Advertisement

Protect yourself from being tracked by Google, Facebook, and others

There have been a lot of stories lately about websites trying all sorts of things to keep track of people and invade their privacy. First it was Facebook, and now Google.

I protect myself from Facebook tracking me by using a Fluid browser for Facebook. Because I paid the US$5 to register the app, I can use separate cookies from Safari.

Here's how I setup Facebook in Fluid. This is how I created the app:

Once the app is created, launch it, and separate the cookies from Safari:

And then set it so that any link off of Facebook will open in another browser (note: this is the default, you don't have to change anything to get it to do this):

Fluid for Google

I do a similar thing for Google, but it's actually more restrictive: no JavaScript and no cookies allowed:

No JavaScript means no Google instant, which I loathe, no little popup telling you they are changing their privacy policy.

The whitelist settings only let the browser bring me to Google sites, so any results I click on will open in my regular browser. I've been trying to get Google to open results in a new window for years and they always forget that setting.

You can also change the User Agent which is sent to Google, which can change the format of the results. For example, maybe you prefer the iPad (oh, I mean "tablet") format. You can get that by telling the Fluid app to report itself as an iPad:

Don't want a separate browser? How about a fast logout?

Maybe you don't want a separate browser, but want to make sure that Google isn't associating your searches with your Google login. Well, assuming that Google hasn't found another way to track you even when you aren't logged in, you can make a bookmark shortcut to make sure that you are always logged out before you do a Google search. Just bookmark this link https://accounts.google.com/Logout?hl=en&continue=http://www.google.com/ and click it whenever you want to do a Google search. Or drag this link to your bookmarks bar:

Safe Google Search

"But if I'm always logging out of Google, won't I have to keep logging in to check my Gmail?"

Logging out of Google is easy, but if you want to use Google services like Gmail or Google Voice, you'll probably want to be logged in. There are a couple of ways to work around that.

Option 1: Use a different browser for Google - If you usually use Safari for your regular browsing, use Google Chrome for Gmail, Google Voice, etc.

Option 2: Use Fluid or Mailplane for Gmail - I've been a Mailplane user since its days in beta, and it's my favorite way to use Gmail. Of course you could also use a Fluid browser instead.

Option 3: Use an app instead - This may be too obvious to even suggest, but there are good alternatives for using Google's services in a web browser. You can use Mail, Sparrow or Postbox instead of Gmail, or BusyCal instead of Google Calendar. I vastly prefer GrowlVoice to using Google Voice's website (although there are some Google Voice settings you can't access except through the website, but they aren't ones you'll probably use often).

Option 4: Log in to Google quickly using 1Password - If you use 1Password , you can make a "one click" bookmark for logging into Google/Gmail/Google Calendar/etc. Just drag the entry from 1Password to your the bookmark bar in your browser of choice. Brett Kelly did a nice write-up about that feature.

"I don't trust anyone! I want to delete everything!"

This seems like a huge overreaction, but in just a few minutes of casual web browsing, there are 44 websites which have stored cookies and other cache files on my computer. Are Google and Facebook the only companies out there doing nefarious things with tracking activity online, even if you've told Safari not to accept 3rd party cookies? That seems doubtful. Google and Facebook may be the largest companies, but probably not the only ones.

So maybe it isn't a terrible idea. The question is how to do it. If you try to disable cookies, caches, and everything else from within the browser, you'll find a lot of sites just don't work. Instead, it's probably easier to just let the browser work as designed, but then clean up after it. There are two ways to do this: the manual, GUI way, or the automatic, scripted way.

The manual, GUI way is to use the "Reset Safari..."

That option will bring up a whole host of "cleaning" options:

By default there's no keyboard shortcut for it, but you can make one in System Preferences » Keyboard » Keyboard Shortcuts. I use Command + Option + R:

Note that you need to have that menu item exactly as shown: Reset Safari... with an ellipses ... not three periods.

The automatic, scripted way doesn't allow for as careful or selective deletion, but you also don't have to remember to use it. You can automate it with a LogoutHook, which is basically a shell script which runs whenever you log out.

WARNING! This script will run as root and is going to use rm -rf which is one of the most potentially destructive commands that you can run. If you make a mistake here, you could delete data, or render your computer unbootable. "Be careful" is an understatement. "Use at your own risk" is another. As always, make sure you have a verified backup before testing something like this. If you aren't sure what you are doing, stick with "Reset Safari..."

Create a file anywhere you like. I recommend /usr/local/bin/logouthook.sh and make it executable chmod 700 /usr/local/bin/logouthook.sh and then tell it to clean up after Safari every time you log out.

(Strange aside: if you quit Safari, delete Safari's "binarycookies" file, re-launch Safari, and try to access one of the sites which had stored information in the cookies file, Safari re-creates the 'binarycookies' file. That does not seem to happen if you delete the binarycookies file via LogoutHook.)

Then you have to tell the system to use that script when you logout. You'll need to enter your administrator password:

sudo defaults write com.apple.loginwindow LogoutHook /usr/local/bin/logouthook.sh

Note that the script will delete all of your cookies, local storage, and local "database" files from sites you log into. Plenty of good sites use those technologies to make your web browsing faster, easier, and more enjoyable. Deleting them regularly may be more hassle than it is worth. One of the drawback is that you will be logged out of all the websites which use cookies to keep track of your logins. As always, there is a trade-off between privacy/security and convenience. If you do this, I highly recommend creating 1Password bookmarks for easy re-login for sites you use most often, or create separate Fluid.app browsers for them with separate cookies.

What's the right answer?

Truthfully, I don't know what the right answer is. For years I have thought that concern about 'cookies' was much ado about nothing, but given the motivation of companies like Google and Facebook to gather as much information about you as possible to sell to marketers, I'm less confident as I once was. Instead, I find myself wondering, why not accept a little inconvenience in exchange for increased privacy?

If you do decide to use Fluid.app browsers for Google, you can find some great looking app icons at http://csi.nfshost.com/goodies/. There's also a Flickr group for Fluid.app icons.