Browser setup for security and privacy

[PortlyNinja 17]

Hi im just asking what you guys do with your browsers for security and privacy. I use firefox and palemoon with addons= adblock edge,disconnect,mask me,self destructing cookies and secret agent addon from dephormation to change my useragent to the most used ones.Do you think changing useragents is needed to help against fingerprinting or not.I would like to know the best approach to being anonymous.Thanks for any feedback

[S.O.A. 83]

You have two that I would recommend like Disconnect and self destructing cookies.  For Firefox I also use Click&Clean, better privacy, and webutation, Adblock Plus, Adblock Plus Pop up blocker, and if you really want to go all the way you can use NoScript. This addon can get annoying, so be warned.  Also, if you want a good app to secure passwords I would recommend LastPass. Check these out and see what you think! 

[ishap 4]

My three stables are noScript, https-everywhere and Privacy badger.

 

Privacy Badger

https://www.eff.org/privacybadger

 

https-everywhere

https://www.eff.org/https-everywhere

 

I'd certanly give a +1 to lastpass as well.

[rickjames 106]

Browsers are in a bit of a sad state imo. If I had the ability I would make my own.

 

My firefox setup:

Addons:

adblock plus

better privacy

ghostery

noScript -> this does not stop all js - and I agree its annoying as hell so I use the below addon to totaly kill js.

You can setup noScript to allow the sites you freaquent. Then just hit the js switch button to kill all js.

JS switch -> 80% of the time I leave js completely disabled.

 

It saddens me to see the number of scripts loading in most of the sites I visit. Lazy devs are killing the internets...

 

about:config tweaks

network.http.sendRefererHeader "0"

image.animation_mode "none" ----> gif's piss me off lol... This shows the image but it doesn't load further / play it. -Very helpful on a slower connection

geo.enabled "0"

network.dns.disablePrefetch "true"

network.prefetch-next "false"

network.http.pipelining "true" -> just speed stuff

datareporting.healthreport.service.enabled "false" ->I also flat out delete all the url's for health reporting

browser.safebrowsing.enabled "false" ->again I delete the urls related to this.

general.useragent.override "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"

just toss in any popular useragent.

 

I run linux as my desktop and move anything cache related to tmpfs aka a ram disk, firefox stuff included.

 

Move the firefox cache folder via about:config

Make a new string and name it = browser.cache.disk.parent_directory

then in the setting toss in -->> /path/to/ramdisk/or/tmpfs

My /tmp is loaded as tmpfs so I just toss it there.

 

I also move the firefox startup cache to tmpfs along with a few flash player cache folders. Normally I don't even leave flash enabled though.

 

If you're on windows you could do this with any ramdisk software.

 

There's prolly more about:config tweaks that I'm forgetting. If I remember them I'll post emm. -good luck.

[Coldwave 0]

I use;

Adblock Edge

Ghostery

Google/Yandex search link fix

HTTPS Everywhere

NoScript

RefControl

Self-Destructing Cookies

 

NoScript can be really annoying at the beginning but I'm used to it.

[CultureVulture 30]

Is secret agent addon about user agent spoofing? I did some reading about this and came to the conclusion that user agent spoofing actually works against anonymity, because it actually makes your browser easier to identify uniquely. Hence, digital fingerprinting is easier to carry out, not harder. Or am I misunderstanding it?

[stupidcats 14]

Are all those security extensions still needed when using a VPN?

 

For example, do we need HTTPS-everywhere when in a VPN?

 

About the "Self-Destructing cookies" addon:

 

- How do I make it so it doesn't destroy lastpass cookies?

[OpenSourcerer 1435]

Hi im just asking what you guys do with your browsers for security and privacy

 

Pick addons you like from here. I personally use 1, 2, 8, 9 and HTTPS-Everywhere.

[PortlyNinja 17]

@ epsilon  For self destructing cookies its in addons-extensions then click on options and there is a whitelist option half way down.

[PortlyNinja 17]

Are all those security extensions still needed when using a VPN?

 

I believe so but im no expert. There is browser fingerprinting which can be used to help find who a user is, but its alot of effort for whoever is trying to track you so i wouldn't worry so much.I just like to be as anon as possible. Here is a good site to test how unique your browser is, https://panopticlick.eff.org/

How effective fingerprinting is though i don't know.

Noscript is good for blocking flash ads that contain malware

[Staff 9972]

Hello,

 

check out also Privacy Badger by Electronic Frontier Foundation (for Firefox and Chrome). We have not tested it but it looks very promising. It faces the challenging tracking problem with a completely different approach than various ad blocks, which are often powerless against tracking and anyway may have a questionable behavior.

 

https://www.eff.org/privacybadger

 

Kind regards

[OpenSourcerer 1435]

Are all those security extensions still needed when using a VPN?

 

You don't need to use them, even without a VPN. Haha..

 

It's recommended because a VPN doesn't stop the tracking.

[rickjames 106]

 

Are all those security extensions still needed when using a VPN?

 

You don't need to use them, even without a VPN. Haha..

 

It's recommended because a VPN doesn't stop the tracking.

 

This ^

 

I would love to see some sort of addon that runs js and or cookies virtually / sandboxed in such a way you could control the sandbox settings.

 

ie set the params of the sandbox - fake screen res, fake OS enviorment, and a user agent that conforms with the previous res and os settings. Thus any info pulled via a well written js script or a baddie cookie would look like 99% of the rest of the interwebs.

 

Its pretty absurd how much info can be pulled from simply clicking a page.

[rickjames 106]

​After some testing just tossing out a little update.

​

Addons:

 

Privacy stuff:
Adblock Edge -> liking this more than adblock plus
JS switch -> Completely disables all javascript with a button press

Cookie Toggle -> Completely disables all cookies with a button press
noScript -> for when js is needed

BlockSite  -> Simple addon for easily blocking sites - Or sites loading stuff in the background

FlagFox -> shows info on the server location

 

Random Agent Spoofer -> Still testing this but its amazing thus far. It can change screen res, headers, useragent per page refresh and a LOT of other stuff. I would seriously consider donating to this guy.

 

Firefox link for it -> has less options

https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/

 

Git link -> additional features like screen res, timezone ect.

https://github.com/dillbyrne/random-agent-spoofer/releases/tag/0.9.4.1

​

​Helpful addons:

​HTitle -> kills the title bar on linux in firefox

​NoSquint -> Zooms pages both text and images for huge monitors.

​Downthemall -> just because

​

​Haven't had the time to test Privacy Badger yet, but it looks interesting.

[iwih2gk 93]

For me the most comprehensive solution is to employ TBB (TOR browser bundle) in a virtual machine.  Its really difficult to approach all the security features by using a conventional FF and then tightening it up.  This method bridged by Air to my raw ISP seems to be so solid.

[PortlyNinja 17]

Does anyone know how i can correct the spelling in the title.It's annoying me.   Does anyone know of a good firefox extension to protect against phishing.I am using Elementary os for the first time.

[PortlyNinja 17]

​

​Helpful addons:

​HTitle -> kills the title bar on linux in firefox

​NoSquint -> Zooms pages both text and images for huge monitors.

​Downthemall -> just because

 

HTitle is useful thanks

[PortlyNinja 17]

Brilliant   Thank you