Secure Transactions

[Tim]

On Sat, 2014-08-30 at 18:39 -0600, jd1008 wrote:
> 3. HttpToHttps

Be prepared for various things to fail, you cannot force HTTPS with
sites that are HTTP-only.

> 6. Redirect Cleaner - this will prevent a website you want to visit to 
> redirect your browser to some other website you had no intention on 
> browsing. You will be  given the manual opportunity to override the 
> prevention.

On some browsers, there is, or at least was, an option not to
automatically follow redirections (you'd get a warning, and there'd be a
link to follow if you actually wanted to follow the redirection).  For
various services, you're going to have to follow them, because that's
the way they made the site.  Sometimes, thanks to making them obvious,
you'll find out just why some sites just never work, because you'll see
the endless redirections around in a circle to a starting point that
doesn't work.

> 7. No Google Tracking
> 8. No Yahoo Tracking
> 10. TrackMeNot.

I question the ability to prevent that, and dislike the doubling up and
adding on of *numerous* add-ons to a browser (it makes the thing even
more buggy).  While you can try dumping cookies, etc, as you go along.
They know that numerous connections are coming from your IP, some in
response to other of their own pages, so they can track you.

e.g. You've only got to see the suggestions for what you might like to
see if you browse YouTube on one computer on your network, then do more
unrelated browsing on another computer on your LAN, and see similar, or
completely the same, suggestions.


> Also, in Firefox Settings, be sure to NEVER allow 3rd party cookies.

This is one thing that often doesn't do what you think.  e.g. For most
of us, if we were browsing google.com, any attempt to handle
doubleclick.com cookies would be considered third-party (by us), and
we'd expect them to be rejected.  But if a google page incorporates
content from doubleclick (such as an advert graphic), that incorporated
content can set a doubleclick cookie, and it isn't third party to
itself, so the cookie gets allowed.

It's well worth going through your browser settings, and setting them
sensibly, rather than hoping some third-party add-on will sort things
out for you.

-- 
tim at localhost ~]$ uname -rsvp

Linux 3.15.10-200.fc20.i686 #1 SMP Thu Aug 14 16:12:39 UTC 2014 i686

All mail to my mailbox is automatically deleted, there is no point trying
to privately email me, I will only read messages posted to the public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.