Plugin to Disconnect: Regain Browsing and Search Privacy
Ex-Google employee Brian Kennish has been developing a web browser plugin dubbed ‘Disconnect‘, which aims to restore users’ web browsing and searching privacy on a number of major sites. The plugin, which current supports Google, Facebook, Digg, Twitter and Yahoo, blocks uniquely-identifying cookies which are used to track individual users’ browsing activity and searches. Brian also created ‘Facebook Disconnect‘ which prevents Facebook from tracking you on any website that uses the Facebook Connect functionality.
Both of these plugins de-personalize your normal browsing and searching, whilst allowing you to continue using services like Google and Facebook normally. You can see which cookies are being blocked in real-time, and unblock any that you may want. Note that the search de-personalization currently only works on the google.com domain (not local country domains).
At the moment these plugins are only available for Chrome and RockMelt (a new social media-embedded browser I just heard of), but a Safari extension and Firefox add-on are on the way!
Mobile Web Identity Leakage in HTTP Headers
This year has seen some interesting research (Mulliner and xuf) into the way mobile carriers modify users’ HTTP traffic when surfing the web. Unlike most ISPs, which provide you with a direct pipe to the internet (with little or no filtering), mobile phone carriers behave in a much more gateway-like fashion. As such, mobile carrier proxies tend to add information into the headers of HTTP traffic, some of it just for session-tracking, others containing interesting data.
Of all the information added into HTTP headers, by far the most interesting is the inclusion of the user’s handset IMEI (a unique identifier) or mobile telephone number. These are inserted into headers, such as X-Network-info, and is then available to anyone with access to the network traffic. If a website is so inclined, they can log the headers associated with HTTP requests and then use this information to further track and/or advertise to you. If I were so inclined, I could wait for a mobile browser to leak the visitor’s telephone number and give them a call!
Your browsing activities are already very trackable thanks to a number of things including browser fingerprinting, but this issue now makes you potentially personally identifiable – and trackable. Mulliner’s set up a simple Privacy Checker, where you can see what headers your mobile browsing creates.
Apple Launches MobileMe Beta (adds persistent SSL)
After logging into my MobileMe account today I was greeted with a small banner in the left-hand menu announcing an upcoming Mail Beta. Although I haven’t yet been upgraded to the Beta, it appears that Apple have been hard at work on turning MobileMe Mail into a full blown web email client… it’s about time.
Additions include proper formatting capability, improved layout and display, e-mail rules, and persistent SSL. With regards to that last one, although MobileMe supports SSL at the login screen to protect your credentials, all subsequent information (read: all your emails are belong to us) is sent in cleartext – an issue I posted about a long time ago. Google enabled the option to use persistent SSL for its Gmail service back in mid-2008 (although it is an option you have to specifically set in your Gmail preferences).
From my initial impressions of the beta, it definitely looks much better to begin with. The ability to view your inbox in the three (classic, compact, widescreen) views will probably be quite popular. The search field also works better. They finally allow you to scroll fluidly through your mailbox folders, however it only loads a certain number of message at a time. Now, this wouldn’t be too bad except that in this case it takes a bit too long for that loading to happen. Apart from that the persistent SSL also works nicely, so once they fix any small bugs and improve performance, I’ll consider myself happy.
Oh… and there’s rumors that MobileMe might become free. THAT would make me happy too!
Loading ...
