Privacy: Securing Your Browser

Your browser is your gateway to the internet in most cases, and therefore is worth securing properly. Generally speaking, on the user end, most of them operate roughly the same, so it's worth making the switch if one can offer you significantly more privacy or security.

Currently Chrome is the favorite browser of most frequent internet users, but I would argue this is a mistake. Chrome is very fast and secure, but it's basically just spyware, even going so far as to turn on your microphone and eavesdrop on you while you browse. Other popular browsers include Safari and Edge, as well as a few niche browsers like Opera and Vivaldi. Instead, you can get almost identical performance and security with a massive improvement in privacy by switching to Firefox. In this section, I'm going to walk you through some setting changes and plugins you can set up in Firefox to improve your privacy and security. While it may not seem as important as freezing your credit or payment masking, securing your browser will change almost nothing in your day-to-day life but will offer an immense amount of privacy and security in return, therefore I consider this to be a critically important and worthwhile step.

Disclaimers

Before I go any further, I'm sure some of my more experienced users will ask why I recommend Firefox and not Waterfox, Iceweasel, or any number of other Firefox variations. The answer simply comes down to security updates. Firefox will receive important security updates faster than a downstream variation such as Waterfox. Other experienced users will ask why I don't recommend Brave (see below), Ungoogled Chromium, or regular Chromium. There are several answers. For one, personal ethics. I think competition and decentralization makes the world a better place. For another, ease of use. Not including Brave, Chromium and Ungoogled Chromium are both very difficult to set up on a mainstream operating system like Mac and Windows. Not to mention they also suffer the same downstream security delay as Waterfox and Iceweasel. And of course, let's not forget that Firefox-based browsers allow you to edit the about:config, meaning that more experienced users will have more control over the customization and privacy of their browser. Even though I don't cover this on my site, my hope is that my readers will eventually outgrow this site and make those changes in the future.

I also want to take a moment to acknowledge Mozilla's imperfection. Below in my "Honorable Mention: Brave" section, I mention that Brave has made some questionable business choices. I want to be fair and not gloss over the fact that Mozilla has also drawn some heat from the privacy community. They regularly draw criticism for making their telemetry opt-out rather than opt-in, but personally I find the most troubling incident to be the fact that they pay their CEO over $3 million USD per year as a salary and yet are struggling to be financially solvent. This strikes me as very irresponsible, and it jeopardizes the future of the entire project. There are other, nitpicky complaints, but I won't list them all here. The point is, I want to be transparent and fair to everyone: I recommend Firefox because they get security patches faster than any of the forks and because I believe it is the most flexible and can be made the most private compared to a Chromium-based browser. This is not to say Mozilla is the ideal company or that I support everything they do, but I believe it is the best option we currently have.

Plugins

Let's start with plugins. I think this is where users will get the most bang for their buck. Let's begin by installing uBlock Origin, a powerful, lightweight ad- and tracker-blocker. Ads may seem like a minor inconvenience to you, but actually misleading ads are a common method of delivering malware and tracking. There is even a such thing as "drive-by malvertising" where malicious ads can infect your computer without you even clicking on anything, as well as a recent rash of malware being implanted via social media sharing buttons, so it’s best just to block them altogether (and it makes your browsing experience much more pleasant). Once installed, open the plugin and open the settings. Be sure to enable "Prevent WebRTC from leaking local IP addresses" and "Block CSP reports." Now click on the tab “Filter lists” and enable everything under “Built-In,” “Ads,” "Privacy," “Malware domains,” “Annoyances,” and "Multipurpose." I would also recommend checking the "Regions, languages" section if you live outside North America and enable for your location, too. Note: if you are technically competent, you may wish to check the box on the Settings page that says "I am an advanced user." This will give you more granular control over blocking specific scripts on specific pages - or universally - as well as individually unblocking said scripts, or blocking javascript altogether across the internet. Again though, this has the potential to cause a lot of problems so only enable this feature if you feel comfortable and understand how it works.

The next plugin is LocalCDN. LocalCDN is a plugin that will replace a lot of third-party libraries like JQuery, Google, and Microsoft and inject them locally from privacy-respecting alternate sources. These third party libraries and CDNs can be used to track you, so this plugin helps to reduce tracking. If all that went over your head, just know that this blocks a large number of trackers without any configuration or interaction required on your end. Just install it and let it run.

The next plugin, ClearURLs, is a plugin that removes tracking links from URLs that you share. One of the many ways that companies track people on the internet is with tracking links. For example, if I send you a link on Facebook, that link contains a bunch of useless crap that exists only to tell Facebook about you: what device you opened the link with, your IP address, your operating system, apps that were installed, and much more. This plugin helps to automatically remove many of those junk links and strip them down to only the necessary parts, helping respect the privacy of your friends as you share with them.

If you've taken my advice to use Firefox but are not using Firefox 86 or later for any reason, the next plugin to install is going to be Firefox Multi-Account Containers. This one is going to require much more work to set up, but it will be worth it. The basic idea of Containers is that it isolates every cookie in the same container, prevent cross-site tracking. How you decide to set it up is completely up to you, but here's some tips I recommend: first, I recommend grouping combined accounts together. For example, Gmail and YouTube rely on the same account, so I would simply create a single "Google" container and set it to open all Google sites in that container. Second, I encourage you to find lists of subsidiary companies owned by the big five data collecting tech companies and group them together. For example, IMDB is owned by Amazon, so I would set IMDB to open in my Amazon container. Finally, I recommend setting up your search engines in a single "search" container so that your random searches are all contained to that single container, even if you click on any links and navigate away. Finally, I recommend creating containers for any individual leftover sites that you frequent. For most people, containers are very helpful and once configured will cause little or no problems and provide extensive protection. I also recommend you install Temporary Containers to catch the things that your configured containers will miss. Once again, this is only necessary for Firefox versions 85 or lower as Firefox 86 introducted tracking protection that will more or less do this automatically in the background.

The final plugin will only be installed if you are not using Firefox 83 or later. You can check which version you're using under the "General" page of your browser settings. HTTPS Everywhere is a plugin that forces websites to use secure connections whenever possible. Once it finishes installing, click on it and enable “Encrypt All Sites Elligible.” You can still access insecure sites with this setting enabled, but it’ll bring up a big warning page first, which allows you to make the decision over whether or not it’s worth the risk. Over 87% of the internet uses HTTPS, so this warning page should be very rare. As such, this is also, in my opinion, the least important plugin to have but it's nice to know when a site is trying to redirect you somewhere insecure.

Settings

Settings are probably just as important as plugins. Start by going to Options. On the first tab, “Options,” scroll all the way to the bottom where it says “Network Settings.” Open these by clicking the gray “Settings” button, scroll to the bottom, and check the box that says “Enable DNS over HTTPS," then choose "NextDNS" if the option is available (Cloudflare is fine if not). Click “Okay” then go down to the "Search" tab on the left. Under "Default Search Engine," select "DuckDuckGo," then unclick "Provide search suggestions." I also recommend removing all the other search engines listed under "One-Click Search Engines." Please resist the urge to stick with Google search as a default, Google is one of the top privacy offenders and they will collect and store all your searches and use them to build a profile about you. Finally, visit the “Privacy & Security” tab on the left. The first section is “Enhanced Tracking Protection.” Click the third option, “Custom,” and set Cookies to “All third-party cookies,” set Tracking content to “In all windows,” and turn on Cryptominers and Fingerprinters. Finally, at the bottom, under "HTTPS-Only Mode" click "Enable HTTPS-Only Mode in all windows."

There are also a lot of usage-reporting settings that are enabled by default. These statistics are reported to Mozilla for the purpose of improving the browser. However, if you are uncomfortable submitting that data - and I totally understand - you can disable it in several ways. First, under the "General" tab, scroll all the way down to "Browsing." Make sure to uncheck "Search for text when you start typing," "Recommend extensions as you browse," and "recommend features as you browse." In the "Home" tab, uncheck "Top Sites" and "Highlights." Finally, under "Privacy & Security," under "Firefox Data Collection and Use," uncheck everything.

That's it. We're done, we've created a reasonably secure browser, and to top it off, this concludes the "Most Important" section of the book/site. If you've done all this, you can rest easy knowing you've made yourself a fairly difficult target to compromise digitally and moved yourself into the top tier of private and secure internet users.

Honorable Mention: Tor Browser

The Tor Browser is actually a very common daily browser for many privacy enthusiasts for a few reasons. If you're unfamiliar with Tor, check out this link. The Tor browser routes only your browser traffic through the Tor network and not all app traffic, which is probably a good thing anyways if you're using an operating system like Windows or Mac. The telemetry those operating systems send back home can quickly identify you and lose the anonymity benefits of Tor. Because Tor comes pre-packaged with HTTPS Everywhere and a more advanced content blocker called No-Script, it has the same potential to block ads and trackers as a modified Firefox browser. The Tor Browser also isolates each tab and changes your relay path with every new website you visit to help further protect your anonymity. I think using the Tor Browser as your main browser is a great idea, but keep in mind that many legitimate websites such as banking and e-commerce sites block known Tor addresses to prevent abuse and fraud, so you'll want to keep a copy of Firefox on hand as well for when that happens. Additionally, it should go without saying, but using the Tor Browser alone does not make you truly, 100% anonymous, so don't do anything illegal. Finally, because all nodes are volunteer-run and therefore work on an "honor system," be sure to check that any site you login or transfer personal data across is using HTTPS and is the actual, real site.

Honorable Mention: Brave Browser

Sometimes people require a Chromium-based browser for any number of reasons. Or alternately, sometimes people need an easy-to-set-up tool. I tried my best to pick only the most essential settings and plugins above, and to explain them as easily as possible. However, in some cases you may want a browser that you can just install on a friend's or family member's machine and let it handle itself. In these situations, the Brave browser is worth a mention.

Brave is a Chromium-based browser that comes with built in ad-blockers, as well as various technical improvements that attempt to hide your browser fingerprint. The reason I don't recommend this browser by default is because they do have a history of ethically questionable business practices. However, despite this, it would be remiss of me to discredit their user-friendliness and ability to protect users who aren't tech-savvy enough to do it themselves. I encourage the use of Brave as a last resort or as a secondary Chromium-based browser.


Previous Next