Privacy issues always attract close attention. So, we explored important security-related web browser settings and popular tools (extensions) that make your web surfing safe. You obviously don’t have to install them all. Feel free to pick whatever you like and see how it works for you. Also, you may scroll down to final words to see the best combo for a privacy concerned user.
We can readily recommend Firefox for web surfing: it’s flexible, it provides full user control and has great addons to customize user experience. The default settings, however, aren’t your best choice if you are after maximum privacy. Hence some modifications in about:config and Preferences are in order.
First, in the address bar type about:config, accept the notification and change the following settings.
Tracking protection.
Protection against WebRTC password leaks.
This may affect data transfer rate for web apps using WebRTC (voice and video messengers, etc.). If you need WebRTC for Firefox Hello, then some workarounds are available. Since Firefox 42 and uBlock Origin 1.3.4 this could be done in a different way so it will prevent leak of local IP and leave public IP available. See below on how to get uBlock Origin.
Disable Geo Location.
Safe Browsing is a useful feature but it requires sending your data to Google (which defeats the purpose of this privacy guide), so we recommend disabling it:
Also, it’s a good practice to change cookie policy and some other privacy settings in to the following:
Another thing is to turn off sending data to Mozilla:
Typically, all above settings are available in the respective browsers for mobiles as well.
Chrome is not as willingly recommended as Firefox because it contains closed-source non-transparent elements that may be considered as not privacy-friendly. For similar user experience, Chromium can be used under Linux distributions. While Chromium builds for Windows are mostly unofficial and there's no officially stable version, it works without any issues.
Here’s a list of settings that can be changed for your privacy:
1.Use a different search engine, like DuckDuckGo.
2.Don't sync settings and don't use Google Account in Chrome.
3.Enable Do Not Track and disable all input prediction, safety stuff and sending usage statistics in Privacy settings.
4.Allow sites to set cookies for the current session only and also enable Block third-party cookies.
5.Clear cookies and other stuff on exit.
6.Disable Location Tracking.
7.Use uBlock Origin to prevent WebRTC data leak (also useful for VPN connections to prevent real IP leak).
8.Use Private browsing mode.
GitHub rep: https://github.com/gorhill/uBlock
Chrome extension: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
Firefox extension: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
Available for: Firefox (plus, there’s a version for Android) and Chrome.
AdBlock is by far the most popular anti-ad extension nowadays. However, if you want to totally block all the ads, it’s not your best bet. AdBlock still allows certain trusted ads via a whitelist. While whitelisting it’s not a bad idea (it lets live some great websites funded from ads), you still get the ads.
uBlock Origin is another extension from Raymon Hill and its advantages are low memory footprint, no ad whitelistings and advanced features like domain control. uBlock Origin is developed by the originator of uBlock, as a fork of original uBlock (here's an opinion about how the uBlock ownership dispute emerged): https://www.reddit.com/r/firefox/comments/3bl3dw/ublock_vs_ublock_origin_facts/csnm98g).
Also, it has some other features like preventing IP leak in WebRTC in Chrome and Firefox.
Settings include a huge set of lists that can be easily enabled. It includes Disconnect lists, Malware lists, host lists and much more. Be careful when enabling all those. Too much paranoia may break webpage layout, so it a good practice to restrain it J
uBlock is also an alternative to Ghostery and Disconnect.
This extension is a derivative work from uBlock Origin done by the its author. uMatrix provides flexible control over loadable resource from specific domains. It best fits for advanced users who know how to deal with privacy issues and it can’t be readily recommended for inexperienced users. The feature set is similar to that of NoScript or RequestPolicy. uMatrix is also available for Chrome (while NoScript and RequestPolicy aren’t).
Available: Firefox (also in the mobile version for Android), Chrome, Opera.
HTTPS Everywhere by EFF enables HTTPS connections (S for secure) for as many websites as possible using rules. This extension is strongly recommend for use.
Developer website: https://www.eff.org/privacybadger
Available for: Firefox, Chrome.
Another extension from EFF. Its main purpose is blocking domain and resource tracking elements from being loaded. It works differently from its alternatives and uses some "smart" techniques while allowing user to control its behavior.
Developer website: https://disconnect.me/
Available for: Firefox, Chrome, Windows, Mac, Android (side-load)
Disconnect aims to block resources that track user activity. Below is a screenshot which shows which resources are blocked. The main goal is to protect privacy in social networks such as Facebook, Google Plus and Twitter. Disconnect’s lists are used by Firefox Tracking Protection and uBlock.
Developer website: https://www.ghostery.com/
Available for: Firefox, Chrome.
Ghostery is another way to block known trackers and ads. Critics of this extensions says that it sends information about blocked resources to the developers. Developers say that this works only when Ghostrank feature is enabled and that it doesn't collect any personal information. This option can be disabled, so no data will be gathered and sent to anyone.
Developer website: https://requestpolicy.com/
Available for: Firefox.
This is another privacy addon and it allows controlling cross site requests. By default, it blocks almost any such request. During setup it offers to enable cross-site requests for some well-trusted websites like Amazon and Google.
For other websites RequestPolicy will block all requests. So, you’d need to allow them for each one. It is possible to allow requests from one specific domain to another or to allow requests to a certain domain from all websites.
Web surfing will be somewhat uncomfortable as you will have to make many decisions whether to allow certain domains. So, again this one is for experienced users who need maximum privacy at all costs.
Website developer: https://noscript.net/
Available for: Firefox
NoScript blocks JavaScript and some other stuff (like web fonts) from being loaded. It offers very rich settings, and is built to be easy to use.
There's no extension for Chrome, but Chrome Web Store contains some alternatives like ScriptSafe. Also, for Chrome similar functionality is provided by uBlock Origin and uMatrix.
Developer website: http://www.stardrifter.org/refcontrol/
Available for: Firefox
RefControl enables control over the Referrer string which is sending the origin of your visit to the target web server. This extension is also mostly intended for advanced users as it requires some knowledge and setup. It is configured for individual websites or website groups via rules.
While there are extensions that cater for every aspect of online privacy, installing a lot of extensions may slow down your browser and increase memory usage. Also, they will take time to configure.
For a casual privacy-concerned user, we recommend a Firefox (privacy settings configured) + HTTS Everywhere + uBlock Origin / NoScript combo.
For an advanced user, this set might get a few additions (like RefControl) or variations. The features sets largely overlap, so quite many combinations are possible. Or, you may start with uBlock Origin with default settings and then move to your own uMatrix setup, etc.
By the way, not only these extensions protect your privacy, but they also reduce traffic and web page load times.