Tips for Better Browsing - Privacy and Security

Software

Code and
Utilities

Info and
Diatribes

Online Privacy Tips
Online Security Issues:
Internet Explorer
Browser Optimizing Tips
Disk Imaging Backup
& Computer Upgrades
Want To Learn HTML?
Whither Technology?

A reflection on the role of
technology in the age
of senile modernism.

Links

Site Links

Tips for Better Browsing - Privacy and Security

Updated Feb, 2012

This page is intended to provide basic information about online security and privacy, as it relates to the browser you use. The tech. media have concocted an ongoing browser "contest", obsessed with comparing the webpage loading speed of various browsers, which is largely irrelevant. Seldom do the media provide useful information about rendering differences, security settings, etc. With that in mind, this page attempts to provide concise explanations of the major privacy and security issues, then explain how those issues are dealt with in various browsers.

Note that while there are more browsers available for Windows than those listed here, all of them are variations on one of 4 browsers: Opera, Mozilla (Firefox, K-Meleon), Apple WebKit (Chrome, Safari) and Internet Explorer(IE). Any browser not listed here is probably just a "skin" on top of Internet Explorer. Those browsers might look different or have some special features, but basically they are IE.

Better Browsing... Information

Security and Privacy Factors You Should Know About
Javascript
Cookies
IFRAMEs
Flash
Risky bloat
HOSTS File and Ad Blocking

Browsers
Internet Explorer
Opera
Chrome and Safari
Firefox / Pale Moon / K-Meleon
Firefox
K-Meleon
Specialized Features specific to Firefox and K-Meleon
Have the Mozilla People Gone Off the Deep End?

Security and Privacy Factors

Javascript

   Script refers to executable code in text form. A webpage mainly consists of HTML. HTML tells the browser how to display the page. Script is used to make the page interactive. Many webpages use script. Very few need to. Most web designers do not understand script. Most do not understand the risks associated with using script. Most do not even understand the HTML code that makes up their webpages. So they often use script without being aware of it. They just wanted to jazz up their webpage design. In some cases their webpages will not even be viewable unless you enable script.

   Script is so common that web designers, and even security experts, usually don't give it much thought. But script is implicated in nearly all online security problems. Script is also implicated in many privacy problems online. The single best thing you can do in terms of privacy and security online -- by far -- is to disable javascript. But that may not be so easy for many people. Most websites do not actually require script to function, but some very popular interactive sites -- such as free webmail, Facebook, etc. -- will not work without script enabled.

   One solution to the problem of script might be to use a particular browser only for specific sites that require script, and use another browser, configured with safe settings, for all other online activity.

Back to Index

Cookies

   Cookies are chiefly a concern in terms of privacy. A "cookie" is just a small text file saved on your PC by a website that you visit. Usually that file contains something like an ID number that allows websites to recognize you when you visit. Cookies were invented in the early days of the Internet to allow for continuity between webpages. For instance, if you fill out a multi-page form online, a cookie might be used to keep track of your entries as you move between webpages. Cookies can also be used for semi-permanent data: If a website "remembers" your login name it does that through a cookie.

   Today, cookies are generally not needed to provide continuity. They may still be used to store login data. But for the most part cookies are being misused -- to track people online. If you do not block cookies then you almost certainly have dozens -- perhaps hundreds -- stored on a virtually permanent basis. That multitude of cookies is used by various online advertising companies, retailers, etc. to track your activities. Cookies were specifically designed to function only for the website of origin. That design was meant to protect privacy. But various tricks are used to get around that limitation. For instance, Google/Doubleclick has ads hosted on most webpages. If you visit a webpage with a Doubleclick ad you are also visiting Doubleclick.com (in order to retrieve the ad image). The result is that Google/Doubleclick can save a "3rd-party cookie" on your PC. With Google/Doubleclick ads on most major websites, the Doubleclick cookie no longer functions as a cookie. It becomes something more akin to a radio tracking collar, following your actions online in real time.

   All browsers can block cookies, but they only block the creation of new cookies. If you want to block cookies altogether you also need to delete all cookies previously stored.

   For an in-depth explanation of cookies, cookie abuse, and the lesser-known problem of "super cookies", see the Online Privacy Tips page.

Back to Index

IFRAMEs

   "IFRAME" is HTML code. A webpage is composed mainly of HTML. HTML uses keywords, known as "tags", to specify webpage layout and content to the browser. IFRAME is one of those tags. It is short for "inline frame". An IFRAME is basically a rectangular area of a webpage that contains an entirely separate webpage. For instance, a webpage at www.somewhere.com could use an IFRAME to display the search page at www.google.com in a box. It's as if you had two browser windows open, at different URLs, but they're actually on the same page.

   IFRAMEs are entirely unnecessary in terms of webpage functionality, yet they have become increasingly common. The situation is similar to the problem of javascript: IFRAMES are a security risk and a privacy risk. But that also makes them attractive to corporate snoops and advertisers.

   There are two very different, but important problems with IFRAMEs:

1) IFRAMES are used in a large number of online attacks that use what is known as "cross-site scripting". The design that allows webpages within webpages is inherently insecure.

2) IFRAMES are used for snooping: Major online advertising companies like Google/Doubleclick want to track you online so that they can show you "targetted" ads and thus charge more money for those ads. One way to track you is via cookies. They generally have little trouble tracking you online because most major websites host ads from these companies. If you block 3rd-party cookies then advertising companies have a more difficult time tracking you. For example, if you visit youtube.com there may be an ad there from Doubleclick. Doubleclick cannot put a cookie onto your PC if you block 3rd-party cookies because you are not actually visiting Doubleclick.com. But advertisers came up with an ingenious way to get around that limitation. They put each ad inside an IFRAME. The resulting webpage looks exactly the same as it did before, but each ad is also actually a unique webpage. You might have 10 different webpages loaded in what looks like a single webpage -- with 9 of them containing only a single image-advertisement. So none of these ads is 3rd-party. Technically you are visiting all 10 websites directly. The page you chose to visit forced you to visit the other sites by loading them into IFRAMEs. That means that 9 companies you may have never heard of, and didn't mean to visit, can save a cookie on your PC. The end result is that numerous companies can follow you around online through a "cookie tracking collar", even if you block 3rd-party cookies. (Ironically, Google, Doubleclick and YouTube all happen to be the same company. That's a good example of the problem with allowing any cookies at all. Even if you block both 3rd-party cookies and IFRAMES at YouTube, you're still allowing DoubleClick to track you, because DoubleClick is Google is YouTube!) Aside from the 3rd-party cookie problem, loading ads from massive ad servers like Google/Doubleclick allows another kind of tracking: The ads themselves -- image files -- function as "web beacons". Each time your browser loads a Google/Doubleclick ad it sends your IP address, referrer, etc. to Google/Doubleclick. Since Google/Doubleclick ads and Google's AdSense ads are extremely common online, if you allow the ads to load you can effectively be watched as you move around online. (This is not only a Google/Doubleclick problem. Google/Doubleclick is the most ubiquitous, but there are a number of very large ad serving companies operating online.)
   Note that IFRAMES are not the only way that websites use web beacons. If you want to stop web beacons you have to prevent loading any files from the offending server. For more on that see the HOSTS file topic and the Firefox/K-Meleon settings topic.

   By blocking IFRAMES you will significantly improve online security, reduce snooping, and reduce the number of ads you see. The disadvantage is that some webpages may not work properly. For instance, some webmail sites are constructed with multiple IFRAMEs. If you use hotmail or gmail you may find that the website is blank when IFRAMEs are blocked. As with javascript, it may be easiest to use one browser for a few specific sites, then use a second safe browser -- with script, cookies and IFRAMEs disabled -- for all other online activity.

Back to Index

Flash

   Flash is Adobe's animation software. It is often used to show cartoons or animated graphics on a webpage, similar to TV graphics. For example, images might move, change, zoom in, zoom out. Text might appear and disappear. Flash is just decoration, but it's fashionable decoration. Many web designers like it to provide the appearance of an active page, like a TV broadcast, regarding a static page as dowdy and outdated. ("Content is just so 90s.") Ironically, there is really nothing active about Flash. The animation is just a static loop that repeats -- like a complex animated GIF.

   But Flash is more than just a tedious cartoon distraction. A Flash cartoon is actually a separate program. Whenever you see Flash on a website you are actually looking at a small cartoon movie that your browser has downloaded. The movie is also executable, like a program. It uses script. Since Flash is basically an executable file, there have been a number of online attacks that have targetted Flash vulnerabilities. Flash is also a privacy problem due to Flash "super cookies".

   If you disable Flash -- remove the Flash Player plugin -- you will be safer, you will plug an obscure privacy hole (see the super cookies topic on the Privacy Tips page) and you will see a lot less annoying, garish cartoons and animated ads online.

   However, if you disable Flash you may also be unable to view videos online at sites such as YouTube. Flash is not actually necessary to show online video. Websites like YouTube could just let you download a video file. And Flash alternatives like HTML5 are increasingly being used. But most sites "stream" video using functionality provided by Flash, so that you can see the video but are blocked from saving the copy of the file that you download. That way you have to return to their website, and see more ads, if you want to view the video again. (Streaming makes the video appear like a TV broadcast, even though it's really a download. All webpages are composed of code with text, images, video, sound, etc. All of those elements are files that you download. Your browser then puts the files together to create a webpage based on directions in the webpage code. You cannot see an online video without downloading the video file.)

Back to Index

Risky bloat

Risky bloat refers to Java, PDF readers such as Adobe Acrobat, Microsoft's .Net Silverlight, plugins, toolbars, etc. All of these things provide slight convenience in some respect. You might find a specific toolbar useful. You might like the convenience of reading PDF files in the browser window. You may be required to use Silverlight or Java when you access certain highly interactive sites. But in general none of these things are necessary, and all carry some security risk. If possible, remove all connections between your browser and any of these extra, executable plugins.

Back to Index

HOSTs File and Ad Blocking

For a full explanation of HOSTS files, and a sample HOSTS file download with directions for use, see the topic on the Privacy Tips page. In brief: Use of a HOSTS file goes back to the early days of the Internet. When you visit a website your browser has to look up the IP (Internet Protocol) address. It's as though every website had its own telephone number. You can't just go to www.somewhere.com. Your browser has to look up the IP address of www.somewhere.com and "call that number" in order to contact the website. A HOSTS file is like a phone book. It can be used to list the IP addresses of websites. All browsers will check for a HOSTS file listing before going online to get an IP address. So a HOSTS file is a very simple ad and spyware blocker. You can use it to block your browser from visiting any number of URLs.

A HOSTS file provides an easy way to greatly reduce online tracking while eliminating the vast majority of ads online. Yet, strangely, most people do not know about the HOSTS file. It is mentioned here because it is so useful in improving online privacy. But using a HOSTS file is not a browser-specific issue. It works with any browser.

Back to Index

Browsers

A good browser should have a button on the toolbar that says, "Allow script for this site only." Likewise for cookies and Flash and IFRAMEs. All of those things are in conflict with online security and privacy. If they are not disabled by default, and very easily enabled for a particular website, the browser cannot both work well and be safe to use. Unfortunately, due to the demands of convenience, online commerce and corporate greed, there is no browser that is both safe and highly functional at the same time.

Internet Explorer

   In a nutshell, Internet Explorer (IE) is a mess. Versions 6, 7 and 8 are all different in terms of how they render webpages. Each version has become more dysfunctional than the last, with silly security warnings and restrictions. And all of the important security and privacy factors listed above are difficult to manage in IE. Over the years, IE settings have gone from complex, to convoluted, to arcane, to downright outlandish.

Javascript : There are several script-related settings in IE. It is no small job to sort out the numerous, obscure and generally undocumented settings that make up IE's "Internet Options". If you do manage to figure out which settings you want to change, you may or may not be able to really change them. Each setting appears in 5 different "zones", and the 5 zones appear in up to 8 different locations in the Registry. So there are potentially 40 different Registry settings for each setting in Internet Explorer's Security settings! Most of those settings are not accessible except to Registry experts. In fact, this bizarre system was developed so that corporate system administrators could override employee settings without the employees' knowledge or control. The Internet Explorer settings are unusable. Period.

Cookies: Cookie settings are on the IE privacy tab. Like the script settings, they are a good example of a common Microsoft trick. Settings are made so complex, convoluted and abstruse that few people ever use them. In the case of cookies, the actual settings are hidden behind an intimidating "Advanced" button.

IFRAMEs: There is no IE setting to disable IFRAMES.

   IE is designed especially for corporate use. The settings are extremely complex and confusing by design. That allows corporate IT people to control the Internet settings of employees, and it allows Microsoft, in effect, to control the Internet settings of everyone else. Basically, IE is not safe for use online and cannot be made safe through any reasonable efforts. For a thorough discussion of problems with IE, see The Wacky World of Windows Internet Security.

Side note - Is Windows slow? It may be the fault of IE's cache:

   This is not a web browsing issue, per se, but it's a problem that many people experience without knowing the cause. Windows starts out fine, but then over time it gets slower and slower. Many things can cause that: junkware toolbars, bloated anti-virus, etc. But perhaps the most common cause is Internet Explorer's cache. IE stores visited webpages, like any browser. But IE is unique in that it is entangled with Explorer, the Windows file viewer. IE is also unique in that the size of the cache is not usually specified. It's not unusual for IE to have a cache size in excess of 1 GB! Windows then tracks all of that rubbish, bringing Desktop navigation to a crawl. To fix that, go to Internet Options -> General . Under "Temporary Internet Files" click Delete Files . Wait for all files to be deleted, then click it again. (It doesn't work very well sometimes.) Next, click Settings . In the area to select "amount of disk space to use", set the number at something like 10 MB or less. (These days, with high speed Internet and frequently changing webpages, the cache is of little use.)

Back to Index

Opera

   Opera has never been widely used. The authors are sticklers for web standards, so some webpages may not render so smoothly in Opera as they do in Firefox or IE.

   Also, Opera is actually spyware. That's a surprising fact given that the company cultivates a reputation for being honest and honorable. But it's true, nonetheless. In a test of Opera 11, the browser was installed and an attempt was made to remove any settings that might cause it to call home, such as the "first run" call home to redir.opera.com, the tendency for Opera to contact its support website, etc. Then Opera was started up, without navigating to any website. It immediately made 2 contacts without asking. One contact was to the IP address 213.236.208.98, my.opera.com. The other was to 8.12.152.86, the Opera webmail website. Opera was logging in to two different services that were never subscribed to... sending unknown information without permission and without notice! The behavior of Opera is notably worse than any other browser. The program cannot be recommended to anyone who cares, at all, about online privacy.

   The settings in Opera can be confusing. They are spread out in a non-intuitive layout, and after first use many of the settings seem to strangely disappear. But if you can get used to Opera's settings you'll find that they are more complete and arguably better organized than those of other browsers. Opera has settings for script, of course. It also has a setting to disable IFRAMEs, an option to block referrer headers, etc. Opera has perhaps the best "feature set" of any browser, in terms of useful settings related to security and privacy. But expect some work if you want to understand and control all of the various options.

Back to Index

Chrome and Safari

   Chrome and Safari are both based on Apple's WebKit browser core.

   Chrome is made by Google, a company with a shocking disregard for privacy. Chrome reflects the Google attitude, with very few settings options to choose from. If you're a Facebook fan, mainly visiting interactive websites with little concern for protecting your privacy, then Chrome may be a good browser to use. That's what it's designed for. The Googlites envision an Internet as interactive TV, where webpages are commercially operated, script-based software that tracks and responds to your every action -- while advertisers calculate your "personalized marketing exploitability profile" based on your geo-location, gender, age, browsing history, etc. ...And Google makes a cut from the vast majority of webpages -- every time they're visited.
   If you prefer not to be tracked and recorded in everything you do online, with targetted ads chasing you wherever you go, avoid anything Google.

   It would be difficult to overstate either the ubiquity and sophistication of online tracking and privacy intrusion, or the ignorance of that tracking on the part of the general public. Online tracking comes close to being wiretapping, and Google is arguably the worst culprit. If you read Google's official privacy policy for Chrome you'll see that Google seems to be almost respectful of privacy. Their policy mentions cookies and a few other "harmless" privacy issues that can be disabled. Chrome seems to be almost squeaky clean. The average person would read the Google privacy policy as reassuring.

   What Google does not explain in their policy is that cookies are just a small part of the Internet privacy issue. The spyware role of cookies can be filled by script, web beacons, referrers, Flash cookies, etc. In many cases it will make no difference whether you enable cookies. You can still be monitored via IP address, script, web bugs, etc. as you travel from site to site. You can even be watched, in many cases, as you move about on a particular webpage. Dishonestly, secretly, intruding on your privacy has become a critical part of business for many online companies -- especially for Google. Google is actively opposing a proposed California law to protect online privacy. Google's former CEO, Eric Schmidt, has been widely quoted as saying, in reference to online privacy, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." Google is Doubleclick, the largest online advertising company. Google is not in the search business. Google is in the advertising business. And the more they know about you, the more they can charge for "targetted" ad space on the pages that you view.

   First Google helped to create "the information superhighway". Then Google helped to transform that resource into the international eShopping mall that the Internet has become. Today Google serves a role in conflict. By weighting search results based on incoming links from other sites, Google has heavily commercialized search results. And many, perhaps most, of those results link to pages hosting Google/Doubleclick ads. Further, Google actually acknowledges in their privacy policy that Chrome is spyware. Google Update installs itself without permission as a separate program, spying on you and updating Chrome without permission. From the Chrome privacy policy: "Google Update also sends other information... how many people are using Chrome and how often they use it... whether you used Google Chrome in the last day, the number of days since the last time you used it, and the total number of days that Google Chrome has been installed."

   Given all of that, do you really want to use a browser provided by Google? Google will say they "anonymize" the collected data. Most companies say that. But it's a myth. There is no such thing as anonymized data where computers are concerned. That's the whole point of software databases: They provide the ability to process collected data in any number of ways. Further, Google's whole business is based on targetted ads. How can anyone believe that they collect the data they need for that purpose, but then don't fully use it?

   Safari is at least twice as bloated as any other browser. It is not widely used, even though Apple tried to trick Windows users into installing it. And Safari, of course, is made by Apple, a company that has repeatedly demonstrated contempt for their customers -- like a car company that sells you an overpriced car and then rigs that car so that you also have to buy their overpriced gas. If you're not an Apple cultist, following the crowd in thinking that you "think different", there's really no reason to deal with any sort of Apple product. People using Windows have lots of other options.

Back to Index

Firefox / Pale Moon / K-Meleon

Of the browsers already mentioned, IE, Chrome and Safari are seriously flawed. That leaves only Opera, Firefox, Pale Moon and K-Meleon as good browser candidates. These three are all the same browser underneath. Firefox is more polished and also more bloated. Pale Moon is nearly identical to Firefox, but provides a slightly leaner product by leaving out some functionality that many people don't need. K-Meleon lacks some of the conveniences that Firefox has, but is simpler, quicker, and designed with the end-user in mind. Unfortunately, while K-Meleon avoids all the problems of Firefox, it has not been maintained. The last release was in March, 2010.

Firefox

   As of this writing, IE usage has fallen below 50% and Firefox is the only other browser with widespread usage. Firefox started out as a lean, honest alternative to IE. It was a non-profit venture. Firefox, therefore, should be the best browser; the people's browser. But over time Firefox has become more bloated and less honest. Mozilla, the organization that makes Firefox, now get most of their funding from Google. Google wants to show lots of ads to lots of people online. Not surprisingly, Firefox has gradually changed to satisfy the wants of Google, and the Firefox settings reflect that. In Firefox 1 there was a setting to block 3rd-party images (ads). In Firefox 2 that setting was removed, only available through the confusing and semi-secret "about:config" settings. And the value of the setting was deliberately changed to cause confusion. Things have gone downhill from there. In Firefox 3, cookie settings are hidden behind a "Custom Settings" button under "History". There is no setting, even in about:config, to change the browser referrer. One has to know enough to add that setting.

   The folks at Mozilla have taken a lesson from Microsoft: Don't remove options entirely. Just make them impossible to figure out. That way the option is effectively removed without confrontation, and many people will just blame themselves for being "stupid when it comes to computers".

Javascript: Settings in Firefox are straightforward, located in Tools -> Options -> Content . (While there you can also disable Java, which is rarely used by anyone online.)

Cookies: Settings, as mentioned, are hidden behind a "Custom" button in Tools -> Options -> Privacy .

IFRAMEs: There is no setting for IFRAMEs in Firefox, but they can be disabled. Go to the folder C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\xxxxxx.default\chrome\. (In Windows Vista/7 that would be C:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxx.default\chrome\.) "xxxxxx" here can be any combination of random characters. In the chrome folder find, or create, a file named userContent.css. Open that file in Notepad and add a line like so:

IFRAME {display: none !important;}

Save the file. (This file is essentially a master style sheet that overrides webpage styles. It can be used to apply any sort of custom style settings to any page element, for all visited webpages.)

Plugins: To disable Flash or other plugins, go to Tools -> Options -> Main -> Manage Add-ons. If you want to remove plugins look in C:\Program Files\Mozilla Firefox\plugins or in the program folder for the company. (Ex. Program Files\Adobe\...).

Beware the Phishing Filter:

   If you are concerned about privacy you will probably want to disable the ridiculous phishing filter in Firefox. In addition to being essentially spyware, the phishing filter depends on information that is likely to be outdated. The way the filter works is to check the website URLs you visit against a blacklist of known scam websites. The list is hosted by Google/Doubleclick. At full functionality the filter reports to Google/Doubleclick every site you visit, in real time. Google/Doubleclick is also using (3rd-party) tracking cookies in these communications. With the phishing filter enabled you will be inviting Google/Doubleclick to watch you (and presumably customize the ads you see ... and presumably sell your "consumer profile" to other advertising companies... ) as you travel around the Internet. Meanwhile, phishing websites can easily relocate once their URL has been added to the blacklist. If you want to avoid being caught by an online scam, a bit of caution and common sense are far more useful, and far less intrusive, than the Firefox (and IE) phishing filters.

   The Firefox phishing filter settings are under Tools -> Options -> Security . Uncheck the two boxes marked "Tell me if the site I'm visiting....". For more thorough blocking, search about:config for "safebrowsing" and remove all URL strings found.

Back to Index

K-Meleon

K-Meleon settings are under Edit -> Preferences . The settings are reasonably clear. Under Privacy and Security you will find cookie settings. On the Paranoia tab are settings to disable referrer headers and the idiotic link-prefetching function.

Javascript has its own heading.

Under Page Display -> Content Filters you will find an option to block Flash if you don't want to remove it entirely. On the Page Display -> Images tab there is an option to block 3rd-party images. This is the same setting that was removed from Firefox when Google started paying the bills.

IFRAMEs: IFRAME blocking works the same way it does in Firefox. Just substitute "K-Meleon" for "Firefox" in the path to userContent.css.

K-Meleon is cleaner, simpler and faster than Firefox, but it does have some rough edges. Notable examples: 1) The source code editor is very primitive. It's really just a viewer, not an editor. 2) Firefox has an option View -> Style -> No Style that allows all style settings in a webpage to be turned off. That option can be very useful with poorly designed websites. For instance, for a long time Microsoft webpages had no vertical scrollbar if scripting was disabled. There was no way to see the whole page! Viewing the page with no style fixes that kind of problem.

Back to Index

Specialized Options Specific to Firefox and K-Meleon

   Firefox and K-Meleon have a number of features that do not show in the standard settings window but which are adjustable. Most of these features are not available in Internet Explorer at all, even though several of them (such as the ability to control the referrer header) should be available in any properly made browser.

   Unfortunately, the documentation for these settings is limited, while the format and system for the naming of settings is excessively "geeky". The system for adjusting these settings dates back to the early days of Netscape and it seems that no one has thought to modernize it since then.

   The easiest way to change these settings is to type about:config into the address bar and then hit ENTER. The resulting list is off-putting. It's a very long list of settings with confusing names and no indication of what the possible values are, but many of the settings are at least documented at mozilla.org. For the settings below, right-click the value and click Modify. If the value is not present it can be added with right-click -> New.

Back to Index

Some useful settings

Block 3rd-party images

K-Meleon: Edit -> Preferences -> Page Display -> Images tab

Firefox: This option is no longer in the settings menu of Firefox but can still be set in about:config. Image behavior options: 0-accept all images. 2-no images. 1-no 3rd-party images.

Setting: network.image.imageBehavior  Value: 1
Setting: permissions.default.image Value: 3

Image animation

This will prevent animated GIFs from repeating:

 Setting: image.animation_mode Value: "once"

Prevent blinking text

Setting: browser.blink_allowed Value: false

Block sending referrer header

This blocks sending of the referrer header, which tells a website where you are coming from if you click a link. That information is used by websites to find out what other sites are linking to them. That's not especially problematic, but if you would prefer to maintain your privacy you can turn the function off.

K-Meleon: Edit -> Preferences -> Privacy and Security -> Paranoia tab

Firefox: This setting must be added in about:config. The setting has also changed over time. To be thorough, set all of the following:

Setting: network.sendRefererHeader Value: false
Setting: network.http.sendRefererHeader" Value: 0 
Setting: network.http.sendSecureXSiteReferrer Value: false

(This is a good example of the disarray and lack of planning with Firefox settings. Not only do common settings for things like the referrer text get changed willy nilly. There are actually two different spellings used for "referrer"!)

Back to Index

Control UserAgent

The UserAgent string is a string of text that the browser sends to websites in order to identify the operating system and browser. That is normally harmless, but in some cases a webpage may render better if you pretend to be using a different browser. If you have script enabled your userAgent should be displayed below in red:

K-Meleon: To change the userAgent string go to Edit -> Preferences -> Privacy and Security -> Paranoia tab

Firefox: This setting must be added in about:config.

 
Setting: general.useragent.override 
Value: "xxx"

where "xxx" is the UserAgent string in quotes. The following samples can be used to mask your system as a different operating system and/or browser. Replace xxx with one of the lines below. :

 
   Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
   Mozilla/5.0 (compatible; Windows 98; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
   Mozilla/4.76 (Macintosh; I; PPC) 
   Mozilla/4.61 [en] (X11; I; Linux 2.2.13-33cmc1 i686) 
   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Back to Index

Stop Prefetching

   Prefetching is an idea of questionable value that is nevertheless part of the HTML specification. The idea with prefetching is to allow a website to take advantage of the time when your browser is not busy. For example, if your browser has finished loading Page 1 of an article, a special prefetch link on that page could force the download of, say, a large image that might be needed later if you decide to go on to Page 2 of the article.

   The problem with prefetching is that it's rarely likely to be useful, it takes control away from the visitor, and it can allow unrequested and undesired files to be stored in your browser cache. For instance, there is nothing to prevent a webpage prefetching ads, undesired webpages, and possible cookies that go with them.

   Unfortunately, while the prefetching setting is available in K-Meleon, it is one of several relevant settings that the Firefox "Mozilla team" seems to think are too complex for the browsing public to understand. From the Mozilla.org explanation of why prefetching is not included in the Options window:

"...our theory is that if link prefetching needs to be disabled then there must be something wrong with the implementation. We would rather improve the implementation if it does not work correctly, than simply expect users to locate some obscure preference in the preferences UI."

   That sort of arrogance (combined with the commercializing influence of funding from Google) is why Firefox, despite all of its good features, is badly lacking in options for people to easily control settings. To stop pre-fetching:

K-Meleon: Edit -> Preferences -> Privacy and Security -> Paranoia tab

Firefox: This setting must be added in about:config.

Setting: network.prefetch-next 
Value: false

Back to Index

Settings Specific to K-Meleon

K-Meleon Bookmarks

The Bookmark plugin that installs with K-Meleon by default enables the use of Netscape/Firefox-style bookmarks. With that plugin enabled ( Edit -> Preferences -> Plugins ) just copy your Firefox bookmark file (bookmarks.html) from the Firefox Profile folder, into the K-Meleon Profile folder. (The Firefox profile folder is Documents\Settings\[username]\Application Data\Mozilla\Firefox\Profiles\[username].xxx

K-Meleon Appearance

   K-Meleon is not quite so polished as Firefox in terms of toolbars, etc. The default icon, notably goofy, seems to be a smiling dinosaur cartoon. But K-Meleon is adaptable. In Edit -> Preferences -> Display , choose a skin. "Phoenity" is the up-to-date skin. Once a skin is selected, go to the program folder and find the corresponding subfolder in Skins. In other words: \Program files\K-Meleon\Skins\[skin name]\.

Toolbar background image:
   Place a BMP file in the Skins subfolder. Then open K-Meleon, type about:config into the address bar and press Enter. Set the value of kmeleon.display.backgroundImage to the full path of the BMP file. Set the value of kmeleon.display.backgroundImageEnabled to True.

Program icon:
   Perhaps the worst thing about K-Meleon is the garish, kiddie-style program icon, which is a bright green cartoon dinosaur. To change it: In the Skins subfolder, replace main.ico with an icon of your choice. It should be a 256-color icon with both a 16-pixel and 32-pixel size contained in it.

Toolbar buttons:
   Toolbar buttons can be removed by editing the file toolbars.cfg in the Skins subfolder. It is fairly self-explanatory. Just use a hash mark to comment out any buttons that you do not want to be visible.

Note that the graphic options above only apply to the current skin.

Activity Indicator (AKA Throbber):
   In addition to the silly program icon, K-Meleon also sometimes uses silly "throbber" animations to indicate that a webpage is still loading. To change the throbber animation, put any .AVI file into the folder corresponding to the currently used "skin" (C:\Program Files\K-Meleon\skins\) and name it "throbber.avi".

   Firefox: The activity indicator can also be changed in Firefox, but it's a bit more work. First, the file needs to be an animated GIF, not an AVI. Then also select a non-animated GIF to indicate no activity. Open the [Profile]\chrome folder. (Explained elsewhere on this page.) Put the two GIFs in that folder and open or create the file userChrome.css. In userChrome.css add these lines:

#navigator-throbber {list-style-image : url("still.gif") !important;}
#navigator-throbber[busy="true"] {list-style-image : url("active.gif") !important;}

(Note: The file names can be anything.)

Back to Index

K-Meleon - Fixing Multiple Window Problem

One odd default setting in K-Meleon is that it opens bookmarks in new windows. That behavior is unconventional and may not be desired. To make bookmarks open in the same window, open K-Meleon, type about:config into the address bar and press Enter. Find the setting kmeleon.plugins.bookmarks.openurl. If the value is ID_OPEN_LINK_IN_NEW_WINDOW then change that to ID_OPEN_LINK.

K-Meleon - Stop PDF Files Loading

   Adobe has been downright obnoxious in their tireless effort to make PDF files a web standard. By installing browser plugins without asking, Adobe has fooled many people into thinking that PDFs are like webpages - in hopes of selling more copies of Adobe Acrobat. The problem with Adobe's behavior is that in most cases it makes more sense to save PDF files to disk rather than to load them in the browser. A PDF is good for flexible printing and very little else. PDF files are not especially convenient for reading text onscreen. Also, PDFs have been the subject of numerous security problems. Yet it can sometimes be difficult to just save a PDF to disk because Adobe's plugin jumps in and takes over.

   In Firefox, plugins can be disabled/removed in Options -> Main -> Manage Add-ons . Also, look in Program Files\Mozilla Firefox\plugins if you want to remove the plugin files altogether. (See next paragraph for more specific info. about the Acrobat plugin.)

   K-Meleon has no options to control plugins, and the user-pref settings may be ignored. To stop K-Meleon from loading PDFs in the browser, find the Adobe Acrobat Reader plugin folder. The path should be something like C:\Program Files\Adobe\Acrobat x.0\Reader\Browser. Or find the path by doing a search for the file nppdf32.dll. (That file is the Netscape PDF plugin.) Once the path is found, rename the file or rename the parent folder, to something like "noBrowser", so that K-Meleon cannot find it. Or just delete the DLL file if you know you don't want Acrobat Reader opening PDF files in your browser. Also check to make sure another copy of that file is not in the Program files\K-Meleon\Plugins folder. That should stop Acrobat, but K-Meleon is especially badly behaved when it comes to plugins. Not only are plugin settings hidden - if the Acrobat plugin is not found K-Meleon may even try to hunt down the Acrobat Reader program on your system and force that to open PDF files! If you have that trouble, it may help to also add this line in about:config:

Setting: browser.helperApps.neverAsk.openFile Value: "application/pdf"

Back to Index

Have the Mozilla People Gone Off the Deep End?

   Firefox seems to be turning into a disaster....

   As of this writing (Feb., 2012) Mozilla.org, the makers of Firefox, have just released Firefox 10 and are on a planned schedule to release a new major version every 6 weeks! There is also a plan to eliminate version numbers altogether. The idea seems to be that Firefox will gradually be transformed into a service that is constantly calling home and changing itself. Upping the major version number every 6 weeks seems to be the planned method to make the transition: The higher the version gets, the more ridiculous and uninformative it is, and the more likely to be ignored. With Firefox 10 the version number is already meaningless. In another year the version number will be 18. It's likely that by v. 15 Firefox will have been transformed from a software product into something more accurately described as a self-updating infestation.

   There's great irony here. The original Firefox project had an idealistic tone: Finally some people were creating a choice; a clean, honest, fast, efficient, configurable browser to release people from the tyranny and the security problems of Internet Explorer. But now the people at Mozilla.org are trying to remove all choice. People actually using Firefox will have no say in the constant changes. It seems that Firefox users are destined to end up like so many Facebook addicts, who came to get a lazy man's free homepage and ended up hooked on an ad-infested nightmare of AOL.

   Unfortunately, the Firefox situation is not merely a case of cloud mania. Mozilla.org get the vast majority of their funding from Google, in exchange for putting the Google search bar in their browser window. What started out as a small organization creating a simple and well-made "browser for the people" has turned into a giant enterprise with a budget of over $100 million per year. The Mozilla people have been making Firefox more advertiser-friendly, apparently to please Google/Doubleclick. The first step was to hide the option to block 3rd-party ads and tracking beacon spyware images in webpages. Newer moves include an attempt to provide an online ID service, which would make it very easy to track and positively identify all people using Firefox, all the time. There are also overkill schemes to saddle you with a commercialized homepage, to stuff each new tab with a selection of frequently visited sites in order to "save your precious time" (but who generates and stores the frequently-visited list?), to find a way to bypass system security so that Firefox can update itself constantly without telling you, and to provide a method for commercial websites to constantly spam you through the Firefox browser, even when you're not online.

   Firefox seems to be turning into a bloated, overproduced slave of Google's relentless privacy encroachment. It may no longer be a viable choice of browser. As of this writing, Firefox v. 3.6 is still reasonably civilized and scheduled to get security updates until late April, 2012. Firefox 3.6 may be a good choice to stick with, for those who don't want to go along with Mozilla.org's bizarre, commercial change in direction.

Back to Index