Safety and Privacy Online - The EFF and Browsers

in #browsers3 years ago (edited)

geometric image with rings around a lock and squares in the background

Note: I refer to all extensions, add-ons, and other things you install in your browser to extend functionality as plug-ins in this article.

Table of Contents

  1. The EFF's Tools
    1. HTTPS Everywhere Plug-in
    2. CertBot: Get HTTPS for your Website for FREE!
    3. Privacy Badger Plug-in
      1. Privacy: Did You Know?
    4. Cover Your Tracks
    5. Surveillance Self-Defense
    6. Security Education Companion
    7. Atlas of Surveillance
    8. Crocodile Hunter: Instructions on How to Catch Users of "IMSI Catchers"/"Stingrays"
  2. What About Browsers??!
    1. The Dangers of Browsing
    2. Recommended Browsers
      1. TOR Project Browser
      2. Brave Browser
      3. Firefox
      4. Ungoogled Chromium
      5. DuckDuckGo Privacy Browser (for mobile only)
    3. Browsers that I Suggest that You Avoid
    4. Quick Tips for Safer Browsing
  3. ONE FINAL NOTE
  4. Browser References

eff logo

Thank you to the Electronic Freedom Foundation (EFF) for their efforts to protect our online freedom and privacy. They offer a variety of different tools to help!

HTTPS Everywhere


logo
Are you interested in making your browsing experience safer and more private? First of all, make sure you have the browser extension/add-on/plug-in HTTPS Everywhere installed on your browser, or that your browser is set to default every site to HTTPS. HTTPS is now the default, secure protocol most websites have enabled in order to protect the connection between you and them. HTTPS Everywhere tells every website to create a secure connection with you using encryption (secret code). If that website doesn't have HTTPS, it will be opened with HTTP. Some browsers will give you a warning before it opens the website, and you'll have to click on something to accept the risk.

Using only HTTP, which some browsers show by having an unlocked symbol or a warning sign next to the website's address (aka URL) means that you are not secure. Different types of attacks, such as man-in-the-middle (interception, manipulation, and substitution of data) attacks, can compromise your experience and allow criminals (and governments) to collect data about you - even very sensitive things like ID numbers, passwords, credit cards, etc. As you can see, going to a website with only HTTP leaves you vulnerable.

Why don't some sites use HTTPS? Well, some people, companies, organizations, governments, etc. don't understand the importance of HTTPS. Some can't afford the (admittedly fairly low cost) of adding HTTPS. Others don't know about it.

And then there are the malicious websites that don't want or need such protection because they WANT to lure you into their trap...

HTTPS Everywhere is available for Chrome, Firefox (Windows & Android), Edge & Opera. Included in TOR (Windows & Android), Onion Browser (iOS), and Brave (Android and iOS).


CertBot


logo

Certbot is a free, open[-]source software tool for automatically using Let’s Encrypt certificates on manually-administered websites to enable HTTPS. Certbot offers domain owners and website administrators a convenient way to move to HTTPS with easy-to-follow, interactive instructions based on your web server and operating system.

In other words, if you have a website that needs HTTPS, they'll help you get it set up for FREE!!


Privacy Badger


logo

What's better than PBJ? Privacy Badger! :)

Privacy Badger is an install-and-forget browser add-on that stops advertisers and trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser or other third party seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks them from loading any more content in your browser.

Privacy Badger sends the Global Privacy Control signal, to opt you out of data sharing and selling, and the Do Not Track signal to tell companies not to track you. Sadly, some companies (and criminals) don't care about these requests!

It's available for Firefox (Windows & Android), Edge, and Opera.

Did You Know?


If you maximize the size of your browser window, that is used to help identify your computer along with a bunch of other factors. Experts recommend never maximizing your browser. Maybe you should change it every time to REALLY confuse the trackers!!


The EFF also offers other resources!

  • Cover Your Tracks


    logo
    Use the EFF's Cover Your Tracks to determine how "trackable" you are, even with standard anti-tracking measures you may already have. It will tell you how unique your online "fingerprint" is (unique is bad), and you can get further details as to how and why.

Cover Your Tracks analyzes how well your browser and add-ons protect you against online tracking techniques. A Cover Your Tracks test shows you how trackers see your browser, and how uniquely configured—and thus identifiable—it is. In addition to a useful tool, Cover Your Tracks is also an ongoing research project to uncover the tools and techniques of online trackers and test the efficacy of privacy add-ons.


Surveillance Self-Defense (SSD) is EFF's online guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.


The Security Education Companion (SEC) is EFF’s resource for people teaching digital security to their friends and neighbors.

The SEC includes FAQs about Basics, Tool Guides, Further Learning, and Security Scenarios. I suggest you might want to read everything relevant to you, as long as you understand it.


The Atlas of Surveillance is a searchable database and map that reveals which technologies, such as drones and automated license plate readers, are used by domestic law enforcement agencies across the United States. Through a combination of crowdsourcing and data journalism, we are creating the largest-ever repository of information on which law enforcement agencies are using what surveillance technologies.


Crocodile Hunter is a tool to detect and find so-called “Stingrays” or “IMSI Catchers,” devices that identify an individual mobile phone in a crowd by mimicking a cell phone tower. This link leads to the EFF source repository with instructions on hardware and software needed, as well as build instructions and how to use it.


What About Browsers??!


Ok, I know, you REALLY just want to know which browser to use, right? Please keep in mind that each browser has pros and cons from the serious (privacy, security) to the superficial (themes). I'm not going to list them - you'll have to find that out yourself.

The Dangers of Browsing


Before I tell you, I need to warn you. Criminals want you to download their trojans. They create fake websites that LOOK like they're for the browser you want, but they aren't. In this list, I have taken the time to make sure to get the right links for you, but please be careful EVERY time you download something off the Internet: music, movies, pictures, documents, and applications can all carry malware (malicious software) like worms, trojans, viruses and more.

Let me say it again: HACKERS, PHISHERS, AND OTHER CRIMINALS ARE EXCITED ABOUT TRICKING YOU INTO DOWNLOADING THEIR INFECTED STUFF! That is, after all, how they earn money. They'll make websites with a similar name, and that look almost the same as the real thing, and put ads for it up, as well as leave messages on popular blogs, forums, chat rooms, and other places to trick people.

Recommended Browsers


This is my shortlist of browsers that I feel are probably the best choices based on the references I used. Think of this as the results of a meta-study. I do not have personal experience with all of them, nor am I an expert in browser security and privacy. You are free to choose whichever one you want.

"Incognito," "private browsing" and other synonyms for a browsing mode/window offered by your browser in which you feel like you're concealed from everyone is not that. You are concealed from other people who use that computer - that's all - because it just doesn't keep track of where you visited (i.e. no history). Trackers can still track you. Criminals, governments and whoever else can still see what you're doing. And you can still be attacked. In other words, it's for increased browsing privacy on that browser, on that device.

FYI, Chromium is open-source, but Google owns it.

Some browsers claim to offer a VPN service, often for free. Most of these browsers, including Opera, actually uses a proxy service, Epic uses a proxy service, too, as do some other browsers. Getting a VPN or a proxy definitely helps protect you, and getting both is a great idea.

TOR (The Onion Router) Project Browser


logo
The short answer is the TOR Project Browser. The EFF (EFF TOR download link) and many other organizations and people in Internet security and privacy recommend it. In fact, it's probably on EVERY shortlist of best browsers for security and privacy and, if it isn't, that's probably not a good list. TOR is based on Chromium, but it's been set up with your best interests in mind plus, unlike most other browsers, it has a system to keep where you browse secret from everyone - it's a sort of layered system, like an onion, but that extra protection slows down browsing speed while maximizing secrecy. Even better, TOR is available for almost any operating system: Windows, iOS, macOS, Linux, Android, etc. It is basically the best choice for a lot of things. It does, however, come with possible drawbacks. First, they recommend that you never add any plug-ins (it DOES come with HTTPS Everywhere, NoScript, and certain other plug-ins pre-installed), and never use torrents, and TOR may break some websites because of what it doesn't allow. Truth be told, however, almost ANY browser will break websites with the right settings and plug-ins!

Thus, for places where you don't want to compromise, TOR is the best, but there may be restrictions outside of the USA. For places where you need to use it but it breaks, try a secondary browser...

Brave

image.png

Another browser that almost every list has on it is Brave. Brave is streamlined to avoid downloading excessive data from trackers, ads, and other things, so it can boast about having faster speeds than most other browsers. It's also very security-oriented. It's pre-installed with HTTPS Everywhere and other plug-ins. In addition, Brave includes a TOR mode, but there may be restrictions outside of the USA! Also, it uses IPFS instead of HTTPS (learn more here), which basically means that it uses a decentralized system that increases speeds and makes it unlikely that you won't be able to access something you need because the server is down, and all of this is because multiple servers host the same data. Also, Brave offers tokens (a sort of reward system) for browsing. Brave is based on Chromium, which means themes and plug-ins (Chrome calls them extensions) can be downloaded from the Chrome Web Store. Downloads of Brave are available for Android, iOS, Windows 64-bit, Windows 32-bit, macOS Intel, macOS ARM64, and Linux. Let it be noted that the CEO, Brandon Eich, is anti-LGBTQ marriage (he was fired from Mozilla for this), and Brave was caught redirecting crypto connections to get affiliate commissions, which is a breach of trust.

NOTE: After trying Brave's native script blocking, I've determined that it's better to leave it off and use NoScript. It does a much better job, and lets you choose what to allow/block. Brave's blocking, however, only allows you to temporarily unblock scripts/sites, or you can turn it off for a site, which is not ideal, but this is better than what uBlock Origin offers. While I was editing this I noticed that the editor became very slow (up to 7 seconds before what I typed appeared). I checked my email, FB and Twitter editors, but experienced no lag of any significance. whatsoever.

Firefox


logo
Mozilla is a non-profit that has been around since 1998, and they've always managed to keep their open-source browser, Firefox near the top of the list. Mozilla continues its fine efforts to force giants like Microsoft and Google to add things like blocking social and third-party cookies, disabling tracking, not storing and selling data to other companies, and more. Along with features like this, they have added DoH (DNS over HTTPS) to further frustrate those who collect and sell data about you, and a bunch of other features to protect you. There are also comparison charts for: "Security & Privacy," "Utility," and "Portability" between Firefox and 6 other browsers. Because of all the blocked trackers, Firefox is faster than Chrome. It has its own repository of plug-ins (Firefox calls them extensions) and themes, too, and you can import your bookmarks from Chrome to it, and Google's products (Docs, Sheets, etc.) are supported, too!. Firefox supports Windows, iOS, macOS, GNU/Linux, and Android. Firefox also supports more than 90 languages.

Experts do recommend that you make some changes to the settings (instructions: Privacy Savvy, ProPrivacy, Restore Privacy or Make Tech Easier. Also, be sure to add DuckDuckGo, Privacy Badger, HTTPS Everywhere, and NoScript extensions.

Ungoogled Chromium


logo
Yes, it uses Chromium, which means there are lots of themes and plug-ins. It's also highly secure and private, having been tweaked by Eloston, the person who customized it. You can read more on these two websites and some of the references. It supports Windows, Linux, and macOS, but not mobile devices. Basically, Eloston too Chromium and removed its dependence on Google's services, while maintaining the Chromium experience, except that it features tweaks to enhance privacy, control, and transparency. Eloston doesn't guarantee that all versions in his GitHub repository are safe because he didn't create them all.

DuckDuckGo Privacy Browser (mobile only)


logo
Because DDG doesn't track your browsing (they don't save any data, and only show ads based on each search you do), their search engine (while not the most accurate) is very privacy-friendly, and their mobile device browser is, too. It's also pretty secure. You can get the browser for Apple iPhones and iPads and Android. They also have a plug-in. As far as I know, though, the browser has not got themes and plug-ins.

Browsers that I Suggest that You Avoid


You can research why. Each of these has infrequent updates, difficulty in use, privacy, and/or security issues. Some are located in or owned by a company in China, where NO data is private. Some claim to offer VPN but it's not, really. There are several other browsers that should be listed here, too, but they're not well-known.

  • Internet Explorer (privacy and security issues, deprecated)
  • Microsoft Edge (privacy issues)
  • Safari (privacy issues, but it looks like Apple's working on it)
  • Chrome (privacy issues)
  • Opera (now China, major privacy issues)
  • UC Browser (China, major privacy issues)
  • Iridium (rarely updated, very high security that may break sites)
  • Vivaldi (privacy: assigns a unique ID to each installation that can be fingerprinted, sends data to Iceland every day)
  • Epic (closed resource, said they'd release the code but haven't)
  • Yandex (Russia, major privacy issues)

If you disagree with any of these, please let me know why (with details and references, if possible). If you're a fanboy, don't bother to sway me with an emotional argument. Personal anecdotes aren't helpful since they may be an issue specific to your machine/OS/browser/settings.

Quick Tips for Safer Browsing

  1. Free is not free, part 1. If they offer something for free (software, games, porn, c0d3z, music, movies, books, etc.) that isn't actually supposed to be free, you are probably putting yourself at risk of being phished, conned, hacked, infected or something else that will make you wish you'd paid.
  2. Free is not free, part 2. Many companies that offer free services or software do it at a price: usually either by collecting and selling data (anonymous or not, aggregated or not) to other companies, and/or by showing ads. Consider allowing ads on websites that ask you to turn off the ad blocker so they can earn money without having to collect data. If they ALSO collect data, that's another story!
  3. Get a VPN. If you look around, some VPNs are really great but high-priced. There are some that are cheap and great, though.
  4. Get a better browser. Stop sticking with the same browser you've always used, especially if it's called "Internet Explorer."
  5. Use a privacy-oriented search engine. DuckDuckGo, SearX, the metasearch engine, Qwant, the France-based engine, YaCy, or StartPage. Some of these use their own engine, while others rely on search results from other engines, like Google and Bing, but protect your privacy..
  6. Don't trust the mainstream Internet for facts. When you need to know the facts about science and medicine, it's the wrong place. A lot of sites are made to deceive and manipulate you for profit. Use Google Scholar instead. If you're not good at understanding research papers and scientific experiments, though, you're going to have a hard time no matter what you do, so find someone who can help.
  7. Use an anonymous email service (like ProtonMail), and a secure mail app (like Thunderbird). Just because it comes bundled with your computer or Office purchase doesn't make it safe.
  8. Use really strong passwords that look like gibberish. Make them as long as allowed, use upper- and lower-case letters, numbers, and special characters `~!@#$%^&*()_+-=[]{}|;',./:"<>?). Note that some idiot webmasters don't allow some/all special characters!
  9. If a website requires or offers security questions, do NOT answer them with facts. Use strong passwords, instead. The answers to most standard security questions can often be found online, and in pictures (like of your desk) you've posted online.
  10. Add protective plug-ins. If your browser doesn't already do it, make it block 3rd-party tracking cookies, pop-ups, and social tracking; request no tracking; block scripts; block Java and Flash; and protect against malware.
  11. If you understand how to do it, use an anti-script plug-in. I recommend the NoScript or uBlock Origin plug-in to block scripts on web pages. I've used both and they're both a pain to configure but, once you've got a website configured, you're done. Personally, I prefer NoScript because I've had repeated problems with uBlock Origin (and other plug-ins like Ghostery and Disconnect) disrupting scripts even when I turned it off for that site. Also, NoScript allows for making individual choices over what is or isn't blocked, which you can't do with uBlock Origin, and that allows me to tinker until I find out what to block and what to keep so that functionality of the website is maintained.


ONE FINAL NOTE


You are the weakest link and the number one reason you'll get hacked, phished, conned, or otherwise screwed by criminals. If you insist on downloading pirated software, playing games on any website that has what you want, watching movies from "free" sites, watching porn, downloading porn apps, gambling, going to hacking, cracking, phishing, phreaking, and other criminal sites, and so on, it doesn't much matter which browser you choose. You're asking for trouble. Change your browsing habits to improve both your security and privacy. It's that simple!



Browser References


Below are the references I looked at to help inform my choices above. The inclusion of a browser in a reference doesn't mean it's worth using. The exclusion doesn't mean it's bad or good - it just wasn't looked at for some reason. In other words, these are not all-inclusive, and they rank best to worst. In other words, if it's on the right side of the list below, it's not worth it.

  1. VPN Pro: Top 8 Most Secure Web Browsers in 2021 (Aug. 2021)
    TOR, Firefox, Brave, Ungoogled Chromium, Safari, Chrome, Opera, Edge

  2. CyberSecurity Magazine: Top 10 Most Secure Internet Browsers (Jan. 2021)
    TOR, Firefox, Brave, Chromium, Chrome, Edge, Opera, Safari, Vivaldi, SeaMonkey

  3. Safety Detectives: 10 Most Secure Web Browsers in 2021: Ranked + Rated (April 2021)
    Firefox, TOR, Brave, Pale Moon (Firefox fork), DuckDuckGo Privacy Browser, Chrome, Bromite (Android), Iridium, Edge, Waterfox (Firefox fork)

  4. NordVPN: Best browser for privacy (Aug. 2021)
    Firefox, Epic, TOR, Brave, Waterfox, Vivaldi, FreeNet, Safari, Chromium, Chrome, Opera, Edge

  5. vpnMentor: 10 Best Browsers That Are Secure, Private & Fast (June 2021)
    Brave, Firefox, TOR, Waterfox, Epic, Pale Moon, Ungoogled Chromium, Iridium, Safari, Chrome

  6. Restore Privacy: Secure Browsers That Protect Your Privacy (Aug. 2021)
    Brave, Firefox, TOR, Ungoogled Chromium, Bromite (Android), DuckDuckGo Privacy Browser, Waterfox, Pale Moon, GNU IceCat, Iridium

  7. WizCase: 10 Best Secure Web Browsers for Privacy in 2021 (Sept. 2201)
    TOR/The Onion Browser, Ungoogled Chromium, Epic, Firefox, Brave, Safari, Vivaldi, Opera, Chrome, Edge

  8. Privacy Savvy: 11 most secure browsers for private browsing in 2021 (March 2021)
    TOR, Firefox, Waterfox, Pale Moon, Brave, SeaMonkey, GNU IceCat, Chromium, Puffin, Tenta, Edge

  9. ExpressVPN: Ranked: Best (and worst) browsers for privacy in 2021 (Aug. 2021)
    TOR, Firefox, Brave, Chromium, LibreWolf, Pale Moon, Vivaldi, Opera, Iridium, GNU IceCat, Waterfox, Chrome, Safari, SeaMonkey, Edge, Yandex Browser; Honorable Mention: DuckDuckGo

  10. ZDNet: Best browser for privacy 2021: Secure web browsing (May 2021)
    Brave, Firefox, DuckDuckGo's extension, Edge, TOR

  11. Bitcatcha: 9 Most Secure Web Browsers That Protect Your Privacy In 2021 (Sept. 2021)
    Brave, TOR, Firefox, Iridium, Epic, GNU IceCat, Pale Moon, DuckDuckGo, Vivaldi, Chrome, Edge, Safari, Opera

  12. Privacy Canada: Most Secure Browsers for Full Anonymity (Sept. 2021)
    TOR, Brave, Firefox, Epic, Chrome, Internet Explorer, Edge, Opera

  13. Cloudwards: Most Secure Web Browser of 2021: Staying Safe Online (Mar. 2021)
    Puffin, Tenta, Vivaldi, Chrome, Brave, Edge, Firefox

  14. Horrible reference! TechRadar: The best web browsers in 2021 (Sept. 2021)
    Firefox, Edge, Opera, Chrome, Vivaldi

  15. Privacy Australia: 4 Best Browsers for 100% Privacy & 4 to Avoid (April 2021)
    Tor, Epic, Brave, SRWare Iron Browser, Chrome, Opera, Edge, Internet Explorer
    It also recommends Android: Firefox Focus; and iOS: Ghostery Privacy.

  16. VPN Thrive: Online Privacy Guide: 20 Ways To Protect Your Privacy On The Internet (Oct. 2020)
    TOR, Ungoogled Chromium, Iridium, Pale Moon, Brave, with comments on Chrome, Safari, and Edge.

  17. ProPrivacy: 7 Most Secure Browsers - Secure & Private Browsing (Aug. 2020
    Firefox, TOR, Pale Moon, IceCat, SeaMonkey, Waterfox, Brave

  18. [Been Verified: 7 most secure Web browsers for 2020 (Jan. 2021)[https://www.beenverified.com/safety/safest-internet-browser/)
    Firefox, TOR, Brave, Chrome, Safari, Opera, Epic

  19. VSS Monitoring: The Most Secure Browsers of 2021 | Is your Information Safe & Private? (July 2021)
    TOR, Chrome, Firefox, Brave, Edge, Internet Explorer, Opera

  20. Best VPN: Most Secure Web Browsers - 2021 (undated)
    Brave, TOR, Epic, Firefox, Chrome, Edge, Safari, Internet Explorer

  21. 2Spyware: The Most Secure Browser of 2021 (Mar. 2021)
    Firefox, Edge, Safari, Chrome, TOR. Unranked: Opera, Internet Explorer, Epic, Comodo Dragon Internet Explorer.

  22. Design Bombs: https://www.designbombs.com/best-private-browsers/(Sept. 2021)
    Firefox, Brave, DuckDuckGo (Android & iPhone), Avast Secure Browser, TOR, Onion Browser (iOS), Aloha (Android & iPhone), Snap Search (Android)

  23. VPN Overview: Best Internet Browser for Your Privacy: Round-up of 2021 (Aug. 2021)
    TOR, Brave, Firefox, Safari, Chromium, DuckDuckGo Mobile. Avoid: Chrome, Edge, Opera.

  24. Wikipedia: Comparison of web browsers - General information; Operating system support; Browser features; Accessibility features; Acid scores; HTML5 support; Web technology support; Plugins and syndicated content support; JavaScript support; Protocol support; Image format support; Native multimedia support; Internationalization

  25. Pixel Privacy: What Is The Most Secure & Private Web Browser For 2021? (July 2021)
    Does not rank the browsers, but gives info about each, and names TOR the most private browser. Browsers listed: Chrome, Edge, Firefox, Safari, Opera, Epic, TOR, Brave. It also exposes Internet Explorer as the security risk it is.



Constructive comments are welcome!
If you appreciate this article, please 🏅upvote/like👍, 🤩resteem/share and share it to Facebook, Twitter, Reddit, LinkedIn and wherever else you can!