I run all such queries in a dedicated Linux VM so that I visit any "strange" websites only in that VM. I use a browser not connected to my (sync) account and don't login to any of my usual websites. uBlock Origin with all kinds of lists enabled is on, uMatrix is installed but it was too much of a hassle so it remains disabled.
I hope my feeling of relative safety is justified, but I'm not a security expert(?).
PS: Before anyone gets upset that I use such services, I'm not a heavy "pirate" by any measure. When I needed it I purchased software like Adobe Creative Suite or Jetbrain IDE licenses without hesitation. I only use it for things I don't really need and only use once, such as checking out a TV series (I very, very rarely watch anything, relying on specific Youtube and Twitch content instead, leaving two - one came with the apartment rent, one with the Internet - cable TV subscriptions unused).
heh heh. the silly article made it sound as if that wasn't an option. trust the journalists to stuff things up.
so how do I do it?
Edit: I dont use Firefox, so AdBlock is out of the question, and I have no idea what websites do this. Is there a list available somewhere?
How can I discover whether or not a website does this without visiting them in the first place?
I can only assume. It's annoying that I can't (trivially) block that level of information gathering. I use AdBlock and I disable 3rd party cookies. I personally don't think I've looked up anything that would "tip my hand", but I'm sure my wife has used my computer/browser enough that things she researches have leaked into the corporate overlord databases.
I take great care to separate my browsing sessions. Still I find YouTube recommendations on my main account on topics that I watched on another machine in my home network. My typical setup involves:
1. Virtualbox VM restored to a snapshot after each usage (browser completely clean, never uses my main Google accounts here)
2. Firefox on main machine with clear all cookies set, ublock origin. Rarely logs into my main Google account, if I do, always in incognito.
3. pfsense with block lists for Google & Microsoft
4. Mobile with Disconnect tracking blocker (mobile wide) plus Firefox focus & Firefox set to clear all history on exit.
Still Google manages to track me. Whenever I see those recommendations in YouTube, I feel like Google is mocking me - "ha ha do whatever you want, you can never hide from us".
I know I can use Firefox instead of Chrome and DuckDuckGo instead of Google. What are some other things I can do? What extensions and settings should I be sure to have on my web browser? Also, is there a way for me to assess how much of my private information has been compromised?
It is clear when you're on a browser that your search terms and text inputs go to a server somewhere. And RMS has plenty of warnings about such things as Google Instant, Facebook "likes" and other sneaky ways websites spy on you.
But at least up until now you could stay away from that stuff by just not opening a browser, and you knew to be careful when you did. Now there is no line, just "be careful what you type on a computer, period. You don't know who's watching". And that's a lot worse. What if your private journal on your hard drive is mined for targeted advertising? No, keep the web and my desktop separate, that's the point.
Yes, that's mainly what I was thinking of. Search suggestions, which are on by default. Chrome also has some sort of hostile site checker but that may use locally cached blacklists, I can't recall.
I always disable the "Block reported attack sites" and "Block reported web forgeries" protections in the settings... I don't need my browsing history to be sent to yet someone else...
I don't know if being that paranoid is healthy, unless the government or the mob is trying to get you. In which case, there are easier ways to do so besides tracking your browsing habits.
Having said that, maybe you can try browsing on a VM that you can reset via snapshots.
I haven't had an issue, but I avoid "major websites" like the plague, as they are the modern equivalent (though measles is making a comeback). If a site breaks with good privacy settings, it's a decent indicator you're better off not visiting. If a breaking site shows up on my radar too much, I add the domain to an add-on I made to hide links to it on any page. My HN/reddit/search results/etc views usually have a few blank lines, they're links to domains I have determined I never want to visit ever again. My RSS reader gets a variation of the filter, so they don't show up there either. It feels really good to have the power to remove an entire site from my personal internet.
Any browser add-on could be monitoring your entire on-line activity. Why the hell does that suddenly become a problem when one's up-front about what data they collect, when they collect it, and what they do with it?
And no, they don't say "trust me". As I mentioned in my first comment, they say "if you don't trust us, unpack the add-on and check the source yourself". Which you definitely can - I just did it myself to verify, and it looks like easy reading to me.
Modern problems require modern solutions. The moment I see telemetry URLs in my browser - I will add it to uBlock Origin filters and submit a pull request into EasyList PrivacyList. Boom, like that.
As an engineer, I'm amazed. As a person who doesn't want the person on the other end of every website I visit to know who exactly I am, I feel violated. At this point though, all I feel I can do as a hapless consumer is to desensitize myself to said violation.
I use a VPN, Pi-Hole, Ghostery and Firefox. All of these a relatively recent additions though, so if a website can get my email and that links to an already existing database of all my collected data up to that point, I'm buggered anyway.
My approach is similar to yours. I also take the step of using services I'm persistently logged into in different browsers than the one I do my general browsing in.
I also share your concern that my (lack of a) footprint makes me an outlier, and thus inherently more interesting to an adversary with the power and reach of No Such Agency. There's precisely zero I can do about that, without compromising my local objective of not being followed by every damned website, though, so I just carry on.
One way to protect youself is by writing a program that sends random requests every few seconds to an URL of a database of millions of URLs. Then they will have to find out which your actual visits were and which not.
I hope my feeling of relative safety is justified, but I'm not a security expert(?).
PS: Before anyone gets upset that I use such services, I'm not a heavy "pirate" by any measure. When I needed it I purchased software like Adobe Creative Suite or Jetbrain IDE licenses without hesitation. I only use it for things I don't really need and only use once, such as checking out a TV series (I very, very rarely watch anything, relying on specific Youtube and Twitch content instead, leaving two - one came with the apartment rent, one with the Internet - cable TV subscriptions unused).
reply