Browser Hardening for Security
Whether it’s Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge, or any of the hundreds of other options, your web browser is likely the computer application you use most in your daily life. We rely on our web browser to be our gateway to the Internet, and this reliance makes our web browsers very attractive targets for attackers looking to steal our information.

Why Is Web Browser Security Important?

Whether it is Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge, or any of the hundreds of other options, your web browser is likely the computer application you use most in your daily life. You rely on your web browser to be your gateway to the digital world, and this reliance makes your web browser a very attractive target for attackers looking to steal your information. Unfortunately, the default settings on web browsers are not configured with your privacy or security in mind. Instead, they are configured more for convenience and generally leave your internet activities vulnerable to exploitation.

With a few minor tweaks to the settings in your browser, you can vastly improve the security and privacy of your online activities. When you are browsing the internet, you are always being monitored by someone. Internet companies and advertising firms are all collecting or harvesting data about you and your online behavior, and many websites that you visit are doing the same. If a website or company offers a free online service, then chances are that you and data about you are the products being sold. Your personal data, the data about your online behavior, and the advertisements you see on the internet are the products these companies are selling. You may have received some relevant search results to your query, or you received directions to your destination, but these are side effects, because the information you provided to that company is their product.

Take charge of your data, do not be a victim, and stop being a product.

With a few minor tweaks to the settings in your browser, you can vastly improve the security and privacy of your online activities.

Which Web Browser Should You Use?

Firefox

  • Firefox is a well-known, highly respected, and trusted web browser. It is highly customizable and has a wide range of security and privacy features. It just needs to be manually configured to utilize its security features to their fullest. If configured correctly, it can be one of the most secure and private Web Browsers available.

Brave

  • Brave is a lesser known web browser with an emphasis on privacy. Created by the same developer that created Firefox, it has many of its security and privacy features integrated and enabled by default. It is also chromium based so it should be an easier transition for users of Chrome. Brave may be better for less tech savvy users.

Honorable Mention: Tor Browser

  • The Tor Browser offers impressive privacy through its unique integrated Virtual Private Network, The Onion Router (TOR) network. Your data is encrypted and then randomly sent through a series of “hops” or relays before reaching its destination. It is incredibly difficult to trace any activity back to you when using Tor Browser. Despite its great privacy, it is just an honorable mention because browsing using Tor Browser is typically much slower than other browsers and using this browser over others may draw unwanted attention. Internet Service Providers and law enforcement may be suspicious of Tor Browser usage due to the perception that only someone trying to hide something would use such a secure browser.

What Are the Consequences of Using an Insecure Web Browser?

  • Your online activities can be tracked by advertisers or malicious actors.
  • Attackers can gain access to your computer.
  • Personally identifiable information (PII) can be stolen.
    • This includes your name, address, phone number, and email address.
  • Passwords could be compromised.
    • Information that an attacker can obtain through your web browser can make passwords easier to guess or just give them direct access to your password without any additional effort. Once they steal your passwords, they could lock you out of your accounts by changing your passwords. To defeat this, it is important to always use 2-factor authentication when possible. An increasingly common example of 2-factor authentication is a one-time password (OTP). When you attempt to log into a website or use an online service, that website may send an OTP to your email address or text it to your personal phone number, and you in turn provide this OTP back to the sender through the website demonstrating that it is really you trying to log into that website rather than someone who just knows your username and password.

What Are Common Web Browser Threats

  • Cookies
    • Cookies are small files stored on your computer by web servers when you visit websites. Generally, their purpose is to improve your browsing experience by easing authentication and tracking the products you view on the site. Advertising companies also use cookies to build and personalize your marketing profile to ensure you are shown relevant ads.
  • Fingerprinting
    • Fingerprinting is another method that websites use to track you. They gather information about you such as your browser type, time zone, active plugins, language, screen resolution, and more. When combined, this data will generally be unique to you, allowing websites to identify you among the crowd.
  • Malware
    • Malware (malicious software) is any program, software, or application that is harmful to your computer. Malware can invade or damage your computer in many ways. The attackers are generally looking to make money from your data by either stealing it or holding it for ransom. A relatively common malware-based attack will encrypt your entire computer including any important documents you have saved or cherished photographs, and you will be unable to access these files without first entering into your computer a password provided by the attackers. The attackers may provide the password to you once you have sent them the ransom money.
  • Pop-ups/Ads
    • Pop-ups will open a new window without your permission and usually attempt to get you to click a link. The window will often be an advertisement, or some message designed to make you click or call a phone number. You have probably seen a pop-up that claims you have a virus and you need to call a tech support number to get it removed. Websites are not scanning your computer for viruses and that phone number will be used to scam you out of money, personal information, or login credentials. If the pop-up instead has you follow a link, then that link will take you to a webpage that will attempt to install malware onto your computer. Some of these webpages can automatically install software onto your computer just by navigating to the webpage in your browser.
  • Saved Logins and form fill information
    • Saving your login credentials for websites in your browser is often a very bad idea as it can be very easy for an attacker to access these saved credentials. For example, Firefox allows users to view usernames and passwords without any authentication unless you enable a Master Password. From there a simple password reset could lock you out of your account. Form autofill is another potential vulnerability. Browsers can save your name, address, phone number, etc. If an attacker gained access to your browser, all that information would easily fall into their hands.
  • There may also be vulnerabilities within the browser itself if it is left unpatched. While most of these will be minor, some can be more severe, allowing attackers to access your browser or your entire computer system.
If you are not using a VPN then you will be leaving yourself exposed, even if you are doing all the other above mentioned things. A VPN will help mask your public IP address which provides web services with your general location.

Steps to Improve Your Online Privacy and Security

1. Install trusted privacy and security focused plugins.

  • U-Block Origin is a lightweight open source ad blocker that can also block trackers. It is highly customizable with a wide array of filters that you can implement easily. It also allows you to disable JavaScript on a website, which will make a website less interactive, but safer because it prevents ad pop-ups, and media that autoplays.
  • HTTPS Everywhere forces an HTTPS connection to websites whenever it is available so your traffic will always be protected with end to end SSL/TLS encryption.
  • Decentraleyes intercepts resource requests sent to Content Delivery Networks and instead loads the resources locally. This prevents the third parties who normally host these resources from tracking you.

2. Change your default search engine to Duckduckgo.

  • Most search engines are constantly harvesting as much data as they can about you so that they can sell that data to advertisers. Duckduckgo and other privacy-focused search engines do not track and store your every move in a database. They are not using your data to build a profile about you that they can profit from, but instead earn revenue from keyword-based advertisements that do not follow the User.

3. Firefox users – Configure your Browser settings for improved security.

Every browser should have similar settings, but the following examples come specifically from Firefox. Some important changes you should make in the browser settings include:

  • Delete cookies and site data when you close the browser
  • In Firefox, Turn the Enhanced Tracking Protection to Strict. This will block most trackers, cross-site cookies, fingerprinters, and cryptominers. 
  • Disable Autofill addresses and change the history to “Never Remember”
  • Disable saved logins and passwords. 
  • Set “Send do not track requests” to always.

This is not an exhaustive list, but it is a good place to start when you first install your browser.

4. Keep your Web Browser and Antivirus software up to date.

Updating your software is a simple and basic protection but out of date software has been the source of many malicious exploits and should not be overlooked as a security risk.

5. Use a Virtual Private Network (VPN )to hide your IP address and encrypt your internet traffic. 

If you are not using a VPN then you will be leaving yourself exposed, even if you are doing all the other above mentioned things. A VPN will help mask your public IP address which provides web services with your general location. All these practices need to be implemented together to achieve maximum effectiveness.