Security and privacy enhancing tools

With the blogs in this series I want to reach not only my typical audience, security professionals, but especially less security aware people to help them improve their personal security. If you think the content is helpful for people you know, share it with them!

In this post I want to show different types of tools to improve your privacy and security while browsing the internet. This is just a selection of tools that I think are good. There are many more and probably also better ones, but the most important thing is that you get an idea in which areas you can improve your security and privacy.

Which browser should you use?

A recent study tested the following browsers on their security: Firefox 68, Chrome 76, Internet Explorer 11 and Microsoft Edge 44. Firefox came out as most secure. In another comparative study Firefox was considered the best choice concerning security and privacy (albeit with a lot of privacy related modifications).

There are other browsers, like Brave, that offer more privacy out of the box. And other studies will probably give other results. There's always a subjective factor to this kind of research. At the end which browser you use is a personal choice, certainly because there are other important requirements like usability and acceptable performance.

What I want to make clear in this article is that whatever browser you use, if you use some particular extensions and tools you can considerably improve your online security and privacy.

Use a privacy friendly search engine

Almost 93% of people use Google to do online searches. But Google is probably the most privacy intrusive search engine that exists. I think people should take their privacy a bit more serious.

Look for alternatives like DuckDuckGo and Startpage.com. I recommend you to set one of them as default search engine. You will not miss the targeted ads Google showed you.

Ad blocking

Most websites serve a lot of ads. Sometimes these ads can even serve malware. It's important to use a good ad blocker. Personally i use Adblock Plus. But there are many more good ad blockers. uBlock Origin is also a renowned one.

Other content blocking plugins

uMatrix is a browser plugin available for Chrome and Firefox that gives you finegrained control about which content is loaded on a particular website. The fact that you have so much control also means that you need to learn to work with this plugin. If you want to learn more about how to use it, you can find an extensive tutorial here.

Anti-tracking tools

A lot of websites use trackers on their web pages to collect information about your online habits and preferences. Privacy badger is a tool that can help you to stop invisble trackers. It starts blocking once it sees the same tracker on three different websites.

Another good tool for blocking trackers is DuckDuckGo Privacy essentials which is available as an add-on for Firefox or as a Chrome extension.

Enforce HTTPS on websites

If you don't know what HTTPS is about, first read this post. HTTPS Everywhere is an extension for Chrome, Firefox and Opera that enforces websites to load over HTTPS. Here's what EFF (Electronic Frontier Foundation) themselves say about it.

"Many sites on the web offer some limited support for encryption over HTTPS,  but make it difficult to use. For instance, they may default to  unencrypted HTTP, or fill encrypted pages with links that go back to the  unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS"

Password security

There are a lot of different tools available to enhance your password security.

In this post I describe how you can use all these tools to your benefit.

VPNs

In the first place VPNs are tools to protect your privacy. They also help to enhance security. If you don't know what a VPN is or you want to learn more about it, read this post. Which VPN provider you choose is a very personal choice.

I'm happy with ProtonVPN, but there are several good ones. Do some research, but always keep in mind that some studies might not be 100% objective. This is a very thorough comparison of different VPN providers.

Multi-factor Authentication

2FA Notifier is a tool with plugins for Chrome and Firefox. After you have installed the plugin you get notified when a website provides two-factor authentication. In this video by Tanya Janca you can see how it works.

ToSDR

ToSDR stands for Terms of Service Didn't Read. It's a very handy service that summarizes the terms of service for many websites.

It also gives the websites a rating from very good Class A to very bad Class E.

Combined functionality

DuckDuckGo combines several security and privacy enhancing features in its "Privacy essentials" plugin. We've already seen that it blocks trackers. But it also uses a feature very similar to HTTPS Everywhere.

It also uses the ToSDR service. And like you can see Google doesn't score very well.  

Conclusion

Which tools you use is a highly personal choice. I hope this post gives you some guidance on how you can improve your online privacy and security. Expiriment with these tools and look for others if you don't like them. If you know other good security or privacy enhancing tools, let me know via Twitter.

That's all for today. Tomorrow more security stuff, in the meantime stay safe online!

John Opdenakker

John Opdenakker

Blogger | #Infosec | #AppSec | Security awareness | Occasional Public Speaker | Cycling | Running | Enjoying life