A new, trackless search engine has recently arrived on the block -er pond.

The new critter is called duckduckgo.

Yes, really.  Duckduckgo.com.  Wierd, funny, (is this a joke, huh?)
And somewhat memorable, and evidently no joke.

She, or he (gender of duck yet to be determined) purports to respect your privacy by not remembering everything you do, as opposed to those neighborhood busybodies, Bing and Google, who love to gossip by passing on your search terms to sites that you visit.

Not only does she promise to not save your search history, she promises to not even save your IP address, nor pass on your search terms (in most circumstances), nor assign a ‘unique identifier’.

WHAT? A search engine that isn’t out to make money off your lack of direction in life, your need for speed, your thirst for knowledge, your seeking of truth, or at least the best price on the latest gizwangbam gadget?

And not only that, she will also encrypt your search by merely adding an “s” onto http. Whoa, doggies!  Er, Whoa duckies!

How about that, folks?

Give ‘er a spin!

https://duckduckgo.com

While you are at it, check out her privacy page for an enlightening discussion about search engine privacy, or rather, the lack of it.

http://duckduckgo.com/privacy.html

How to craft a well protected browser:

Practically  speaking, anonymity is very difficult to achieve on the web, but with some small effort, you can increase your privacy significantly.

Here is the recipe:

• the latest version of the Firefox browser (if you can keep up with their fast-track version cycle!)
• Always make sure that Adobe Flash is updated to the latest version.
• Firefox plugins

1. Better Privacy
2. Ghostery
3. NoScript
4. Https-Everywhere
5. Adblock Plus

Then set the browser options to:

1. Set the cashe to a relative small size, say 10 MB.
2. Delete cashe on exit (temporary files)
3. Delete history on exit.
4. Delete cookies on exit. Note: also set Better Privacy to delete ‘super cookies’ (flash cookies) on exit.
5. Select the “do not track” option (under the privacy tab)
6. Use a password manager such as RoboForm

Don’t forget!  You are still not private or anonymous. So be nice.

Remember “Practice Safe Computing”

Recently, Startpage.com made encrypted search the default.  They now use SSL for all searches.  Previously it was optional.  This may be of interest to anyone who doesn’t care for having extensive online search profiles stored by Google or Bing or other search engines.  We recommend it.

Opera?  No

Chrome? No

Firefox? No

Safari?  No

Internet Explorer 9?  Yes

As per the following source article, Internet Explorer is by far the best browser at keeping Malware off our computer. (But you do need to listen to it)

In this competition, IE9 was effective at preventing 92% of malware infections.  IE8 blocked 90%.

The nearest competitor only blocked 13%.

Note: SmartScreen Filter must be ON.

(this is about stock, off-the-shelf browsers, not security enhanced browsers such as Dragon, or add-ons and security and privacy plugins, etc.)

Source

Startpage.com in now providing google search results without sending identifying information to google. And that is a good thing. For even more privacy, startpage.com is available using SSL encryption, by using HTTPS:

https://startpage.com

Startpage is one of the few search engines that does not record your every move; your every search and what you click on.

“Practice safe surfing”

A couple of the most notorious SVO’s  [Security Vulnerability Offenders] are back again with ‘critical’ updates.

If you have Java or Flash on your computer [Who doesn't?], please make sure you update to the latest versions.

At this writing, for Java, that would be version 6 update 24.

http://java.com/en/download/index.jsp

Flash is more complicated as there are multiple versions depending on your browser.  As of this writing, Flash for 32 bit Internet Explorer would be version 10.2.152.26.  For 64 bit IE, it would be version 10.2.161.23.

(by the way, these new versions also provide enhanced performance.)

http://get.adobe.com/flashplayer/

Generally speaking, if you visit the above addresses with the browser of your choice, you will be offered the correct version.

[After all, what could possibly go wrong?]

Have you heard of URL hijacking?  What is it?  How does it happen?  What are the consequences?

I received a panicked call from one of my customers the other day:  Hey, what’s wrong here?  What happened to Mapquest?

So, I typed in mapquest.com and it came right up.  So I asked, tell me more about what is happening, please tell me step by step what you are doing and what you are seeing.

“Oh, I just typed in mapquest and I am getting this site that looks like mapquest but now they want my phone number and some other info.”

OK, where exactly did you type in mapquest?  In google* by any chance?  Did you put in mapquest.com?

“No, just mapquest.”

So I said, please type in mapquest.com in the address bar in the top of you browser, not in the google* search window.

“Oh, that works!  There it is!  Thanks!”  ”But I did type it into the address bar!”

So, what do you suppose happened here?  How did she get to a web site that was trying to scam her into revealing personal information?

Answer: URL Hijacking.

1. Her browser was set to search from the address window.
2. She did not type in the full URL. (or she could have misspelled it slightly)
3. She clicked on a result that looked like mapquest.
4. She ended up at a malicious website what was trying to trick her into revealing her identity and probably also attempted to install malware on her computer.

Solution:

1. Turn off searching from the address bar.
2. Never look for a known web site by searching for it. If you know the correct URL, type it into the address bar, not into some search engine.
3. If you do search for a web site, be skeptical and very careful about the results.

* any search engine can lead you to URL Hijacking.  Her browser happened to be set to search from the address bar using google.

Source, and more info: http://www.infopackets.com

The Electronic Frontier Foundation has produced a small add-on for Firefox, called “HTTPS Everywhere BETA” that causes Firefox to favor the SSL encrypted version (HTTPS) of a number of popular web sites.   We have tested it and found it works very well for the limited number of sites it supports. But then again, not many sites give you the option of connecting via SSL.

Source:  https://www.eff.org/https-everywhere

There is really nothing new about this so called “Google Hack”.   Hacks like this have around for quite some time.  The problem is that the hackers are getting better all the time and way too many web users don’t properly secure their PC’s.  Google is singled out because it has such a large user base, but most any search engine can lead you to an infected web site. 

One common risky practice is using the search engine to get to commonly used web sites instead of typing the URL in that address bar of their browser. 

Also, unfortunately, some popular web sites become infected with malicious code that infects unsuspecting visitors.   How does one stay safe? 

Update all security related software and software with commonly exploited security vulnerabilities.   These include: 1) your firewall/ anti-virus/ anti-malware software 2) your browser 3) JAVA 4) Adobe Flash  5) Quicktime  6) Adobe Reader 7) Microsoft Office your operating system

We suggest using the Secunia PSI tool to scan your computer for these security velnerabilities and more.

This video interview spells it out pretty well.

Yes, it’s true.  With a few relatively simple programming tricks, a web site can effectively discern your browsing history.  Any web site, if they so desire, can figure out quite a lot of information about where you have been on the Internet as well as what you have searched for on well known search engines.

How:  Most people who surf the net have their browsers set to remember several weeks of browsing history, and they could visit a lot of web sites over that period of time. 

Well, unbeknownst to you, you may be letting on a lot more than you realize.

Cookies can also be used to spy on your browsing habits, but this techmique has nothing to do with cookies.  Therefore even if you diligently delete cookies, you may falsely believe your browsing habits will not be passed on to some other site you visit. 

How is this done?  All it takes is a simple bit of CSS and/or JavaScript code, and a database of links to test.  They can test up to a million links per minute.  That is right, I said a million links per minute.  And you won’t have a clue it is going on.

Now, what do you suppose a web site would want to test for?   Huh?  Just use a little imagination and you will answer that question for yourself.

The results can be added to another database that includes your I.P. address and whatever other identifying info can be gleaned from cookies and standard data that all browsers give out.  This standard data includes the brand of browser you are using, screen resolution and enough other information to uniquely identify your computer with a high degree of accuracy.  And that is not all.  Other techniques can test for content in your browsers cache.

 How to combat this?  Some suggestions:

• The most reliable way is to set your browser to not keep a browsing history (or to keep a very minimal history, say a day or two), and delete the history you already have.  
• Set your browser so that new and visited links have the exact same color.
• Keep your cache relatively small and delete it regularly, if not for every session. 
• Surf with a variety of browsers.

For more info, and to test your browser, you may visit the following links:

 http://www.whattheinternetknowsaboutyou.com

 http://startpanic.com/

Remember: Practice Safe Computing!