{"id":13725,"date":"2018-10-31T09:10:04","date_gmt":"2018-10-31T17:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/31\/news-7492\/"},"modified":"2018-10-31T09:10:04","modified_gmt":"2018-10-31T17:10:04","slug":"news-7492","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/10\/31\/news-7492\/","title":{"rendered":"How to tighten security and increase privacy on your browser"},"content":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 31 Oct 2018 16:41:05 +0000<\/strong><\/p>\n<p>Is my browser making an effort to keep my system safe and my online behavior private? This is usually not the first question we ask ourselves when we choose our default browser. But maybe it should be.<\/p>\n<p>These days, threats to your privacy and security come at your from all angles, but browser-based attacks such as malvertising, drive-by downloads, adware, tracking, and rogue apps make going online and conducting a search a little more dangerous. Therefore, it&#8217;s important take note of what browsers are doing to shore up their defenses\u2014and what you can do to optimize them.<\/p>\n<p>When it comes to online privacy, it looks as if the silent majority of Internet users have shifted from the \u201cI have nothing to hide\u201d frame of mind to the \u201cthey already know everything anyway\u201d group. And based on <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/09\/millions-of-accounts-affected-in-latest-facebook-hack\/\" target=\"_blank\" rel=\"noopener\">recent events<\/a>, many social media users might right. Effectively, both groups feel as though it is not worth the trouble to jump through hoops to keep their data private. So should this even be a consideration?<\/p>\n<p>While privacy is ultimately a personal choice, we believe it is still a right. So we&#8217;ll continue to offer our advise for those who are interested.<\/p>\n<p>But let&#8217;s look at the security aspect first. This is something we can all agree on.<\/p>\n<h3>Browser security measures<\/h3>\n<p>There have been a few initiatives taken recently by the major browsers to enhance their safety.<\/p>\n<ul>\n<li>Google has decided that <a href=\"https:\/\/www.zdnet.com\/article\/google-to-no-longer-allow-chrome-extensions-that-use-obfuscated-code\/\" target=\"_blank\" rel=\"noopener\">Chrome extensions submitted to the Web Store<\/a> will not be allowed if they contained \u201c<a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2013\/03\/obfuscation-malwares-best-friend\/\" target=\"_blank\" rel=\"noopener\">obfuscated<\/a>\u201d code. According to Google, developers should not have to hide their code. It makes it hard to decide whether they should allow the extension, and most obfuscated extensions turned out to be malicious.<\/li>\n<li>Google is in the process of putting an end to \u201c<a href=\"https:\/\/www.techrepublic.com\/article\/heres-why-google-is-killing-off-inline-installation-for-chrome-extensions\/\" target=\"_blank\" rel=\"noopener\">inline installation<\/a>\u201d of extensions. This means websites can no longer directly install Chrome extensions using the Chrome API, but have to send you to the Web Store. While this process will only be finished by the end of the year, distributors have already <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chrome-extension-devs-use-sneaky-landing-pages-after-google-bans-inline-installs\/\" target=\"_blank\" rel=\"noopener\">adapted their methods<\/a> to deliver their extensions.<\/li>\n<li>Mozilla (Firefox), Google (Chrome), Apple (Safari), and Microsoft (Edge and Internet Explorer) have announced to <a href=\"https:\/\/www.computerworld.com\/article\/3313589\/web-browsers\/big-browsers-to-pull-support-plug-for-tls-10-and-11-encryption-protocols-in-early-20.html\" target=\"_blank\" rel=\"noopener\">drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols<\/a> in early 2020. This will force websites to start using the newer and more secure protocols.<\/li>\n<li><a href=\"https:\/\/restoreprivacy.com\/webrtc-leaks\/\" target=\"_blank\" rel=\"noopener\">WebRTC leaks and vulnerabilities<\/a> were solved. Real-time communication features could expose your true IP address via STUN requests with Firefox, Chrome, Opera and Brave browsers, even when you were using a VPN.<\/li>\n<\/ul>\n<p>In earlier stages of privacy and security audits, all the major browsers had already added options and features like URL filtering, download protection, &#8220;do not track&#8221; capabilities, and measures against <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/browlock-2\/\" target=\"_blank\" rel=\"noopener\">browlocks<\/a>. They are not all using the same methods, and some are more effective than others, but the efforts were made nonetheless.<\/p>\n<h3>Remaining problems<\/h3>\n<p>Despite all the attempts to apply some pest-control on adware, malicious cryptominers, and other assorted browser hijackers, there will always be those that manage to slither through and infect users. And that doesn&#8217;t even take into account the multitude of potentially unwanted programs (PUPs) that most parties don\u2019t even seem to care about at all. However, readers of this blog will undoubtedly know the way to our <a href=\"https:\/\/www.malwarebytes.com\" target=\"_blank\" rel=\"noopener\">Malwarebytes products page<\/a>, where they can download a cure for an infected browser.<\/p>\n<p>Besides the obvious ramifications of an <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/adware\/\" target=\"_blank\" rel=\"noopener\">adware<\/a>, <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/pup\/\" target=\"_blank\" rel=\"noopener\">PUP<\/a>, or <a href=\"https:\/\/blog.malwarebytes.com\/threats\/browser-hijacker\/\" target=\"_blank\" rel=\"noopener\">hijacker<\/a> infection, there is still more work left to do to for those of us that value our online privacy.<\/p>\n<h3>Browser privacy<\/h3>\n<p>The upside of being able to use browser extensions is that there are many good ones out there that can help you establish a more private browsing experience. Ad-blockers, <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2015\/09\/ghostery-a-tool-that-stop-trackers\/\" target=\"_blank\" rel=\"noopener\">anti-tracking tools<\/a>, and\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/betas\/2018\/07\/introducing-malwarebytes-browser-extension\/\" target=\"_blank\" rel=\"noopener\">protective extensions<\/a>\u00a0add further protection.<\/p>\n<p>You can also tighten your privacy by using a <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2014\/06\/one-vpn-to-rule-them-all\/\" target=\"_blank\" rel=\"noopener\">Virtual Private Network (VPN)<\/a> to anonymize your traffic. You have options here, since you can install a VPN to anonymize all your Internet traffic, or you can install a VPN extension that will do so for your browser only. Since a VPN slows down the Internet connection, the choice will be based on which other Internet connections you use and your personal preference.<\/p>\n<p>You could even decide to use one browser with a VPN extension and another without one. Personally, I use different browsers for different purposes. This is called compartmentalization and it allows you to visit trusted (and preferably bookmarked) websites with a quick browser and do your regular surfing with a fully protected and anonymized browser.<\/p>\n<p>Besides using a VPN, you can also look at some alternative browsers that are already optimized for privacy and security:<\/p>\n<ul>\n<li>The <a href=\"https:\/\/www.torproject.org\/projects\/torbrowser.html.en\" target=\"_blank\" rel=\"noopener\">TOR<\/a> software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world.<\/li>\n<li><a href=\"https:\/\/freenetproject.org\/author\/freenet-project-inc.html\" target=\"_blank\" rel=\"noopener\">Freenet<\/a> is a peer-to-peer platform for censorship-resistant communication and publishing that is available for Windows, macOs, and Linux.<\/li>\n<li><a href=\"https:\/\/www.waterfoxproject.org\/en-US\/waterfox\/features\/private-browsing\/\" target=\"_blank\" rel=\"noopener\">Waterfox<\/a> is a secure and private browser based on Firefox, that allows you to use Firefox extensions. It is available for Windows, macOS, Linux, and Android.<\/li>\n<li><a href=\"https:\/\/www.palemoon.org\" target=\"_blank\" rel=\"noopener\">Pale Moon<\/a> is another Mozilla fork, but it doesn\u2019t work with all Firefox extensions. It is available for Windows and Linux.<\/li>\n<li><a href=\"https:\/\/brave.com\" target=\"_blank\" rel=\"noopener\">Brave<\/a> is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Chromium_(web_browser)\" target=\"_blank\" rel=\"noopener\">Chromium<\/a>-based browser that blocks unwanted content by default and does not need much tinkering to keep you safe and private. Brave is available for Windows, macOs, Linux, iOS, and Android.<\/li>\n<\/ul>\n<h3>Anonymous searching<\/h3>\n<p>We have <a href=\"https:\/\/blog.malwarebytes.com\/puppum\/2018\/08\/can-search-extensions-keep-searches-private\/\" target=\"_blank\" rel=\"noopener\">talked about (not so) private search extensions<\/a> before, but I want to mention a search engine that does deliver on the promised private searches, and that was brought up in the comments to that blogpost (thanks Patrick). It is called DuckDuckGo, and you can perform searches directly from <a href=\"https:\/\/duckduckgo.com\/\" target=\"_blank\" rel=\"noopener\">their site<\/a> or you can install their <a href=\"https:\/\/duckduckgo.com\/app\" target=\"_blank\" rel=\"noopener\">app or extension<\/a>.<\/p>\n<h3>Test to see whether your browser is safe against fingerprinting<\/h3>\n<p>Browser fingerprinting is a method used by commercial websites to uniquely identify visitors based on the way you have configured your browser and some other metrics that they can fetch from your browser, such as timezone.<\/p>\n<p>If you feel you have already done your best to make your browser untrackable, pay this site a visit: <a href=\"https:\/\/panopticlick.eff.org\/\" target=\"_blank\" rel=\"noopener\">https:\/\/panopticlick.eff.org\/<\/a>. It provides visitors with an option to do a test and analyze how well their browser and add-ons protect them against online tracking techniques. The site will also be able to see if your system is uniquely configured and therefor identifiable, even if you are using privacy-protective software.<\/p>\n<p>Don\u2019t get hung up on the test result alone though, because the number of results you are compared with plays a big role in the outcome. For example, coming from a small country or language area may give you away when no one else from that area has taken the test. This doesn\u2019t automatically mean advertisers will be able to track you as well. Do pay attention to the specified fingerprinting results. You can access those by clicking on the fingerprinting link in the Test column.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting.png\" data-rel=\"lightbox-0\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26073\" data-permalink=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/attachment\/fingerprinting-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting.png\" data-orig-size=\"602,70\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"fingerprinting\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting-300x35.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting-600x70.png\" class=\"aligncenter size-large wp-image-26073\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting-600x70.png\" alt=\"fingerprinting\" width=\"600\" height=\"70\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting-600x70.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting-300x35.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/fingerprinting.png 602w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<h3>Blocking advertisements<\/h3>\n<p>As we have explained in the blogpost <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/07\/mother-is-blocking-ads-so-why-arent-you\/\" target=\"_blank\" rel=\"noopener\">Everybody and their mother is blocking ads, so why aren\u2019t you?<\/a>, blocking advertisements provides a vital security layer that not only severs a potential vector for online malvertising attacks, but also blocks privacy-invading tracking plugins from collecting and harvesting your personal information.<\/p>\n<h3>Cookies<\/h3>\n<p>Cookies are another topic that we have discussed earlier. Most cookies are not worth worrying about, but it is a good idea to be aware of them. How could you not be aware with every site asking your permission, right? In the blogpost <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/01\/cookies-should-i-worry-about-them\/\" target=\"_blank\" rel=\"noopener\">Cookies: Should I worry about them?<\/a>, we have explained how you can check and control the cookies that you want to allow.<\/p>\n<h3>Level of concern<\/h3>\n<p>So, while many major browsers are doing their best to keep you secure and private, it depends on your own level of concern how far you want to take this journey. There are specialized browsers, extensions, search engines, and other tools to help you achieve any level of privacy. Most people will be satisfied by customizing their mainstream browser to fit their needs, while others wouldn\u2019t think of going online unless they are using Tor behind a VPN. To each their own. As long as you are aware of the risks. And we hope this post will help you to achieve the level you are after.<\/p>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/\">How to tighten security and increase privacy on your browser<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 31 Oct 2018 16:41:05 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/' title='How to tighten security and increase privacy on your browser'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/shutterstock_572527735.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Is your browser secure and private enough by design or do you need to worry about security, privacy, fingerprinting, ads, and cookies yourself?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/privacy-security-world\/\" rel=\"category tag\">Privacy<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/ads\/\" rel=\"tag\">ads<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/browlock\/\" rel=\"tag\">browlock<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/browser\/\" rel=\"tag\">browser<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/browser-security\/\" rel=\"tag\">browser security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/browser-based-attacks\/\" rel=\"tag\">browser-based attacks<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/chrome-extension\/\" rel=\"tag\">Chrome Extension<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/control\/\" rel=\"tag\">control<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cookies\/\" rel=\"tag\">cookies<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptominers\/\" rel=\"tag\">cryptominers<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fingerprinting\/\" rel=\"tag\">fingerprinting<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hijacker\/\" rel=\"tag\">hijacker<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/online-privacy\/\" rel=\"tag\">online privacy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/privacy\/\" rel=\"tag\">privacy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/pup\/\" rel=\"tag\">PUP<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security\/\" rel=\"tag\">security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vpn\/\" rel=\"tag\">vpn<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/webrtc\/\" rel=\"tag\">WebRTC<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/' title='How to tighten security and increase privacy on your browser'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/privacy-security-world\/2018\/10\/tighten-security-increase-privacy-browser\/\">How to tighten security and increase privacy on your browser<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11533,17024,11267,20001,20002,11424,20003,10435,15826,11519,20004,10470,5897,10566,714,10497,10863,20005],"class_list":["post-13725","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-ads","tag-browlock","tag-browser","tag-browser-security","tag-browser-based-attacks","tag-chrome-extension","tag-control","tag-cookies","tag-cryptominers","tag-fingerprinting","tag-hijacker","tag-online-privacy","tag-privacy","tag-pup","tag-security","tag-security-world","tag-vpn","tag-webrtc"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13725"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13725\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13725"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}