Besides blazing fast JavaScript benchmarks, privacy mode is the big new feature in modern browsers. The latest version of Firefox includes many privacy enhancements that can keep others from seeing what you've been up to while online. But what if a friend, family member, or boss wants to borrow and/or look at something on your computer? How do you play it cool and hide tabs you don't want them to see?
Developer Diego Ruiz has come up with a solution called HideTab that does just that. You can very quickly hide one or all open tabs with a keyboard shortcut or right-click contextual menu. This means the tabs can't be seen both along the top of your browser, and in the list of open sites. Instead, you can only see what you've hidden in a small, and subtle pop-up menu that sits in the bottom-right-hand corner of your browser. There's also a keyboard shortcut that restores all of the tabs you've hidden.
HideTab lets you hide certain tabs one at a time, or all at once in case someone comes by when you're looking at something you don't want them to see.
(Credit: CNET)One thing to keep in mind is that hidden tabs still continue to run in the background, which means if you're watching a video or listening to music it's going to keep playing. Hopefully a future version will provide the option to mute the audio from any tabs that are hidden.
Beyond privacy, this add-on can be a useful tool for leaning down the number of tabs you want to see. I regularly do tasks in my browser that involve hopping around to a few specific tabs, and sometimes it's nice to hone down to just those few without transferring them to a new window or doing a lot of reorganizing.
HideTab is an experimental extension, which means there may be a few bugs that have not been worked out prior to its review by the Mozilla community.
Related: How to hide your tracks at work
Microsoft has made great strides in educating Windows users about the need to keep their systems secure by downloading and installing the most recent updates. (I still recommend that you set Windows' Automatic Updates to download but don't install, as I described in a blog post from last July.)
The irony of the heightened awareness of Windows updates is that malware is less likely to target vulnerabilities in Windows--or other PC operating systems, for that matter. These days, most viruses and Trojans use holes in your browsers, media players, or Web applications to breach your system's security. That's why it's imperative to keep these programs up-to-date, which is a subject I covered in a post from last April.
Google pushes updates to its Chrome browser automatically--without bothering to let you know about it (the current version is 2.0.172.30). You may think I'm a hypocrite for preventing Microsoft from loading its updates automatically and applauding Google for doing the same thing with its browser. Here's the difference: if a Chrome update causes the program to malfunction, I can simply use another browser, but if a Windows update screws up, my entire system's hosed until I fix it.
If you want to use Chrome to browse without leaving any tracks on your system, press Ctrl-Shift-N to open a new browser window in Chrome's incognito mode. The sites you visit subsequently will not appear in your browser history nor will terms you search for stay in your search history. You won't pick up any new cookies, either.
You'll find plenty of add-ons in the Privacy & Security section of the Firefox Add-ons page that give Firefox a similar stealth mode. You can also choose Tools > Clear Private Data to wipe your tracks in Firefox, but this setting erases all your history in the various categories. Chrome's incognito mode lets you retain the history you want and delete the history you don't want.
Google's Chrome browser lets you surf without leaving tracks on your system via its incognito mode.
(Credit: Google)I've been spending a lot more time browsing with Chrome lately, and not just because of its incognito mode. Chrome seems faster to me than Firefox or Internet Explorer, and I'm getting used to Chrome's streamlined interface. Firefox remains my default browser, however. The one Firefox security add-on I won't browse without is InformAction's NoScript (donationware), which lets you block JavaScript, Flash, and other scripts on a site-by-site and source-by-source basis.
The best way to enhance your privacy while using Firefox is to set the browser to delete cookies each time you close the program. To do so, click Tools > Options > Privacy, select "Always clear my private data when I close Firefox," and click OK.
Check "Always clear my private data when I close Firefox" in the browser's Privacy settings to maintain your Web privacy.
(Credit: Mozilla Foundation)So what about Internet Explorer? IE 8 is said to be more secure than IE 7, which in turn was said to be more secure than IE 6. Two facts remain: Internet Explorer uses ActiveX, which in my opinion is inherently insecure; and IE 8's security options are way too complicated. What do those slider controls mean, really? (Press Alt, click Tools > Internet Options, and choose either the Security or Privacy tab to see what I mean.)
Bonus tip: Encrypt Gmail
I've been using Gmail as my primary e-mail service for several years, but it wasn't until a couple of months ago that I started encrypting my Gmail correspondences. (In fact, encryption wasn't available in Gmail until a couple of months ago.) To use encryption in Gmail, click Settings in the top-right corner of the main window, scroll to the bottom of the General tab, select "Always use https," and click Save Changes. Note that this setting prevents the iGoogle Gmail widget from working, but that's a small price to pay for the added security.
Web privacy resources
For more information on the privacy options in Google services, visit the Google Privacy Center. Along with an FAQ and overview, you'll find privacy videos and specific privacy options for YouTube, Orkut, Blogger, Docs, and other Google services.
The SANS Institute's Internet Storm Center offers a daily Internet threat level (green, the last time I checked) as well as information on the sources of recent Internet-based attacks and extensive links to other Internet security sources.
For a soup-to-nuts look at browser security, read the United States Computer Emergency Response Team's article Securing Your Web Browser. The information was last updated more than a year ago but remains relevant. Some of US-CERT's browser-setting recommendations are overkill for regular, everyday browsing, so take the advice with the proverbial grain of salt.
Google Latitude shows your friends on a map--as long as they've agreed to share their location.
(Credit: Google)Just because the Internet has broken down geographic barriers, don't assume that Google doesn't care about geography.
The company plans to launch software called Latitude on Wednesday that lets mobile phone users share their location with close contacts. Google hopes it will help people find each other while out and about and to keep track of loved ones.
"What Google Latitude does is allow you to share that location with friends and family members, and likewise be able to see friends and family members' locations," said Steve Lee, product manager for Google Latitude. For example, a girlfriend could use it to see if her boyfriend has arrived at a restaurant and, if not, how far away he is.
To protect privacy, Google specifically requires people to sign up for the service. People can share their precise location, the city they're in, or nothing at all.
"What we found in testing is that the most common scenario is a symmetrical arrangement, where both people are sharing with each other," Lee said.
The software spotlights Google's fixation with mapping and location technology. Location is an important part of navigating the real world, and Google clearly sees its geographic services as a way to establish a more personal connection with customers who today use Google chiefly for the virtual realm of the Internet. And of course money is involved, too: Google hopes its mapping technology will lead to location-based advertising revenue.
Google's power is firmly lodged in search and search advertising, but the company is trying to expand to broader online services, too. That includes online documents and various aspects of social networking, which are much more personal services and ones that put Google into more direct competition with rivals such as Microsoft, Facebook, and Yahoo. Like using Google profiles to contact information with select contacts, using Google Latitude tells Google who's who in your social graph.
Latitude lets you contact somebody who's close by.
(Credit: Google)
How it works
Latitude is part of Google Maps for Mobile, the company's mapping software for mobile phones, but also can be used through a gadget loaded onto its iGoogle customized home page. It'll work in 27 countries at launch, Google said.
Initially, it will work on most color-screen BlackBerry phones, most phones with Windows Mobile 5.0 or later, and most Symbian-based devices such as Nokia smartphones. An update to the Google Android operating system now being distributed to the T-Mobile G1 phone also enables it, and iPhone and iPod Touch users will get the option "very soon," Lee said.
Latitude uses Google's technology to judge a user's location not just by GPS satellite, but also by proximity to mobile phone towers and wireless networks.
That's a much more automated approach than the manual "check-in" process used by Dodgeball, a service that Google decided in January to shut down.
Other competitors exist, though. BrightKite and Loopt offer mechanisms for people to find each other by mobile phone, for example. Then there's MobiFriends, Tripit, and Dopplr.
And Google's clearest competitor, Yahoo, offers some competition with Fire Eagle. That service doesn't provide location information, but it does provide a mechanism to centralize people's geographic privacy choices, in effect taking care of some of the social graph management when it comes to location information.
To use the service, you need a Google account to record who has permission to see your location. For choosing who gets to see your location, you can use contacts stored with Gmail or Picasa, Google said.
The white lie
With the service, you can hide from specific people or disappear altogether. And you can manually set a specific location if, for example, your phone can't show it with sufficient precision or if you wish to tell someone a white lie about whether you really aren't going to go to the candy store.
People must agree to share their location before Latitude will work.
(Credit: Google)Google envisions two broad classes of people with whom you might want to share location information. First is a small, close-knit circle of friends and family with whom you're willing to share your exact spot. Second is a larger group with whom you're happy to share city-level detail, convenient for finding out when somebody's in town but not much more.
When somebody is close, the software lets you contact the person various ways--by calling or sending an e-mail or text message, for example. It also lets you hide from that specific person.
Privacy is of course a significant concern when it comes to sharing this sort of information. If you want to use Latitude, you must specifically enable the service.
Meeting your pals at a bar is an obvious example of the software's possibilities, but there are softer cases I see as useful, too.
Lee pointed to a case where a friend's girlfriend, though far away in Seattle, will "virtually place herself next to him." That sounds a little sappy for my tastes, but I can still relate. My wife is on the other side of the country right now, and it would be heart-warming to see just where. There are a lot of occasions where technology is better for maintaining relationships than it is for establishing them, and this looks like one to me.
(Credit:
CNET)
Identity Finder released a free version of its Windows privacy application that's aimed at in-betweeners who worry enough about identity fraud to seek a privacy application, but not enough to trade vigilance for cash.
Of course, that's only one way to look at Identity Finder Free, introduced Thursday. Another is its role to attract spenders to a product family they may not otherwise be aware of or interested in. And why not? All's fair in business promotions during acute economic decline.
Identity Finder Free, a light version of Identity Finder Home Edition, retains the application's core purposes of searching your PC, and Firefox, or Internet Explorer browser, for passwords, credit card details, and other sensitive information a data thief could easily use to hijack your identity--and then destroying them at your say-so.
The application installs a shared start-up window for both Free and Home editions. From there you'll check a box to use the limited free version a single time, or every time thereafter.
The free version won't scour your e-mail messages and attachments, generate reports, or search in the background--for those features you'll need to upgrade to the $24.95 version. (Compare versions here.)
Late Monday a small, yet big Firefox feature was released to testers of Minefield, Mozilla's testbed application for new browser innovations. The new feature is private browsing, also known in some circles as "porn mode." When toggled, it takes your Web history, user names, passwords, searches, and cookies and bins them the second you close out the window, effectively making it appear that the session never existed.
Monday night's Minefield build included said privacy mode in all its glory, giving browser users the freedom to hide their browsing habits from others.
Similar to the implementation found in browsers made by Apple, Microsoft, and Google, the new mode can be started at any time during a browsing session. However, users must allow their existing window (with any open tabs) to be shut down while using the freshly opened "private" one. Once they close that out, it will simply re-open their original browsing session. Users can also opt to have every session start out in privacy mode, which could be a useful setting on public computers.
The feature has been on Firefox's road map for some time now (Mozilla's bug tracker has it posted back in mid-2004), however it could not be completed in time for Firefox 3's release back in mid-June. In the meantime users have been able to achieve similar results using several extensions--the most notable being Stealther.
Expect to see privacy mode making its way into Firefox 3.1, which will feature privacy and performance tweaks, along with improvements to the built-in tagging system. If you want to become a tester, you can find out more here.
[via Mozilla Links]
Setting the iPhone to emergency call mode allows someone to see incoming text messages even if the passcode lock is turned on.
(Credit: Karl Kraft)A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.
The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.
Those settings block the display of incoming text messages and show an alert saying "New Text Message" if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.
"Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message," Kraft writes.
Apple representatives did not return e-mails seeking comment.
A different security hole related to password-protected iPhones was discovered in August, and last month a researcher disclosed that the iPhone captures all the activities of a user in order to enable the cool fading applications effect.
Of the two big browsing features of 2008, one seems to run counter to where developers are driving their browsers. The melding of the location bar to the search bar was expected in Firefox and Opera, thanks to beta versions. Chrome has it, too, calling it the Omnibar. What seems to have caught developers off-guard has been the clamor for a universal switch to stop the cache and browsing history from recording anything at all.
Internet Explorer 8's InPrivate.
(Credit: CNET Networks)Microsoft's InPrivate debuted in Internet Explorer 8 beta 2, and Google Chrome's version is the well-received Incognito feature. So far, in Firefox, the feature has only been available via the Stealther plug-in, which basically copies all the features of InPrivate except that you don't have to open a new browsing window. Now, Mozilla has announced through the Firefox 3.1 status tracker that a privacy toggle will be a baked-in feature.
It turns out that Mozilla has had such a toggle on its radar since 2004, when Apple's Safari introduced a cache-avoiding browsing session. So what took so long for Firefox to decide that this should be a rolled-in feature? As others have noted, Firefox director Mike Beltzner declared that the feature would need to take a backseat to keeping the browser on schedule.
Google Chrome's stealth mode, Incognito.
(Credit: CNET Networks)Pressure from this being a near-universal feature has no doubt accelerated its importance, although Mozilla plans to put its own spin on what it can do. In addition to turning off the page cache and the browsing history recorder, there will be no autofill for passwords and new passwords used will not be saved. Also, all cookies acquired during the session will be discarded, as will downloads in the Download Manager. Essentially, pages visited will be stored in the memory, not on the hard disk--although there's no word on if or how this will affect performance.
Another aspect of the current unnamed feature will save all tabs and close the session, re-opening a new blank browser window. When the private session is finally turned off, the older session will re-open. One difference from Microsoft's InPrivate will be that there won't be any neon advertising that private mode has been activated, according to Mike Connor, the lead developer on Firefox. The fact that you are using a privacy mode will remain private.
Updated 2 p.m., with change in license terms.
Google said on Wednesday that it plans to alter contract terms that gave the search provider broad rights to use anything entered into its new Chrome browser.
"In order to keep things simple for our users, we try to use the same set of legal terms (our Universal Terms of Service) for many of our products," Google said in a statement provided to CNET News. "Sometimes, as in the case of Google Chrome, this means that the legal terms for a specific product may include terms that don't apply well to the use of that product. We are working quickly to remove language from Section 11 of the current Google Chrome terms of service."
As first noted by CNET News on Tuesday, Chrome's End User License agreement appeared to give Google a perpetual right to use anything one entered into the browser. Section 11 stated that although users retain copyright to their works, "by submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."
Google said the change, once it is made, will apply retroactively to anyone who has downloaded the browser.
All this is separate from the issue of what information Google plans to store on its servers. Provided that users leave on the auto-suggest feature in Chrome and have Google as their default search provider, Google has the right to store any information typed into Chrome's Ominibox, which serves as both search bar and address bar. The software maker told CNET News it plans to store about 2 percent of all such data, along with the IP address of the computer that entered the information.
Update: As of 2 p.m. PT, it looks like the terms have changed. Section 11 now reads simply: "11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services."
Don't count Internet Explorer out just yet.
On Wednesday, Microsoft released the second public beta for Internet Explorer 8. If anything, this release brings IE up to par with alternative browsers such as Opera, Apple's Safari, and Mozilla's Firefox in terms of security and features. It also pushes Microsoft a little ahead of the competition.
The user interface hasn't changed much since Internet Explorer 8 Beta 1, except to add a Security pull-down menu between Page and Tools on the main toolbar. In addition to blocking phishing sites, IE 8 now highlights the main domain of any Web site you visit. Thus if you think you are on eBay's site and something other than ebay.com is highlighted, chances are you are on the wrong Web site.
IE 8 also contains a cross-site scripting filter, one of the first in a mainstream browser. Cross-site scripting allows an attacker to execute script on a user's browser without them knowing. When the IE 8 filter finds a Web page with a cross-site scripting request, it changes the content on the page with a notice. Users are not presented with an option; IE simply blocks the malicious script from executing and then displays the rest of the page.
In another feature, known as InPrivate, Microsoft allows the user to suspend caching functions while you surf. The scenarios for using InPrivate include when you're using someone else's computer, like for instance, when you need to buy a gift for a loved one without ruining the surprise, or when you're at an Internet kiosk and don't want the next person to know which Web site you visited. While you can currently clear the browser cache with a mouse click, it's an all-or-nothing action. InPrivate temporarily suspends the automatic caching functions, allowing you to keep the rest of your browsing history intact. Apple Safari has offered this feature for a while, but Mozilla Firefox does not.
IE 8 Beta 1 has already introduced several behind-the-scenes security changes. For example, ActiveX components will be installed per user, which eliminates the need for everyone to have administrator privileges. In addition, you must acknowledge or opt in for the component to run, eliminating drive-by downloads. Components will be per site and will only be available from the site of origin. Finally, site developers can request killbits from Microsoft which can be sent via Windows Update to terminate risky or outdated components.
Also, IE 8 Beta 1 included Microsoft's own brand of malware protection. Earlier this year, Opera added Haute Secure malware protection, and Mozilla enhanced its Google and StopBadware malware protection in Firefox 3.
See also:
Internet Explorer 8 Beta 2 screenshots
Review: Internet Explorer 8 beta 2
Daily Debrief video: The newest IE 8
For many, privacy on the Web is a concern. And for Microsoft's Internet Explorer team, privacy is a feature.
In a meeting with reporters this week, Satya Nadella, senior vice president of Microsoft's search, portal and advertising platform group, said the company's browser will come with a private browsing mode. And Long Zheng of the istartedsomething blog surfaced two telling Microsoft trademarks that appear related: Cleartracks and Inprivate.
Satya Nadella, senior vice president of Microsoft's search, portal and advertising platform group
(Credit: Stephen Shankland/CNET News)Both trademarks are involved with Web browsers, according to the applications with a July 30 filing date. The Cleartracks trademark involves "computer programs for deleting search history after accessing Web sites," according to the Microsoft filing. And the Inprivate trademark involves "computer programs for disabling the history and file caching features of a Web browser; and computer software for notifying a user of a Web browser when others are tracking Web use and for controlling the information others can access about such use."
One obvious use case for privacy browsing modes is surfing the Net for pornographic materials without leaving traces, but other, less unseemly use cases also exist. "Users may wish to begin a private browsing session to research a medical condition, or plan a surprise vacation or birthday party for a loved one," according to Mozilla's discussion of a private browsing feature.
Microsoft didn't comment on the applications beyond a brief statement, "We are investing in privacy in IE8."
And in a June blog posting, Microsoft said privacy is one of the major components of the "trustworthy browsing" element of Internet Explorer 8. "The larger challenge here is notifying users clearly about what sites they're disclosing information to and enabling them to control that disclosure if they choose," the company said. Microsoft said privacy means "the user is in control of what information the browser makes available to Web sites."
Internet Explorer is the dominant Web browser, and version 8 is in beta testing now and due in final form later this year.
Programmers have envisioned a private browsing mode for Mozilla's Firefox browser but so far haven't put the privacy feature into the open-source browser. Apple's Safari has a private browsing mode.
