Get rid of tracking and data collection in browsers

Teacher

Teacher

Professional
Messages
2,670
Reaction score
806
Points
113
20-09-2021-practice.png


When visiting websites in modern browsers, user data is necessarily captured. The owners then transfer them to third parties for advertising purposes. We'll talk about maintaining the privacy of browsers and the ability to restrict the collection of information on websites.

Introduction
Each time you enter, the site asks your browser for information. What is this information? Some data is necessary for the correct display of the site: for example, information about the device language helps to automatically select the appropriate localization, about the type (computer, mobile phone) - to open a more convenient mobile version of the site if you use a smartphone, etc. But not always collected information works for your convenience: it can also be used to collect statistics and for sale to third parties, such as advertising agencies, online stores, etc. This is how contextual advertising appears. And the more information they collect about you, the more unique Internet user you become. Whether it is bad to be a unique user is a topic for a separate article. Today we will look at ways to reduce our uniqueness.

Information Collected and Methods of Collection
The list of collected information is large and extensive. Let's highlight the main blocks:
  • string "User-Agent" (operating system, device type, browser, other programs);
  • information about browsers (versions, installed plugins and extensions, settings, languages);
  • geolocation (time, country, city);
  • network settings (IP address, VPN usage, connection type);
  • technical characteristics of the device (screen size, type, processor, number of cores, memory).

These are just a few examples.
The collection of this information is called the browser's digital fingerprint.
The collection of information is carried out immediately upon connecting to the site, since the browser sends certain data when a web page is requested. But the most informative are cookies. They are mainly used to remember useful things like login credentials or the contents of a shopping cart on an online marketplace. Also, various trackers rely on them (fragments of sites that analyze and remember your actions on the site). Since most trackers are written in JavaScript, this programming language will be mentioned later in the text.

Checking the current state of privacy
To assess the current state of privacy (the presence of a unique fingerprint), just open the browser settings and see how much is allowed, but you can go from the other end. There are special sites that collect information and show it to you. Some of them are: deviceinfo.me, which we linked to above, ipper.ru, ipleak.com, coveryourtracks.eff.org. The latter will be used to determine the presence of a unique browser fingerprint.

Figure 1. Example of deviceinfo.me interface
s_1.png


Figure 2. Displaying the uniqueness of the browser fingerprint before configuration
s_2.png


The arrows indicate points that are worth paying attention to. Let's analyze them in more detail. The first and second elements show if trackers are being blocked by your browser (in this case, not). The third element indicates the presence of a unique fingerprint, in our case it is. Item 4 - statistical data; the fingerprint is now unique among over 200,000 tested browsers.

Configuring privacy in browsers
Let's see what privacy settings are provided by the most popular browsers on Windows: Google Chrome, Mozilla Firefox, Microsoft Edge, Yandex Browser, and Safari for owners of Apple devices.
Let's make a reservation that everyone should customize their browser for themselves; however, do not forget that “complete anonymity” is also a hallmark and can draw even more attention to you. Below we will consider settings that increase privacy, but do not make using the browser critically inconvenient.

Google Chrome
Chrome has an "incognito" mode that protects privacy only from other users of the device from which you access the Internet. This mode is turned on in the upper right corner of the screen (click on the “Customize and manage Google Chrome” icon → “New window in incognito mode”) or by the key combination “Ctrl + Shift + N”. In general, turning on incognito mode is faster than clearing your browsing history and cookies after visiting Internet resources, but in terms of privacy, this mode is useless, the browser transmits exactly the same amount of information as without it. A similar situation in such modes is observed in other browsers.
Let's try to make Chrome more private. Go to the browser settings, open the "Synchronization of Google services" tab and disable all the possibilities presented there. In the next tab - "Autocomplete" - we do the same. But the "Cookies and other site data" tab in the "Privacy and Security" section is configured as in the picture below.

Figure 3. Privacy and security settings in Google Chrome
s_3.png


Next, we bring the "Site Settings" tab to the following form (we prohibit everything).

Figure 4. Site settings in Google Chrome
s_4.png


And at the end, open the "Additional" → "System" tab and disable the first two options.
We check the privacy settings and get the results shown in the figure below.

Figure 5. Displaying the uniqueness of the browser fingerprint after configuration
s_5.png


Now our browser is blocking tracking, although some information is still available, such as our IP address and the browser used. However, you need to check the usability.

Figure 6. Yandex.Maps after configuring privacy
s_6.png


Figure 7. Google Maps after setting up privacy
s_7.png


Figure 8. YouTube after setting up privacy
s_8.png


Figure 9. Anti-Malware.ru after configuring privacy
s_9.png


As you can see, from this sample of sites, only ours works correctly. Functionality issues are due to the ban on JavaScript. To solve them, you can go to "Settings" → "Privacy and security" → "Site settings" → "Content" → "JavaScript" and at the bottom of the window add the necessary sites as exceptions.
What happens if you turn on JavaScript again? Let's take a look at the pictures below.

Figure 10. Chrome after setup, but with JavaScript enabled
s_10.png


As you can see, the results are slightly different from the initial ones, and the tracking protection even got worse. This is due to the fact that most of the information is collected using JavaScript. However, now the service manages to clarify the uniqueness of the fingerprint: every 41,556th browser matches ours.

Figure 11. An example of collected information with JavaScript enabled
s_11.png


Figure 12. Example of collected information with JavaScript disabled
s_12.png


The result is obvious, but do not forget that most of the Internet resources will no longer be displayed or work correctly.

Microsoft Edge
Microsoft Edge is developed on the same platform as Google Chrome, so in terms of privacy settings and their performance, Edge is similar to it. Below are the settings for Edge.

Privacy, Search & Services Tab:
  • tracking protection - strict;
  • delete web browsing data on close - enable all options;
  • send requests "Do not track" - enable;
  • allow sites to check if there are saved payment methods - turn off;
  • use a web service to troubleshoot navigation errors - disable;
  • offer similar sites, if you cannot find a website - turn it off;
  • show recommendations for search and sites using the characters I entered - turn off;
  • show suggestions from the journal, favorites and other data on this device, taking into account the entered characters - turn off.

Cookies and Site Permissions Tab:
  • block third-party cookies - enable;
  • JavaScript - disable (it is possible to add exceptions).

System tab:
  • startup acceleration - disable;
  • continue running background applications when Microsoft Edge is closed - turn off;
  • use hardware acceleration, if available, disable it.

Mozilla Firefox
Go to "Settings" → "Privacy and Security":
  • choose strict anti-tracking mode;
  • send websites a Do Not Track - Always signal;
  • "Delete cookies and site data when you close Firefox" - enable;
  • disable all parameters in the "Logins and Passwords" group;
  • "HTTPS only" mode in all windows - enable.

Figure 13. Displaying data by browser before setting privacy
s_13.png


Figure 14. Display of data after configuration
s_14.png


We haven't disabled JavaScript yet, so only tracking protection has improved.
But Mozilla Firefox allows you to customize your settings even more in detail. To do this, enter "about: config" in the address bar, go to this internal address and agree with the warning that will be displayed to you. Next, enter the parameters presented below and change their values.

We need to enable (value "true"):
  • privacy.resistFingerprinting - this setting replaces the values of time, used version of Mozilla and operating system, screen size, etc.;
  • privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access - these settings prevent Internet resources from seeing cookies from other sites. In this case, there may be problems with authorization; to fix them, you will need to disable the second parameter.

Disable (value "false"):
  • healthreport.uploadEnabled, policy.dataSubmissionEnabled - collection of data for statistics;
  • peerconnection.enabled - this parameter allows you to organize audio and video communication in the browser without using extensions, but at the same time reveals the user's IP address;
  • search.suggest.enabled - geolocation;
  • trackingprotection.enabled - tracking from sites.

In the above settings, the main parameter is “privacy.resistFingerprinting”. It replaces information about you with a more common one. The results are presented below.

Figure 15. Used operating system and browser version before settings
s_15.png


Figure 16. Operating system used and browser version after settings
s_16.png


Figure 17. Browser fingerprint value before settings
s_17.png


Figure 18. Browser fingerprint value after settings
s_18.png


To enhance the effect of "merging with the crowd", you can turn off the Russian language. To do this, go to the settings and in the search enter "language", disable "Use the" Russian (Russia) "settings of your operating system to format dates, times, numbers and units of measurement" and remove the Russian language from the preferred ones.

Figure 19. Language setting
s_19.png


Safari
First of all, you can try the "private window" mode. To do this, select "File" → "New Private Window".

When using private access, the following happens:
  • each tab is isolated from the others, so websites you view in one tab cannot track your activity in other sessions;
  • the web pages you visit and autofill data are not saved;
  • open pages are not synced with iCloud and do not open on other devices;
  • your recent searches are not included in the results list when using the smart search field;
  • the objects you download are not included in the download list (the objects nevertheless remain on the computer);
  • If you use Handoff, Private Windows are not propagated to your iPhone, iPad, iPod touch, and other Mac computers;
  • changes to cookies or other website data are not saved.

It is also advisable to enable the "Prevent cross-tracking" and "Block all cookies" options in the "Safari" → "Settings" → "Privacy" menu (may affect the operation of web resources). By clicking on the "Manage website data" button, you can view the information collected by the sites and delete it.
In Safari, you can create a privacy report containing a list of known trackers that have been banned from tracking your activity. To do this, choose Safari → Privacy Report.

"Yandex browser"
The domestic browser is also developed based on Google Chrome. Match the settings to the pictures below.

Figure 20. Ad blocking settings
s_20.png


At the same time, advertising on Yandex sites is not blocked.

Figure 21. Personal data settings
s_21.png


Figure 22. Configuring Threat Protection
s_22.png


Figure 23. Cookie Settings
s_23.png


As with other browsers, disabling JavaScript makes most sites unusable.

Browser extensions
Extensions are designed to make it easier to surf the Internet, but at the same time provide a good level of privacy. Consider the results of two extensions: uBlock Origin (Chrome, Firefox) and NoScript (Chrome, Firefox). They are not only ad blockers, but also JavaScript blockers. They automate the blocking process according to built-in filters that can be customized as needed. For example, when watching an online broadcast, the extensions showed the following (Fig. 24, 25).

Figure 24. Result of uBlock operation
s_24.png
[/B]

Figure 25. Result of NoScript
s_25.png

Thus, you can track who collects information about you, and prohibit it from doing so. But if you block everything, then you can disrupt the performance of the Internet resource.
Let's go back to the tests. We will check on Firefox configured according to all the recommendations above and with uBlock and NoScript enabled.

Figure 26. Displaying the uniqueness of the browser fingerprint after configuration
s_26.png


Figure 27. Example of collected information
s_27.png


Now the protection is maximum: tracking is blocked, the browser fingerprint is uninformative (every 125th browser looks the same as ours). Moreover, if the performance of popular Internet resources suffers, then you can quickly and conveniently enable JavaScript or remove blocking for specific domains, for the entire web page, etc. A good bonus will be the absence of advertising.

Other ways to increase privacy

Special browsers
There are special browsers aimed at ensuring anonymity on the Internet. The most popular of these is Tor. Within the framework of this article, we will not consider their effectiveness and their settings.

DNS traffic encryption
The Domain Name System (DNS) translates human-readable URLs (for example, “www.anti-malware.ru”) to IP addresses (for example, “34.107.151.202”). When a user enters a domain name in a web browser, the latter sends a request to the DNS server, which in turn returns the IP address for connection. DNS requests and responses are sent over the network in plain text, unencrypted.

There are currently two DNS encryption protocols:
  • DNS over HTTPS (DoH);
  • DNS over TLS (DoT).

Modern browsers have built in the ability to use DoH, but it is disabled by default.
DoH sends a DNS request over an encrypted HTTPS connection. However, DoH only works on sites that can support this protocol.
To enable DoH in Firefox you need to go to network settings and click on "Enable DNS over HTTPS". For browsers on Chromium, you will need to enter in the address bar: browser_name: // flags / # dns-over-https (instead of “browser name” you need to enter “chrome”, “edge”, etc.).

There are also differences in the principle of work. DoH in Chrome works according to the following algorithm:
  • the user enters the site URL in the browser;
  • Chrome receives data from the OS DNS server;
  • The browser checks to see if the server it is looking for is on the white list of approved DoH-enabled servers.
  • if so, Chrome sends an encrypted DNS request to that server's interface;
  • if not, Chrome sends a normal DNS request to that server.

In Firefox, however, there is an intermediary between you and the site. By default, this intermediary is the Cloudflare DNS server, but you can change it in the settings.

Conclusions
Unfortunately, when you visit sites, a large amount of data is collected about you, but this can be successfully combated. To effectively combat the collection of information, it is not enough just to configure the browser, you also need to use specialized extensions (not only those that were discussed in the article).

(c) https://www.anti-malware.ru/practice/methods/Get-rid-of-tracking-in-browsers
 
You must log in or register to reply here.

Similar threads

Mutt
How User-Agent Spoofing Is Detected via JavaScript
Replies
0
Views
369
Mutt
Mutt
Back
Top