Perils of Protecting Privacy While Browsing

The software and services we all use every day, whether stand-alone or over the internet, are incredibly intricate and complex. It is one of those truths of software engineering that defects (or bugs if you prefer) grow in number faster, not in proportion, to the number of lines of software code. Windows often take the brunt of the bad public relations when things go wrong with our computers, probably because (for most people) it's right in front of them when trouble occurs. Yet the problems are to be found everywhere. No software vendor or open-source project is immune to exploits. Even when trouble is not due to a defect but some obscure though intended function, it is perceived by users as a defect.

Browsers are a case in point. Due to their complexity, interconnectedness with all sorts of local software, web sites and network services, and their rapid evolution in the face of competition and changing standards, they are frequently the vectors of malicious attacks. By attack I mean more than viruses and other malware: anything that flies under the radar to track, mislead or pry into my activities, online or offline, is an attack against my privacy. This includes cookies, browser history, and even remote tracking based on IP address.

It was therefore of no small interest to me to read about the latest exploits against the private browsing feature that most browsers now support. I can't say that I'm surprised to hear this news. The so-called sandbox that private browsing features create must by their nature be quite complex in how they must pick and choose communications paths to connect with or block among the multitude that all modern browsers contains. Recall what I said above about defects and complexity and you can see why I am not surprised.

For a long time now I have followed my own path to security and privacy, choosing to use many browsers. Each is set up and used to accomplish a specific function. My primary browser is Firefox, and I tend to use it to visit web sites I generally trust. Yet I use an assortment of plug-ins to protect my privacy, including an ad blocker, a cookie manager and a Shockwave Flash cookie manager. (You know about Flash cookies, don't you?) I use a completely different browser to visit untrusted and unknown web sites the first time, or even trusted web sites if I want to disrupt how they track my activities. Being human I do make the occasional bad decision when I'm in a hurry, and I have paid the price.

My reason for going this route -- although I have experimented with private browsing features -- is that I put a premium on privacy and security (that's one reason why this blog is anonymous). I expect private browsing to be a fragile and delicate thing due to its complexity. I therefore choose to address the problem with a sledgehammer rather than a scalpel; that is, brute force over finesse. On the second browser I have Javascript disabled by default and at the end of every session all private data is deleted. I deal with Flash cookies for all browsers via the Firefox plug-in BetterPrivacy. When I use that browser as my own little sandbox I do not impede cookies or other trackers. It isn't necessary, nor is private browsing, since it all gets flushed when I exit.

Countering this zealous slash-and-burn approach is the question of whether privacy itself is passing into history as we pass into a future of no privacy and complete transparency. Google CEO Eric Schmidt seems to lean in this direction, but then his company has a vested interest in following you around. Others without these commercial interests have also thought about the issue and come to the same conclusion. Some like author David Brin go so far as to argue that this is a good thing so get used to it and turn it to your advantage.

I am not ready to get used to it and perhaps I never will. To me privacy and anonymity occupy an important part in my life so I take steps to make it happen. Browsing privacy is just one piece of the puzzle. I will continue on this path even as it gets more treacherous as technology moves forward. There are interesting times ahead of us as privacy rights get increasingly mangled and redefined.