Using Privacy Features

Your browser includes features you can use to enhance the privacy and security of your personal information. The sections that follow describe how your browser can help you control cookies, passwords, and images while you are surfing the Internet.

For information about related &brandShortName; security features, see Signing & Encrypting Messages and Using Certificates.

Privacy on the Internet

This section summarizes some background information about privacy on the Internet. It also describes several things you can do to help safeguard your own privacy. It is not intended to provide a complete description of Internet privacy issues.

What Information Does My Browser Give to a Website?

When your browser displays a web page—for example, each time you click a link or type a URL, or when a web page is displayed in an email message—it gives certain kinds of information to the website. This information may include (but is not limited to) your operating environment, your Internet address, and the page you're coming from.

Operating Environment

The website is told something about your operating environment, such as your browser type and operating system. This helps the website present the page in the best way for your screen. For example, the website might learn that you use &brandShortName; 2.19 on a Windows 7 computer.

Internet Address

Your browser must tell the website your Internet address (also known as the Internet Protocol, or IP address) so the website knows where to send the page you are requesting. The website can't present the page you want to see unless it knows your IP address.

Your IP address can be either temporary or fixed (static).

If you connect to the Internet through a standard modem that's attached to your phone line, then your Internet service provider (ISP) may assign you a temporary IP address each time you log on. You use the temporary IP address for the duration of your Internet session—for example, until you sign off or hang up your dial-up connection, or otherwise end your computer's live connection with the Internet. Each ISP has many IP addresses, and they assign the addresses at random to users.

If you have DSL, a cable modem, or a fiber-optic connection, you may have a fixed IP address that you use every time you connect.

Your IP address is not the same as your email address.

Referring Page

The website is also told which page you were reading when you clicked a link to see one of the website's pages. This allows the website to know which website referred you. Or, as you traverse the website, it allows the website to know which of its pages you came from.

[Return to beginning of section]

What Are Cookies, and How Do They Work?

A cookie is a small bit of information used by some websites. When you visit a website that uses cookies, the website might ask your browser to place one or more cookies on your hard disk.

Later, when you return to the website, your browser sends back the cookies that belong to the website.

When you are using the default cookie settings, this activity is invisible to you, and you won't know when a website is setting a cookie or when your browser is sending a website's cookie back. However, you can set your preferences so that you will be asked before a cookie is set. For information on how to do this, see Privacy & Security Preferences - Cookies.

How Do Websites Use Cookie Information?

Cookies allow a website to know something about your previous visits. For example, if you typically search for local weather or purchase books at a website, the website may use cookies to remember what city you live in or what authors you like, so it can make your next visit easier and more useful.

Some websites publish privacy policies that describe how they use the information they gather.

What Are Third-Party Cookies?

If your browser stores a website's cookie, it will return the cookie only to that particular website. Your browser will not provide one website with cookies set by another. Since a website can only receive its own cookies, it can learn about your activities while you are at that website but not your activities in general while surfing the Web.

But sometimes a website displays content that is hosted on another website. That content can be anything from an image to text or an advertisement. The other website that hosts such elements also has the ability to store a cookie in your browser, even though you don't visit the website directly.

Cookies that are stored by a website other than the one you are visiting are called third-party cookies or foreign cookies. Websites sometimes use third-party cookies with transparent GIFs, which are special images that help websites count users, track email responses, learn more about how visitors use the website, or customize your browsing experience. (Transparent GIFs are also known as web beacons or web bugs.)

If you want, you can adjust your cookie preferences so that websites can store ordinary cookies but not third-party ones, or only for those sites that you have previously visited.

[Return to beginning of section]

Why and How Are Websites Tracking Me?

Websites are frequently interested in how they are used and by whom. Thus, they may perform analytics on your browsing behavior, either by themselves, or by utilizing a third-party service.

Motivations for such user tracking may be a more personalized browsing experience, e.g., by offering you services or products corresponding to your previous browsing pattern, thus making it more likely that you are interested in those. Third-party services are mostly interested in placing advertisements that match your interests, thus making it more likely that you would click on those ads, which in turn generates revenue.

Of course, this list isn't all inclusive, other reasons may exist to track the user's browsing behavior. To summarize, the trade-off is:

• Pros: Tracking of the user's browsing activity allows the website to provide a more specific browsing experience, by analyzing and matching your interests. You may even get offers you wouldn't receive without prior knowledge of your usage pattern.
• Cons: In most cases, especially with third-party tracking services, the information is gathered without the user's consent, and its usage is not transparent. Comprehensive user profiling across websites and over long periods of time may be considered intrusive and a questionable practice violating the user's privacy.

What Are the Mechanisms of User Tracking?

There isn't any single tracking mechanism, rather several methods exist. For example, a website may employ one or more of these methods:

• Cookies: This is the most direct form of user tracking. When visiting a website for the first time, a random but unique identifier is created by that site and stored as a cookie in &brandShortName;. When returning to the website, this cookie associates you with any previous visit to that site. This is especially effective for third-party tracking given that such a service can collect data from multiple websites they have contracts with based on just a single tracking cookie.
• Internet Address: The IP address identifies your location on your provider's network. It may also serve as a reference to your geographical location. Even without cookies, multiple accesses to one or more websites from the same location can be associated with each other in this way.
• Geolocation: Much more detailed information about the user's location can be obtained with location aware browsing services. Based on additional information gathered by the browser, such as wireless access points, a user's position and (in certain situations) heading and speed can be determined and used by the website to track the user.
• Browser Fingerprinting: This method attempts to identify specific users based on the characteristics of the browser that they are using. Such characteristics include browser type and version, platform used, language preferences, and possibly installed plugins or add-ons.

What Can I Do to Prevent User Tracking?

In general, there is no complete protection against unwanted tracking of one's browsing activities. However, there are a couple of ways to make it harder to get tracked:

• Do Not Track: This is a method that allows users to explicitly opt out of their browsing behavior being tracked. &brandShortName; supports sending Do Not Track requests to websites, but they are not obligated to honor such requests.
• Site blocking: &brandShortName; can block content that has been identified as serving the purpose of user tracking based on a list downloaded periodically from a server. In this way, connections to such known tracking sites can be prevented upfront.
• Location Aware Browsing: Disabling geolocation services prevents a website from obtaining location information beyond what can be derived from the IP address of the access alone. Note though that this is always an opt-in service, thus you will get a notification for each request unless you gave a website permanent permission to use geolocation services.
• Cookies: The power of tracking cookies is their persistence across sessions. Thus, when you restart &brandShortName;, the identifying cookie will still be sent to the website performing the analytics. One measure against third-party tracking is to prohibit third-party cookies altogether; another option is the restriction of cookies to the current session only. Some websites may no longer function correctly, but you can add exceptions to such sites in the Data Manager or with the Cookie Manager options in the Tools menu.
• Plugins: Obscure plugins make browser fingerprinting easier. Thus, if you need such plugins for some websites but not in general, disable them in the Add-ons Manager until you need them, to avoid that they are disclosed to tracking sites.
• Add-ons: There is a variety of extensions available for privacy & security support. Some of them will block unwanted content from advertisers or tracking services, others provide more control on private data collected by plugins (e.g., Flash cookies), or when and how to run scripts or embedded content.

Note: The issues related to user tracking are complex. This description is not intended to be complete but to provide you with some basic information on this topic.

[Return to beginning of section]

How Can I Control Web Pages in Email Messages?

You can disable cookies, images, and plugins completely (JavaScript is always disabled) for web pages that are received as part of email messages.

While it may be convenient to enable some or all of these capabilities when you're browsing the web, they may not be necessary in single web pages sent as attachments to messages.

For information on enabling or disabling cookies, images, and plugins in email messages, see the following sections:

• Privacy & Security Preferences - Cookies
• Mail & Newsgroups Preferences - Message Display
• Advanced Preferences - Scripts & Plugins

[Return to beginning of section]

How Can I Make Sure Unauthorized People Don't Use Information About Me?

The best way to keep your information private is to read the privacy policies for the websites you visit and the Internet services you use, and to be cautious about giving out your personal information online.

The Internet is a public network. When you send your name, phone number, address, and other personal information over the network (via a web page, email, or any other method), it is possible that someone else may be able to intercept it.

Here are some questions you might ask about a website's privacy policy:

• What kinds of personal information is this website gathering?
• How will the website use the information?
• Will the website share the information with others and do I have choices regarding the use of any shared information?
• Can I access some or all of the information a website gathers about me, in order to inspect or update it?
• How does the website protect the information?
• How do I contact the website if I have questions or problems?

[Return to beginning of section]