Add-ons that help browsers block Web trackers

Add-ons that help browsers block Web trackers

Browsers provide a fairly good first line of defense against Web tracking, but to protect against beacons, JavaScript trackers, and widgets, you need more.

Third-party browser add-ons and applications can provide better defenses against websites that want to follow your online activities.

In last week’s Top Story, “You’re being followed! How to block Web tracking,” I discussed the anti-tracking tools built into the three top browsers: Firefox, Google Chrome, and Microsoft’s Internet Explorer.

Most browsers’ tools let you manage the simplest form of tracking — cookies. But trackers use many other techniques for following your online activity, including beacons, bugs, IP-address linking, scripts, tracking pixels, widgets, etc. There are literally hundreds of tracking technologies in use, all designed to record your browsing habits and interests.

Why so much effort to find out what you do online? Targeted advertising is the most common reason. Sites are paid for ad space — but they’re not paid much. So websites use what they know about you to display ads that you’re more likely to click. And the more they know about you, the more effective the ads will be. That’s the theory, at least. It’s why you can go to a shopping site and look up a product, then have ads for that product follow you wherever you go on the Internet.

Most add-on anti-tracking products either attempt to detect scripts, beacons, and other tracking technologies or keep lists of tracking sites to block — and sometimes both. By and large, these products are install-and-forget browser add-ons. Unless you want to exempt a specific tracker from being blocked, you might never even call up the blocking app’s configuration utility.

Tracking blockers also offer another, smaller, bonus: users will often notice slightly faster browser performance. Tracker code typically runs each time you load a webpage. Blocking that code lets your browser move on to more useful things.

A tour of popular anti-tracking products

For this article, I took a look at three leading products: Disconnect, DoNotTrackMe, and Ghostery. If you do a Web search for tracking blockers, these three typically come up most often.

Before getting into the details of these products, I’ll say that it’s difficult to compare how thoroughly these products block trackers — primarily because they report on trackers in different and often confusing ways. (For my tests, I had each tracking blocker scan the same four webpages.)

Disconnect, for example, reports the detected number of separate requests to external domains. On the New York Times homepage, it reported 33 requests from nine domains. Ghostery, on the other hand, reported 11 trackers but not the number of individual requests.

The names of trackers don’t always match up, either. One blocker might report Google as a single tracker, while another will break it down by the individual Google products. You might see DoubleClick and not know it’s a Google product.

Also keep in mind that these products are constantly updating their tracker databases. So Ghostery might find the most trackers on a webpage one day, but DoNotTrackMe finds more the next day. Also, don’t assume that any tracking blocker is 100 percent effective. Just as virus writers are always changing their code to evade detection, so too are trackers evolving their methods of tracking.

Your choice of an anti-tracking app might also be determined by the browser you use. In short, not all blockers work with all browsers.

Finally, there are inherent frustrations when using these products. They will block some things you don’t want blocked! You will find that some websites no longer work as you expected. If the site is one you frequent, you’ll need to use the program’s exemption tool to fix the problem.

Disconnect: A top choice — unless you use IE

After reviewing the three anti-tracking tools, I continue to use Disconnect (site). It’s easy to use but also provides comprehensive reports. It has only one drawback: it works with Chrome, Firefox, and Safari — but currently not Internet Explorer. Disconnect is free, though donations are strongly encouraged to help defray maintenance and development costs.

At one time, Disconnect looked for tracking signatures and behaviors in order to block tracking sites. It now uses a single form of tracker detection: intercepting all requests to contact third-party domains. It then checks whether those domains belong to a tracker. By default, it also denies all requests except those requesting webpage content. The Disconnect site claims over 2,000 third-party sites blocked.

Disconnect’s display is easy to navigate, once you know what you’re looking at. It adds a browser toolbar button — a “D” with an overlaid green square that contains the numbers of domain requests from the page you’re currently visiting. Click on the D, and Disconnect pops up a full report (see Figure 1).

Figure 1. Disconnect reports the number and type of trackers on a New York Times page.

The top of the report has a bar containing the number of requests by the three most common tracking sites: Facebook, Google, and Twitter. All other tracking sites are listed below the bar, in four categories: Advertising, Analytics, Social, and Content. Clicking a category displays an expanded list showing which specific trackers were sending requests. You can quickly block or unblock a tracker by simply clicking its associated checkbox.

Below the reports is an Options section with four tools. The first lets you toggle the currently loaded site between Whitelist site and Blacklist site. This enables or disables all trackers on that site with a single click.

Next, you’ll find a Secure Wi-Fi checkbox. Checking it encrypts data transmissions whenever possible. The feature currently works with Facebook, Gmail, Google, LinkedIn, Twitter, Yahoo, and YouTube.

The third option — Visualize page — graphs the requests coming from the site you’re visiting. I’m still not sure what this feature actually does, because it was never available for any of the pages I visited.

Finally, there’s a Secure search feature that’s not explained and not yet enabled.

Disconnect also includes a dashboard with essentially feel-good bar charts indicating how much time and bandwidth you’re saving as a result of using Disconnect and how many requests have been blocked. Since no actual numbers are provided, this feature isn’t of much use.

DoNotTrackMe: Making tracker blocking simple

Abine’s anti-tracker is truly plug-and-play. DoNotTrackMe (DNTMe; site) runs on Chrome, Firefox, Internet Explorer, and Chrome — and there are no initial settings to configure. About the only user action is to block or unblock specific trackers, if desired. Abine claims that DNTMe blocks over 600 trackers.

A DoNotTrackMe FAQ states, “By default, DNTMe is set to block all tracking.” That wasn’t my experience. On many sites, I found a number of trackers unblocked, though I was able to manually block them. When I opened the product’s configuration utility and unchecked “Use Abine suggestions,” all trackers were subsequently blocked.

Like most anti-trackers, DNTMe puts an icon on the browser’s toolbar, along with an overlay that shows the number of trackers detected on the current webpage. Clicking the icon summons the app’s report display.

A bar at the top of DNTMe’s display shows the total number of trackers on the current page. The next bar down shows the social-network trackers that are present, and the bar below that shows tracking companies that are present. Its tracking-companies report, however, doesn’t distinguish between advertisers, analysis companies, and content providers (see Figure 2). In some cases, that might make it more difficult to decide whether to block or unblock a given tracker.

Figure 2. DoNotTrackMe's report provides basic information on trackers.

DoNotTrackMe is free, but the entire bottom half of the DNTMe display is devoted to ads for paid Abine products. DNTMe should appeal to users who prefer simplicity — who don’t want to tune their anti-tracker and aren’t curious about the details of who’s being blocked.

Ghostery: Detecting tracking technologies

Evidon’s Ghostery (site; free) takes a somewhat different approach to rooting out trackers. It focuses primarily on detecting JavaScript code that’s used by beacons and certain other tracking technologies. Previously, Ghostery didn’t examine requests sent out to third-party sites. At this time, the company has not responded to my query into whether that’s changed. The Ghostery site does claim over 1,400 trackers tracked.

Whatever its methods, Ghostery did a solid job of snagging trackers. I found only a couple of trackers (out of several dozen) that were seemingly missed by Ghostery but caught by the other two products.

And Ghostery’s interface is exceptionally easy to use. The toolbar button shows the number of trackers found on the current page. In Firefox, the report box lists each tracker and gives its category: advertising, analytics, social-network sites, or content providers. If you want to block or unblock a tracker, it’s a simple matter of using the slider button next to the tracker’s name (see Figure 3). Ghostery’s report box has a simpler format in Chrome (see Figure 4). To manager trackers, you click the Edit Blocking Options button and checking the box to the right of the tracker’s entry.

Figure 3. Ghostery's new look in Firefox

Figure 4. In Chrome, Ghostery starts with a simple list of found trackers.

Below the list of trackers are several buttons. One large button lets you whitelist specific trackers on the current webpage or the entire site. Another button pauses tracker blocking — a handy feature if you want to test whether Ghostery is preventing some webpage function that you want active.

Ghostery supports the broadest range of browsers — not only the big four, but also Opera. There’s also a Ghostery version for iPhones and iPads. On the other hand, it currently won’t work with Windows 8, IE 10, or 64-bit Windows. Also be advised: Before you can install the current version of Ghostery on IE, you’ll need to make sure there are no earlier versions installed. In IE, click the gear icon and select Manage add-ons.

Combined defense: These tools are one line of defense against sites that want to know what you do and where you go on the Internet. The other line of defense is configuring cookie controls in all of the browsers you use.

When Microsoft really does call you on the phone

Forum member marshallman reports to the Security & Scams forum this week his recent experience with an “I’m from Microsoft” telephone scam. He wasn’t looking for a solution; he just wanted the impressions of others with similar experiences.

Happily, one genuine Microsoft call — anyone could have received — came with a rational explanation.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Office 2010 SP2 update problems
Word Processing	Word 2010 printing doesn’t follow paper-tray selection
Spreadsheets	Inject code into another workbook
Databases	Need help with Excel and email mail-merge
Presentation Apps	Reference on modifying template
Visual Basic for Apps	Need help with macros for printer bin numbers
Microsoft Outlook	What causes “Outlook Not Responding” error?
Non-Outlook E-mail	Sending photos via Windows Live Mail
Other MS Apps	MSFT no longer allows account switch
Windows
General Windows	Can viruses hide out in System Restore points?
Windows 8	High memory usage: have to restart
Windows 7	System image-restore question
Windows Vista	Popup problems
Windows XP	Windows XP SP3: Missing ASMS file
Windows Servers	Replacing still-functioning — but ailing — primary drive in WHS
Internet/Connectivity
Internet Explorer	Problems getting to bank statements once signed in
Third-Party Browsers	Browser inconsistency driving me crazy!
Networking	Connecting computer to two printers
Other Technologies
Non-Microsoft OSes	What’s the “Linux Way” to do this?
Security & Scams	New scam?
Maintenance	Macrium Reflect: No system-restore points
Hardware	Dell OptiPlex 990 MT cooling
Graphics/Multimedia	MPEG4 video files to DVD
Other Applications	Download older bank transactions to Quicken

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

It's the return of SharkCat — riding a Roomba

By now, you’re probably aware that video as an art form has many genres. The cat-video genre, for example, is particularly rich. We bring you a new offering from a Texan named Helen, who strikes a rich vein following the adventures of her pets — a pit bull, a cat wearing a shark suit, and various barnfowl. (If you want to start the series closer to the beginning, here’s a famous episode.) The new installment picks up in Helen’s kitchen, as Sharky the cat rides the Roomba yet again. Play the video

Easy ways to gain more hard-drive space

Hard drive getting full? Windows’ built-in tools might be all you need to gain more elbow room.

Plus: Avoiding foistware at CNET’s Download.com and similar software libraries, and a selection of reader-recommended PDF-splitting and -merging tools.

Taking back some space on a nearly full drive

Even after running a cleanup tool, reader Eric Ferguson’s hard drive is just plain out of space.

• “I urgently need to make more space on my C: drive.

  “I’m running Windows 7 Pro and have partitioned my hard drive this way:

  C: drive = 29.6GB, with 1.86GB free

  D: drive = 94.7GB, with 49.0GB free

  “I’ve run a disk-cleanup tool and moved what files I can off C: onto D:. Help!”

There are multiple ways to gain drive space, Eric — some of the best are built right into Windows.

However, all disk-cleanup tools make changes to your hard drive and its contents. So before we begin, a reminder to make a complete backup and/or system image. Should something go wrong during the cleanup process, you’ll be able to restore your system to its current condition. (Need backup help? See the May 12, 2011, Top Story, “Build a complete Windows 7 safety net.”)

You’ve already used a disk-cleanup tool, and that’s good. But if you used the tool’s default settings, it probably left behind many nonessential files — potentially gigabytes’ worth!

For example, whenever you run Windows Update, install a service pack, or upgrade a Windows version or edition, Windows makes hidden backup copies of the system files that were altered.

In some extreme cases, an upgrade process might leave a complete, pre-upgrade copy of your OS on the hard drive!

Windows saves these backup files in case an update, upgrade, or similar system alteration goes awry. If there’s trouble, the system can uninstall, undo, or otherwise roll back whatever changes it made by calling up the backup files.

Unfortunately, after system updates are successfully installed, those backup files might remain on your system. They serve no further purpose and may be deleted.

Most disk-cleanup tools can remove these obsolete system-file backups. But for safety’s sake, they typically don’t do so by default. You might need to adjust the tool’s settings, for maximum cleaning.

For example, Windows’ built-in Disk Cleanup tool normally doesn’t touch system backup files. But with just a few clicks, you can make it do so — and free up potentially gigabytes’ worth of disk space!

The Disk Cleanup tool is present in all current Windows versions, but with some differences. Here’s how to set Disk Cleanup for maximum cleaning in Win7 and Win8. (I’ll cover Vista and XP in a moment.)

In Windows/File Explorer, right-click the drive you want to clean and select Properties. (System files are usually on the C: drive, so that’s where you want to start.)

When the disk Properties dialog box opens, click the Disk Cleanup button, as shown in Figure 1.

Figure 1. In Win7/8, access the Disk Cleanup function via a drive's right-click/Properties dialog box.

When the Disk Cleanup dialog box opens, click the Clean up system files button, highlighted in Figure 2. (Note: The test systems shown in the following figures were already quite clean. A less clean system will show more, and larger, file-cleaning opportunities.)

Figure 2. Clicking Clean up system files removes unneeded files system-wide — not just the files in the current user account.

The Disk Cleanup dialog box will disappear for a moment. When it returns, check all the items listed under Files to delete and then click OK (see Figure 3).

Figure 3. Selecting the common file types that can be safely deleted

The cleanup process can take several minutes; when it’s done, the dialog box automatically closes.

Use Windows/File Explorer to see how much space you’ve gained. If it’s not enough, re-open Disk Cleanup, click the Clean up system files button again, and then select the More Options tab (see Figure 4).

Figure 4. Disk Cleanup's More Options can remove optional Windows components, older Restore Point files, and other applications.

You can use the Programs and Features cleanup option to remove software you don’t want or need, or you can use System Restore and Shadow Copies to reduce the amount of disk space occupied by those Windows functions. (You can, of course, also access these settings via the Control Panel.)

Vista and XP: To delete unnecessary system backup files in these operating systems, you must use the command-line version of Disk Cleanup — cleanmgr.exe. For full instructions, see the March 13, 2008, LangaList Plus article, “Using Windows’ hidden Disk Cleanup options.”

Vista and XP also offer several ways (including the Control Panel) to uninstall unneeded programs, adjust System Restore, and so on.

If you’re still short on space, consider Windows’ built-in disk compression, which treats your hard drive as if it were one gigantic ZIP file. Compression happens completely behind the scenes, and files are typically squeezed about two-thirds to one-half their original size. You navigate a compressed drive just as you do an uncompressed one. Programs operate normally, and no file or folder names are changed.

Compression is included in all versions of Windows, and disks must be NTFS-formatted. You initiate compression via the simple disk Properties checkbox, shown in Figure 5.

Figure 5. Windows' behind-the-scenes disk compression

Still not enough space?

Consider adjusting your partitions: take some disk space away from your large D: partition and assign it to the too-small C: partition.

Free tools make this a fairly easy and straightforward task, as discussed in the March 28 LangaList Plus, “Safely, easily move partitions with these tools.”

And if that’s still not enough space, your best bet is simply to buy a larger hard drive. One-terabyte drives sell for well under U.S. $100 — you’d gain almost ten times the space you have currently!

Is CNET’s Download.com app installer foistware?

While downloading software mentioned in the July 25 LangaList Plus item, “Reader-recommended cleaning tool,” Dunc Petrie felt he’d encountered a clear case of foistware: software bundled along with other software, often installed covertly or via subterfuge, and sometimes designed with malicious intent!

• “In the [July 25 LangaList Plus] item, a reader asked, ‘Have you seen Wise Disk Cleaner (free; site)? It claims to be faster and better than CCleaner. … It also doesn’t include the usual foistware baggage.’

  “When I went to CNET’s Download.com to get the software, the site stated that the download would ‘include offers for carefully screened software …’ [see Figure 6] and that I could also select an ‘Optimum Installer’ (with terms of service that I didn’t bother to investigate).

  “Why should downloading a simple file include a kitchen sink–load of crap? If this isn’t foistware, then I would appreciate an explanation of the logic.”

  

  Figure 6. A Download.com Installer popup notification states that the download process will offer other software.

First, please note that the July 25 LangaList Plus item on Wise Disk Cleaner linked directly to the Wise Disk Cleaner site — not to CNET or any other third-party software library. When possible, I always include links that go directly to the software publisher’s site. That said, even some software publishers will include offers for potentially unwanted apps in their installers.

As long as you’re careful, I don’t think there’s anything inherently wrong with using Download.com or similar software libraries. Although many, if not most, free downloads now bundle optional third-party software, in nearly all cases you don’t have to accept the bundles. However, you do have to look for them during the download/installation process. For more on that, see Lincoln Spector’s June 13 Top Story, “Avoiding those unwanted free applications.”

CNET’s Download.com Installer offers a minor benefit to end users: the ability to resume stalled or broken downloads. But Installer’s primary purpose is to let CNET display more ads and offer you sponsored software. This helps CNET offset the costs of running the nominally “free” Download.com service. (See CNET’s “About the Download.com Installer” page.)

But you can also bypass the installer altogether. Look for the Direct Download Link, which delivers the selected software without any Download.com add-ons or extra baggage. (The installation software from the original publisher might still contain bundled offers.) For example, Figure 7 shows the direct link on the Wise Disk Cleaner download page. Many third-party software libraries offer a similar option.

Figure 7. CNET's Direct Download Link lets you bypass its ad-supported installer.

Because it’s optional, clearly labeled, and not malicious, I don’t consider the Download.com Installer (or similar software) to be foistware. But I still recommend downloading software directly from a publisher’s site whenever possible. When you do use a download library, read all the explanatory text on the site, consider your options, and click carefully!

A selection of reader-recommended PDF-splitters

The July 25 LangaList Plus item, “Compress bulky PDF files easily and for free,” generated a flurry of first-hand reader reports on a related class of products — PDF splitters and mergers. Here’s a sampling:

• Liz Gattone: “I download product manuals and often end up with PDF documents in four or more languages. Because I want only the English-language pages, I go to PDFSplit! and enter the pages I want to keep. I can then save those pages as a new and smaller PDF.”
• Mike Ciaramitaro: “You gave good advice for shrinking PDF files. But don’t forget, you can split the files and reassemble them later. That way, you don’t have to sacrifice graphic quality.

  “I use the free online service, PDFsam. It works like a charm and the price is right.”

• Robert Kidd: “I think we all assume that if we’ve been using a piece of software for years, everyone must know of it. So I was a little surprised the PDFill (site) tools weren’t mentioned.

  “This useful piece of software does not reduce the original file size. Instead, it lets you split or merge PDF files into whatever size pieces you require.

  “PDFill PDF Tools is free for personal or commercial use and doesn’t include popup ads or watermarks. It’s simple to use and works like a treat!

  “For those who want to add even more features, the PDFill PDF Editor is $20. I used the freeware version for about two years before finally deciding I wanted the extra capabilities.”

Thanks, Liz, Mike, and Robert. I had no idea there were that many different PDF specialty tools out there!

Can NVIDIA's GeForce Experience enhance gaming?

With its GeForce Experience software, NVIDIA wants to give computer gamers the ultimate experience when battling alien invaders and other nefarious types.

The software can download new graphics drivers and set the best configuration for specific games, but it might not offer everything hard-core gamers hoped for.

NVIDIA’s GeForce Experience has opinions

When NVIDIA released the beta version of GeForce Experience (download site), serious PC gamers were intrigued. The ability to tweak and optimize graphics settings by using video-card software has been around for years. But rarely would the software look at a system’s CPU, GPU, and monitor and automatically set the best settings for specific games.

That’s what GeForce Experience is designed to do, and it uses a form of crowdsourcing to build its database of optimized settings. Once installed on a PC, the software watches game play and then sends hardware-configuration and performance data back to NVIDIA. That lets the company match up a huge variety of hardware configurations with the current crop of popular games. The results of that extensive analysis are then ported back to GeForce Experience and used to set what NVIDA believes is the best setting for a specific PC and game.

As new game patches become available and drivers are updated, those recommendations will undoubtedly change — useful (in theory) if you’re trying to maintain peak graphics performance on a PC. A graphics-driver update can have a huge impact on a system’s ability to process and render massive amounts of graphics elements.

GeForce Experience might miss targeted players

After using GeForce Experience for a while, I believe it benefits casual gamers more than real enthusiasts. The software’s automated assessments and recommendations make setting choices convenient — the recommended graphics settings can be enabled with a single mouse-click (see Figure 1). They’re applied immediately and without any user modifications to the game’s settings. (GeForce Experience can access a game’s user settings and override them.)

Figure 1. GeForce Experience displays recommended settings for supported games and offers one-click optimization.

But for serious gamers, the GeForce Experience settings are relatively imprecise and fixed. They’re sort of all-or-nothing: you either take the settings you’re given or make up your own. Put another way, you can build your own custom configuration within the game’s settings menu, using GeForce Experience’s recommendations as a reference. But you can’t make even the most minor adjustments to these settings within the GeForce Experience application itself.

In the game Dishonored, for instance, the Rat Shadows effect (a shadow under rats) appears in almost every stage of the game. To keep this type of effect on and maintain frame rates above 40 frames per second, GeForce Experience might drop a monitor’s native 1920-by-1080-pixel resolution down to 1600 by 900. If you’d prefer not to use the lower resolution, you can’t make that change in GeForce Experience — plus you’ll have to figure out any alternative techniques for maintaining performance yourself.

You can launch supported games directly from GeForce Experience, but unlike other game launchers such as Steam, it doesn’t let you add unsupported games to its list. That’s not especially convenient, but it does eliminate any confusion between unsupported and supported games (which will accept GeForce Experience’s recommendations.)

GeForce Experience’s game optimization requires a GeForce 400 and later graphics board and Windows Vista or higher OS.

NVIDA’s app also makes it easy to update drivers for GeForce 8 and later boards. Each time GeForce Experience is launched, it checks NVIDIA’s online driver database. Depending on your preference, it will then either notify you that a new driver is available or download it and let you know it’s ready to be installed.

The software will also give an estimate of a new driver’s effect on performance for specific games. For example, GeForce Experience stated that a new update would boost the performance of Dirt: Showdown by 20 percent (see Figure 2). That’s probably an optimistic number — your mileage will vary, as they say.

Figure 2. GeForce Experience displays performance increases potentially delivered by new graphics drivers.

NVIDIA’s gaming-enhancer a work in progress

An online NVIDIA page displays the list of games GeForce Experience supports. The list includes many popular action titles from large developers — but few from independent developers.

Over time, the software will undoubtedly add other games and adapt to new graphics technologies. One of those advances already in the works is ShadowPlay (more info), which is still in its infancy but should see wide release soon. A hardware-accelerated, always-on, video-recording feature, ShadowPlay lets gamers record their play in full resolution. It uses the H.264 encoder included in Kepler GPUs found in GeForce GTX 600 series and later graphics boards.

ShadowPlay could be a viable alternative to popular game-recording solutions such as Fraps (more info). Running in the background, it reportedly has minimal impact on gaming performance, and you can set the length of the recording from two minutes to 20 minutes. For example, just hit a quick hot-key combo and you’ve saved the previous five minutes of play. You can also toggle ShadowPlay to start recording. ShadowPlay supports any DirectX-based game.

Can you make use of GeForce Experience?

For those games it supports, GeForce Experience might best serve players who are not comfortable adjusting graphics settings themselves. It might also give serious gamers a confirmation — or a sort of second opinion — of the best settings to use for specific games. I found GeForce Experience useful when installing a new game: I could start playing immediately, assuming that GeForce Experience had applied reasonably good settings. (I found the app useful for keeping my drivers updated.)

Again: any settings changes made by GeForce Experience can be instantly reversed.

Who knows — GeForce Experience might give you a new appreciation for the games you’re already playing.

Send email that only the recipient can read

Worried about the U.S. government spying on you? Facebook, Google, Microsoft — and criminals — could be spying on you, too.

Internet service providers and others can and do view personal email. Here’s how to securely send private information.

Widespread third-party access to personal email

Email is an open book. Between sender and recipient, messages pass through and are stored on numerous online servers — and some of those servers have eyeballs. If you’re using a free email service such as Gmail or Outlook.com, the company providing that service almost certainly scans your mail for antivirus purposes — and often to better target advertising. (A CNNMoney story describes a Microsoft/Google spat over what constitutes “scanning.”)

Moreover, the U.S. National Security Agency (NSA) not only scoops up mobile-phone metadata but reportedly has copies of everyone’s email. And cyber criminals have their own ways of snagging email in search of credit-card numbers and other bits of information they can use to steal your identity and money.

The obvious solution to keeping your messages private is encrypting them — a process that’s far from easy. The various recipients must have the ability and technical know-how to decrypt your messages.

On the other hand, simple solutions have their own particular weaknesses. For example, I know an accountant who emails sensitive material as password-protected PDFs. The message accompanying the file informs the recipient that the PDF’s password is the last four digits of their Social Security number. But according to the How Secure is My Password website, a desktop PC can hack a four-digit number in less than an eye-blink.

Here are three ways to send encrypted email that are both secure and relatively easy to implement. Hopefully, the person you’re sharing information with can handle one of them.

Solution 1: Send an encrypted ZIP file

Nearly all PC users are familiar with .zip archive files. Significantly fewer .zip users are aware that these files can be password-protected. Done right, it’s a reasonably easy and quite secure way to pass along information.

Again, if you do it right.

First, you have to know what type of encryption you should use. The .zip format has its own password protection, but it’s easily hacked. Fortunately, ZIP also supports strong AES-256 encryption (more info), and that’s the one to use.

Windows, too, has native support for zipping and unzipping files — but not with AES-level encryption. However, most third-party compression programs, including WinZip (website) and the free 7-Zip (see Figure 1; website), do. Just make sure you pick the correct encryption method whenever zipping a file.

Figure 1. 7-Zip offers strong AES-256 encryption.

Next, no encryption method is secure without a strong password. As my accountant’s story makes clear, the password is often the weak link. You need a password you can share with the recipient but that no one else can guess.

If you know the person well enough, you could send them clues — preferably in a separate email. “It’s the name of the dog you grew up with, followed by your first boyfriend’s last name, ending in the year your ice-skating team won the championship.” (Good luck with that!)

More practically, you can simply text the recipient the password via cellphone. (It’s unlikely that anyone short of the NSA will intercept an Internet-based email and a cellphone-based text and figure out that they go together.) Or call them up and give them the password verbally. (But remind them it’s best not to leave it on a Post-it note stuck to their monitor.)

Solution 2: A plug-in, email-encryption app

Most email users don’t know that there’s an open standard for encrypted email that doesn’t require sharing passwords with anybody. If the technology were integrated into everyone’s mail client, sending and receiving encrypted mail would be no challenge at all.

Why isn’t it integrated into all mail clients? I suspect because email service providers and others want to continue scanning your mail for useful information about you.

Based on the Pretty Good Privacy (PGP) technology, OpenPGP (site) uses public-key/private-key encryption. Each key is a long string of seemingly pointless text. The public key only encrypts; you can safely share this with everybody. The private key only decrypts; you don’t share it with anybody.

Let’s assume I want to send you some private information — like the real identity of Luke Skywalker’s father. First, you’d email me your public key. Using that, I’d encrypt my message and then send it to you. Even if the Galactic Empire intercepts both components of the message — the public key and the encrypted mail — it still can’t read what I sent to you. But, thanks to your private key, you can.

Most mail clients don’t include OpenPGP, but it’s relatively easy to add. For example, the Chrome plug-in Mailvelope (Chrome Web store; Mailvelope site) gives several Web-based mail services OpenPGP support. I’ve tested it successfully with Gmail, Yahoo, and Outlook.com. It works, and it makes an excellent choice when sending lots of sensitive messages to a few tech-savvy folks.

But before downloading that OpenPGP plugin, take note of its limitations. For example, it currently supports only straight text. Until that shortcoming is fixed, you can’t use it to send attached files.

You must use Mailvelope in Google Chrome; there’s currently no support for Internet Explorer, but a Firefox version is in development. (An early preview is available.)

It’s also a bit complicated to set up and use. Here’s how you typically do it for a Web-based email client:

• Download and install the plugin; a new Mailvelope icon will appear in your browser’s toolbar.
• Click the Mailvelope icon and select Options. In the left pane, click Generate Key.
  

  Figure 2. Mailvelope Options

• Fill in the form. The passphrase should be a conventional password — something you can remember or store in a password manager and which others can’t guess.
• Click Submit when done. (If you get a “Generation Error,” try again.)
  

  Figure 3. Generate public/private encryption keys.

• In the left pane, click Display Keys. If a key isn’t visible, reload the page.
  

  Figure 4. Display public key

• Select the key and click the Export button. Select how you want to share your public key, and then share it with anyone who might want to send you secure information.
  

  Figure 5. Exporting the public key

The next time you compose an email, you’ll notice a new icon in the upper-right corner. We’ll get to that shortly.

When you receive someone’s public key:

• Copy the public key, then click the Mailvelope icon and select Options.
• Click Import Keys and follow the prompts.

To send a secure message:

• Open a new-message entry form in the usual way.
• Click the Mailvelope icon in the upper-right corner of the message’s body-text window.
  

  Figure 6. Mailvelope's text-entry icon (highlighted in yellow) in Gmail

• Type or paste your private information into the popup window.
• Click the padlock icon in the upper-right corner.
• In the resulting dialog box, select the appropriate recipient from the pull-down menu, then click the Add button. The recipient will appear in the “Encrypt for” box. Click OK.
  

  Figure 7. Enter recipient.

• Click Transfer, then send the message the usual way.

To read a message:

• Open the message. An icon of an envelope with a padlock will appear. Click it. (The mouse pointer will turn into a key icon.)
  

  Figure 8. Opening encrypted mail

• Enter the password you used when generating your key. The secret message will appear in a box.
  

  Figure 9. Entering the decryption key to read the message

With a bit of practice, you should be able to secure and unencrypt your Mailvelope mail relatively quickly.

Solution 3: Sendinc’s online mail service

If you need secure communications only occasionally, or if your recipient knows little more than how to open an email or sign in to a website, try a solution that doesn’t require any special software or setups.

The Web-based service Sendinc (site) lets you simply and securely send and receive messages and files. You sign in with your email address and a password (and yes, it should be a strong one), enter the recipient’s email address, write a message, and attach files (see Figure 10). Sendinc emails a notice to the recipient, who follows the link, enters their own Sendinc password, and gets access to your sensitive information.

Figure 10. Sendinc's secure email-entry form

If the recipient doesn’t have a Sendinc account, they’ll have to sign up for one to see your message. Free accounts have limitations — for instance, you can’t send messages larger than 10MB (but you can receive them). A Sendinc webpage lets you compare the service’s free and paid versions.

How secure is Sendinc? According to the company’s website, your message is uploaded via SSL encryption and each message generates a unique encryption key that Sendinc destroys after sending it to the recipient. Messages stay on Sendinc’s servers, in encrypted form, for seven days (a default that can be changed with the paid version). You’ll find more details on the How Sendinc works page.

Coming attractions: StartMail’s email system

The preliminary information on StartMail (site) looks interesting. The service — not yet even in beta when I wrote this — claims to be “The world’s most private email”: sort of a Gmail with privacy.

According to a company representative, email will remain encrypted on StartMail servers and can’t be accessed by company employees. Sending secure messages between StartMail accounts will be transparent to users; send a secure message to someone using another service, and StartMail will find a way to forward it securely — such as by using OpenPGP.

StartMail won’t be free, but it should be inexpensive. Currently, the company is planning for fees of U.S. $5 to $7 per month.

Will it be worth the money? I’ll tell you when it becomes available and I’ve had a chance to try it.