Add-ons for safe surfing
Add-ons for safe surfing

If the Internet feels like the Wild Wild Web for you, then good browser settings will help you tame it.

Protected In The World Wide Web

It’s a stipulation for Firefox, Chrome and Edge to fulfil a minimum standard for safe web browsing. In particular, this includes the ability to eliminate safety loopholes in real-time, which is delivered in the form of automatic updates. This is critical, because over 100 loopholes can be found per year (see right). While in use, Chrome and Edge have an active protective function, which runs specific processes in a sandbox by default. As for Firefox, the developers are currently trying to implement the same feature. The companies behind the browsers, Microsoft, Google and Mozilla, are also involved in the implementation of new safety technologies and often integrate them in the browser before service providers implement them on the Internet. The best example of this is the new TLS 1.3, which accelerates the establishment of encrypted HTTPS connections and increases their safety. In the current versions of Firefox and Chrome, you still need to activate this feature manually (see right). A suitable addition is HTTPS Everywhere, an add-on for Chrome and Firefox (see pg. 64), which automatically establishes an encrypted connection to a website whenever possible. A flawless HTTPS connection also protects against interception of log-in data, such as those for the banking website or the mail host. If you access encrypted services frequently, you should check the quality of your HTTPS connection at ssllabs.com/ssltest.

1.HTTPS EverywhereEncrypted surfing

Many websites still do not have any encrypted HTTPS connection or don’t have it enabled by default. This add-on for Firefox and Chrome, developed by the Electronic Frontiers Foundation, asks a local database whether it is possible to establish a HTTPS connection on the website that is being accessed, and automatically shifts the browser correspondingly. In addition, users can also use the SSL Observatory that asks the Electronic Frontier Foundation online about whether the HTTPS certificate of a website is correct.

2.NoScript – Disabling scripts

Most web attacks that exploit loopholes in browsers use JavaScript or another script language to do so. NoScript allows scripts to be banned completely or for individual websites. In addition, the add-on blocks other targets such as Flash, Silverlight as well as Java content. Optionally, users can impose a blanket ban on the executions of Firefox plugins (not the add-ons). As NoScript sometimes greatly limits surfing, it has a ‘‘Positive list” of websites in the ‘‘Settings”, which can be accessed without being blocked.

3.uMatrix – Deactivating web codes

The blocking add-on known as uMatrix requires practice and basic understanding of the elements used in creating a website. Those who do will know how to easily show or hide any parts of a page, revamping the display of the content according to their taste. uMatrix also offers the option to conceal the user agent and can stop all referrer information, both actions which make fingerprinting and tracking down the surfer more difficult. uMatrix does not use any filter lists, but blocks domains using updated host lists.

Anonymously On The Move

The Internet is an open space in which users move around. Promotional trackers follow their tracks using cookies, with intelligence agencies able to tap into these web traffic or request from a provider for saved connection data. For more privacy, the average internet users must be more proactive. Firefox, Chrome and Edge have implemented a private mode that can be enabled by opening a new anonymous window, where all surfing history is deleted upon closing the window. In addition, Chrome has installed a backup with Guest mode, which helps blocks access to the user’s web tracks, such as history or bookmarks. To set it up, place a checkmark in front of ‘‘Enable Guest browsing” in the ‘‘Settings”. Then, establish a desktop link for the ‘‘guest” via ‘‘Add Person” – the browser can directly be opened in this mode later using the link.

The private mode in Firefox can also be made better using functions that Mozilla has incorporated in collaboration with the Tor project (see left). To use those functions, go to ‘‘about:config” and open the context menu. Use ‘‘New | Boolean” to create an entry having the name ‘‘privacy.resistFingerprinting”and set it to ‘‘true”. It ensures that the browser no longer releases any information about installed addons or about the screen resolution. Both are measures against the so-called finger-printing, which refers to following the surfer on the basis of the queries about the system configuration. Another feature adopted from the Tor project is the ability to block third party content such as cookies, which are not set directly by a website that has been visited. This first party isolation can be activated in ‘‘about:config” by double-clicking ‘‘privacy.firstparty.isolate” to set it to “true”. It is possible that this still should also work fine if the feature were officially implemented in the future, but if it doesn’t then you should switch it off.