Featured

Published on March 11th, 2013 | by seanbutnotheard

8

The KBMOD Guide to Safer Surfing, Part I: Browser Addons

Share

About the time we were going to publish this article, friend and fellow KBMOD community member @Sagesparten007 published his own security guide, and he included some really useful information beyond what we had planned to include. So with his most gracious permission, we merged his suggestions with ours, resulting in what will become a much more comprehensive series. His original write-up can be found here. Thanks Sage!

Let’s face it, surfing the web is pretty risky, and it’s definitely not very private. So we here at KBMOD thought it would be useful to list a few steps you can take to make your web browsing and other internet usage a little bit safer and more private. This is not meant to be a completely exhaustive guide, but by following a few of the steps in this series, your internet browsing will be much more secure than if you did nothing at all. Since the PC gaming community tends to be pretty savvy compared to the rest of the population, some of these steps may seem obvious to you… but others might not.

Security-Centric Browser Addons

If you care about security and privacy, you’ll want to use either Firefox or Chrome for your web browsing. If you’re using Internet Explorer, you’re doing it wrong. Admittedly, recent versions of Microsoft’s browser offering have been much better since the painful days of IE6. Even so, Firefox and Chrome offer the ability to install add-ons which can greatly improve your browser’s security and privacy features. Here are a few addons that we recommend for use on a regular basis:

  1. HTTPS Everywhere.You already access your bank’s site over what is called an SSL connection… this means that your communication between the bank’s site and your computer is encrypted and thus not (easily) read by a third party snooper (called a man-in-the-middle attack). So why not use encryption to access every website then? HTTPS Everywhere is a Firefox add-on (currently in alpha for Chrome) that is relatively straightforward to use: Most popular web sites like Facebook, Google, Wikipedia, etc. have an encrypted version that is accessible by changing protocol in the address bar to https instead of http— but typically they don’t use it by default, and often as you browse around the site the encryption gets turned off. HTTPS Everywhere makes sure all of your communication with these sites is secured, and the list of sites it supports grows all the time. If you’re a bit web/xml savvy, there’s even a tutorial to show you how to add rules to encrypt the other sites you visit, if they support it (KBMOD does… check this forum thread). For the rest of us, just installing the add-on and letting it do its thing will be sufficient. Get HTTPS Everywhere for Chrome or Firefox from here.
  2. AdBlock Plus. You may already be familiar with this one, but perhaps didn’t think of it as a security necessity. However, since many ads contain Flash and Javascript, and since ad providers no doubt track as much as they possibly can related to their audiences, it’s a good idea to block them from running on all but your trusted/favorite sites. And of course it has the added benefit of speeding up your web surfing experience somewhat. However as many sites rely on ad revenue to pay the bills, so it’s a good idea to add sites you trust to ABP’s whitelist. Get Adblock Plus for: Chrome | Firefox
  3. Do Not Track. This add-on inserts Do Not Track requests into all HTTP requests made by your browser, which alerts the sites you are visiting that you would like to opt-out of third-party tracking. However it’s up to the site you’re visiting to honor this request, so it’s primarily useful on the larger, more-reputable sites. Get Do Not Track for: Chrome | Firefox
  4. NoScript. The last add-on is a bit more involved when it comes to daily use, but it becomes more transparent the more you use it. NoScript blocks any active content (primarily JavaScript and Adobe Flash) coming from sites that you don’t trust. Like AdBlock Plus, NoScript also has a default list of trusted sites (Google, Microsoft, etc) but you will definitely find yourself adding to that list. As you browse you’ll see an Options… button pop up in the lower-right corner of your browser window, which will allow you to either temporarily or permanently add a site to your trusted list. If you are trying to access a site and it doesn’t seem to be working correctly, go for that button because a script is probably being blocked. However, quite often you’ll find many sites work just fine without any active content, and most of the scripts are just for advertising and collecting marketing data — which is exactly what we want to block out. One caveat to watch out for: Often, sites like Facebook.com and Google.com rely on secondary domains (called a content delivery network, or CDN) to serve up media (images, videos, etc.) and other objects. So for example to get the full Facebook experience, you’ll need to add fbcdn.net and facebook.net to the trusted list in addition to facebook.com. The general rule of thumb is, only enable the scripts you absolutely need, starting from most obvious (i.e., enable scripts coming from the domain name you’re visiting and the sister CDN site if necessary) down to least obvious, and stop enabling scripts as soon as the site works. One way to make this semi-automatic is to open up the NoScript preferences, and under the general tab, enable Temporarily allow top-level sites by default, and also select the Base 2nd level domains option. What this will do is enable running scripts on any site that your browser is actually pointed to… I.e., if you’re on kbmod.com it will allow running any scripts from kbmod.com and its subdomains, but scripts pulled in from other sites will not run unless you specifically allow them. Get NoScript for Firefox here. Currently it’s not available for Chrome, but there’s a similar Chrome addon called NotScripts.

Help Us Help You

That’s it for part one, and believe me we’re just scratching the surface. Like it or not, we’ve entered an age when governments and corporations increasingly try to blur the line of what’s acceptable when it comes to handling information about you, so the more you can learn about ways to protect yourself, the better. To that end, we want to hear what you do to keep your information secure. Let us know here in the comments, or jump over to the appropriate section in our forums for a more in-depth conversation.

Next time, we’ll look at a few pieces of software outside of browser plugins that can make your internet experience more secure.

Tags: , , , , , ,


seanbutnotheard

seanbutnotheardSean

Dweller of forests, pubs, and Linux terminals. You can call me Grampappy.


View seanbutnotheard's posts



  • Wheelzz

    Great article, very well written!

  • Poop_finger

    Good guy KBMOD:
    Tells you to use ad block
    Is a ad driven site.

    Keep up the good posts bros!

  • Thompaam

    Fun thing: To make your passwords more secure, misspell words. Ars Technica has an article on the matter. Start unlearning everything from your English classes, bros! http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/

    • Will Hicks

      I have done this, but I always end up misspelling the misspelled password.

  • Orangefanta

    Also stay away from sharks, those are dangerous.

  • chrome

    btw, adblock on chrome doesn’t actually not load the ads it just hides them.

    • Peeble

      That hasn’t been the case in a few years.

  • LukeOfWales

    Would like to add “Ghostery” – it blocks cookies (unless you declare a site safe) which are often used in data mining

Back to Top ↑