As a security professional, I am often asked by the lay-person how to be safer online. Without hesitation, my number one “easy” answer is to enhance your privacy while browsing.
I recommend Firefox browser with the following addons (also called extensions):
- Privacy Badger,
- uBlock Origin, and
- NoScript.
This browser combination is very effective at protecting your privacy, and comes as the defacto installation in ParrotOS, a cybersecurity test suite in use by many professionals.
If you’ve not been with Firefox for a while, try it.
If you have committed your extensive password lists, bookmarks, and history database to other browsers, Firefox offers many tools to extract those lists and import them – easily.
Now, onto the Addons. I recommend you add these one at a time , surfing to your regular sites. This will help you build out any rules or exceptions, as needed, for banking or other sites. You will appreciate not having to cycle through all addons to figure out what broke what page.
Addon: uBlock Origin
An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there.
Usage: The big power button in the popup is to permanently disable/enable uBlock for the current web site. It applies to the current web site only, it is not a global power button.
Flexible, it’s more than an “ad blocker”: it can also read and create filters from hosts files.
Out of the box, these lists of filters are loaded and enforced:
– EasyList
– Peter Lowe’s Ad server list
– EasyPrivacy
– Malware domains
More lists are available for you to select if you wish.
Documentation:
https://github.com/gorhill/uBlock#ublock-origin
Project change log:
https://github.com/gorhill/uBlock/releases
Contributors @ Github:
https://github.com/gorhill/uBlock/graphs/contributors
Contributors @ Crowdin:
https://crowdin.net/project/ublock
Addon: Privacy Badger
Privacy Badger automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web.
Privacy Badger sends the Do Not Track signal with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.
Besides automatic tracker blocking, Privacy Badger removes outgoing link click tracking on Facebook, Google and Twitter, with more privacy protections on the way.
To learn more, see the FAQ on Privacy Badger’s homepage.
Privacy Badger is a project of the Electronic Frontier Foundation.
Addon: NoScript
Sometimes scripts are required in order for web sites to function properly. This extension gives you the power to choose.
Winner of the “PC World – World Class Award” and bundled with the Tor Browser, NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown.
It protects your “trust boundaries” against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.
Such a preemptive approach prevents exploitation of security vulnerabilities (known and unknown!) with no loss of functionality where you need it. Experts do agree: Firefox is really safer with NoScript 😉
FAQ: https://noscript.net/faq
Forum: https://noscript.net/forum
Still confused by NoScript 10’s new UI?
Check this user-contributed NoScript 10 primer.
and this NoScript 10 “Quantum” vs NoScript 5 “Classic” (or “Legacy”) comparison.
RiPPUL CyberSecurity BLOG 