LOCK DOWN YOUR BROWSER’S PRIVACY SETTINGS
Enable Super Duper Secure Mode in Edge
Edge may not have earned a place in our top six private browsers, but Microsoft is making a welcome effort to boost its protection against hidden elements on web pages that compromise your privacy and security. As we reported in Issue 621 (page 11), this includes beefing up Edge’s ‘Tracking prevention’ feature with what Microsoft has dubbed Super Duper Secure Mode. This disables the web tool Just-in-time (JIT), which is used to speed up Javascript code on web pages, but can also be used by hackers to spread malware and steal your data.
To enable the new mode in Edge, click the three-dot menu button in the top-right corner and choose Settings, then ‘Privacy, search and services’. Ensure that ‘Tracking prevention’ is switched on and select either Strict, to disable JIT on all websites, or Balanced (which Microsoft recommends) to only do so on sites you haven’t visited or don’t visit often. Choosing ‘Strict’ will also block the ‘majority of trackers from all sites’, including those that are known to be harmful (see screenshot below), and means ads will ‘likely have minimal personalisation’. That sounds impressive but falls far short of the total protection offered by Brave, Tor Browser and Firefox, especially because it still allows ads.
Force websites to use HTTPS connections
In our review of Brave (see page 51), we mentioned that the browser automatically upgrades websites to their encrypted HTTPS connections. You’ll also find this feature in other browsers Chrome finally added it last September - but it’s disabled by default, presumably to avoid confusing users with error messages when HTTPS isn’t available. But as a privacy measure that stops unsafe sites leaking your personal data, it’s definitely worth turning on - and it’s easy to turn off again or bypass warnings if you have problems accessing a site.
In Chrome, go to Settings, then ‘Security and privacy’ and click Security. Scroll down to the Advanced section and switch on ‘Always use secure connections’. In Firefox, go to Settings, ‘Privacy & Security’, scroll down to HTTPS-ONLY Mode and select ‘Enable HTTPS-ONLY Mode in all windows’.
Strangely, the feature is still an ‘experiment’ in Edge. To unlock it, type edge://flags into the address bar, press Enter and search for Automatic HTTPS. Select ‘Enabled’ in the dropdown menu and restart the browser. Now go to Settings, ‘Privacy, search and services’ and enable ‘Automatically switch to more secure connections with Automatic HTTPS’. You can choose to only upgrade to HTTPS on websites likely to support it, or force the browser to always switch from HTTP (‘connection errors might occur more often’ – see screenshot above).
Prevent tracking using DNS-OVER-HTTPS
HTTPS websites encrypt data such as your passwords, personal details and search queries, so it can’t be intercepted by third parties. However, it’s still possible for your internet provider (or your employer) to see which HTTPS sites you visit, and use this information to track you.
Most browsers now offer a built-in feature that addresses this privacy concern called DNS-OVER-HTTPS or Secure DNS. This encrypts the DNS requests your browser makes when you enter web addresses, making it more difficult for your internet provider to identify the sites you visit. Mozilla added DNS-OVER-HTTPS to Firefox in 2019 – prompting UK providers to call it an “internet villain” (www.snipca. com/40749) – and enables the feature by default. To check, click Firefox’s threeline menu, select Settings then General and scroll down to Network Settings. Click the Settings button and ensure ‘Enable DNS over HTTPS’ is activated. Other browsers have now added the option, but you may need to turn it on manually.
In Chrome or Brave, go to Settings, click ‘Security and privacy’ and choose Security. Make sure ‘Use secure DNS’ is switched on and select ‘With your current service provider’. Alternatively, click the dropdown menu next to With and select an alternative DNS server, such as Cloudflare (see screenshot above) or OPENDNS – this will prevent tracking if your provider doesn’t support DNS-OVERHTTPS. In Edge, go to Settings then ‘Privacy, search and services’, scroll down to Security and ensure the ‘Use secure DNS…’ option is enabled - again you can either choose your current internet provider or an alternative DNS service.
Switch to a search engine that won’t track you
The default search engine in most browsers is Google or Bing, which are both notorious for following you around the web and collecting your data to target you with ads. Switching to a more private search provider such as Duckduckgo, Startpage or Brave Search (see page 51) will stop you being tracked through your searches, even if you’re using Chrome or Edge.
To change your default search engine in Chrome, go to Settings and select ‘Search engine’. Duckduckgo is now one of the options available in the dropdown menu, but if you’d prefer to use Startpage or Brave Search, select ‘Manage search engines’ and click the Add button. Type Startpage or Brave Search into the ‘Search engine’ box, startpage.com or search. brave.com as the Keyword, and https:// startpage.com/do/search?q=%s or https:// search.brave.com/search?q=%s in the URL box - you can copy those details
from our Pastebin account at www. snipca.com/40752. Click the Add button (see screenshot right) and Startpage or Brave will appear in your list of ‘Other search engines’. Click the three-dot button next to it and choose ‘Make default’.
Now when you type a query into Chrome’s address bar/search box, your search will be made through your preferred private search engine. Note that Startpage uses Google results and Duckduckgo mainly uses Bing, but without those search engines’ inherent tracking. Brave Search uses an ‘independent search index’, which means its results can be hit and miss – but at least they’re anonymous.
You can change your default search engine in Edge in the same way - go to Settings, then ‘Privacy, search and services’, scroll right to the bottom of the page and click ‘Address bar and search’. Either choose Duckduckgo from the dropdown menu or click ‘Manage search engines’ to add Startpage or Brave Search manually.
Ensure Chrome’s ‘ad blocker’ is turned on
The ad blocker built into Brave will stop you seeing the majority of online ads, and is particularly effective on Youtube, which is becoming more ad-stuffed by the day. In contrast, the ‘ad blocker’ in Chrome – and yes, we’re using those quote marks sarcastically – is pretty weak, which is probably why it’s tucked away. Google claims that the feature blocks “intrusive or misleading ads”, as well as “heavy” ads that use an “egregious” amount of bandwidth or battery power (www.snipca.com/40745).
However, because Google makes most of its money from advertising, it’s not in the company’s interest to block ads. The inclusion of the option in Chrome is more about forcing websites to adhere to its advertising standards – preferably by moving to its Google Ads business platform.
Still, if you’re using Chrome and are unwilling or unable to install an ad-blocking extension, it’s worth ensuring its ‘ad blocker’ is turned on, so you can avoid at least some ads and trackers. Click the browser’s three-dot menu button, choose Settings then ‘Security and privacy’ and select ‘Site settings’. Scroll to the bottom of the page, click ‘Additional content settings’ and choose Ads. Finally, select ‘Block ads on sites that show intrusive or misleading advertising’ (see screenshot below).
Edge offers a similar bare-minimum ad blocker – go to Settings, ‘Cookies & site permissions’ then Ads to switch it on.
Delete cookies stored by trackers and ads
A recent update to Chrome (in version 97) makes it easier to manage and delete the cookies that websites store in your browser. More private browsers such as Brave and Tor block these cookies automatically, but the change means that you can now remove them from Chrome without losing cookies that sites need to work properly.
To view this data, go to Settings, then ‘Security and privacy’, select ‘Site settings’ and click ‘View permissions and data stored across sites’ (you can also access this page by typing chrome:// settings/content/all into Chrome’s address bar).
Here you’ll see a list of sites that store data about you, including many you won’t recognise because they’re used by hidden advertising networks and tracking companies. To delete cookies stored by specific domains, click the three-dot icons next to them and choose ‘Clear data’ (see screenshot below), or to wipe all listed cookies, click the ‘Clear all data’ button at the top of the page though be warned that this will sign you out of all sites.