4. Browser hardening

2016-11-22T13:22:49Z

As we've established, we're not going to give up the internet. It's informative and it's full of cats. But we do want to be safer while doing it, and less trackable. So how can we make this happen? Let's take a good look at the tool we use to look at the web: our browser.

Browsers help us view a lot of information. But the information stream goes both ways. Websites that we visit gather a lot of information about us, if we let them. For example, the fact that we've visited a website is generally logged. But also whether or not an individual picture has been shown in our browser, and that picture may very well be hosted on a different server (so we don't even know who is getting that information). Previous browsing history is collected, too. Our searches are logged, and also specific information about our computer (such as installed fonts and plugins) and location. All of this makes it quite possible to pinpoint a specific computer user, and follow them around from one website to another. Here and here is some information on how that works.

Browsers

There are more browsers than you can shake a stick at, even if you're very good at shaking sticks.
I would recommend not using anything made by or in cooperation with any of the big corporations: Google, Microsoft, Apple. So that means: it's best to avoid Chrome, Internet Explorer / Edge, and Safari. Here are some options:

Firefox. A good old standard that used to be innovative. Has a LOT of good privacy enhancing add-ons available. Win, Linux, OS X, Android.
Seamonkey. My personal favourite. Classic looks, robust features. Comes as a suite, bundled with (good!) software for email, HTML editing and IRC (= Internet Relay Chat). Win, Linux, OS X.
Pale Moon. A Firefox fork. Like Firefox before they got the Chrome-like interface. Win, Linux.
Chromium. Like Chrome, but not linked to Google. Open source. Win, Linux, OS X, Android.
Iron. Based on Chromium, but the makers claim it's fully anonymized. Win, Linux, OS X, Android.
SlimJet. Another Chromium fork. A newcomer. I heard good things, seems pretty privacy-centered. Win, Linux.
Vivaldi. Technically similar to Chrome. A newcomer. Win, Linux, OS X.
Opera. Now uses the same rendering engine as Chrome. Win, Linux, OS X, Android.

This list is by no means exhaustive. Some others are listed here.
Browsers are a personal preference. Pick your favourite... then pick another one and another one. Why? Because:

- Not all browsers are compatible with all websites.
- It's good to have separate browsers for specific activities. Google and Facebook come to mind. If you need to use these, and especially if you use them in such a way that requires you to log in, then it's a whole lot safer to run them in a browser that's just for those activities. Compartimentalize!

Add-ons

Add-ons are small pieces of helper software that add functionality to your browser. There are a lot of add-ons that can increase privacy and security. Most of them can be installed through a feature inside the browser (add-on manager) or on a specific webpage that lists all of them for your specific browser. Here are some good ones.

Adblockers:
AdBlock Plus used to be good. Nowadays it's not the best option anymore. Will allow some 'non-intrusive' ads unless you tell it not to; if you're running this, check the settings carefully.
UBlock Origin is a better replacement for AdBlock Plus. Blocks adds really well and can hide stuff you don't want to see.

Tracker blockers:
Ghostery used to be very good, but now needs it settings checked carefully, and a user account in order to see full tracker info.
Disconnect does much the same thing and is said to be good.
Privacy Badger protects your privacy by blocking spying ads and invisible trackers.

Other:
DecentralEyes protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.
Selfdestructing Cookies allows you to accept cookies, and then gets rid of them automatically when you're done with them.
NoScript keeps sites from executing Javascript on a case by case basis. Lets you whitelist and blacklist sites.

My advice would be:
- For starters: run an adblocker because it makes the web so much safer, faster and more pleasant.
- Add a way to deal with cookies. Can be a browser setting or an add-on. Accept them selectively or accept them but do not keep them.
- Add DecentralEyes just because you can, if you can.
- Finally add NoScript. It's a bit of a pain but it works very well. You can allow Facebook-scripts in your dedicated FB-browser and not anywhere else. Same with Google.
You'll have to adjust this recipe for your OS, browser and personal preferences.

Search engines

Step away from the Google. Google is not your friend. Google listens in on your searches, doubly so when you are logged into a Google account (so don't do that). Here are some privacy-conscious search engines.

DuckDuckGo
StartPage <--- my personal favourite
Ixquick
Qwant
Blekko

What about Private Browsing /Incognito Mode?

That only limits what gets saved to your own computer. It has no influence on what gets sent to others.

'Safe' Browsing

Mozilla-based browsers (Firefox, SeaMonkey, and others but apparently not Pale Moon), and also Chrome and Safari, have an option called Safe Browsing. If that is switched on, pages get checked against a blacklist hosted by... Google. It's a useful feature in principle, but it means that Google gets to keep tabs on your browsing, which is one of the things we're trying to avoid!
Once you have add-ons installed that block ads, scripts and other potential security risks, it's better for your privacy to switch the Safe Browsing feature off. More information here.

Another way to compartimentalize (slightly more advanced)

If you really really really like Firefox (for example), and can't get to grips with any other browser, there's another way to make separate 'sandboxes' for things like Facebook and Google: you can set up different profiles, and make icons on your desktop that start an instance of Firefox working in each of these profiles. Name them after what you're going to use them for and set the settings accordingly in each of them.
Hey presto, separate browser profiles for your different activities. That means data from your surfing behaviour in one instance will not bleed over into the Facebook usage in another instance, even when they're running at the same time.

Bonus!

Firefox settings, including tracking prevention settings, made easy: FF Profile Maker.

If you want to go further...

Want more anonymity? There's the Tor browser, a modified Firefox with extra security features for fully anonymous surfing. I don't use it, but you might want to, so here's a how-to or two.

Back to Index

comments

Cybersecurity for the Trumped

4. Browser hardening