Google’s new web browser, Chrome, is a very fast browser. My wife especially likes it, for this reason, as well as because I really lock down Firefox in a way that sometimes can make it hard to use sites without some configuration. Being somewhat of a privacy and anti-tracking fanatic, I asked myself how to keep our online privacy reasonably safe while she’s online, while not causing the majority of sites to fail for her while she’s watching videos, house hunting, or shopping.
This page describes how I set up our computers (running Ubuntu) to accomplish this.
Advantages of this setup
- No history of anything persists after you close the browser window.
- Compatibility with most websites using flash (Youtube, Hulu, … )
Disadvantages of this setup
- No web history or bookmarks.
- No automatic logins or remembered passwords.
- No extensions.
- Some sites that stream with flash, such as Pandora and NPR require local flash storage (depends, see below).
- Google periodically updates their Safe Browsing Filter so that a warning will pop up if you go to site with either known malware or scams, and this will doesn’t allow these updates. Be extra vigilent.
- This does nothing to hide what website you’re browsing from your ISP, the government,… For that, you need something like Tor.
So there are serious disadvantages to securing the browser this way, and it is not perfect. Read on for details.
1 2 3 4
Kill all Flash Cookies
A flash cookie, or Local Shared Object, is a file a website stores on your computer, outside of the control of your browser settings. It is different from a regular cookie. They are associated with adobe flash, which is used by many websites. Unfortunately, they are also used to store tracking information, as well as back up data from regular cookies stored by your browser.
In most Linux distributions, Adobe Flash settings are stored in
~/.adobe and the cookies themselves in
~/.macromedia folders. I have these simlinked to
/dev/null (effectively a black hole) so that anything trying to write to these folders doesn’t get an error message, but nothing ever gets written to disk.
1 2 3
You can alternatively set up a cron job to delete the contents of
~/.macromedia so that you can get the benefits of being able to use sites
which require flash cookies, while simultaneously deleting them periodically
(and not having to trust a third party extension to delete them for you). To
set up a cron job to delete the contents of these folders every 5 minutes,
add the following line to your crontab, which you can access via
USER with your username.
Open Chromium and Set Default Settings
Now we get to setup the default settings within Chromium. Open the browser, but don’t go anywhere. We’re going to make the settings directory read-only in a bit so that nothing can change the settings or write in new ones. This will also stop Chromium from logging your browsing history or installing extensions.
- If you wish to make Chromium the default browser for your system, you might as well do so now, since it asks you. Otherwise, say no.
- In the upper right corner click on the wrench icon and pick “Options” from the menu.
- Choose your starting behavior and homepage on the “Basics” tab.
- In the personal tab,
- Never Save Passwords.
- Never save text from forms.
- In the under the hood tab,
- Disable “Show suggestions for navigation errors”. Google doesn’t need to know what you’re typing into the address bar.
- Disable “Use a suggestion service … “. Same as above.
- Set cookie settings to Only Sites you Visit. Will block a few third party tracking cookies.
- Change the download settings to your preference.
Set Browser to Default to Incognito Mode
Chromium comes with Incognito mode for “private” browsing, and won’t remember any history or cookies while in this mode after you close the browser. You may ask, if it does this already, why are we doing the other steps? The steps we’re using go farther than incognito mode is capable. For example, when we’re done, going to the history tab in Chromium will always show nothing. I still have incognito mode enabled for some redundancy in protection.
To enable incognito mode, edit (as root) the file
/etc/chromium-browser/default to appear like below.
1 2 3 4 5
Make Chromium Profile Read-Only
This will make it so that the settings cannot be changed from within Chromium. It will also freeze your browser history with nothing in it.
1 2 3 4 5
Note that Chromium currently uses this folder to create sockets/symlinks to temporary files, and will not run without allowing these to be made. This is why we leave the folder itself writable.
If you choose to do this and are sufficiently paranoid, whenever you update Chromium, you should delete your profile, and then start over with a fresh profile, and repeat all the setup above before once again making the profile Read-Only.
Disable Chromium’s Disk Cache
This is optional. All web browsers will cache pages to improve the perceived speed of web browsing. Removing the caching ability will make it harder for your browsing history to be determined.
Bear in mind this only prevents Chromium from using your hard drive as cache, and your RAM will still be used (and as best I can tell, no option to disable cacheing in RAM exists).