In this article, I am going to evaluate a few add-ons for Mozilla Firefox that help maintain control over the data that is being shared, and discuss some of their pros and cons. Similar or the same add-ons might exist for Google Chrome or other browsers as well. The plugins I am going to discuss are the following:

1. Ghostery
2. BetterPrivacy
3. NoScript
4. Beef Taco
5. AdBlock Plus

1. Ghostery

Ghostery is specifically designed to identify and notify the user about hidden or unhidden elements that might be able to track you and send information to third parties. It also allows blocking these elements altogether or selectively. It is by far the most useful privacy add-on available, since it generally works non-intrusively, has a comprehensive list of sites that track users, and it blocks the tracking by removing / not loading the questionable elements in web sites in the first place. In order to constantly improve and keep up-to-date with an ever-growing number of potentially tracking web companies, it features the so-called GhostRank, which allows users to voluntarily participate in collection of data to identify previously unknown tracking code.

For any privacy-concious user, Ghostery is definitely a must-have add-on. It is available for all major desktop browsers (although Chrome support is marked as experimental as of now) as well as for iOS mobile devices.

Pros:

• Non-intrusive
• Comprehensive and thorough blocking of tracking elements
• Automatic update of tracking blacklist

Cons:

• Blacklist functionality means that new companies not yet on the list might go unnoticed

2. BetterPrivacy

BetterPrivacy has a single purpose: Keeping track of, managing and deleting so-called super-cookies. Super-cookies are cookies (little pieces of information stored by websites on the user’s computer) that are stored in other places than the usual Web browser’s cookie storage – most notably using Flash or the newly established DOM storage. Needless to say, any cookie can be used to identify the user and thus pose a potential privacy risk. This potential risk is increased by the fact that these super-cookies may currently not be removed when using browser features such as “delete private data” or “private browsing”. BetterPrivacy allows viewing these super-cookies and deleting them manually or automatically when the browser is closed.

Since the automatic deletion of super-cookies removes a potential privacy risk and does not seem to have any negative effect on major websites (the BetterPrivacy website warns that some games might be an exception), I would definitely recommend using this add-on. It does not, however, offer comprehensive privacy protection. Tracking and collection of information can still be conducted when BetterPrivacy is used in isolation, especially when the same browser is used for e.g. browsing facebook and other pages at the same time.

Pros:

• Single point of management for super-cookies
• Automatic deletion of super-cookies does not seem affect any major web sites negatively

Cons:

• Single-purpose add-on – no comprehensive privacy protection

3. NoScript

NoScript is the weapon of mass destruction among the plugins discussed here. In the recommended mode of operation, it prevents all JavaScript from being executed unless explicitly allowed for a web site. On a typical web site that includes JavaScript code for that site as well as potentially tracking JavaScript from third parties such as Google or facebook, the user can selectively set for which of the originating sites JavaScript code execution should be allowed. This means that all active tracking functionality is sustainably halted.

There are, however, significant drawbacks to this method. Much of today’s web uses JavaScript for totally legitimate purposes, and it can take quite long to allow these script sources for a fresh install of JavaScript (I have dozens of web sites that I visit frequently or less frequently, and I need to allow JavaScript for most of them, and this more often than not involves multiple clicks since they do not only use JavaScript originating from the web site itself, but also third-party JavaScript that is required for them to work properly). Also, some sites provide both tracking and non-tracking utility scripts: a notable example is google.com.  In addition, if you for the first time use a new sites, especially in order to order goods or make other financial transactions (such as for services), these transactions will often require JavaScript to be activated for a number of sites, including the web site itself, the bank involved and so on. This might require several clicks to allow scripts for each individual site, each of them requiring a reload of the current page, potentially breaking the booking process, or, even worse, causing several bookings to go off. Alternatively, the user might temporarily turn off the protection altogether (and maybe forget to turn it on later again).

These drawbacks make NoScript hard to use for the non-expert user. I would thus not recommend using NoScript unless you know what you are doing.

Pros:

• Whitelisting functionality (i.e., execute JavaScript only when explicitly allowed) protects also against new tracking elements
• Blocking of JavaScript

Cons:

• No blocking of non-active tracking functionality, such as one-pixel images etc.
• Blocking of JavaScript impedes/breaks legitimate functionality of web sites as well

4. BeefTaco

BeefTaco might be considered the light, non-invasive method of privacy protction. What it does is send opt-out requests to advertising companies in order to stop them from serving behavior-based adverts. As such, it does not in any way affect the way that websites work and are displayed, but only affects the content of the adverts. Neither, however, does it prevent in a technical way an advertising company from collecting data about you. All it does is ask the companies to refrain.

In summary, the strength of BeefTaco is that it interferes neither with the fuctionality and rendering of a site nor with the legitimate concern of web site operators to make money by showing advertisements. However, if you don’t trust the advertising companies, BeefTaco is nothing for you.

Pros:

• Does not interfere with the web sites’ content

Cons:

• No technical prevention of information collection

5. AdBlock Plus

AdBlock Plus is, as the name suggests, above all, an ad-blocking add-on. It can, however, also block tracking code that is not advertisement-related. Since its most recent version, it also has an option to allow “acceptable”, non-annoying ads, though that behavior is currently limited to a very short list of ads since they have to be manually verified.

Since AdBlock Plus is not primarily a privacy tool, but an ad-blocking tool, I would not recommend it to users that are concerned only about their privacy. Personally, I consider advertising by itself not a bad thing: Apart from its obvious marketing purpose (which is a legitimate purpose in itself), it also serves as a means for web sites to make money (which is also a legitimate purpose). Especially for smaller web sites, which often barely earn enough money to finance their own expenses, let alone contribute to covering to the owner’s cost of living, the availability is often crucial.

Pros:

• Comprehensive ad-blocking functionality
• Recent addition of allowing non-annoying ads

Cons:

• Blocks legitimate, non-privacy critical ads as well

Summary

Some privacy-related measures should be taken by any user that is concerned about their privacy. For non-expert users or those that do not want to spend too much time configuring, Ghostery is definitely the best choice. Experts might be better suited with NoScript. Those who trust the advertising companies but simply do not want behavioral advertising should stick to Beef Taco, while those that want to get rid of ads altogether should go for AdBlock Plus. The super-cookie safeguard BetterPrivacy complements any of the other four options and is worth checking out in any case.

There is, however, one significant drawback to Web-based groupware: It requires the user to have Web access in order to use the software. While offices in most parts of the world today have fast Internet connectivity, there are—even without thinking of less developed parts of the world—situations in which online connectivity is not given. A few examples follow.

Many manufacturing or service companies have sales personnel that visit customers in order to present their companies’ products. Even though their laptops might be equipped with 3G connectivity, their coverage is still not satisfactory even in developed countries, and large amounts of steel-reinforced concrete, as is used in most large buildings, might kill the signal altogether. A similar argument holds for external personnel and consultants that work at a client company’s site: very often, they have no or severely limited access over the client company’s network, and 3G connectivity might be patchy as well.

Another situation in which connectivity is non-present, but people tend to be working is all work-related travel. While getting Internet connectivity on a train might already be difficult, on most airplanes it is still downright impossible. While first airlines are introducing Internet connectivity for intercontinental flights, short-haul flights still remain an Internet-free area.

What is common to all of these situations is that people will want to use groupware: personnel at a customer site will want to access and update contact information as well as have access to their calendars to schedule new appointments, and people travelling will want to plan their days as well as read emails or write them for later sending. As a result, groupware will be useful in these situations only if it allows offline access with later synchronization of changes to a central server—just like the basic mode of operation for Outlook and Lotus Notes provides. Web-based solutions are of little help under these circumstances, since they generally do not allow offline operation.

Given that groupware is only really useful if all employees of a company can use it, in essence any company that has some employees regularly in situations like the ones described above, will want to stick to a groupware suite with the possibility of offline operation. Particularly for larger companies, that is most likely the case, since they will have multiple sites in different cities or even countries, that some staff regularly have to travel between. In turn, wide acceptance of Web-based groupware suites is not likely to happen before these “dead spots” in online connectivity will have been eradicated.

Author : ctgPi (IP: 79.125.XXX.XXX , ec2-79-125-XXX-XXX.eu-west-1.compute.amazonaws.com)

The IP address belongs to Amazon’s EC2 (elastic compute cloud) service – the textbook example of a cloud service (more specifically, a PaaS or Platform as a Service) — so it seems that the spammer uses Amazon’s cloud to send out spam comments to blogs.

There are “positive” and “negative” sides to this (from the perspective of a spam target, not from the spammer’s perspective):

Positive:

• The spammer is probably identifiable since he/she needs to have an Amazon account and a credit card registered with that account for payment.
• “No computers were harmed in the making of this spam comment” — the spammer is not using a botnet of hacked machines

Negative:

• The advantages of the cloud that apply to anyone using cloud services also apply to the spammer — most notably the ability to scale up and down quickly. In essence this means that a spammer can in a matter of seconds enlarge the fleet of computers (all with different IPs) he/she controls to send out a whole bunch of spam mails/comments/whatever at once.

Those that will probably suffer most from this trend are legitimate users of cloud services such as Amazon’s EC2: They risk getting banned by server operators since the IP space provided by the service also hosts severe spammers. In the long run, this is probably a problem that cloud providers such as Amazon have to tackle in general — which is going to be a challenge, especially doing so without negatively affecting legitimate users.

For my interest and somewhat deeper knowledge in watermarking especially of audio content, I found the following talks very enlightening (in order of the conference):

• Supraliminal Audio Steganography by Heather Crawford and John Aycock: Although their approach to audibly hide information in audio files using sounds from the domain resp. genre of the audio content itself is far from being perfect at the moment, it seems to be a promising approach for steganography at the semantic level that could prove quite difficult for conventional steganography to detect.
• An Epistemological Approach to Steganography by Rainer Böhme: A very illustrative discussion of the empirical nature of steganography (and also other disciplines of information hiding) and the need for a separation between models of the steganographic channels and the steganographic algorithms themselves.
• A Phase Modulation Audio Watermarking Technique by Michael Arnold, Peter G. Baum, and Walter Voeßling: Using a watermarking method modulating phase information in the Fourier Domain, the authors attacked the challenge to actively measure audience rates for broadcast media. The MPEG psycho-acoustic model is used to determine embedding thresholds in order to ensure maximum audio quality.
• Perception-based Audio Authentication Watermarking in the Time-Frequency Domain by my co-workers at Fraunhofer SIT, Sascha Zmudzinski and Martin Steinebach: The integrity of audio content is protected by extracting features forming a robust perceptual hash that is in turn embedded into the content itself using a watermarking technique. This way, the authenticity of the content can be verified, even after common processing such as lossy encoding or analogue transfer.