Jump to content


Photo

Browser setup for security and privacy

browser privacy

  • Please log in to reply
17 replies to this topic

#1 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 12 August 2014 - 12:33 AM

Hi im just asking what you guys do with your browsers for security and privacy. I use firefox and palemoon with addons= adblock edge,disconnect,mask me,self destructing cookies and secret agent addon from dephormation to change my useragent to the most used ones.Do you think changing useragents is needed to help against fingerprinting or not.I would like to know the best approach to being anonymous.Thanks for any feedback

#2 S.O.A.

S.O.A.

    Advanced Member

  • Members
  • PipPipPip
  • 262 posts

Posted 12 August 2014 - 03:38 AM

You have two that I would recommend like Disconnect and self destructing cookies.  For Firefox I also use Click&Clean, better privacy, and webutation, Adblock Plus, Adblock Plus Pop up blocker, and if you really want to go all the way you can use NoScript. This addon can get annoying, so be warned.  Also, if you want a good app to secure passwords I would recommend LastPass. Check these out and see what you think! 



#3 ishap

ishap

    Member

  • Members
  • PipPip
  • 17 posts

Posted 12 August 2014 - 09:05 PM

My three stables are noScript, https-everywhere and Privacy badger.

 

Privacy Badger

https://www.eff.org/privacybadger

 

https-everywhere

https://www.eff.org/https-everywhere

 

I'd certanly give a +1 to lastpass as well.



#4 rickjames

rickjames

    Advanced Member

  • Members
  • PipPipPip
  • 359 posts

Posted 12 August 2014 - 09:44 PM

Browsers are in a bit of a sad state imo. If I had the ability I would make my own.

My firefox setup:
Addons:
adblock plus
better privacy
ghostery
noScript -> this does not stop all js - and I agree its annoying as hell so I use the below addon to totaly kill js.
You can setup noScript to allow the sites you freaquent. Then just hit the js switch button to kill all js.
JS switch -> 80% of the time I leave js completely disabled.

It saddens me to see the number of scripts loading in most of the sites I visit. Lazy devs are killing the internets...

about:config tweaks
network.http.sendRefererHeader "0"
image.animation_mode "none" ----> gif's piss me off lol... This shows the image but it doesn't load further / play it. -Very helpful on a slower connection ;)
geo.enabled "0"
network.dns.disablePrefetch "true"
network.prefetch-next "false"
network.http.pipelining "true" -> just speed stuff
datareporting.healthreport.service.enabled "false" ->I also flat out delete all the url's for health reporting
browser.safebrowsing.enabled "false" ->again I delete the urls related to this.
general.useragent.override "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"
just toss in any popular useragent.

I run linux as my desktop and move anything cache related to tmpfs aka a ram disk, firefox stuff included.

Move the firefox cache folder via about:config
Make a new string and name it = browser.cache.disk.parent_directory
then in the setting toss in -->> /path/to/ramdisk/or/tmpfs
My /tmp is loaded as tmpfs so I just toss it there.

I also move the firefox startup cache to tmpfs along with a few flash player cache folders. Normally I don't even leave flash enabled though.

If you're on windows you could do this with any ramdisk software.

There's prolly more about:config tweaks that I'm forgetting. If I remember them I'll post emm. -good luck.

#5 Coldwave

Coldwave

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 13 August 2014 - 01:45 PM

I use;

Adblock Edge

Ghostery

Google/Yandex search link fix

HTTPS Everywhere

NoScript

RefControl

Self-Destructing Cookies

 

NoScript can be really annoying at the beginning but I'm used to it.



#6 CultureVulture

CultureVulture

    Advanced Member

  • Members
  • PipPipPip
  • 145 posts

Posted 16 August 2014 - 11:27 PM

Is secret agent addon about user agent spoofing? I did some reading about this and came to the conclusion that user agent spoofing actually works against anonymity, because it actually makes your browser easier to identify uniquely. Hence, digital fingerprinting is easier to carry out, not harder. Or am I misunderstanding it?

#7 stupidcats

stupidcats

    Advanced Member

  • Members
  • PipPipPip
  • 50 posts

Posted 18 August 2014 - 12:51 PM

Are all those security extensions still needed when using a VPN?

 

For example, do we need HTTPS-everywhere when in a VPN?

 

About the "Self-Destructing cookies" addon:

 

- How do I make it so it doesn't destroy lastpass cookies?



#8 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 18 August 2014 - 09:12 PM

Hi im just asking what you guys do with your browsers for security and privacy

 

Pick addons you like from here. I personally use 1, 2, 8, 9 and HTTPS-Everywhere.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#9 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 21 August 2014 - 12:18 AM

@ epsilon  For self destructing cookies its in addons-extensions then click on options and there is a whitelist option half way down.



#10 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 21 August 2014 - 12:33 AM

Are all those security extensions still needed when using a VPN?

 

I believe so but im no expert. There is browser fingerprinting which can be used to help find who a user is, but its alot of effort for whoever is trying to track you so i wouldn't worry so much.I just like to be as anon as possible. Here is a good site to test how unique your browser is, https://panopticlick.eff.org/

How effective fingerprinting is though i don't know.

Noscript is good for blocking flash ads that contain malware



#11 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 21 August 2014 - 12:43 AM

Hello,

 

check out also Privacy Badger by Electronic Frontier Foundation (for Firefox and Chrome). We have not tested it but it looks very promising. It faces the challenging tracking problem with a completely different approach than various ad blocks, which are often powerless against tracking and anyway may have a questionable behavior.

 

https://www.eff.org/privacybadger

 

Kind regards



#12 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 21 August 2014 - 07:17 AM

Are all those security extensions still needed when using a VPN?

 

You don't need to use them, even without a VPN. Haha.. :D

 

It's recommended because a VPN doesn't stop the tracking. :)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#13 rickjames

rickjames

    Advanced Member

  • Members
  • PipPipPip
  • 359 posts

Posted 27 September 2014 - 11:22 PM

Are all those security extensions still needed when using a VPN?

 

You don't need to use them, even without a VPN. Haha.. :D

 

It's recommended because a VPN doesn't stop the tracking. :)

 

This ^

 

I would love to see some sort of addon that runs js and or cookies virtually / sandboxed in such a way you could control the sandbox settings.

 

ie set the params of the sandbox - fake screen res, fake OS enviorment, and a user agent that conforms with the previous res and os settings. Thus any info pulled via a well written js script or a baddie cookie would look like 99% of the rest of the interwebs.

 

Its pretty absurd how much info can be pulled from simply clicking a page.



#14 rickjames

rickjames

    Advanced Member

  • Members
  • PipPipPip
  • 359 posts

Posted 09 October 2014 - 06:53 PM

​After some testing just tossing out a little update.

Addons:

 

Privacy stuff:
Adblock Edge -> liking this more than adblock plus
JS switch -> Completely disables all javascript with a button press

Cookie Toggle -> Completely disables all cookies with a button press
noScript -> for when js is needed

BlockSite  -> Simple addon for easily blocking sites - Or sites loading stuff in the background

FlagFox -> shows info on the server location

 

Random Agent Spoofer -> Still testing this but its amazing thus far. It can change screen res, headers, useragent per page refresh and a LOT of other stuff. I would seriously consider donating to this guy.

 

Firefox link for it -> has less options

https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/

 

Git link -> additional features like screen res, timezone ect.

https://github.com/dillbyrne/random-agent-spoofer/releases/tag/0.9.4.1

​Helpful addons:

​HTitle -> kills the title bar on linux in firefox

​NoSquint -> Zooms pages both text and images for huge monitors.

​Downthemall -> just because

​Haven't had the time to test Privacy Badger yet, but it looks interesting.



#15 iwih2gk

iwih2gk

    Advanced Member

  • Members2
  • PipPipPip
  • 282 posts

Posted 10 October 2014 - 05:26 PM

For me the most comprehensive solution is to employ TBB (TOR browser bundle) in a virtual machine.  Its really difficult to approach all the security features by using a conventional FF and then tightening it up.  This method bridged by Air to my raw ISP seems to be so solid.



#16 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 21 January 2015 - 08:02 PM

Does anyone know how i can correct the spelling in the title.It's annoying me. :ot:  Does anyone know of a good firefox extension to protect against phishing.I am using Elementary os for the first time.



#17 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 21 January 2015 - 08:03 PM

​Helpful addons:

​HTitle -> kills the title bar on linux in firefox

​NoSquint -> Zooms pages both text and images for huge monitors.

​Downthemall -> just because

 

HTitle is useful thanks



#18 PortlyNinja

PortlyNinja

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts
  • LocationBehind you

Posted 22 January 2015 - 02:22 AM

Brilliant :rofl:  Thank you







Also tagged with one or more of these keywords: browser, privacy

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13809 - BW: 46043 Mbit/sYour IP: 34.229.175.129Guest Access.