A client is inquiring about best practices when browsing online.
Edit me

Safe Browsing Practices and Plugins

Best practices, tools, and application that can provide a more secure browsing experience for Helpline clients

Problem

Online users have all experienced issues with adware, pop-ups, viruses, and other malicious content from the web. Tracking users and censorship over a specific region or country are also common practices. These threats may make our users feel unsafe. The following solutions will address the majority of their concerns.

These include the following:

  • Protection from:
    • Adware/Popups
    • Scripts, malware and drive-by downloads
    • Web/URL redirects
    • Browser changes (settings, home pages, bookmarks, add-ons)
  • Providing:
    • Protection from tracking
    • Anonymity
    • Censorship

Solution

Choosing a Browser

There are many browsers available, and depending on our client’s needs, they will have multiple options to choose from. Keep in mind that the client’s context will have an effect on their options, as well: for example, in some countries it may be illegal to use Tor Browser to circumvent censorship.

  • Tor Browser
  • Brave
    • Has built-in protections against tracking and scripts, and automatically blocks ads.
    • Protects against device fingerprinting.
    • More information on Brave’s privacy protections here.
  • Firefox
    • Has built-in protections against tracking.
    • Allows users to open sites in ‘container tabs,’ which can help prevent the site from creating a user profile based on the user’s activity in other browser tabs.
    • With Firefox, we may want to recommend changing the default settings to increase privacy. Clients can disable telemetry sharing, disable search and URL autocomplete, and make sure not to login to a Firefox account in the browser or enable cross-device syncing.
  • Google Chrome or another Chromium-based browser
    • Sends a persistent identifier back to Google along with visited website addresses, allowing the user’s identity to be linked to their browsing activity.
    • If a user needs to use Chrome, we should recommend that they disable search and URL autocomplete in their settings.

A user who prioritizes privacy should consider:

  • Tor Browser
  • Brave
  • Firefox (with tweaked settings)

Securing the Browser

  1. It is always recommended to check if the client’s browser is up-to-date. This can be done by visiting this website. If an update is required, the client can try fixing the issue by clicking the “FIX IT” button in the web page with the results. This will help the client download or install the latest version for their browser or plugins.

  2. Force HTTPS on the browser by installing the HTTPS Everywhere extension.

  3. Block ads and scripts:
    • uBlock Origin - Available in the Chrome and Firefox Webstores
    • NoScript for Firefox - please note that this extension can dramatically change the browser experience and probably should only be used by high-risk users in addition to other safety practices.
  4. Avoid tracking:
  5. Anonymity (for more information and the risks implied, see Article #175: FAQ - Circumvention & Anonymity tools list:
    • Tor Browser (https://www.torproject.org)
  6. Other tools:
    • Web of Trust - a free browser extension, mobile app and API that lets the user check if a website is safe before they visit it.
  7. Browsing Best Practices & Browser Plugins Review:
    • Always make sure that the browser you use is updated along with its extensions.
    • Always review the browser plugins you have installed, and remove unnecessary add-ons and plugins.
    • When possible, use a privacy-conscious search engine like DuckDuckGo.
  8. Review security hygiene with the user. Encourage them to continue to update their software, keep an eye out for suspicious links, and avoid downloading unsafe and unnecessary content.

Comments

Tags: browsing_security articles