secure_browsing
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
secure_browsing [2019/08/04 17:46] – neil | secure_browsing [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 2: | Line 2: | ||
====Key points: ==== | ====Key points: ==== | ||
+ | *[[#Use a VPN or Tor|Use a VPN or Tor]] | ||
*[[#Beware of " | *[[#Beware of " | ||
*[[#Use a trusted DNS server| Use a trusted DNS server]] (e.g. by using a VPN, or DNS-over-https, | *[[#Use a trusted DNS server| Use a trusted DNS server]] (e.g. by using a VPN, or DNS-over-https, | ||
Line 10: | Line 11: | ||
* [[#Block third-party cookies|Block third party cookies]] | * [[#Block third-party cookies|Block third party cookies]] | ||
* [[#Block unnecessary JavaScript|Block unnecessary JavaScript]] | * [[#Block unnecessary JavaScript|Block unnecessary JavaScript]] | ||
+ | |||
+ | ====Use a VPN or Tor==== | ||
+ | |||
+ | Unless you trust the network to which you are connecting (e.g. your home or office Wi-Fi) and the Internet service provider which provides that Internet connection, connect to a [[virtual_private_networks|VPN]] before you open your browser. | ||
+ | |||
+ | If you do not have a VPN, use [[tor|Tor]]. | ||
====Beware of " | ====Beware of " | ||
Line 21: | Line 28: | ||
(In this case, Google controls both g00gle.com and google-email.com — probably for the very reason of trying to lessen the risk to users.) | (In this case, Google controls both g00gle.com and google-email.com — probably for the very reason of trying to lessen the risk to users.) | ||
- | But these all rely fooling you with a similar, but not correct, URL and, with some additional scrutiny and care, you should be able to keep yourself safe from these type of attacks. | + | Â |
+ | But these all rely on fooling you with a similar, but not correct, URL and, with some additional scrutiny and care, you should be able to keep yourself safe from these type of attacks. | ||
====Use a trusted DNS server==== | ====Use a trusted DNS server==== | ||
Line 29: | Line 37: | ||
That's because: | That's because: | ||
- | * the system | + | * the Internet' |
- | * networks often try to be helpful and offer you a DNS service | + | * networks often try to be helpful and offer you a DNS service, but the outcome is that you are using the Internet equivalent of their own personal phone book, and you have no idea if they' |
The net result is that you could type the right URL into your browser, but still be directed to a fake site. | The net result is that you could type the right URL into your browser, but still be directed to a fake site. | ||
Line 55: | Line 63: | ||
As a rule of thumb, be very wary giving personal data to a site which is not showing a padlock. But don’t rely on a padlock as a sign that everything is fine. | As a rule of thumb, be very wary giving personal data to a site which is not showing a padlock. But don’t rely on a padlock as a sign that everything is fine. | ||
- | ====Use two-factor authentication wherever you can ==== | + | ====Think carefully before accepting untrusted certificates |
- | In addition to a username and a password, some sites will let you also set an additional authentication factor, such as a time-limited code, which you have to enter before | + | Sometimes, when you are browsing, you will see messages in your browser warning |
+ | Â | ||
+ | {{:: | ||
+ | Â | ||
+ | If you are connecting to a new piece of network hardware which you have just installed (such as a new router, or network-connected storage device) or new server software, and you are confident that the URL or IP address | ||
+ | Â | ||
+ | If, however, you are just browsing and you stumble across an error like this, it is safest if you browse away from the site in question, without accepting the certificate. You might be fine, but it may also be an indication that someone | ||
+ | Â | ||
+ | ====Use two-factor authentication wherever you can ==== | ||
- | It would not stop a rogue site from getting your username and password | + | In addition to a username and a password, |
- | Enable two-factor authentication wherever you can, but make sure you have a back-up mechanism. | + | It would not stop a rogue site from getting your username and password |
More information on [[two-factor_authentication|two-factor authentication]]. | More information on [[two-factor_authentication|two-factor authentication]]. | ||
Line 69: | Line 85: | ||
There’s a strong chance that your browser offers a “private browsing” mode. | There’s a strong chance that your browser offers a “private browsing” mode. | ||
+ | |||
+ | {{:: | ||
This was commonly discussed as a mode which you were supposed to use when buying a present for a loved one, so that they would not find traces of your secretive gift habits if they happened to use your computer. In reality, it’s pretty much universally known as “porn mode”, for much the same reason. | This was commonly discussed as a mode which you were supposed to use when buying a present for a loved one, so that they would not find traces of your secretive gift habits if they happened to use your computer. In reality, it’s pretty much universally known as “porn mode”, for much the same reason. | ||
Line 89: | Line 107: | ||
There are various techniques for blocking these things: | There are various techniques for blocking these things: | ||
- | * [[https:// | + | * [[https:// |
- | * on-device software, usually in the form of a browser plug-in, such as [[https://adblockplus.org|Ad Block Plus]] and [[https:// | + | * As a bonus, if you use a VPN to connect back to your network, you can use your Pi-hole system to block adds on your computer or mobile device, wherever you are connecting from. |
+ | * on-device software, usually in the form of a browser plug-in, such as [[https://github.com/ | ||
- | ====Clearing your cookies | + | ====Block third-party |
- | Sites may store information on your computer, in the form of cookies. | + | Sites may store information on your computer, in the form of small text files known as cookies. They may also use other techniques, such as running bits of code in your browser. |
You can delete these (or refuse to receive them in the first place) through your browser settings. | You can delete these (or refuse to receive them in the first place) through your browser settings. | ||
- | Blocking all cookies might make some sites work poorly — if a cookie is used for keeping your login session active, for example, or maintaining the content of your shopping basket before you check out, disability | + | Blocking all cookies might make some sites work poorly — if a cookie is used for keeping your login session active, for example, or maintaining the content of your shopping basket before you check out, disabling |
+ | Â | ||
+ | Blocking third party cookies, or enabling the option to prevent cross-site tracking, is unlikely to pose any usability problems, while increasing your privacy. | ||
+ | Â | ||
+ | For example, in Safari on macOS, it is in Settings / Privacy, and it looks like this:Â | ||
+ | Â | ||
+ | {{:: | ||
- | Removing | + | ===Tracking without cookie is still possible===Â |
+ | Even without | ||
- | ===“Supercookies”=== | + | You can see how unique you are using the EFF’s [[https:// |
- | Information injected into your browsing by your ISP. VPN may assist — assuming that your VPN provider is not modifying your traffic too… | + | |
- | ===Tracking without cookies===Â | + | ====Block unnecessary JavaScript==== |
- | Even without cookies, still possible to track you: | + | |
- | Combination of IP address | + | In addition to blocking ads and trackers, and blocking third party cookies, lots of websites use JavaScript. This can be for legitimate reasons such as improving the user interface, but they may also be malicious (such as using your computer' |
- | EFF’s “panopticlick” tool: https:// | + | |
- | Looks at the variety | + | Switching off JavaScript is unlikely to be tenable, as it breaks core functionality |
- | ===Blocking ads=== | + | If you find you cannot switch of JavaScript completely, tools such as [[https:// |
secure_browsing.1564940782.txt.gz · Last modified: 2021/07/06 09:26 (external edit)