Day 8
Time for a Better Browser!
Day 8: Time for a Better Browser!
Welcome to Day 8 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at snubsie.com, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.
Today we're going to upgrade your browser security! Your browser is an important part of your computer - it's how you access the internet, after all! And as such, it's important as well to secure your browser as best you can against attackers. Much of the security settings you'll set on a browser are invisible and won't detract from your usage - so there really is no reason to NOT implement these settings. The hardest part, though, is taking the time to do it. So let's get into day 8!
Chances are you are currently using a browser to watch this video, be it Internet Explorer, Microsoft Edge, Google Chrome, Mozilla Firefox, Safari, or even Opera. That is, unless you're watching it in the YouTube app. There's tons of browsers to choose from - many of which work better than others. Today we're going to focus on Firefox and Chrome because these both offer better security as well as convenience for day-to-day use. I'll mention some of my top picks for even more privacy conscious browsers after breaking down these two.
First off, if you're still using Internet Explorer, we're going to switch you to a better browser. Versions older than IE11 on newer platforms are no longer supported by Microsoft, and as such, they are also prone to vulnerabilities. You could upgrade to IE11 or Edge if you wanted to, but neither of these are as recommended as Chrome or Firefox.
Why? Chrome and Firefox offer updates very often, and they include privacy and security options by default. Some items are not defaulted, so I'll walk you through turning those on.
First off, get your browser of choice downloaded, installed, and set it as your default browser. Directions for both Mac and Windows are linked below.
For Chrome, hit the three little dots in the top right corner, then go to settings. If you already have an account with Google, you can sign in or sign out from this page. Signing in will let you see your sync settings. Here, you can turn off anything you don't want syncing across multiple devices, like stored passwords, searches, or bookmarks. Turn off anything you don't want syncing across any of your other devices that are signed into Chrome under the same account. If you click on "Manage Synced Data on Google Dashboard" you can see how much data is synced, and what each term means. You can also reset syncing if you wish. Back on the settings syncing page is encryption options. If you keep sync on, you can encrypt your data with either your google account creds or a separate passphrase. Encrypting with your username and password is fine as long as you also turn 2 factor authentication on for your google account. I'll go into more detail on 2 factor auth in a future video. This means an attacker would need your username, password, as well as an extra code to sign into and sync your saved info on a new machine. Encrypting with a separate passphrase means this is included after you sign into your account to sync data. Your best bet is to turn syncing off, which is the most secure. If you can't live without your bookmarks syncing, pick and choose which items to sync, then use a new passphrase if you don't intend to turn on two factor authentication, when I walk you through how to do that in a few days.
From here click on Personalize Google Services, and Show All Activity Controls. Here, turn off anything you don't want google saving in your account. You can also click on Manage Activity to really dig into Big Brother details on your Google account.
Next, go back to the Settings page and click Manage other people. If there's more than one account on your browser (say, for a friend or family member), you can then delete them by clicking the three dots on their picture. I'm going to skip over customizations that don't have to do with security or privacy and move on to search engine. Google is the default, but you can switch this to a new search engine that doesn't track you. DuckDuckGo is my fav, but there are other privacy conscious options available as well. Click manage search engine to add a new search engine to your account, then click the the dots next to it's name to make it the default.
Now click Advanced on the Settings menu. The only sliders in this section that you should turn on (to blue) are - Protect your device from dangerous sites, and Send "Do Not Track" request. Everything else should be turned off. I've included a link in the shownotes to descriptions of each of these options.
Next is Content Settings, which sends or allows specific data to be used on different websites you visit. Go through each of these and choose either Blocked by Default, or Ask Before Accessing. If you're unsure of what one means, check my link in the shownotes for descriptions. A note on Cookies and Javascript. Both of these are required for some sites, and for convenience, most folks leave these on. I recommend clearing your saved cookies and blocking third party cookies, which can usually come from ads. You can also disable JavaScript (which is not the same as Java), then Whitelist sites that require it that you need to access.
Go back to the Settings menu and hit Clear Browsing Data. Check all items then choose clear browsing data. Next, click on Autofill settings and delete any saved info. From Settings, turn off Manage Saved Passwords so all passwords aren't saved in your browser. Delete any that are currently saved. Scroll down on the Settings Menu to choose "Ask where to save files" when downloading files.
Lastly, if you want to restore all settings in Google Chrome to factory install, click Reset at the bottom of the Settings Menu. If you want to take it further, you could just not create a Google Account if you don't need one, or you can set up 2 factor authentication if you do. Check out myaccount.google.com for more information on how you can secure your Google account for Chrome, Gmail, and more. I'll chat more on that later!
Now for Firefox settings! Click on the three lines and choose options. On General, set it as your default browser and Ask where to save files. On the Search menu, choose your favorite search engine (I like DuckDuckGo myself).
Go to the Privacy tab, click on manage your Do Not Track settings, then click Always Apply Do Not Track. Under History, click Use Custom Settings, then under Accept Third Party Cookies, choose Never. You can also whitelist or blacklist cookies from sites you visit by click on Exceptions next to the Cookies option. Last, go to the Security tab and make sure the top four things are already checked, then go down to Use a Master Password and choose a master password for Firefox. Now, if someone steals your computer, they won't be able to access your firefox browser unless they KNOW your password.
For your iPhone or Android, you can use the same browser settings by clicking into your browser, clicking the icon for settings, then going through the options and enabling or disabling them depending on your security needs. If you're using an account on your browser that syncs your settings, you can use that same browser on mobile and your settings will auto populate on your phone.
Now that you've got a new browser installed and updated your settings, just make sure your browser is up to date by clicking under the About Browser menu, and checking the current version. Now you should be done with today. BUT, if you're more interested in building your security and don't mind giving up some convenience, check out some browsers that consider security and privacy first and foremost. My favorite is Brave Browser, which blocks ads by default, and makes browsing faster overall, and is available on mobile as well as PC. But there are plenty of other options as well, so find one you like and stick with it.
Day 8 is now complete. Tomorrow we'll set up privacy and security extensions for your browser. But first, make sure to subscribe on youtube and hit up snubsie.com for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 9!
Important Links:
https://support.apple.com/en-us/HT201607
https://support.microsoft.com/en-us/help/4028606/windows-change-your-default-browser-in-windows-10
https://allaboutdnt.com/
https://duckduckgo.com/
https://support.google.com/chrome/answer/114836?co=GENIE.Platform%3DDesktop&hl=en
https://support.google.com/chrome/answer/114662?co=GENIE.Platform%3DDesktop&hl=en
https://brave.com/
https://www.mozilla.org/en-US/firefox/
https://www.google.com/chrome/browser/desktop/index.html