibility of being entered by chance from someone else who is trolling through accounts to find sensitive information.

Some web sites will not allow you to use mailinator.com email addresses so mailinator.com provides other throw-away email address domains to use as well. They can all be checked at mailinator.com:

• mailinator2.com
• sogetthis.com
• mailin8r.com
• mailinator.net
• spamherelots.com
• thisisnotmyrealemail.com

Ask.com is a search engine that has a new function called “AskEraser” which deletes your search history from their servers within hours of searching. Some search engines keep the data indefinitely or for an undisclosed amount of time. For example, Google keeps your searches indefinitely and only makes them anonymous after 18-24 months (according to the official Google blog here). Unfortunately “anonymous” search engine data processing has been found to be vulnerable for being able to determine individual users as seen with the AOL searches data set release.

To enable AskEraser go http://www.ask.com then click on the word “AskEraser” in the upper right corner. A window will appear and click “Turn On AskEraser”. In the upper right corner where it says “AskEraser” it will now say “AskEraser > On | Off” with “On” being highlighted.

It is important to also use something like Adblock because Ask.com uses Google AdWords so Google is still getting information about your searches.

Leaving an account logged in to a computer allows anyone who walks up to the computer to act as the currently logged on user. This can be quickly mitigated by locking the computer screen with keyboard commands. To access the computer after locking the screen the current users’ password will need to be entered. The following keys need to be pressed simultaneously.

Ubuntu:
Ctrl + Alt + L

OS X:
No default keyboard command available. Alternative solution: go to Preferences –> Security –> check the box for “Require password to wake this computer from sleep or screen saver. Next, go to Preferences –> Expose and set a screen corner to start the screen saver. I have found the bottom right corner to be the quickest because you can slide your finger down and across the touchpad while walking away to enable it.

There is a way described here to set up a keyboard command but it requires that the Keychain Access icon remain the leftmost icon on the menu bar, creating a custom keyboard command and then pressing two different sets of keyboard commands to lock the screen.

Windows:
Windows Key + L

QuickJava is a Firefox extension that inserts two small icons on the status bar for enabling and disabling Java and Javascript. One click on the J icon and Java is disabled. Click on the J icon again and it is enabled. The same principals apply with Javascript on the JS icon.

Javascript is used at many Internet sites so disabling it is not always practical but QuickJava makes a convenient switch for enabling Java as necessary.

https://addons.mozilla.org/en-US/firefox/addon/1237

Restricting web site caching from protocol-following Internet spidering applications can be accomplished by adding a robots.txt file to a web site and inserting metadata into the HTML code of each web page. Robots.txt is a web standard to instruct spiders and bots to what they can and cannot access. Not all bots follow the robots.txt standards (see here) but many do so it is still a good idea to have a robots.txt file.

For a robot.txt file that blocks all spidering add the following lines to a blank plain text file:

User-Agent: *
Disallow: /

Save the file as “robot.txt”, then upload to the top directory of the web site. It needs to be accessible at the top level of the web site. For example, the h4k.com robots.txt file can be found here: http://h4k.com/robots.txt

The metadata tags below need to inserted on each web page that needs the caching to be restricted. If the web site runs Wordpress software it can automatically insert the metadata tags into all HTML files by editing the header php code. Log in to the Wordpress console then go to Presentations –> Theme Editor –> and select “Header” under the “theme files” listing. Directly underneath the area where it says:

<title><?php bloginfo(‘name’); ?><?php wp_title(); ?></title>

insert these metadata tags:

<META name=”ROBOTS” content=”NONE”>
<META http-equiv=”CACHE-CONTROL” content=”NO-CACHE”>
<META http-equiv=”EXPIRES” content=”0″>

* Note: you will need to currently replace the quotes with newly typed ones. The web page is not displaying the proper characters for the quotes (yet).

This also instructs web spiders to not look at anything, instructs the web browser not to cache the web page, and has the web page set to expire immediately.

Alternatively, you may want web crawlers and search engines to be able to see your web site but not make a copy of the content. To set up a web page to allow web spiders and search engines to index the information but not make a cached copy of the web page the ROBOTS metatag should be set to “NOARCHIVE”.

<META name=”ROBOTS” content=”NOARCHIVE”>

Lots of good information about metatags can be found here.

It is also important to have a well constructed robots.txt file to prevent the leech bots from wasting bandwidth on your site and preventing them from making copies of your site. Wikipedia.org has a well documented robots.txt file that the h4k.com robots.txt file is based off of.

Many web browsers such as Firefox, Internet Explorer, and Safari have the Adobe Flash Player installed to display content from sites like youtube.com and others. The Adobe Flash Player can open access to cameras and microphones attached to your computer and store tracking information. The only way you can modify these settings is by going to a specific section on Adobe’s web site, as linked below. If you go to the following page and the Setting Manager does not appear then Flash has not been installed on your computer.

http://www.macromedia.com/…/settings_manager04.html

The most secure settings are as follows from the left to right tabs on the Settings Manager:

• Global Privacy Settings – Click “Always deny…” followed by “Confirm”

• Global Storage Settings – Slide the bar all the way to the left for “None”, check “Never Ask Again”, uncheck “Allow third-party Flash content to store data on your computer.”

• Global Security Settings – Check “Always deny”

• Website Privacy Settings – Check “Always deny”, click the “Delete all sites” button followed by “Confirm”

• Website Storage Settings – Slide the bar all the way to the left for “None”, check “Never Ask Again”, click the “Delete all sites” button followed by “Confirm”

Adblock Plus is a Firefox extension that is used to block annoying and intrusive web advertisements along with other unscrupulous Internet tracking companies. After installing it and restarting Firefox it will display a subscription screen. Click the “Cancel” button then when Firefox loads go to “Tools” then “Adblock Plus…” and import the block list below in the Adblock Plus Preferences window.

The list below is a modified version of the EasyList ad blocking list combined with the tracking element list. There are no pre-white-listed sites. If you come across a web site that is not rendered correctly, working properly, or the tracking capabilities need to be enabled then add that single web site to the white-list. This is done by clicking on the down arrow next to the “ABP” button in Firefox for options to disable and enable Adblock Plus for this site.

If a subscription is not used and an imported list is not use then the multitude of tracking and otherwise spamming domains will need to be added manually to the block list. This is not always the best method because some of the tracking mechanisms are hidden in the HTML code and cannot be seen at all unless each pages’ code is analyzed. This is a good way to selectively block companies however.

Adblock Plus can be downloaded here:
http://adblockplus.org

Adblock Plus modified block list with tracking and advertising companies:
http://h4k.com/files/adblock.txt (License)