Safer Internet: Browsing: Manage Storage of Private Data

Summary | Where/When | Private Browsing | Cookies | Autofill |
Do Not Track | Browser 'Fingerprinting' | Browser History |
Search History | Download History | Caches | Statistics |
References: General | Bookmarks / Favorites | Cookies | FingerPrinting | Google |
History | iOS | macOS | Microsoft | Private (Incognito) Browsing | Tracking


Summary

[1] When: Before, After; Where: OS, Apps, Browsers

  • Some data can be useful to you: speed, convenience, even necessary, e.g., for logins
  • Other data could be damaging in the wrong hands
  • Two strategies (or combo of both) to minimize this data:
  • Before: prevent data from being stored on your device or on servers in the first place -- settings or private browsing
  • After: remove stored data later -- manual commands or automatically upon exit from browser / app
  • [2] System utilities can remove some caches, history, e.g., macOS: Maintenance, Onyx; Win: CCleaner
  • Android: Settings
  • iOS: Settings > Notifications, Control Center, Privacy
  • macOS: System Preferences > Security & Privacy, Sharing, Parental Controls
  • Win: Control Panel / Settings
  • Applications that access the internet, e.g., Facebook, Maps, Skype, etc.; also see Email section
  • for Location, Notifications: Connection: Unnecessary Services section
  • Browsers -- settings vary; meanings of 'history' and 'web data' may vary
  • macOS: Safari > Preferences > Privacy, Security
  • Firefox > Preferences > Privacy, Security
  • Chrome > Preferences (or address: chrome://settings)
  • iOS: Settings > Safari
  • Windows: IE: Control Panel > Internet Options
  • [3] Some browsers come with pre-sets for more privacy/security settings, e.g., Epic, WhiteHat Aviator

[1] Consider Private Browsing

  • Typically stored locally & temporarily -- until tab/window closed: cookies; browsing, download, and search histories; form/autofill data; page or image caches
  • What's stored / hidden / erased may vary by browser; tradeoffs: performance, convenience
  • Another possible benefit: ability to exceed n-article/month limits on certain paywalled sites.
  • Potential loopholes: data from plug-ins / extensions; downloaded files still on disk; bookmarks; search engine might store terms on server; cached DNS lookups
  • Despite 'private/incognito' label, it does not provide anonymity per se -- just more temporary / compartmentalized browser storage; see VPN, anonymous browsing, e.g., Tor
  • Before (all windows by default)
  • Possible in some browsers, but not too practical since some sites won't work well; would there still be a way to open a new window in non-private mode?
  • macOS, iOS: Safari: not avail
  • macOS: Firefox > Preferences > Privacy > History > Always Use Private Browsing Mode
  • [3] Chrome -- involves starting with "-incognito" switch in AppleScript (macOS), Properties (Win) or command line
  • After (specific new window & tabs)
  • macOS: Safari > File > New Private Window
  • macOS: Firefox > File > New Private Window
  • macOS: Chrome > File > New Incognito Window {Figure 10: TCYOP-4: 91; TCYOP-3: 74}
  • iOS: Safari > [rects] > Private

[1] Reduce Cookies

  • Cookies are usually erased by Private Browsing, but some browser settings are useful anyway
  • Recommended: blocking "3rd-party" cookies
  • Blocking all cookies means some sites won't work well (or at all)
  • Allowing all cookies is a bad idea
  • Some badly implemented web sites may require use of 3rd-party cookies and/or cross-site tracking
    -- if you need to use that site: temporarily disable settings, finish your work, then re-enable
  • Erasing cookies means you'll have to re-login to sites, and perhaps re-enter a security answer or 2FA code
  • Before
  • macOS: Safari > Preferences > Prevent Cross-Site Tracking: on; Block All Cookies: off
  • macOS(older): Safari > Preferences > Privacy > Cookies and website data > Allow from websites I visit [screenshot]
  • macOS: Firefox > Preferences > Privacy > History > Accept Third-party Cookies > Never; Keep until:(expire, close Firefox); {Figure 11: TCYOP-4: 93; TCYOP-3: 76;}
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Cookies > Block third-party cookies and site data
  • iOS: Settings > Safari > Prevent Cross-Site Tracking: on; Block All Cookies: off
  • iOS10: Settings > Safari > Privacy & Security > Block Cookies > Allow from websites I visit [screenshot]
  • After
  • macOS: Safari > History > Clear History and Website Data (cookies, history, other data)
  • macOS: Safari > Preferences > Privacy > Cookies and website data > Remove All Website Data [screenshot]
  • macOS: Firefox > History > Clear Recent History
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Clear Browsing Data
  • macOS: System Preferences > Flash Player > Storage > Delete All (flash cookies)
  • iOS: Settings > Safari > Clear History and Website Data (cookies, history, other data) [screenshot]
  • [2] macOS: System Preferences > Flash Player > Storage > Delete All, i.e., "Flash Cookies"
  • see section Malware : Flash for more about Flash cookies or uninstalling Flash

[1] Minimize Browser AutoFill: Passwords, Credit Cards, Contacts

  • Most browsers can provide autofill; however, info is only as secure as device admin password
  • Backup? Share between browsers on same device?
  • Share between devices -- esp. if different vendors?
  • Generally, it's better to use a password manager
  • Before
  • macOS: Safari > Preferences > Autofill (contacts, passwords, credit cards)
  • macOS: Firefox > Preferences > Security > Logins > Remember Passwords for Sites
  • macOS: Chrome > Preferences > Advanced Settings > Passwords and forms > Enable AutoFill to fill out web forms in a single click; Offer to save your web passwords
  • iOS: Settings > Safari > Passwords & AutoFill (contact, passwords, credit cards)
  • iOS: Settings > Accounts & Passwords: edit
  • Win: Edge > Settings > View Advanced settings > Autofill: Save Passwords/Cards: off; Manage
  • After
  • macOS: Safari > Preferences > Passwords > Remove All (or selected)
  • macOS: Firefox > Preferences > Security > Logins > Saved Logins
  • macOS: Chrome > Clear Browsing Data
  • iOS: Settings > Safari > Passwords & AutoFill > Saved Passwords / Credit Cards

[2] Reduce Web Site Tracking

  • Turn off tracking in browser, even though some web sites may ignore this (optional) request;
    Apple has removed this setting in latest macOS & iOS (see below for older) --
    since it wasn't effective, and perhaps gave false sense of security?
  • macOS: Safari > Preferences > Privacy > Website tracking > Ask websites not to track me [screenshot]
  • macOS: Firefox > Preferences > Privacy > Tracking > Tell websites I do not want to be tracked
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Send a "Do Not Track" request with your browsing traffic
  • iOS: Settings > Safari > Privacy & Security > Ask websites Not To Track Me [screenshot]
  • Win: Edge > Settings > View Advanced settings > Privacy and services > Send Do Not Track Requests: on
  • Avoid "Single Sign On" login feature on 3rd-party sites using your Google, Facebook, Twitter credentials
  • In addition to controlling cookies (next), see section Ad Blocking to further reduce tracking

[2] Reduce Browser 'Fingerprinting'

  • Your unique combination of system settings and browser properties can enable web sites to identify you,
    even if you're minimizing/clearing cookies, using private browsing, etc.
  • Currently, some systems/browsers are better at minimzing fingerprinting,
    e.g., Safari, Firefox; -- and iOS generally; see Refs: Fingerprinting
  • Check your web browser's tracking settings, fingerprint uniqueness: EFF: Cover Your Tracks
  • Unfortunately, Cover Your Tracks doesn't advise on how to fix this...
  • Maybe use more defaiult browser settings -- to become less unique?
  • Hopefully other tools/approaches will be forthcoming.

[2] Reduce / Clear Browsing History

  • list of sites visited; usually erased by Private Browsing and utilities, e.g., Ghostery, Blur {TCYOP-4: 97, 101}
  • history may be accessible by other users, e.g., nosy friend, cybercafe, law enforcement
  • you can also use Bookmarks or Password Manager to save / return to important sites, rather than rely on history list
  • Before
  • macOS: Firefox > Preferences > Privacy > History > Remember my browsing and download history
  • After
  • macOS: Safari > Clear History and Website Data (cookies, history, other data)
  • macOS: Safari > History > Clear History and Website Data
  • macOS: Safari > General > Remove History Items (time) [screenshot]
  • macOS: Firefox > History > Clear History
  • macOS: Firefox > Preferences > Privacy > History > Clear history when Firefox closes (Settings: browsing, downloads)
  • macOS: Chrome > Clear Browsing Data
  • iOS: Settings > Safari > Clear History and Website Data (cookies, history, other data)
  • iOS: Settings > Safari > Frequently Visited Sites

[2] Reduce Search History / Suggestions

  • Usually erased by Private Browsing
  • Before
  • macOS: Safari > Preferences > Search
  • macOS: Firefox > Preferences > Search
  • macOS: Firefox > Preferences > Privacy > History > Remember search and form history
  • macOS: Chrome > Preferences > Advanced > Privacy > Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher search box; searches still saved and not clearable?
  • iOS: Settings > Safari > Search Engine Suggestions
  • After -- same as browsing history?

[2] Clear Download History

  • usually erased by Private Browsing -- though files may still be Downloads
  • Before
  • macOS: Safari > General > Remove Download List Items (time) [screenshot]
  • macOS: Chrome > Preferences > Advanced > Privacy > Content Settings > Automatic Downloads
  • After -- same as browsing history?
  • macOS: Safari > Show Downloads (far right icon)l > Clear
  • macOS: Firefox > Tools > Downloads > Clear Downloads
  • macOS: Chrome > Clear Browsing Data

[2] Clear Caches: Pages & Images

  • usually erased by Private Browsing and utilities
  • Before
  • macOS: Firefox > Preferences > Advanced > Network > Cached / Offline Content
  • After -- same as browsing history?
  • macOS: Safari: shift+click on the Refresh page button -- clears cache for only that page
  • macOS: Safari > Preferences > Advanced > Show Develop menu in menu bar -- add Develop menu
  • macOS: Safari > Develop > Empty Caches

[3] Reduce Browser Statistics

  • Diagnostic data may be useful to vendors for bug fixes and improvements -- optional: it's up to you
  • macOS: System Preferences > Security & Privacy > Diagnostics & Usage
  • macOS: Firefox > Preferences > Advanced > Data Choices
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Automatically send usage statistics and crash reports to Google

References

Bookmarks / Favorites

Cookies

Fingerprinting

Google

History

iOS

macOS

Microsoft

Private Browsing

Tracking