Przeglądarki
Większość stron internetowych korzysta z jakiejś formy śledzenia, często w celu uzyskania wglądu w zachowania i preferencje użytkowników. Dane te mogą być niezwykle szczegółowe, a zatem niezwykle cenne dla korporacji, rządów i złodziei własności intelektualnej. Naruszenia bezpieczeństwa danych i wycieki są powszechne, a deanonimizacja aktywności użytkowników w sieci jest często banalnym zadaniem. Istnieją dwie podstawowe metody śledzenia: stanowa (oparta na plikach cookie) i bezstanowa (oparta na odciskach palców). Pliki cookie to małe fragmenty informacji przechowywane w przeglądarce z unikalnym identyfikatorem, który służy do identyfikacji użytkownika. Odciski palców przeglądarki to bardzo dokładny sposób identyfikacji i śledzenia użytkowników w Internecie. Gromadzone informacje są dość obszerne i często obejmują szczegóły przeglądarki, system operacyjny, rozdzielczość ekranu, obsługiwane czcionki, wtyczki, strefę czasową, preferencje językowe i czcionkowe, a nawet konfigurację sprzętu. W tej sekcji opisano kroki, które można podjąć, aby lepiej chronić się przed zagrożeniami, zminimalizować śledzenie w Internecie i poprawić prywatność.
0 z 39 (0%) zrobiono, 0 zignorowano
| Zrobione | Porada | Poziom | Szczegóły |
|---|---|---|---|
Start | Korzystanie z programu blokującego reklamy może pomóc w poprawie prywatności poprzez blokowanie modułów śledzących stosowanych w reklamach np. poprzez wtyczki takie jak: uBlock Origin, AdGuard. Gdy na stronie internetowej wyświetlane są reklamy stron trzecich, mają one możliwość śledzenia użytkownika, gromadzenia danych osobowych o nim i jego zwyczajach, które następnie mogą być sprzedawane lub wykorzystywane do wyświetlania bardziej ukierunkowanych reklam, a niektóre reklamy są po prostu złośliwe lub fałszywe. Blokowanie reklam sprawia również, że strony ładują się szybciej, zużywają mniej danych i zapewniają mniej zagmatwane wrażenia. | ||
Start | Firefox (with a few tweaks) and Brave are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - arkenfox or 12byte's user.js configs. See more: Privacy Browsers. | ||
Start | Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not logged, or used against you. Consider DuckDuckGo, or Qwant. Google implements some incredibly invasive tracking policies, and have a history of displaying biased search results. Therefore Google, along with Bing, Baidu, Yahoo and Yandex are incompatible with anyone looking to protect their privacy. It is recommended to update your browsers default search to a privacy-respecting search engine. | ||
Start | Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions. Websites can see which extensions you have installed, and may use this to enhance your fingerprint, to more accurately identify/ track you. Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while. | ||
Start | Browser vulnerabilities are constantly being discovered and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can see which browser version you're using here, or follow this guide for instructions on how to update. Some browsers will auto-update to the latest stable version. | ||
Start | If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore be read by anyone who intercepts it. Do not enter any data on a non-HTTPS website, but also do not let the green padlock give you a false sense of security, just because a website has SSL certificate, does not mean that it is legitimate or trustworthy. HTTPS-Everywhere (developed by the EFF) used to be a browser extension/addon that automatically enabled HTTPS on websites, but as of 2022 is now deprecated. In their accouncement article the EFF explains that most browsers now integrate such protections. Additionally, it provides instructions for Firefox, Chrome, Edge and Safari browsers on how to enable their HTTPS secure protections. | ||
Start | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas DNS-over-HTTPS performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. A popular option is CloudFlare's 1.1.1.1, or compare providers- it is simple to enable in-browser. Note that DoH comes with its own issues, mostly preventing web filtering. | ||
Start | Compartmentalisation is really important to keep different aspects of your browsing separate. For example, using different profiles for work, general browsing, social media, online shopping etc will reduce the number associations that data brokers can link back to you. One option is to make use of Firefox Containers which is designed exactly for this purpose. Alternatively, you could use different browsers for different tasks (Brave, Firefox, Tor etc). | ||
Start | When using someone else's machine, ensure that you're in a private/ incognito session. This will prevent browser history, cookies and some data being saved, but is not fool-proof- you can still be tracked. | ||
Start | Browser Fingerprinting is an incredibly accurate method of tracking, where a website identifies you based on your device information. You can view your fingerprint at amiunique.org- The aim is to be as un-unique as possible. | ||
Start | Clearing cookies regularly is one step you can take to help reduce websites from tracking you. Cookies may also store your session token, which if captured, would allow someone to access your accounts without credentials. To mitigate this you should clear cookies often. | ||
Start | Third-party cookies placed on your device by a website other than the one you’re visiting. This poses a privacy risk, as a 3rd entity can collect data from your current session. This guide explains how you can disable 3rd-party cookies, and you can check here ensure this worked. | ||
Start | Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in the background. Privacy Badger, DuckDuckGo Privacy Starts, uBlock Origin and uMatrix (advanced) are all very effective, open source tracker-blockers available for all major browsers. | ||
Plus | While some redirects are harmless, others, such as Unvalidated redirects are used in phishing attacks, it can make a malicious link seem legitimate. If you are unsure about a redirect URL, you can check where it forwards to with a tool like RedirectDetective. | ||
Plus | Many browsers allow you to sign in, in order to sync history, bookmarks and other browsing data across devices. However this not only allows for further data collection, but also increases attack surface through providing another avenue for a malicious actor to get hold of personal information. | ||
Plus | Some browsers allow for prediction services, where you receive real-time search results or URL auto-fill. If this is enabled then data is sent to Google (or your default search engine) with every keypress, rather than when you hit enter. | ||
Plus | When you visit a web page written in a foreign language, you may be prompted to install the Google Translate extension. Be aware that Google collects all data (including input fields), along with details of the current user. Instead use a translation service that is not linked to your browser. | ||
Plus | Browser push notifications are a common method for criminals to encourage you to click their link, since it is easy to spoof the source. Be aware of this, and for instructions on disabling browser notifications, see this article. | ||
Plus | Drive-by downloads is a common method of getting harmful files onto a users device. This can be mitigated by disabling auto file downloads, and be cautious of websites which prompt you to download files unexpectedly. | ||
Plus | Mobile websites can tap into your device sensors without asking. If you grant these permissions to your browser once, then all websites are able to use these capabilities, without permission or notification. | ||
Plus | Location Services lets sites ask for your physical location to improve your experience. This should be disabled in settings. Note that there are still other methods of determining your approximate location. | ||
Plus | Check browser settings to ensure that no websites are granted access to webcam or microphone. It may also be beneficial to use physical protection such as a webcam cover and microphone blocker. | ||
Plus | Do not allow your browser to store usernames and passwords. These can be easily viewed or accessed. Instead use a password manager. | ||
Plus | Turn off autofill for any confidential or personal details. This feature can be harmful if your browser is compromised in any way. Instead, consider using your password manager's Notes feature. | ||
Plus | The CSS Exfiltrate attack is a method where credentials and other sensitive details can be snagged with just pure CSS. You can stay protected, with the CSS Exfil Protection plugin. | ||
Plus | ActiveX is a browser extension API that built into Microsoft IE, and enabled by default. It's not commonly used anymore, but since it gives plugins intimate access rights, and can be dangerous, therefore you should disable it. | ||
Plus | WebRTC allows high-quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak. To learn more, check out this guide. | ||
Plus | Canvas Fingerprinting allows websites to identify and track users very accurately. You can use the Canvas-Fingerprint-Blocker extension to spoof your fingerprint or use Tor. | ||
Plus | The user agent tells the website what device, browser and version you are using. Switching user agent periodically is one small step you can take to become less unique. | ||
Plus | Enabling Do Not Track has very limited impact, since many websites do not respect or follow this. Since it is rarely used, it may also add to your signature, making you more unique. | ||
Plus | HSTS was designed to help secure websites, but privacy concerns have been raised as it allowed site operators to plant super-cookies. It can be disabled by visiting chrome://net-internals/#hsts in Chromium-based browsers. | ||
Plus | Even when you are not using your browser, it may call home to report on usage activity, analytics and diagnostics. You may wish to disable some of this, which can be done through the settings. | ||
Plus | First Party Isolation means that all identifier sources and browser state are scoped using the URL bar domain, this can greatly reduce tracking. | ||
Pro | Websites often append additional GET parameters to URLs that you click, to identify information like source/referrer. You can sanitize manually, or use an extension like ClearURLs to strip tracking data from URLs automatically. | ||
Pro | After installing a web browser, the first time you launch it (prior to configuring its privacy settings), most browsers will call home. Therefore, after installing a browser, you should first disable your internet connection, then configure privacy options before reenabling your internet connectivity. | ||
Pro | The Tor Project provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience. | ||
Pro | Many modern web apps are JavaScript-based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will really reduce your attack surface. |