Safe Browsing Practices and Plugins
Best practices, tools, and application that can provide a more secure browsing experience for Helpline clients
Online users have all experienced issues with adware, pop-ups, viruses, and other malicious content from the web. Tracking users and censorship over a specific region or country are also common practices. These threats may make our users feel unsafe. The following solutions will address the majority of their concerns.
These include the following:
- Protection from:
- Scripts, malware and drive-by downloads
- Web/URL redirects
- Browser changes (settings, home pages, bookmarks, add-ons)
- Protection from tracking
It is always recommended to check if the client’s browser is up-to-date. This can be done by visiting this website. If an update is required, try fixing the issue by clicking the “FIX IT” button in the web page with the results. This will help the client download or install the latest version for their browser or plugins.
Force HTTPS on the browser by installing the HTTPS Everywhere extension
- Block ads and scripts:
- Ublock Origin - Available in the Chrome and Firefox Webstore
- NoScript (Firefox) & ScriptSafe (Chrome) - please note that these extensions can change dramatically the browser experience and should only be used by high-risk users
- Avoid Tracking
- Anonymity (for more information and the risks implied, see Article #175: FAQ - Circumvention & Anonymity tools list
- Tor Browser (https://www.torproject.org)
- Other Tools:
- Web of Trust - a free browser extensions, mobile app and API that lets the user check if a website is safe before they visit it.
- Browsing Best Practices & Browser Plugins Review:
- Always make sure that the browser you use is updated along with its extensions (Flash, Java, etc.)
- Always review the browser plugins you have installed, remove unnecessary add-ons and plugins.
- Review security hygiene with the user, so they continue to update their software, keep an eye out for suspicious links, and avoid downloading unsafe and unnecessary content.
If the client uses Google services, we can suggest to use Chrome for accessing Google services, because Google’s certificate fingerprints are pinned inside the code base.
Firefox also features certificate pinning