# Blocking cookies and adverts for a reasonable level of privacy



## streetfighter 2 (Sep 25, 2010)

I'm not a particularly paranoid person but I do despise marketers and advertisers.  It used to be fairly trivial to block cookies and advertisements but not anymore.

Take a look for yourself:
http://arstechnica.com/web/news/201...he-zombie-cookie-war-by-raising-awareness.ars
http://samy.pl/evercookie/
http://arstechnica.com/security/news/2010/10/it-is-possible-to-kill-the-evercookie.ars

Blocking evercookie in:
Firefox (Ad Block Plus may also work but but I'm not sure and it may conflict with Ad Muncher/hosts file)
Opera
Internet Explorer (just kidding, you're screwed.  get a real browser)

Also the FTC Commissioner Jon Leibowitz is somewhat on my side:
http://www.ftc.gov/os/caselist/0710170/071220leib.pdf


> Originally Written by *Commissioner Jon Leibowitz*
> 
> 
> _Ultimately, if the online industry does not adequately address consumer privacy through
> ...



What I'm writing about is blocking the tracking attempts of every (yes, every) website I go to.  I don't want Amazon.com to recommend a single thing to me.  I don't want any other site to log my browsing habits so they can sell them to some other group of jerks.  I don't want 10 million flash ads that make noises or otherwise impede using a particular site.

I'm sure someone here is thinking that it's wrong to block advertisements because I'm not paying TPU, arstechnica or other sites I use.  You may therefore be startled to learn that in the rare event that I watch TV, I change the channel during the commercials.  When driving a car I make a point of ignoring billboards that fill my peripheral vision.  Whenever possible I pay in cash so companies can't track my purchases.  I don't even like malls.

BTW, I obviously turn off all ad-blockers when I'm on TPU because the advertisements are always relevant and worthy of a good clicking. 

There are many ways that advertisers track you on the net but the primary ones are:
*1) Flash cookies*
*2) Cookies*
and cookie monster (actually that's just a character from Sesame Street)
*3) IP based*
*4) HTML5 magic*

I should note that I also like settings to be transparent, omnipresent and compatible.

Without further ado, a brief discussion of my current methods.  Please suggest new information or improvements on my methods wherever you can.  Thanks!



*-1) A good Firewall*
*Description:*
 If you don't have a firewall you really should be in the process of getting one right now.  Some firewalls can block ads and all firewalls will help prevent hacking attempts.

*Solution:*
 There are lots of different firewalls available.  The good Mr. AsRock recommended 
Outpost Firewall
 as a personal firewall/ad blocker/content control.  I like 
ClearOS
 as a network firewall but it requires significantly more technical expertise and a dedicated machine to set up.  Anyway about it you'll probably want something with ad blocking/content control to insure your privacy is protected.  You can also augment you firewall protections using a tool like 
CCleaner
 which wipes your browser's internet files (cookies, temp files, etc.) though many browsers allow you to tune these features automatically.

*Transparency/Omnipresence/Compatibility:*
  If you run a personal firewall like Outpost Firewall it will run on your machine and you'll know it's there.  Consequently I like an external firewall because I only need to interact with it to change settings.  External firewalls also have the advantage of offering protection for all computers on a network, regardless of OS.  When it comes to simplicity though Outpost Firewall seems to be the winner.  A good firewall will actually help with all the issues I mention (1 thru 4), though it may be redundant with 0.


*0) Null route*
*Description:*
 The first thing to do, and arguably the easiest, is to null route as many known advertising servers as you can.  Null routing forces your computer to incorrectly resolve specific addresses.  In laymen's terms it pretty much blocks specific sites.

*Solution:*
 Thankfully 
MVPS
 constantly updates a list of jerks which makes it extraordinarily convenient to block a good chunk of internet advertisers.  If you know how to edit your hosts file you can manually update it with the 
MVPS version
.  Unfortunately new advertisers pop up every day so this isn't a complete solution but it's a pretty damn good attempt.  If you'd like to manage your hosts file yourself you might want to give the excellent utility 
hostsman
 a try.  On the other hand, if modifying your hosts file is not your cup of tea you can check out 
Ad Muncher
 which performs most of the tasks of a good hosts file but through it's own utility.

*Transparency/Omnipresence/Compatibility:*
  The reason why I recommend this over traditional browser based advert blockers is because this works for everything on your computer.  It even prevents some trojans from calling home and turning your computer into a digital depot.  You can use this in conjunction with a browser based ad-blocker if you want the additional features it affords you, but don't skip on the hosts file/Ad Muncher!  There are minor compatibility issues and they're usually with sites that are deeply in cahoots with advertisers.  Oddly enough I noticed that I couldn't download VMware officially (without disabling my hosts file) because my hosts file was preventing VMware from sending my personal info to marketers .  A hosts file will actually help with all the issues I mention (1 thru 4).


*1) Flash Cookies*
*Description:*
 Also called Adobe love stains (I just made that up...).  Adobe loves you so much that they allow flash to place cookies in several locations on your computer.  They also don't do much in the way of advertising a bloody control panel but one does exist.

*Solution:*
  The most comprehensive solution I've found thus far is to remove read/write permissions on the folders mentioned 
here
.  If you're using firefox you can try 
BetterPrivacy
.

Transparency/Omnipresence/Compatibility:
 Once it's set it's done and it works in all browsers.  Unfortunately removing read/write permissions on the folders mentioned on the wikipedia entry will also cause severe compatibility problems with a lot of sites sporting flash content.  The only alternative is to use the poorly advertised 
Flash Settings Manager
 and disable as much as you can.  It will still be necessary to periodically go into the folders on your computer and manually delete all the accumulated garbage or use BetterPrivacy to automate this process.



*2) Vanilla (as in plain-olde) cookies*
*Description:*
 Browser cookies are like horse flies, they bite you and they perpetually follow you.  Occasionally they're good, like the one TPU uses to keep me logged in.  More often they're just tracking you so advertisers can make money off your browsing habits.

*Solution:*
 Only one way out of this unfortunately.  Go into your browser setting and disable cookies but add exceptions for sites you like or otherwise need to visit.

*Transparency/Omnipresence/Compatibility:*
 Chances are you'll always find another site to add to the list of exceptions.  Worse still is that each browser has to be configured separately.  Some sites will completely refuse to work unless you enable cookies for them.


*3) IP Based*
*Description:*
 Websites with annoying marketing departments will log your IP and record your browsing habits under that IP for the purpose of hawking you and the people around you more crap.

*Solution:*
  A good proxy or 
Tor
.  If you opt to use Tor I'd recommend 
JanusVM
 because it's easy to configure and doesn't require you to manually enter a proxy in different browsers.  I've found 
xroxy
 and 
hidemyass
 provide decent lists of public proxy servers.

*Transparency/Omnipresence/Compatibility:*
  Unfortunately you're not going to want to run your internet through a proxy or Tor all the time (unless you have to).  Additionally setting up a proxy/Tor is often a per browser setting and can occasionally be a pain in the neck to set up.  Tor does have some compatibility issues but they're quite tolerable in my opinion.  If you use a good socks5 proxy server you shouldn't have too many problems.


*4) HTML5*
*Description:*
 I hate it, I hate it, I hate it...  But it's so useful.  Reminds me of the .NET framework.  It has more holes than a colander thats been hit with 20 birdshot shells.

*Solution:*
 Turn off JavaScript except on sites that you trust.

*Transparency/Omnipresence/Compatibility:*
 Most every site has JavaScript these days so turning it off is going to be a shitstorm.
A note about the numbering of the methods
You may have noticed that the methods start at -1, this is a bit like the rules of thermodynamics.  The first two methods are so fundamental that they shouldn't need to be stated but I do anyway to insure that the list is comprehensive.

Any suggestions for improving my list would be great!


----------



## TSX420J (Sep 25, 2010)

I use firefox and some good add-ons. Get Ad Block Plus, it is good at blocking ads and will help speed up web page loading times. I also use Noscript, it blocks all incoming scripts until you allow them to be loaded. Those are my two main add-ons I use and they work great. In firefox in the options under the privacy tab you can configure how cookies are handled. Hope this helps.


----------



## streetfighter 2 (Sep 25, 2010)

I appreciate the suggestion.

I like some of the features in Noscript but I don't want to be limited to having those features in Firefox and also having to modify them a lot.  On the other hand I might not have an alternative...  For the time being I'm looking into abstracting some of the ideas of Noscript to fit a more general case which is loosely defined by my notion of transparency, omnipresence and compatibility.

Specifically I'd like to find a way to block (yet provide exceptions for):
<canvas>
all HTML5 storage APIs
Cross-Site Scripting (XSS)

EDIT: Now that I think about it I might as well just turn off JavaScript then add exceptions for the sites I use most often...  It would be nice to block only those things I mentioned though.

Firefox's Ad Block Plus just doesn't cut the cheddar when compared to the MVPS host file.  The hosts file is much more robust.


----------



## TSX420J (Sep 25, 2010)

streetfighter 2 said:


> I appreciate the suggestion.
> 
> I like some of the features in Noscript but I don't want to be limited to having those features in Firefox and also having to modify them a lot.  On the other hand I might not have an alternative...  For the time being I'm looking into abstracting some of the ideas of Noscript to fit a more general case which is loosely defined by my notion of transparency, omnipresence and compatibility.
> 
> ...



Cool I'm going to try that. I'm a bit of a novice though, LOL, well novice compared to most people in the forums here.


----------



## AsRock (Sep 25, 2010)

I just use Outpost Firewall it will block what ever you like.

http://www.agnitum.com/products/


----------



## Completely Bonkers (Sep 26, 2010)

great stuff!

also suggest hostman, ccleaner, admuncher


----------



## streetfighter 2 (Sep 26, 2010)

TSX420J said:


> Cool I'm going to try that. I'm a bit of a novice though, LOL, well novice compared to most people in the forums here.



I'd definitely recommend it.  If you want you can use Ad Block Plus in conjunction with the MVPS host file. The only reason why this might be an issue is if you went to a website that wasn't working properly you might end up having to disable both your hosts file and Ad Block Plus to get the site to work.



AsRock said:


> I just use Outpost Firewall it will block what ever you like.
> 
> http://www.agnitum.com/products/



I can't believe I forgot to mention firewall on my list!  That'd be like the -1th method because it's so obvious that I forgot to mention it.  Thanks.

I've never even heard of Outpost Firewall before but I read up on it and it seems like a really solid personal firewall.  

I rarely move my desktops outside my LAN so I've focused on firewalling the LAN and I just use the stock Windows/linux/OSX firewall for the individual computers.  I currently have a router connected to my WAN, and a dedicated box running ClearOS and JanusVM connected to the router.  All the computers on the LAN are connected to a switch which is connected to the ClearOS/JanusVM box.  That way I get 3 layers of firewall and an optional VPN for anonymous browsing (method 3).  (I made a thread on how I was able to virtualize ClearOS for testing before I deployed it if you're interested.)



Completely Bonkers said:


> great stuff!
> 
> also suggest hostman, ccleaner, admuncher



By hostman you mean HostsMan right?  That looks like a really excellent little program.  I'm definitely going to give it a try.  Thanks.

I always thought ccleaner was just for fixing up the registry.  I see now it cleans up for browsers too.  Do you know if it deletes flash cookies as well?

Admuncher looks like a really great program.  It appears to be a really customizable front-end with core-functionality akin to a good hosts file.  I was reading the FAQ and it mentions "_Protects your privacy by blocking common third-party tracking systems_", I'm curious to how it does this and to what extent.  I think I'll fiddle with Admuncher in a VM when I get some spare time.


----------



## Static~Charge (Sep 26, 2010)

If you use Firefox, try the BetterPrivacy add-on. It was designed specifically to deal with Flash Player's LSOs (Locally Stored Objects, a.k.a. "Flash cookies").


----------



## AsRock (Sep 26, 2010)

streetfighter 2 said:


> I'd definitely recommend it.  If you want you can use Ad Block Plus in conjunction with the MVPS host file. The only reason why this might be an issue is if you went to a website that wasn't working properly you might end up having to disable both your hosts file and Ad Block Plus to get the site to work.
> 
> 
> 
> ...



Well without post it can block loads of stuff and i do mean loads of stuff all though it is good for a beginner but with all the options it has can be setup to a much more advanced way including web page content control..

I've even blocks ads from some games Tiger Woods 08 was one were it would make the game connection ( required ) and ads which ya just block .  Well worth checking out thats for sure. 

I could post some pics if you like ?.


----------



## claylomax (Sep 26, 2010)

TSX420J said:


> I use firefox and some good add-ons. Get Ad Block Plus, it is good at blocking ads and will help speed up web page loading times. I also use Noscript, it blocks all incoming scripts until you allow them to be loaded. Those are my two main add-ons I use and they work great. In firefox in the options under the privacy tab you can configure how cookies are handled. Hope this helps.



This is what I used, but I think that Firefox is getting slower with every version.


----------



## Octopuss (Sep 26, 2010)

Nice thread.
Has anyone really experienced slowdowns when using the hosts file?


----------



## AsRock (Sep 26, 2010)

Octopuss said:


> Nice thread.
> Has anyone really experienced slowdowns when using the hosts file?



Well mines around 980KB and no issues.


----------

