Most of my articles are aimed at helping me remember how I did something cool years later, and helping other people who share my interest and want to solve similar problems. This one is a little different. When I speak to non-technical folks - at church, other parents, or within my family - I’m disappointed with the lack of understanding about computer security. I was going to say “surprised”, but sadly I’m not. This article tries to fix that by introducing this audience to concepts in Secure Browsing.
I get that we can’t all be aware of everything. For instance, I’m not really interested in cars. Still, if you are participating in an area (driving a car or browsing the web), then there’s a basic level of awareness that is needed and that you should aim for. So this post is written for the non-technical in order to provide that grounding. I’ll try to keep this up to date (pay attention to the posting date!) and I’ll start pointing people who ask those questions to this resource.
I need to define “reasonable” before I get started. Internet paranoia comes in three flavors - fear of malicious actors, fear of giant companies assembling dossiers to feed into marketing, and Orwellian fears about nation-states. All three are reasonable things to be concerned about but this post only addresses the first. Hiding from the NSA is beyond the ability of most people - even if they unplug. Hiding from creepy companies is possible, but requires foregoing a lot of services that most of us are loathe to do without. However, there are small steps that you can take that will give you a good degree of protection against maliciousness. Reasonable means simple steps picking up bad code or leaking sensitive personal information.
Finally, what makes me think I’m an expert? Well, I have a Master’s in Information Security and I’ve worked in IT operations and security for many, many years. I’m no Tim McGee, but I get by.
General safe-browsing advice
If possible, run Linux
Setup your home to use OpenDNS or CloudFlare Family DNS servers
Check for browser updates regularly, and apply them. Keep plugins up to date as well.
Use Anti-Virus.
Don’t ever click on links in email.
Use a secure password, and don’t re-use passwords between sites.
Do not save passwords within the browser. Use a password safe and subscribe to Have I been Pwned?
Use SSL – Sites that use “HTTPS:” instead of “HTTP” are encrypting your traffic.
Have a solution to monitor your bank accounts and credit reports.
General Browser checklist
Do not save passwords in the browser. Use a password safe.
Do not use autofill. Sites use hidden fields to send more than you think.
Have the browser ask you where to save files. This alerts you to files being downloaded and allows you to cancel or put them in a folder for latter consideration.
Enable click-to-play for plugins. This will speed up the browser and allow you to decide when to use useful but potentially dangerous plugins like JavaScript, Flash, and Silverlight.
Do not accept third-party cookies except by exception. Clear all cookies after each session.
Use Do Not Track. This is more aimed at commercial privacy, and depends on the server honoring the request, but why not?
Be cautious using extensions, however there are a few that are suggested:
AdBlock Plus
HTTPS Everywhere
Refer to the following sections for specific help with your browser.
Chrome
Settings are found under the “stacked dots” icon on the right.
Under “set up sync”
Choose “encrypt all synced data with your sync password”.
Uncheck Autofill and Passwords.
Select advanced options
Under Privacy, check “protect you and your device from dangerous sites” and “send Do Not Track”.
Under Passwords and Forms, uncheck both options (do not autofill or remember passwords).
Under Downloads, check “Ask where to save each file before downloading”.
Under Plugins, select “Let me choose when to run plugin content”.
Under Cookies, block third-party cookies.
Add recommended Extensions and remove un-needed ones.
AdBlock Plus
HTTPS Everywhere
Firefox
Options are found under the “hamburger” icon on the right. In the drop down menu, select preferences.
Go to Files and Applications and select “Always ask me where to save files.”
Under Network Settings select the settings button. Choose enable DNS over HTTPS and set it to Cloudflare.
Under Privacy & Security
Select the Standard Tracking Protection option and “Always apply Do Not Track”
Set third-party cookies to delete when Firefox is closed.
Under Logins and Passwods, disable “ask to save”
Under Forms and Autofill, disable Autofill
Under Permissions, check “Warn me when sites try to install an add-on” and “Block pop-up windows”
Disable Firefox data collection.
Under Security, choose to Block dangerous and deceptive content, block dangerous downloads, and warn about unwanted software.
Back to the hamburger menu and select Add Ons. Remove any extensions you don’t need and add these two.
AdBlock Plus
HTTPS Everywhere
Internet Explorer
Don’t use Internet Explorer.
Other browsers . . .
There are some other browsers that are marketed as “secure”. Examples include Avast, AVG, and Comodo. My experience is that these are just custom versions of Chrome. It’s difficult to keep up with all the customizations these different groups make, but generally I find that they are based on an older version of Chromium and aren’t always transparent about what changes they are making. They tend to be updated less often and sometimes behave in unexpected ways because of the changes. I do not recommend these today, but I’m open to the idea.
Another set of browsers attempt to compete more directly with Firefox and Chrome. These include names like Brave and Opera. I have a good opinion of both these options, but they are more common with power users and not really in scope of this guide. Safari is used on Macs and is quite good. I’ll try to add it in at a later date.
a journal of interesting technical ideas . . .
I need to define “reasonable” before I get started. Internet paranoia comes in three flavors - fear of malicious actors, fear of giant companies assembling dossiers to feed into marketing, and Orwellian fears about nation-states. All three are reasonable things to be concerned about but this post only addresses the first. Hiding from the NSA is beyond the ability of most people - even if they unplug. Hiding from creepy companies is possible, but requires foregoing a lot of services that most of us are loathe to do without. However, there are small steps that you can take that will give you a good degree of protection against maliciousness. Reasonable means simple steps picking up bad code or leaking sensitive personal information.
Chrome
Firefox