Harden your browsers
The web browser might well be the most used application on your machine, so it deserves special attention.
We’ve usually been pretty impartial about which browser you should use, but we’re going to deviate from that slightly, at least for this feature. Chrome’s always been a slick browser, but all that Googleyness baked in makes us queasy. Chromium is a better option, being entirely open source, devoid of Flash and generally less dependent on Google services. It’s also easier to install than Chrome on most distros because of the rules about the latter’s redistribution. However, a change crept into both Chrome and
Chromium last year that made us more wary. That changed concerned the ‘Sign in to Chrome’ functionality, which connects the browser to your Google account and can optionally sync bookmarks, extensions and browsing history – just like in Chrome
OS. Up until Chrome 69, this option was distinct from signing into Google services via their web pages – and this, we thought, was a good thing. But now, just signing into those services connects the whole browser with that account. We don’t have a problem with signing into Google or indeed any other browser-wide service, but that should be done explicitly by the user.
We should point out that these enforced sign-ins don’t currently sync bookmarks and so on. Google’s privacy policy (see www.google.com/chrome/ privacy/#browser-modes) just mentions that in the Signed In mode, the browser can connect to the user’s Google Payments account – it doesn’t imply that any additional data is sent to Google. However, we’re cynical and even though no data is overtly shared now, such a change could easily creep in. So as such we’re recommending Firefox, but that’s just us. Obviously if you don’t use your Google Account regularly (a good thing) none of that really matters. Read more about it on crypto guru Matthew Green’s blog at http://bit.ly/ lxf253crypto 1.
Whichever browser you use, we’d recommend using an ad-blocker like ublock Origin – though we’re still in the publishing business, just, so we’d also ask you to disable it for trusted, quality sites (that’s a short list–
Ed). There’s too much dodgy business that goes on with third-party advertising networks; see, for example, our malware feature in LXF251. For related reasons we’d also recommend enabling the Do Not Track option in your browser’s settings. By design this has to be set by the user – it’s a signal that you send to advertisers to let them know you’re not interested.
Browser extensions in general should be treated with caution, but we approve wholeheartedly of the EFF’S Httpseverywhere, which ensures HTTPS is used wherever possible. Many sites often still accidentally link to HTTP resources, even if your connection to the main page is done over HTTPS. The EFF’S Privacy Badger is a good shout too; instead of using preassigned blocklists Privacy Badger learns as it goes, so you might need to give it a few hints early on. Privacy
Badger will snuffle out whether ad networks are respecting your Do Not Track settings, and duly blacklist them if so.
One of the most worrying aspects of ad trackers is the potential for browser fingerprinting. Even though an advertiser doesn’t know you by name, they can, through the wonders of Javascript, HTML5 and good old fashioned content headers, get your browser to jump through some hoops – and, based on those gymnastics, uniquely fingerprint it. The hoops in question are things like font availability, user agent strings, plug-ins and window size. The Tor Browser goes as far as to warn you when you maximise a window that this will betray your display’s resolution to the current website. Just by using Linux your browser marks itself out as being in the minority, which is why the Tor
Browser supplies misinformation through its User Agent string, purporting to be:
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
Browser fingerprinting is nothing new (the indomitable Dr Brown covered it in LXF190, back when we could afford to pay him), but given all the other information that’s already probably held about us nowadays, it’s all the more worrying. See how unique you are, and try to do something about it, at the EFF’S Panopticlick website, https://panopticlick.eff.org. And no, we can’t explain entropy here – which is probably a sign that we don’t understand it.
Stack Overflow recently became unwitting host to a fingerprinting script embedded in an advert.
It would illustrate our point nicely if that was a questionable ad agency supplying ads for second-rate products, but the offending ad was served by Google and advertised Microsoft’s Azure cloud service. Seriously though, it’s possible the Javascript in question was being used to identify bots rather than track users.
Preferring privacy
Web browser settings pages have become a lot simpler nowadays, but that doesn’t mean web browsers are any less configurable. It just means many of those options are more likely to confuse the average user than benefit them. Search for ‘chromium command line switches’, for example, or browse to about:config in Firefox and you will find more abstruse options than you can shake a stick at. Incidentally, you’ll find a privacy. resistfingerprinting option in here that can mitigate against fingerprinting requests. These grown-up options are all stored in a Javascript file called prefs.js
in Firefox’s profile directory, for example ~/.mozilla/ firefox/xxyyzz.default.
People have gone to extraordinary lengths to harden
Firefox’s default options, and you’ll find one of the most comprehensive examples at https://github.com/ pyllyukko/user.js. There’s not enough space in the magazine to go through all of these options, but do look into them at your leisure and consider making your own user.js file, which will be merged into the main prefs.js
file in a robust way next time you start your browser. A similar project is ghacks-user.js, which you should study at https://ghacksuserjs.github.io/ghacksuser.js . If you have Git installed, you can start using the Pyllyukko user.js right away with:
$ cd ~/.mozilla/firefox
$ git clone ‘https://github.com/pyllyukko/user.js. git’
$ cd xxyyzz.default
$ ln -s ../user.js/user.js user.js
One of the most important things this file does is to rein in WEBRTC, which although designed as a protocol for real-time video communications can be used to identify the IP address behind proxies or VPNS. The relevant settings can be found on the about:config page by searching for media.peerconnection . You can read more about what these WEBRTC settings do at https://wiki.mozilla.org/media/webrtc/ Privacy. Good news, too, if you’re fed up with websites asking to send push notifications to your desktop: the method outlined here will disable those altogether, via the dom.webnotifications.* options.
One of the simplest things you can do right now to boost your privacy is to stop using Google as your default search engine and start using Duckduckgo. You might not get quite the up-to-the-minute results you’re used to, but you also know your searches aren’t connected to your identity. Both Firefox and Chrome enable you to make this change from the Search part of their settings. If you miss your ‘tailored for you’ Google results, prefix your search query with !g – but bear in mind that even if you’re not logged in to Google, these searches probably still get tied to your account.