Safe Browsing Practices and Plugins
Best practices, tools, and application that can provide a more secure browsing experience for Helpline clients
Online users have all experienced issues with adware, pop-ups, viruses, and other malicious content from the web. Tracking users and censorship over a specific region or country are also common practices. These threats may make our users feel unsafe. The following solutions will address the majority of their concerns.
These include the following:
- Protection from:
- Scripts, malware and drive-by downloads
- Web/URL redirects
- Browser changes (settings, home pages, bookmarks, add-ons)
- Protection from tracking
Choosing a Browser
There are many browsers available, and depending on our client’s needs, they will have multiple options to choose from. Keep in mind that the client’s context will have an effect on their options, as well: for example, in some countries it may be illegal to use Tor Browser to circumvent censorship.
- Tor Browser
- Blocks tracking and fingerprinting, hides the user’s IP, and allows access to onion sites.
- Can help a user circumvent censorship by an ISP or another actor.
- Tor Browser comes with some browser extensions pre-installed. Users should be cautioned against installing extra extensions and add-ons, as doing so may weaken Tor Browser’s privacy protections.
- To get the most out of Tor Browser, the user may need to change some of their browsing habits.
- Has built-in protections against tracking and scripts, and automatically blocks ads.
- Protects against device fingerprinting.
- More information on Brave’s privacy protections here.
- Has built-in protections against tracking.
- Allows users to open sites in ‘container tabs,’ which can help prevent the site from creating a user profile based on the user’s activity in other browser tabs.
- With Firefox, we may want to recommend changing the default settings to increase privacy. Clients can disable telemetry sharing, disable search and URL autocomplete, and make sure not to login to a Firefox account in the browser or enable cross-device syncing.
- Google Chrome or another Chromium-based browser
- Sends a persistent identifier back to Google along with visited website addresses, allowing the user’s identity to be linked to their browsing activity.
- If a user needs to use Chrome, we should recommend that they disable search and URL autocomplete in their settings.
A user who prioritizes privacy should consider:
- Tor Browser
- Firefox (with tweaked settings)
Securing the Browser
It is always recommended to check if the client’s browser is up-to-date. This can be done by visiting this website. If an update is required, the client can try fixing the issue by clicking the “FIX IT” button in the web page with the results. This will help the client download or install the latest version for their browser or plugins.
Force HTTPS on the browser by installing the HTTPS Everywhere extension.
- Block ads and scripts:
- Avoid tracking:
- Anonymity (for more information and the risks implied, see Article #175: FAQ - Circumvention & Anonymity tools list:
- Tor Browser (https://www.torproject.org)
- Other tools:
- Web of Trust - a free browser extension, mobile app and API that lets the user check if a website is safe before they visit it.
- Browsing Best Practices & Browser Plugins Review:
- Always make sure that the browser you use is updated along with its extensions.
- Always review the browser plugins you have installed, and remove unnecessary add-ons and plugins.
- When possible, use a privacy-conscious search engine like DuckDuckGo.
- Review security hygiene with the user. Encourage them to continue to update their software, keep an eye out for suspicious links, and avoid downloading unsafe and unnecessary content.
- Web Browser Privacy: What Do Browsers Say When They Phone Home? - Douglas J. Leith, February 24th, 2020.
- Study ranks the privacy of major browsers. Here are the findings - Ars Technica, March 17th, 2020.