How to Plug Security Holes in Your Browser
You depend on your Web browsers to link you with the information you need every day. But don't let your browsers bank information about you that may be damaging or embarrassing.
Browser History Snooping
Why You Should Care: Maintaining your online privacy can save your job--and your marriage.
Scenario: Just because you think you have nothing to hide doesn't mean that your PC's record of your browsing history can't get you in trouble. In the absence of any clarifying context, an observer might easily misconstrue entries in a list of sites you recently visited.
Fix: Try using your browser's private browsing feature--but don't depend on it. Long a feature of Apple's Safari browser, private browsing is praised as a way of surfing the Web without leaving a trail of Web site addresses behind you. Once you turn on Private Browsing in Safari, Apple says, you won't leave any traces of the sites you subsequently visit.
Add-ons for the Firefox browser offer Windows users the same benefits: Distrust gives Firefox 2.x and 3.x users a way to manage their browsing history, though some files that Firefox temporarily writes to disk don't get erased until the end of the browsing session. Firefox 3.1 (currently in beta form) is likely to add more-comprehensive private browsing features to the browser itself. To help users manage the new features, two add-ons--Private Browsing and Toggle Private Browsing--provide granular control over the settings. (Warning: In recent testing by a security firm to see which browsers' tools do the best job of protecting against tracking by Web sites, Safari's private browsing capabilities came in last place; Firefox, Google's Chrome, and Microsoft's Internet Explorer 8 beta also fared poorly.)
But no browser can completely prevent sites from tracking your visit. For maximum anonymity, you need to use a service such as the fee-based Anonymizer or the free Tor.
Tell-Tale Browser Cache
Why You Should Care: A browser's cache is a treasure trove of valuable personal information.
Scenario: Maybe you've just received some bad news from your doctor--a diagnosis of a serious medical condition, something you may not be ready to reveal to others. You decide to do a little Web research on the topic, but don't want any trace of what you were doing to remain on the PC, lest someone stumble upon your secret. Or perhaps you've been shopping for the perfect engagement ring. If the intended recipient were to see the names of jewelry Web sites among the list of fragmented files during a defrag session, it could spoil the whole surprise.
Designed as a way to speed up surfing, the cache keeps copies of the text, images, and other snippets of code from the Web pages a person visits. Obviously, you could learn a lot about someone's surfing habits and interests by dumpster-diving in this collection--much more than by just looking at the browser's History list. Other saved content might include the text of e-mail messages read via Web mail. For some time, Firefox, Safari, and some other browsers have given users a lot of control over cache trashing, but Internet Explorer 8 will be the first version of IE to offer a secure browsing feature, called InPrivate, designed to eliminate any traces of history when you shut down IE.
InPrivate deletes the browser's history, cookies, and Registry traces that would enable someone to retrace your online steps. Nevertheless, it doesn't render the cache a clean slate.
Fix: The best way to keep things clean is to prevent the browser from leaving anything on the hard drive. There are two ways to achieve this objective: Instruct IE to save its cache to a portable drive that you keep plugged in whenever you need to use the browser, or use a software utility to wipe the cache securely after you're done surfing.
You can do the former (using IE) in four steps: Open the Internet Options control panel, click the Settings button in the Temporary Internet Files section, click the Move Folder button, and navigate to a folder on your external drive. To do the latter, try an excellent free tool called Eraser, which securely deletes browser cache files (and other data) by overwriting the files numerous times.