Protecting your LiveJournal privacy with Firefox

[ciphergoth]

This journal entry describes ways in which people you know may be monitoring the way you use LJ. How often you read their journal, what friends groups you define, and so on.

It's done with what are called "web bugs" - tiny images served from special servers that record this information. You can block the servers that serve the web bugs, but they can always create more servers, so it's a game of "whack-a-mole".

Today I found out about a setting in Firefox that blocks *all* web-bug based tracking, from all websites to all websites, permanently. No longer will people be able to monitor you in this way.

Go to the URL bar and type "about:config". Select the setting "network.http.sendRefererHeader". If it has the value "2", change it to "1". That's it.

Technical details

I'll be setting this on all my browsers ASAP.

Comments

[ciphergoth.livejournal.com]

The only example I can think of is that some websites, in order to prevent image "stealing", will check the Referer header on an image before serving it to make sure it matches the serving site, otherwise they substitute an image that says "don't steal my images". However, most such sites default to providing the correct image if you don't supply a Referer at all, so for the most part they will work better, not worse, after this change.

[zeke-hubris.livejournal.com]

Wonderful. Thanks for clearing that up :-)

[mskala.livejournal.com]

For images I post in Livejournal, a valid referrer header is required - with no referrer, you get a redirect to tubcat.com. That's because any image that appears in a public Livejournal posting takes a massive hit from the "show the last N pictures posted on all of Livejournal" scripts. Here's an example:



With a referrer from my site or Livejournal, you'll see Hällo Kitti. With some other, or no, referrer, you'll see tubcat.

[nikolasco.livejournal.com]

I expect that most, if not all, of them use the data from /stats/latest-img.bml (http://www.livejournal.com/stats/latest-img.bml). You can opt-out of it, and all the similar "latest things" by going to the console (http://www.livejournal.com/admin/console/) and entering:
set latest_optout yes

(my usual entry for this (http://atrustheotaku.livejournal.com/299997.html))

[mskala.livejournal.com]

Is that better than what I'm doing? At first glance, it looks to me like it's not something I want to do.

[nikolasco.livejournal.com]

It depends on what you want ...
Your current approach stops your image from loading on non-livejournal pages, including the latest image sites and google image search and whatnot. It does hose the people without Referer headers; that's a very small number in general but depending on how many of your friends follow the advice in the OP it maight be signficiant. Modifying your server's rules to block the offending latest image site might be a reasonable compromise.

Disabling the "latest things" removes you from the list of updates. So, it will slow down indexing of your entry by feed search engines (Technorati, PubSub, etc.) and maybe some of the web-based aggregators.

I'm not sure which approach is better for you. After glancing at your journal, I see that you don't have the bot blocking pref on and your feeds contain complete information. So, I'm guessing you'll want to stick with your current approach or maybe modify it.