/os/ - Online Security

News, techniques and methods for computer network security.


New Reply on thread #1075
X
Max 20 files0 B total
[New Reply]

[Index] [Catalog] [Banners] [Logs]
Posting mode: Reply [Return]


A lot of browser addons or extensions claim to improve privacy and security. These include Ghostery, Disconnect and Privacy Badger along with a slew of others.

I think for most entry level computer users that those type of addons might provide something useful. To people who are more experienced with browsers and their extensions they seem like a gimmick or just fancy visual feedback. A lot bells and whistles with very little actual functionality.

What can really make surfing the internet a much safer experience? If we focus on HTTPS, SSL and Digital Certificates then we have a good head start. From there we can protect ourselves from ads that might lead to sketchy websites. We can beef up our passwords and add authenticators to our accounts. At the most zealous level we can disable javascript and flash.

The following extensions are for Chrome.

https://chrome.google.com/webstore/detail/adblocker-ultimate/ohahllgiabjaoigichmmfljhkcfikeof?hl=en

Adblocker Ultimate accomplishes the two jobs that all adblockers must. First it has to have a pretty good idea of what is undesirable content and what it is that users want to see or interact with. Also there are no false positives; Adblocker Ultimate pretty much never identifies images or other website content as ads when they aren't.

The extension is also easy to turn off. You can disable it entirely or just for a webpage. The function that allows you to add new blocked elements works extremely well.

https://chrome.google.com/webstore/detail/authy-chrome-extension/fhgenkpocbhhddlgkjnfghpjanffonno?hl=en

Authy integrates authentication into the browser. I have not personally used this extension. The use of authenticators is extremely powerful security wise. I prefer to use my phone and download apps that have authenticators because I see having two different pieces of hardware as more secure than an application running beside another on the same device.
https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en

HTTPS Everywhere forces connections on websites to be made through HTTPS instead of HTTP. I have seen a number of times where a website's homepage will have HTTPS enabled but some other portion will not be encrypted through HTTPS.

https://chrome.google.com/webstore/detail/kb-ssl-enforcer/flcpelgcagfhfoegekianiofphddckof?hl=en

KB SSL Enforcer redirects the browser to use SSL/TLS.

https://chrome.google.com/webstore/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei?hl=en

Keeper Password Manager is by far one of my favorite addons. It does a perfect job of saving usernames and passwords. It allows for the easy generation of new passwords that are extremely secure. The features that it offers for free are top notch.

https://chrome.google.com/webstore/detail/pop-up-blocker-for-chrome/bkkbcggnhapdmkeljlodobbkopceiche?hl=en

Poper Popup Blocker is effective and consistent about blocking popups when the browser and adblocker fail to do so.

https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en

Script Safe is overkill and is far too strict by default. Youtube, Twitch and many other websites will not function at all with this extension.

I found myself transitioning from Chromium to Iron and finally to Iridium. It happens to be my favorite derivative of Chromium.

https://iridiumbrowser.de/downloads/

If you don't trust password managers then I suggest using a solution like pass the unix password manager. 

https://www.passwordstore.org/

Also you can just generate passwords with password card and last pass.

https://www.passwordcard.org/en
https://lastpass.com/generatepassword.php

 >>/1035/

I don't endorse google chrome, and generally avoid any products and services produced by this company if you want to maintain computer and internet privacy and security.  Their entire business model is to invade your privacy and sell the information to advertisers and to the government. Avoid all of their products if possible.  

That said I'm sure this thread might be helpfull to windows users.  So go ahead and start a Windows 7 security thread as well.

https://chrome.google.com/webstore/detail/ipfuck/bjgmbpodpcgmnpfjmigcckcjfldcicnd?hl=en-US
IPFuck generates random IPs and fake the use of a proxy with HTTP headers.
It can make you anonymous on several websites.

https://chrome.google.com/webstore/detail/trackmenot/cgllkjmdafllcidaehjejjhpfkmanmka?hl=en-US

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Chrome Browser and popular search engines (AOL, Yahoo!, Google, and Bing) and requires no 3rd-party servers or services.


https://chrome.google.com/webstore/detail/automated-free-proxies-di/ojjklffhhhfpeaelghfocilljceokage?hl=en-US

CIAO identifies trusted and working free proxies using its own community. CIAO is instrumented to collect anonymous data about proxy performance and behavior (e.g., amount of data downloaded, page download duration). This data is reported to our servers as an input for the proxy selection algorithm. To bootstrap this process, our servers discover free proxies by crawling proxy aggregator websites. Each proxy is then tested daily to verify reachability, performance, and behavior. 
(useful for sites like mega.co.nz)

https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on-Chrome-Without-Google‘s-Permission

I would recommend getting the binary, or compiling yourself, a Firefox 52 ESR. ESR/Nightly/Dev builds have extra features that regular versions don't. Such as installing non-Mozilla signed apps and more about:config options. 

https://www.mozilla.org/en-US/firefox/organizations/

I would also recommend using this doc to mess with your settings in about:config. It's not a comprehensive list (I've yet to be able to spoof my vendor), but it has enough where you can work towards making yourself camouflaged. Using this site 

http://kb.mozillazine.org/About:config_entries

You can check more in-depth stats about what your browser is giving off. Like, even if you resize your window, your browser still tells websites your native resolution. 

https://browserleaks.com/

And HTML5 canvas is one of the best ways to track you, considering it generates a near-unique signature for users. For this, you should use this and set your settings to "fake readout API" and "constant" for random number generation. This will help blend you in with the rest of the user info. Turning it off is almost as bad as having it on, because that in and of itself is a unique fingerprint. 

https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/


Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


5 replies | 0 file
New Reply on thread #1075
Max 20 files0 B total