Today's extension is from the area of - surprise surprise - security and privacy. I guess I am getting slightly paranoid from all the security related stuff I am listening to. But I promise I will switch back to "standard" TWIT, MacBreak and Windows Weekly to compensate the security heavy topics. But it certainly true that the more you are aware of what is technically possible, the more hostile Internet you will see ...
The extension name is Stealther and it can help you surf the web without leaving a trace in your local computer. What it does is temporarily disable the following:
- Browsing History (also in Address bar)
- Downloaded Files History
- Disk Cache
- Saved Form Information
- Sending of ReferrerHeader
In other words, with Stealther on, you can visit dubious sites without leaving traces on your local computer - this is the key. It is important to understand what it does NOT do because people sometimes get false feeling of security when using tool like this. Even with Stealther on,
- Remote site still will know your external IP address
- you will be vulnerable to all exploits to the degree your browser is vulnerable (with Firefox, you will be much better of than with IE version <= 6, but not really secure
- full history of your interaction with the site can be recorded at the site or at your ISP
Simple experiment can visualize what exactly is the difference between surfing with and without Stealther: using the LiveHTTPHeader extension, let's click a link 'Firefox Help and add ons' on Firefox default start page and compare the difference. Here is the HTTP request without Stealther (ignore the line numbers, they are from Smultron):
and here is same request with Steather on:
What is missing is the Referrer link - the foreign site will not know where you came from. Which may or may not be important. Other than that - the site will still get all information about your browser version and OS, which can be used (in case of malicious Web site) to render page that will try install spyware or virus or benefit from known browser exploits.
Despite of that, Stealther is very useful to control cookies. In Firefox, you can set option that every attempt to set cookie can be examined and manually confirmed. If you decide to do that, you must have a patience of a saint, because browsing will become very annoying sequence of deciding whether you allow or disallow cookies. With Stealher, you can keep your browser setting on less draconian (and more practical) level and activate "cookie killer" on request, whenever you will enter zone of aggressive sites that may try to trace your digital pathways.
Stealther does pretty decent job in covering your trails on local computer side. It is very small, fast and non-intrusive. Of course, if you want *really* to be sure you have not forgotten anything, the best way is to install Linux in virtual machine with Firefox browser, surf from the VM environment and throw the virtual disk away after you are done. Do not forget to use few anonymizing proxies (ideally located in different countries) and start your surf from public anonymous internet location like Bridgehead . Hush hush ...