Section B.2. Privacy | OReilly Publishers.(Digital Aduio Essentials)(Dont Click on the Blue E!)(IMovie HD and iDVD)(Network Security Tools)(Photoshop Elements 3 For ... Review): An article from: The Bookwatch

B.2. Privacy

As I stated in Chapter 2, Firefox does a great job with its default settings for the Privacy options (shown in [click here]). However, you may still want to change things, depending on your level of paranoia (and remember, it's not paranoia if they really are out to get you).

Currently there are six areas in Privacy that you can alter: History, Saved Form Information, Saved Passwords, Download Manager History, Cookies, and Cache. These sometimes changeafter all, Firefox is a product that is constantly being worked on and improvedso be prepared for some differences between what I say here and what you may see on your computer. Let's take a look at Firefox's Privacy options:

History

This controls how many days Firefox remembers where you've been. The history can be useful if, for example, you'd like to go back to that web page you were looking at last Tuesday but can't remember the address for. To view a listing of your browsing history, select View Sidebar History. A sidebar will open on the lefthand side of Firefox, and you can look for the desired web page by date. This feature can be tremendously helpful, but, of course, it can also let people find out where you've been on the Web. By default, Firefox saves this information for nine days. Adjust this setting according to your comfort level; set it to zero days to disable History entirely. You can read more about the History Sidebar in Chapter 3.

Saved Form Information and Saved Passwords

Saved Form Information and Saved Passwords are both designed to act as time-savers. The former remembers what you've typed into form fields and helpfully offers to fill in those details in the future when you start working on another form, while the latter remembers login details on web pages you visit that require usernames and passwords. Of course, if you leave these options checked, anyone using your computer will be able to find out what you've been entering into forms and will also be able to get into sites that require you to enter your password. Note that unless you use a Master Password (discussed in a few paragraphs), all users of your machine will be able to view the passwords and will be able to sail right into sites for which you've already saved your passwords. (Are you starting to see that it's a good idea to use a Master Password?) If you're worried about these scenarios, make sure the boxes next to these options are unchecked.

If you want to see which sites have passwords saved, press the View Saved Passwords button so the Password Manager opens. The first tabPasswords Savedlists the sites for which you've saved passwords and the usernames for each site. If you realize that you either stored the wrong password for a site or no longer want a password saved for a site, select it in the list and press Remove. If you want to start completely from scratch, press Remove All.

If you press Show Passwords, the Password Manager will do just that: all your passwords will now be visible in a new, third column. This is obviously not a good idea from a security perspective, so you really should set a Master PasswordFirefox will then prompt anyone who presses the Show Passwords button to type in the Master Password before it spills the beans. Once you view the passwords, the button changes from Show Passwords to Hide Passwords, but you don't really need to worry about clicking the button because Firefox will automatically hide this column again when you close the window.

Passwords Never Saved lists all the sites for which you've told Firefox not to save password information. If you find a site in here that you in fact want Firefox to store a password for, select it and press Remove; likewise, if you want to remove all those sites and start getting asked again about saving passwords, press Remove All.

Now, at this point, you may be thinking that the Saved Passwords feature sounds usefuland really, it is pretty handybut it's not safe. If anyone can see and use your passwords, that's a problem. Fortunately, Firefox is already one step ahead of you. If you want to protect your passwords, press the Set Master Password button. You'll be prompted for a password that will act as the gatekeeper to all your other passwords. The first time you hit any site that has a stored password in Firefox, you will be prompted for the Master Password; enter it, and all passwords will be filled in for you automatically after that, for the remainder of your browsing session. In order to keep things safe, close Firefox when you're finished using it, so anyone else sitting down at your computer will be prompted for the (hopefully unknown) Master Password at the first password-protected site he visits. As a cool feature-within-a-feature, Firefox also provides you with a "password quality meter" that lets you know the strength of your password choice. Here's a hint: 12345 does not please the password quality meter!

Don't lose it!

Do not forget or lose your Master Password! It is unrecoverable, and if you lose it all the information you saved using it will be unrecoverable.

Download Manager History

Download Manager History logs everything you've downloaded using Firefox, including programs, PDFs, and any pictures on which you've right-clicked and then chosen Save Image As. Firefox includes a drop-down that lets you specify when you want to remove files from the Download Manager. Your choices are: "Upon successful download," "When Firefox exits," and "Manually." If you're extremely paranoid and don't want any record of your downloads left behind in that window, choose "Upon successful download"; if you're kind of paranoid, choose "When Firefox exits"; and if you either don't care, want to keep a record of everything you've downloaded, or just don't trust computers to do what they say they're going to do, choose "Manually." Of course, if you remove a file from the Download Manager, you'll lose your record of where you downloaded it from, so if you've forgotten the source it won't be so easy to re-download the file later. However, this isn't really a big concern, since you can usually use the History to find the site again.

Cookies

I know that a lot of people don't like cookiesthey are used to track your movements on a particular web site, after all, and accepting a cookie means you are allowing a web site to write files onto your hard drivebut they can come in very handy when you visit a site that requires a login or one for which you want to remember your preferences. I allow The New York Times web site to set a cookie on my laptop so I don't have to log in every single time I want to read the news, for example, and I allow Google to set a cookie because I want my search results to be delivered to me in groups of 50 at a time, not 10.

However, not all cookies are wanted. A lot of web sites try to set cookies for no other reason than keeping track of visitors and the pages they view. For instance, as I look through the list of sites that have tried to place cookies on my computer (but were blocked), I find ad.doubleclick.net (a web mega-advertising company that has engaged in some shady practices in the past), www.forbes.com (I don't plan on buying archived articles, so why do I need a cookie from your site?), and www.adobe.com (I just want to download software from you, not let you track me!). Fortunately, Firefox makes it easy both to allow sites you approve of to set cookies on your machine and to block other sites from attempting to track you with cookies, as you can see in [click here].

If you want to block all cookies on your computer by unchecking "Allow sites to set cookies," Firefox will let you do so. Your web experience is going to be severely limited in many ways, but you can do itas with so much to do with Firefox, it's your choice.

Cookies?!?

What are cookies, and why do you need them? We need cookies because web serversthe computers that store and send web pages to users like you and meare actually pretty simple things, with no memory at all. If you go to http://www.widgets.com and click on the link for "Products," the web server gets the request and obediently sends back the "Products" page. If you then click on the link for "Widgets 2000," the web server sends back the "Widgets 2000" page. However, the web server has absolutely no idea that the person who requested the "Widgets 2000" page is the same individual who just 10 seconds before asked for the "Products" page.

If you think about it, you can see how this ignorance would cause a real pickle when it came to online shopping. You'd put something in your shopping basket, and then try to place another item in the basket, only to find that the first item wasn't there anymore. Why? Because the web server would have no way of knowing that you were the same person who wanted the first item!

To get around this problem, Netscape unveiled cookies in 1994 with the release of Netscape Navigator 1.0. Basically, a cookie is a small text file on your computer's hard drive, placed there by a web site you are visiting that wishes to keep track of who you are as you go from page to page to page. A cookie, in and of itself, cannot identify you personally. Basically, it's just an identification number, such as "A9865T3459X" or some other gibberish. However, once a web site has set a cookie on your computer, it can query that cookie each time it receives a request for a web page, and thereby check whether you've been to the site before, or keep track of the pages you're visiting or the items you're purchasing.

I recommend checking the boxes next to "Allow sites to set cookies" and "for the originating web site only," and changing the setting in the Keep Cookies drop-down menu to, well, whatever you want. Here's my reasoning. First, you should enable cookies for the reasons I give in the Cookies?!? sidebar in this appendix: because some sites require cookies to really be functional. However, be aware that some web sites have banners and other ads on them, and in addition to the web page itself, these ads can set cookies as well. By checking "for the originating web site only," you prevent ads from ever even attempting to set cookies on your machine.

How long you should keep cookies is, as I said, up to you. If you choose "until they expire," you'll be asked whether to accept a particular cookie and won't be bothered again until that cookie expires. Some cookies expire in a few hours; others, like Google's, don't expire for over 30 years! This setting, however, will be the least bothersome. If you're the kind of person that just wants to set your preferences and not have to think about cookies again, use "until they expire."

If you're more paranoid about cookies, you might want to use "until I close Firefox." With this setting, all cookies expire the moment you close your web browser. True, this is far more secure, but it also means that you'll have to log into The New York Times web site or My Yahoo! every single time you open up Firefox. It's not that big a deal, but some people might find it annoying.

Finally, if you're as paranoid as I am, pick "ask me every time." Every single time a web site tries to set a cookie on my machine, I get asked for permission. That way, I know what's going onto my computer and which web sites are tracking me. I do get asked about cookies quite a lot as a result of that setting. Cookies are everywhere on the Web, and it sometimes seems like every other web site I visit attempts to set a cookie on my computer. Fortunately, you can reduce the number of times you'll be asked about cookies by paying attention when Firefox asks you about them, because it will remember which sites you've specified not to accept cookies from.

If you want to see the cookies that are on your computer, press View Cookies. A window will open listing all the sites that have placed cookies on your PC; to view the contents of a cookie, select it. You probably won't understand anything you see besides the expiration date, but even that can be interesting. Why, for example, does Google's cookie not expire until 2038? What's up with that?

You can remove a selected cookie by choosing it and then pressing Remove Cookie, or, if you're feeling particularly destructive, you can choose Remove All Cookies and de-cookify yourself completely. If you want to remove a cookie for a site and don't want to be bothered by that site ever again, make sure you check "Don't allow sites that set removed cookies to set future cookies." I leave that one unchecked, since I may change my mind in the future, but you may want to check it.

Finally, the Exceptions button opens a new window that lists your cookie policy for each web site that you've encountered. Each site is listed, and next to it are the words Allow and Block. If you realize you've made a mistake with a site, select it, press Remove Site, close the window, and then visit the site again, changing your answer to the question of whether to accept the cookie or not. If you want to start over from scratch, press Remove All Sites and be prepared for a barrage of cookie-related questions as you travel about the Web.

Cache: The last privacy setting is for your cache. Firefox uses a cache just like all other web browsers do: as a temporary storage location for pages you've visited. That way, when you hit the Back button or revisit a site you've been to recently, Firefox checks to see if the page you're returning to is in your cache, and if it is, it uses that stored copy instead of actually requesting the page again. Obviously, this can speed up your browsing experience. But don't worry: if the page has been updated, Firefox will get the latest version even if it's not the one in your cache. It verifies the page version by asking the web server the date and time at which the page was last modified and comparing that to the date and time at which your copy of the page was cached. If changes were made after you stored your copy, Firefox requests a new copy from the server.

By default, Firefox uses a cache of 50 MB; if your hard drive is small, you'll probably want to adjust that down. If you never want to use a cache and always want to request pages from the Web, set the disk space for the cache to zero. If you've been visiting pages that you don't want to appear in your cache, click on Clear to remove everything that Firefox is storing. There's one more option available on the Privacy screen: at the bottom of the window is a Clear All button. Pressing that will remove everything: cache contents, cookies, saved passwords, saved form information, and browsing history. If you want to leave as few tracks behind you as possible, press the Clear All button when you're done browsingbut be aware that you are sacrificing a lot of convenience by doing so.

Prying eyes

If you're using Firefox on a public machineat an Internet café, for instanceI suggest that you definitely press Clear All when you're finished with the machine. That way, the next guy sitting down at the computer won't be able to use your information or track you. If you're surfing the Web at home, on the other hand, whether or not you'll want to clear all your stored info at the end of a session depends on the trust you have for the people with whom you live.

Now we've set up Privacy, so let's move on to Web Features.