With the blogs in this series I want to reach not only my typical audience, security professionals, but especially less security aware people to help them improve their personal security. If you think the content is helpful for people you know, share it with them!
In this post I want to show different types of tools to improve your privacy and security while browsing the internet. This is just a selection of tools that I think are good. There are many more and probably also better ones, but the most important thing is that you get an idea in which areas you can improve your security and privacy.
Which browser should you use?
A recent study tested the following browsers on their security: Firefox 68, Chrome 76, Internet Explorer 11 and Microsoft Edge 44. Firefox came out as most secure. In another comparative study Firefox was considered the best choice concerning security and privacy (albeit with a lot of privacy related modifications).
There are other browsers, like Brave, that offer more privacy out of the box. And other studies will probably give other results. There's always a subjective factor to this kind of research. At the end which browser you use is a personal choice, certainly because there are other important requirements like usability and acceptable performance.
What I want to make clear in this article is that whatever browser you use, if you use some particular extensions and tools you can considerably improve your online security and privacy.
Use a privacy friendly search engine
Almost 93% of people use Google to do online searches. But Google is probably the most privacy intrusive search engine that exists. I think people should take their privacy a bit more serious.
Most websites serve a lot of ads. Sometimes these ads can even serve malware. It's important to use a good ad blocker. Personally i use Adblock Plus. But there are many more good ad blockers. uBlock Origin is also a renowned one.
Other content blocking plugins
uMatrix is a browser plugin available for Chrome and Firefox that gives you finegrained control about which content is loaded on a particular website. The fact that you have so much control also means that you need to learn to work with this plugin. If you want to learn more about how to use it, you can find an extensive tutorial here.
A lot of websites use trackers on their web pages to collect information about your online habits and preferences. Privacy badger is a tool that can help you to stop invisble trackers. It starts blocking once it sees the same tracker on three different websites.
Enforce HTTPS on websites
If you don't know what HTTPS is about, first read this post. HTTPS Everywhere is an extension for Chrome, Firefox and Opera that enforces websites to load over HTTPS. Here's what EFF (Electronic Frontier Foundation) themselves say about it.
"Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS"
There are a lot of different tools available to enhance your password security.
- Have I Been Pwned
- Hack Notice
- Identity leak checker
- PassProtect a browser plugin for Chrome
- Firefox Monitor
- Google Password Checkup. Recently also integrated in Google Password Manager. Read also this article if you want my opinion about Google's password manager.
- Okta PassProtect
In this post I describe how you can use all these tools to your benefit.
In the first place VPNs are tools to protect your privacy. They also help to enhance security. If you don't know what a VPN is or you want to learn more about it, read this post. Which VPN provider you choose is a very personal choice.
I'm happy with ProtonVPN, but there are several good ones. Do some research, but always keep in mind that some studies might not be 100% objective. This is a very thorough comparison of different VPN providers.
2FA Notifier is a tool with plugins for Chrome and Firefox. After you have installed the plugin you get notified when a website provides two-factor authentication. In this video by Tanya Janca you can see how it works.
ToSDR stands for Terms of Service Didn't Read. It's a very handy service that summarizes the terms of service for many websites.
It also gives the websites a rating from very good Class A to very bad Class E.
DuckDuckGo combines several security and privacy enhancing features in its "Privacy essentials" plugin. We've already seen that it blocks trackers. But it also uses a feature very similar to HTTPS Everywhere.
It also uses the ToSDR service. And like you can see Google doesn't score very well.
Which tools you use is a highly personal choice. I hope this post gives you some guidance on how you can improve your online privacy and security. Expiriment with these tools and look for others if you don't like them. If you know other good security or privacy enhancing tools, let me know via Twitter.
That's all for today. Tomorrow more security stuff, in the meantime stay safe online!