Chrome is Google's web browser. It has two forms: Chrome, the proprietary version from Google, with closed-source parts you can't inspect (e.g., Flash), and Chromium, the open-source Free software version. Chromium is preferred over Chrome for privacy reasons.

https://www.eff.org/privacybadger Attempts to do *behaviour-based blocking* of web trackers.

Privacy Badger keeps track of content loaded across different websites. If something appears to be tracking you, it will block it from being loaded in the future.

Upside:

1. adaptive filtering: detection based on behaviour

Downside:

1. may take time to 'warm up' the filter
2. may not catch everything that a blacklist would
3. EFF allows advertisers to opt out of blocking if they promise to behave well

https://disconnect.me/ Blacklist-based filtering of web trackers

Disconnect.me has a blacklist of blocked content and prevents your browser from loading it.

The Chrome/ium version of Disconnect also has a visualizer that lets you see which companies are tracking you across multiple sites.

Upside:

1. extensive blocklist

Downside:

1. on rare occasions blocking content can break a site, in which case you can temporarily pause the blocking if need be.

https://www.eff.org/https-everywhere Forces the browser to use TLS (encrypted) connections when possible

Some sites allow you to connect securely but don't require it.

Scenario: You're browsing a webpage and see a link like http://en.wikipedia.org/wiki/Daniel_Ellsberg HTTPS Everywhere rewrites this link to https://en.wikipedia.org/wiki/Daniel_Ellsberg automatically.

Scenario: You're on an open wifi and you click a link to an HTTPS login page. But an adversary has MitM'd the page and replaced the link with an HTTP one, so they can steal your account details. HTTPS Everywhere prevents the downgrade.

HTTPS Everywhere also has an option to block all unencrypted requests.

Scenario: You're on a network you don't trust (e.g., open WiFi, Tor) and want to prevent injection / spying. HTTPS Everywhere lets you block any unencrypted requests.

You can also opt in to the EFF's SSL Observatory and submit anonymous reports about the encrypted connections you see. This allows the EFF to detect attacks against HTTPS.

uBlock Origin is very efficient and lightweight.

Chrome/ium: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm

Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=search

You can choose to add extra blocklists; the more restrictive you choose to be, the higher likelihood of a website breaking.

Adblockers increase performance as well as protect your privacy.

Friends don't let friends run Flash. The Flash plugin is a huge source of security flaws and you're much safer without it.

Flash also allows websites to track you in ways that are harder to block with standard tools.

In the event that you really, really, really need Flash for some reason, you should minimize your risk by enabling click-to-play.

Scenario: Your browser is redirected to a malicious page with an invisible Flash applet that exploits a security flaw. You visit the page, and your computer is silently compromised.

Firefox: Add-ons > Plugins > “Ask To Activate” or “Never Activate”.

Chrome/ium: Settings > Advanced Settings > Content Settings > Plug-ins > “Let me choose when to run plug-in content”.

Flash is slightly less dangerous in Chrome/ium since it runs in a sandbox.

Disabling Javascript prevents many attacks, but also breaks most websites.

Running Javascript on HTTP sites is dangerous since anyone between you and the website can inject their own scripts that run in your browser.

In Chrome/ium, it's possible to block Javascript on all insecure sites: Settings > Advanced Settings > Content Settings > JavaScript, select “Do not allow any site to run Javascript”, then “Manage Exceptions” and add “[https://]*”. This blocks all JS and then allows it on secure connections.

In Firefox, NoScript allows you to block Javascript.

The Tor Browser has a slider that allows you to adjust your security level, including blocking insecure Javascript

KeePassX is a cross-platform password manager, with third-party apps available for android and ios. It stores all your account credentials in a file that you encrypt with one master passphrase. This way, you can have strong, unique passwords for each online account, avoiding the dangers of password reuse.

Some alternatives are LastPass and 1password. They offer a convenience trade-off, where you store your (encrypted) passwords on their service, and they synchronize them accross your devices.