Is your browser a spy?

"You can be traced on the Internet through Facebook and new web technologies—but there are still things you can do in such cases."

Your browser is a constant companion online: it knows what news sites you read, where you shop and in which communities you spend hours participating in. Your browser probably knows you better than your best friend. But Firefox and its friends don’t keep this information to themselves; they disclose private and even juicy tidbits about your life to those who have the right kind of access. We will show you where and how you reveal more about yourself than you’d think, and how you can protect yourself from such software

Social networks lead the assault

The fact that online communities contain a lot of information about a person is not new. But one leaves traces behind not only on Facebook, but also on the rest of the Web. The reason for that is the ‘Like’ button on Facebook, which can be found on hundreds of websites outside of the actual social network. Facebook provides website owners with the option of integrating the button on any site on the Internet, and it’s remarkably easy to do. Users can then click on it and inform their friends on Facebook that they like the particular site. This is done voluntarily of course, but what many don’t know is that if one is logged in as a Facebook user in one tab and simultaneously surfs on a site with the ‘Like’ button in another tab, Facebook can track the surfing behaviour—irrespective of whether one clicks the button or not. Professor Dr Mario Fischer, editor of the magazine ‘Website Boosting’ says "It is not known if Facebook traces the surfing behavior, but this can be expected in light of the settings announced by its founder."

             Other social networks have their own quirky behaviors. Users of Xing, a professional networking site, can be tracked easily. A simple trick can help members fi nd out which other logged-in Xing users have visited their profi les. To do this, they have to embed the bogus HTML line

<img.src="http://www.xing.com/

profi le/Firstname _ Lastname">

in their website, which essentially pings their own profile page. The person whose profile was specified now sees the name, profession and further information about surfers who have visited the site, under the ‘Visitors’ log. 

             To save yourself from this kind of tracking by networks that you are a member of (including mail, chat, social networks etc), always specifically log out of them. It’s not enough even to close the respective browser tab. This is often easier said than done, since many users prefer staying permanently signed in to their communities, but it ensures that your surfing behaviour cannot be linked to your profiles. Firefox users can use an add-on called Prism that loads websites like self-contained applications that run in parallel to the actual browser. Not only is this convenient, but it also protects your privacy, since you are eff ectively using a different Firefox profile. Even the new IE9 comes with this function; an add-on is not required. You only have to pin the site’s shortcut to the taskbar using drag and drop.

Finger print The site panopticlick.eff.org shows that your browser is as
 unique as a fingerprint—and you can be identified through it.

Supercookies act as homing devices

If, for example, you are currently searching for information about a new hard drive on an electronics store’s website, chances are that the entire web will soon know about it. In the most intrusive situations, the item in question is suddenly advertised with alarming frequency no matter which other websites you visit. Cookies left behind by the shop on your computer make this possible. You will notice that the advertising pattern goes back to normal once you rid your browser of these cookies—at least in a normal scenario. However, hacker Samy Kamkar wants to prove that this supposition is outdated. Kamkar is not an unfamiliar name in

security circles; he caused quite a stir in 2005 by publicizing a MySpace bug, using which he cheated a million other users in just 18 hours. 

           This time he has caused turmoil with a bit of JavaScript code that he calls Evercookie. The snippet is supposed to be able to set a persistent cookie that the user cannot easily detect or remove. Kamkar's trick uses 13 individual components that are saved in diff erent locations using diff erent protocols and storage techniques, including everything from  standard HTTP to Flash to HTML5 storage data. Each piece of the puzzle is enough to completely restore Evercookie. If you delete all cookies from the PC, there is still information embedded in an additional PNG file that Kamkar (or anyone with the right knowhow) can read using HTML5 techniques. Kamkar provides Evercookie’s technology for free to anyone who wants it, on his site www.samy.pl. He is not scared of companies using it. The hacker tells CHIP "I am not afraid that programmers will use Evercookie. What worries me most is that many companies have been using similar techniques for a long time. I only want to expose what many companies try to hide." Tracking occurs without anything being noticed, without installation, and across all browsers, so long as Flash is installed. The new HTML5, which is already being used on some sites, makes anonymous surfing even less easy (see box). If you really want to surf incognito on the web, use a portable browser (such as Portable Firefox), even on your own computer. Designed for USB pen drives which can be moved anywhere, these browsers do not retain information from websites, and don’t save anything to the computer’s hard drive. In our tests, evercookie could not restore any user data here. According to Kamkar, even Safari in private mode leaves no traces behind.

Browsers in Private Mode are still untrustworthy

The private mode, which is now available in all browsers, does not provide any magic guarantees that you can’t be snooped on. Though the browser leaves behind fewer tracks, Flash and other plugins such as Adblock Plus are not affected by such settings, and continue to divulge more information than most people realize. While browsers delete HTTP cookies, history and search queries in private mode, they have no control over Flash, which also collects its own cookies which remain on the PC. To make it even worse, these files cannot be managed by the browser; only the Flash plugin itself has access to them, and that too only via Adobe’s own website. If you surf through a site with Flash content in private mode, anyone with access to the same computer can read the history through Adobe's ‘Website Storage Settings’ panel. You can find the web tool at Adobe’s website and delete any Flash cookies that might be tracking you.  Adobehas released a new version of its Flash plugin; version 10.1, which now supports private browsing. However, not everyone upgrades to the latest version in time!

         Even the Firefox ad blocker Adblock Plus needs to be patched. If one allows a site to display ads in private mode, they can be tracked in the normal mode at all times: the filter lists, in which these exceptions are entered, can be accessed in both the modes. To stay safe, always update Flash player; this will improve your privacy. In Adblock Plus, it helps to disallow all sites from showing ads in the private mode. Alternatively, under ‘Tools | Adblock Plus – Settings’ in Firefox, check the list to see if it contains sites that you don’t want seen, and then delete these manually.

ARE CHEAP QWERTY PHONES REALLY GOOD?

Nokia X2-01, cheapest among NOKIA

QWERTY phones by big brands like Blackberry, Nokia and Samsung have been around for a very long time. A few years ago, the choices were limited, but the market is now fl ooded with offerings by smaller brands like Karbonn, Lava and Micromax, which are giving the giants a run for their money. These Java-based phones offer a lot more than their reputed counterparts — dual-SIM support, answering machine, TV, FM radio with antenna, optical trackpad, and so on. And the best thing is that they cost only a few thousand Rupees. Topend models with Wi-Fi cost around Rs 4,500. Considering only the feature set, are these phones value for money? Yes, absolutely! However, the feature set is not the aspect that makes or breaks a phone. Build quality, ergonomics and performance are also important and go a long way in adding value. Fine details like hot-swap for memory card, dedicated volume control buttons and shortcuts add to user comfort. For a QWERTY phone, the size, spacing and tactility of buttons is important. Tiny and stiff buttons are frustrating, whereas, large buttons with good tactility help composing messages effi ciently. The budget QWERTY phone roundup was a very good opportunity to fi ndout how good the  models by smaller  brands are and whether any of them can defeat the Nokia C3 or X2. The ones I found most fascinating were the Fly Circle B436, Lava B8, and Videocon V1676. Other phones had some issues or the other. Some had poor build quality,while others lacked good ergonomics. Some phones had a sluggish UI and most phones shot horrible photos. The Fly Circle B436 has an excellent keypad, dedicated volume control and secondary camera for self-portrait. Its key feature is its speaker, which is loud… really, really loud. You’ll have angry eyes staring at you if you play music at full volume on this phone in public places. The Lava B8 looks great and reminded me of the Nokia E71. It was the most feature-rich phone, but it scores low on ergonomics. Its keypad isn’t very comfortable and typing messages with the T9 dictionary active was painful. The Videocon V1676 has everything except Wi-Fi, which is forgivable because it offers very good ergonomics and performance. It has dedicated volume control, hot-swap for memory card, excellent keypad and separate keys for commonly used punctuations like period and comma. Other phones had punctuations combined with the alphabet keys, requiring the user the press the shift/function key in combination; I’ve observed this in QWERTY phones by Nokia. Out of all brands, only Videocon has got the keypad correct. And yes, it’s a C3 killer. It offers more features than the Nokia C3 for a lesser price and the overall performance is impressive. When buying a budget QWERTY phone, I strongly suggest you get a feel for the device and pay good attention to ergonomics. Don’t base your buying decision only on the feature set.

Are high-end Android phones really worth it?

"These phones take the user experience to a whole new level!"

My journey with Android phones started with the Samsung Galaxy 3, which I’ve been tinkering with for a long, long time. Initially, it took a little time getting used to the touchscreen, especially while composing emails and messages. But after a few weeks of extensive use I was very happy with certain features, such as out-of-the-box support for DivX and MKV files and good quality. At the same time, I wasn’t too happy with small things that impacted productivity. Firstly, the screen was too narrow to type on the virtual QWERTY keyboard in portrait mode, and also the built-in dictionary of the stock Samsung keyboard wasn’t too intelligent to autocorrect mistyped words. The gaming performance also wasn’t too great. With even a bit of eye candy or 3D graphics appearing in games, frame rates used to go for a toss. I tried multiple ROMs and overclocking the phone's CPU from 667 MHz to a crazy 1200 MHz! It did help to quite an extent, but the battery life took a nosedive. I’m now considering investing in a high-end handset to satiate my needs for comfort and eye candy. This month’s comparison of high-end Android phones was a nice chance for me to get a hands-on experience with some of the best phones on the market. I started off with the Sony Ericsson Xperia Arc, which I was very scared to use because it felt too feeble. The display also didn’t have Gorilla Glass for protection against scratches. However, the user interface was good and gaming on it was fun. The screen was also wide enough for typing messages in portrait mode without any strain. The big thing that turned me off was its 8 megapixel camera, which I expected to be excellent. The images came out quite grainy and some highcontrast night shots that I took were quite disastrous. I used it for almost a week, until I found it drab after getting the Samsung Galaxy SII in hand. You have to check out the quality of its Super AMOLED Plus display to believe how gorgeous it looks. It’s overly vibrant, but videos, games and photos look awesome. Paying Rs 4,000 over and above the price of the Xperia Arc is completely justified for a dual-core processor, 16 GB of built-in storage, sexy display and the sleek form. However, the camera performance isn’t quite up to the mark. The third and the last phone I used for quite a while was the HTC Incredible S. Hats off to HTC for the excellent Sense UI they’ve designed. It looks great, it’s extremely fluid, and the provision of quick access to the important functions has been paid a good deal of attention, which makes the phone a breeze to use. Overall, the phone is excellent, but it’s quite expensive. The sheer power and design of these high-end phones takes the user experience to a completely different level, but they come in at a hefty premium. Be careful and make wise decisions – you may get something much better by spending a few thousand Rupees more, and you won’t regret.