Java and malvertising jeopardize user security even when visiting legitimate websites. Browsers are designed to reach out to servers to execute code written by someone else. Even with regular security improvements, eliminating the risks from plug-ins found in Java, Adobe Reader, and other apps will not fully circumvent the business model of a conventional browser, one that is tied to online advertising revenue. Even conscientiously updating one’s browsers via routine security updates from software vendors will fail to mitigate risks from plug-ins, such as those found in Java, Adobe Reader, and other applications.
Nevertheless, several new secure browser options for those loyal to a specific browser are becoming more prevalent in the enterprise system. The ability to tweak Chrome, Firefox or Internet Explorer, by fine-tuning them for security and privacy is possible. Each of these browsers has a privacy mode. However, the purpose behind a truly secure browser is to ensure your browsing activity is not exposed. Therefore, unless you log into a site where there aren’t any cookies or methods of tracking your behavior or IP address, browser security settings may still lead “someone” back to you or your organization.
The prudent researcher may habitually enter incognito mode on Google Chrome or she may utilize the advanced privacy and do-not-track settings in Firefox and IE with the expectation that this will provide adequate anonymizing. However, it is important to understand the limitations of these in-browser security options. While these tools may prevent cookies and browsing history from being locally saved, this does not necessarily correlate to strongly private or secure searching.
Several search engines now incorporate stronger privacy-generating tools. Two privacy-enhancing search engines are DuckDuckGo and StartPage.com, both of which offer improvements over using IE, Firefox or Chrome directly. For example, DuckDuckGo does not, as a matter of course, collect personally identifiable information. However, Web-based search engines are accessed via one’s normal Web browser, so the security limitations built into these browsers may still be material. While one’s search criteria and results may be anonymous, once one clicks on a search result, one loses the secure environment provided by the search engine. When one accesses search results using such search engines, the sites visited may collect information, and such information may be sufficient to identify one’s IP address and corporate entity. While one can access free proxy services through both DuckDuckGo and StartPage.com, searching in these environments is inherently slow and often encumbered by substantial on-screen advertising.
To achieve actual anonymity while maintaining efficient Web browsing, organizations should strongly consider conducting research utilizing secure browsers. Such products may offer security enhancements over standard browsers by means of sandboxing, removing access to insecure features via a replacement browser, as well as through anonymizing proxy services. Sandboxing is a security mechanism through which programs or operations are executed in a restricted environment separate and isolated from one’s network or computer. While some browsers, such as IE and Chrome, may be sandboxed from a user’s desktop, information about one’s identity and searches are not protected and kept anonymous. Sandboxing here refers to additional anonymizing, sandbox functions. An increasing number of companies offer such features and the below chart highlights several such products.
There are several zero footprint, private browsers for individual and corporate use. For the purposes of this article we will look at specific products, but this should not be interpreted as an endorsement of any product. Rather, we hope this will assist individuals and organizations in identifying features and capabilities. e-Capsule is a Web browser that maintains individual user anonymity by both encrypting temporary file data at the block level and by leaving no trace on one’s computer once the c-Capsule session is ended. Silo, a Web browser by Authentic8, goes even further. The browser is accessed via a downloaded client app through which the user securely connects to Authentic8’s servers. All Silo browsing is conducted in a single-use, secure container in the cloud. This insulates the user from any tracking, phishing, or brute force attacks originating from any visited sites. All browsing conducted via such sandboxed, proxy-based platforms offers a high level of security from any Web-based malware threat and provides excellent anonymity from any website visited.
Law firms, corporate legal departments, and government counsel offices are repositories of enormous volumes of sensitive data and, as such, are increasingly prime targets for hackers. As the “Panama Papers” leak originating at law firm Mossack Fonseca shows, malicious actors are targeting legal entities, and the release of data obtained can have far-reaching and negative consequences. Research and legal information professionals must be aware that consequential lapses in security can originate with insecurities inherent in the tools we use to conduct Web searching. It is important that our profession remains at the forefront in investigating and investing in tools to maintain our organizational security. Anonymous Web browsing tools are key components in this ongoing fight.
Back to Contents