Privacy: Securing Your Browser
Your browser is your gateway to the internet in most cases, and therefore is worth securing properly. Generally speaking, on the user end, most of them operate roughly the same, so it's worth making the switch if one can offer you significantly more privacy or security.
Currently Chrome is the favorite browser of most frequent internet users, but I would argue this is a mistake. Chrome is very fast and secure, but it's basically just spyware, even going so far as to turn on your microphone and eavesdrop on you while you browse. Instead, you can get almost identical speeds and security with a massive improvement in privacy by switching to Firefox. In this section, I'm going to walk you through some setting changes and plugins you can set up in Firefox to improve your privacy and security. While it may not seem as important as freezing your credit or payment masking, securing your browser will change almost nothing in your day-to-day life but will offer an immense amount of privacy and security in return, therefore I consider this to be a critically important and worthwhile step.
Before I go any further, I'm sure some of my more experienced users will ask why I recommend Firefox and not Waterfox, Iceweasel, or any number of other Firefox variations. The answer comes down to security updates. Firefox will recieve important security updates faster than a downstream variation such as Waterfox.
Start by going to Options. On the first tab, “Options,” scroll all the way to the bottom where it says “Network Settings.” Open these by clicking the gray “Settings” button, scroll to the bottom, and check the box that says “Enable DNS over HTTPS," then choose "NextDNS" if the option is available (Cloudflare is fine if not). Click “Okay” then go down to the "Search" tab on the left. Under "Default Search Engine," select "DuckDuckGo," then unclick "Provide search suggestions." I also recommend removing all the other search engines listed under "One-Click Search Engines." Please resist the urge to stick with Google search as a default, Google is one of the top privacy offenders and they will collect and store all your searches and use them to build a profile about you. Finally, visit the “Privacy & Security” tab on the left. The first section is “Enhanced Tracking Protection.” Click the third option, “Custom,” and set Cookies to “All third-party cookies,” set Tracking content to “In all windows,” and turn on Cryptominers and Fingerprinters.
In this section, we're going to make some core changes to the configuration of Firefox. Because of the long list of options, the easiest way to is to type each setting into the search bar and then adjust accordingly. Please note that I wouldn't consider this section critically important, but if you feel comfortable making these changes they will provide a huge addition of privacy and security. If the setting already matches the list below, ignore it and move on. Start by going to the address bar and typing in “about:config”. Click “Accept the Risk and Continue,” then search for and make the following changes:
- dom.event.clipboardevents.enabled = false
- dom.batery.enabled = false
- beacon.enabled = false
- browser.safebrowsing.downloads.remote.enabled = false
- browser.send_pings = false
- browser.sessionstore.privacy_level = 2
- geo.enabled = false
- network.dns.disablePrefetch = true
- network.dns.disablePrefetchFromHTTPS = true
- network.IDN_show_punycode = true
- network.predictor.enabled = false
- network.predictor.enable-prefetch = false
- network.prefetch-next = false
- network.security.esni.enabled = true
- privacy.firstparty.isolate = true
Now for the plugins. Start with HTTPS Everywhere, which is a plugin that forces websites to use secure connections whenever possible. Once it finishes installing, click on it and enable “Encrypt All Sites Elligible.” You can still access insecure sites with this setting enabled, but it’ll bring up a big warning page first, which allows you to make the decision over whether or not it’s worth the risk. Over 87% of the internet uses HTTPS, so this warning page should be very rare.
Next install AdNauseum, a powerful ad-blocker that not only blocks ads, but will also click on them behind the scenes, which causes data collection to think you're interested in things you really aren't, which makes your marketing profile useless and costs advertisers money. Ads may seem like a minor inconvenience to you, but actually misleading ads are a common method of delivering malware and tracking. There is even a such thing as "drive-by malvertising" where malicious ads can infect your computer without you even clicking on anything, so it’s best just to block them altogether (and it makes your browsing experience much more pleasant). Once installed, open the plugin and open the settings. Be sure to enable "Hide Ads," "Click Ads," and "Block Malware." Under "Click Ads," set it to Always and check "Don't click non-tracking Ads." Under "Extra Privacy" on the same page, click "Prevent WebRTC from leaking local IP addresses." Now click on the tab “Filter lists” and enable everything under “Essentials,” “Annoyances,” “Malware,” “Annoyances,” and "Other."
The next plugin we're going to install is called Privacy Badger. We're only going to make two easy adjustments to the settings here, which we can access by clicking on the plugin and clicking the gear icon in the top right corner. On the "General Settings" page, enable "Prevent WebRTC from leaking local IP address" and "Learn in Private/Incognito windows." That's it. We're done, we've created a reasonably secure browser, and to top it off, this concludes the "Most Important" section of the book/site. If you've done all this, you can rest easy knowing you've made yourself a fairly difficult target to compromise digitally and moved yourself into the top tier of private and secure internet users.
If you've taken my advice to use Firefox, the final plugin to install is going to be Firefox Multi-Account Containers. This one is going to require much more work to set up, but it will be worth it. The basic idea of Containers is that it isolates every cookie in the same container, prevent cross-site tracking. How you decide to set it up is completely up to you, but here's some tips I recommend: first, I recommend grouping combined accounts together. For example, Gmail and YouTube rely on the same account, so I would simply create a single "Google" container and set it to open all Google sites in that container. Second, I encourage you to find lists of subsidiary companies owned by the big five data collecting tech companies and group them together. For example, IMDB is owned by Amazon, so I would set IMDB to open in my Amazon container. Finally, I recommend setting up your search engines in a single "search" container so that your random searches are all contained to that single container, even if you click on any links and navigate away. Finally, I recommend creating containers for any individual leftover sites that you frequent. If you choose to use VMs as discussed in the advaned section, then Containers are probably not necessary. But for most people, containers are very helpful and once configured will cause little or no problems and provide extensive protection.
The Tor Browser is actually a very common daily browser for many privacy enthusiasts for a few reasons. If you're unfamiliar with Tor, check out this link. The Tor browser routes only your browser traffic through the Tor network and not all app traffic, which is probably a good thing anyways if you're using an operating system like Windows or Mac. The telemetry those operating systems send back home can quickly identify you and lose the anonymity benefits of Tor. Because Tor comes pre-packaged with HTTPS Everywhere and a more advanced content blocker called No-Script, it has the same potential to block ads and track as a modified Firefox browser. The Tor Browser also isolates each tab and changes your relay path with every new website you visit to help further protect your anonymity. I think using the Tor Browser as your main browser is a great idea, but keep in mind that many legitimate websites such as banking and e-commerce sites block known Tor addresses to prevent abuse and fraud, so you'll want to keep a copy of Firefox on hand as well for when that happens. Additionally, it should go without saying, but using the Tor Browser alone does not make you truly, 100% anonymous, so don't do anything illegal. Finally, because all nodes are volunteer-run and therefore work on an "honor system," be sure to check that any site you login or transfer personal data across is using HTTPS and is the actual, real site.
Chrome & Variations
Some people require a Chrome-based browser for any number of reasons. What I am about to say will be controversial to some of the more experienced members of the privacy community, so please keep in mind that this site is designed for not-tech-savvy users and privacy newbies: I recommend just using Google Chrome for this purpose, but using it sparingly. This might upset some readers, so first let me explain why I don't recommend some of the popular alternatives:
Some more experienced readers may disagree with me, and that's fine. If you're comfortable with technology and understand how all this works, feel free to ignore the points above and use one of those variations instead. But for the average newbie user who just wants something simple and effective, I recommend using Chrome sparingly because Chrome is simple to install, auto-updates, can support plugins (thereby allowing for a slightly more private experience than stock Chrome), and you can change some of the settings to offer a little extra privacy (like disabling third party cookies). Again, this pales in comparison to the flexibilty and privacy offered by Firefox, but if you absolutely need a Chrome-based browser, just use Chrome. However, remember to use it ONLY for that specific purpose you need it for, then switch back to Tor or Firefox right away when you're done. Give Google as little of your data as possible. I also feel comfortable recomming the new Microsoft Edge if you're a Windows user since Edge is now based on Chromium. Be sure to install the recommended plugins and change the settings to store and report as little information as possible.