Cyberstalkers Are Watching You. Take These Four Steps to Block Their View.

Decoding the tech world.
Sept. 26 2013 12:53 PM

This Is How the Cookie Crumbles

The four steps to controlling how you’re tracked online.

(Continued from Page 1)

Step 3: Forgo Flash

Adobe’s Flash, the software engine commonly used for multimedia content, has long been a security and privacy black hole, offering its own insidious, cookie-like mechanism called a “local shared object” (LSO), which isn’t subject to the privacy restrictions of normal cookies. LSOs are a headache to monitor and clean and have resulted in several lawsuits for tracking users without permission. Adobe has slightly improved matters over the years, but pretty much everyone except Adobe wishes Flash would go away.

So if you can’t do without Flash completely—and it’s hard to quit those incessant nagging autoplay videos—go to Adobe's settings page and disable third-party Flash cookies. Better yet, use browser extensions like NoScript and BetterPrivacy, which allow fine-grained control of LSOs and sites that use them, at the cost of a significant amount of micromanagement. (I never said this was going to be easy.)


Step 4: Use a filter

The previous steps should make clear that managing privacy is an active and ongoing process, not a one-time fix. Technology changes and new tracking mechanisms evolve. Even without scripting and cookies, “Web bugs” or “Web beacons” can track you simply by loading an image from a tracking site.

Unless you want to severely limit your Web functionality by turning off cookies, images, and Flash completely, nothing short of an active community effort can separate tracking websites from nontracking sites. Thanks to the generally obsessive nature of tech culture, these collective groups playing Tracker Whac-A-Mole exist, updating active lists of tracker sites weekly and often daily. (You may notice that with these filters, you stop seeing some advertisements as well. There’s always a price to pay.)

One of the easiest filters use is the Disconnect extension, originally made by ex-Googler Brian Kennish. Available on Chrome, Firefox, Safari, and Opera, it claims to block more than 2,000 tracking sites, with quick buttons to selectively enable the big three: Facebook, Google, and Twitter.

On Android phones, Chrome doesn’t allow extensions, so you’ll have to use Firefox. Disconnect is not yet available for mobile devices, but a more technical and more aggressive option is available: Adblock Plus. Most major ad blockers these days support a standard format for lists of content filters, and the one we care about here is the EasyPrivacy list. Install the Adblock Plus extension in Firefox, browse to the EasyPrivacy site, click on “Add EasyPrivacy to Adblock Plus,” and you’re set.

As for filters on iPhones and iPads, you may be out of luck. I am not aware of a single simple way to use privacy filters on iOS. (If anyone knows of one, leave a comment and I’ll update this article.) Until Firefox comes to iOS or Safari or Chrome allow browser extensions, you’ll have to trust in Apple’s limit ad tracking. Sorry—complain to Apple! (Mozilla has said they will not build Firefox for iOS because Apple refuses to let them use Firefox’s own Web engine, only the Safari engine, and no iOS apps are allowed in the Apple Store without Apple’s explicit permission.)

Outside of iOS, actively maintained filters are probably the closest to a one-stop fix as you can get. You are entrusting your privacy to the judgment of a community of idealistic techies, whose judgments are not perfect but who are at least more disinterested than the advertisers. It beats the alternatives. Do not, however, use TRUSTe’s privacy list, which can actually override other lists to allow some tracking, including shady marketer Acxiom. You can’t trust(e) anyone these days.

Sadly, trackers will not simply roll over and settle for you blocking them. New technologies are being invented all the time—for example, device fingerprinting attempts to identify a single user based not on cookies or any sort of explicit identifier but merely on information sent in the normal course of loading a website: what browser version you’re using, screen resolution, preferred language and encoding, IP address, etc. It’s not an exact science, but it’s surprisingly accurate and may make much of the current tracking technology obsolete.

The steps outlined here may feel like bailing water from a sinking ship. For our online privacy not to capsize altogether, our hope is in informed consumers demanding specific and consistent treatment of their own profiles and standing up against new cyberstalking technologies.



Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

IOS 8 Comes Out Today. Do Not Put It on Your iPhone 4S.

Why Greenland’s “Dark Snow” Should Worry You

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Amazon Is Launching a Serious Run at Apple and Samsung


Slim Pickings at the Network TV Bazaar

Three talented actresses in three terrible shows.


More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

The Ungodly Horror of Having a Bug Crawl Into Your Ear and Scratch Away at Your Eardrum

We Could Fix Climate Change for Free. Now There’s Just One Thing Holding Us Back.

  News & Politics
Sept. 17 2014 7:03 PM Once Again, a Climate Policy Hearing Descends Into Absurdity
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
Sept. 17 2014 6:53 PM LGBTQ Luminaries Honored With MacArthur “Genius” Fellowships
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
Future Tense
Sept. 17 2014 9:00 PM Amazon Is Now a Gadget Company
  Health & Science
Sept. 17 2014 4:49 PM Schooling the Supreme Court on Rap Music Is it art or a true threat of violence?
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?