![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
makoyiThe Internet is not your friend. Whether its a scammer trying to steal your logins, a hacker trying to trick you into installing a virus to take over your computer, or your favorite site selling your personal information, these days, everyone seems to want a piece of you online. Before you share another piece of personal information, before you buy or sell one more thing online, before you download that spiffy gif, you may want to do a few things to take back a little control over your own online life. This list is designed to include only the tips I have that work mostly passively (in the background) while you browse normally so that the less tech savvy can get the benefits without having to learn a lot of new things.
1. Update your browser, patch your Operating System regularly, and use active antivirus shields.
This should be a no-brainer but Microsoft reports a frightening number of people still using IE 6 and 7. You MUST keep your browser up to date, your important plugins (like Flash and Adobe Reader) updated, and your Operating System patched. You MUST also use antivirus. If you're on Windows, try AVG or Avast. If you're on Mac, try Sophos. If you're a Windows user and not sure if your system and software are up to date and safe, try Secunia PSI. It will scan your computer and tell you which programs aren't up to date, then give you a simple way to get those patches you need.
2. Clear all your caches every time you close your browser.
There just isn't any reason not to do this. It takes up space you could be using for other things. It stores information about you that companies can retrieve to follow you around online and build a profile from you (and once that stuff is out there, there's no getting it back). Besides, chances are pretty good you've never, ever actually needed to get cached info from previous sessions. So if it's not doing you any good and it's taking up space, it just makes sense to get rid of it.
Firefox:
Start with Tools>Options (Edit>Preferences for those of you using Linux). Under the Privacy tab, select "Clear History When Firefox Closes" and click the "Settings" button beside it. In the dialog the opens, choose which things you want cleared and which you want to remain. You should definitely clear cache. The rest are all personal preferences.
You're not done yet though. You still have other caches - for Flash, and possibly for Silverlight. To take care of the Flash cache, you'll need the addon called "Better Privacy". Once you've installed it, go to its Options window (through the Add-ons manager). It should automatically find your Flash cache. If you know you have Flash cookies you need to save, you'll have to select the cookie from the list and click the "Prevent automatic LSO deletion" for each one (however, most people don't need any of these Flash cookies and won't miss them when they're gone). Now click on the "Options & Help" tab. Select "Delete Flash Cookies on Firefox Exit" and uncheck the box beside "Always Ask". Also check the boxes beside "Also delete Flashplayer default cookie" and "On cookie deletion also delete empty cookie folders".
Now, there's no way I'm aware of to delete Sliverlight cookies automatically through Firefox. You can, however, disable the plugin if you're not using it. (You can also just disable it now, and then only enable it later if you find a site you're used to using asking for it). While you're in the plugins screen (it's in the Add-ons manager), also disable any other plugins you don't use. I keep everything but Flash and my pdf reader disabled.
Chrome:
Install the extension called "Click&Clean", go to the Extensions Settings page and click this extension's Options, then select "Clear Private Data When Browser Closes" from the left hand column. Under "Chrome", check the box next to Empty the Cache. Under "Advanced" with the green plus sign beside it, check the boxes next to "Flash Local Stored Objects", "Silverlight Cookies", and "Java Cache".
3. Block all cookies except for the sites you log into regularly.
You only really need cookies for two things --- logging in and some searches. But lots of sites will set cookies on your system anyways. If you happen to browse to a site that follows EU law, you might see a message talking about cookies and the site will tell you why they set cookies. Usually it's "to give you a better user experience". I've been blocking cookies for a long time and I very rarely notice any difference. Best not have them clogging up your system and following you around the internet then.
Firefox:
First, using the browser's own Clear Recent History option (in the Tools menu), clear all cookies. Now that you've got a clean slate, install an addon like Cookie Monster or CS Lite. Both these addons are cookie whitelisting addons --- meaning they block cookies unless you tell them otherwise. Set them (via their Add-on Options) to block all cookies by default, then when you are browsing a site you want to log in to, click the icon and give the site temporary permission to set a cookie (if you're not likely to visit the site again --- this class of permission resets after you close your browser), permission to set a cookie for the session (if you regularly visit but will log in each time), or permanent permission (if you visit regularly and don't want to log in each time you open your browser). If you give session or permanent permission, you only have to do that once and the add will remember it for next time so within a few days, you'll be able to just use it and forget about having to do anything special to keep your cookies clean.
Chrome:
Clear all cookies by Settings>Show Advanced Settings> and under Privacy, Clear Browsing Data. Make sure the pulldown menu in the window that pops up says "the beginning of time" and that the box next to "Delete cookies and other site and plug-in data" is checked, then click the "Clear browsing data" button. Now install the extensions "Vanilla Cookie Manager" and go to its Options (through the browser's Settings>Extensions menu) and select "Auto delete unwanted cookies after 5 minutes" from the pulldown menu. In the whitelist section, type the domains for any site you want to allow to set cookies. As you browse, you will see the outline of a cookie with a bite taken out of it in your url bar. You can click on this to add that domain to the whitelist (use the option with the star * before the url to get all the site's pages at once). Just make sure to rescind that permission when you're done using the site by going repeating the process (the "Add url to whitelist" option will have changed to "remove url from the whitelist"). Once a site is on the whitelist, it stays there, so once you've browsed for awhile, you will have already added all your regular sites to the list and it will just work in the background to keep your cookies clean.
4. Use Adblock Plus.
I realize this is a controversial one, but its important! Whether you use Firefox or Chrome, you do need this to protect yourself. Most sites that display ads buy them as a bundle, sight unseen, from a cyber advertising company. Too many of these bundles are chock full of R-rated content, animations that take forever to load, sound effects that play unexpectedly on mouse-over, and drive-by downloads of viruses. Adblock stops those. You can control how much it blocks by choosing a different subscription (via the extension's/add-on's Options). For complete blocking, I like EasyList+EasyPrivacy. However, it can also be used to block only malware domains, if you'd prefer --- just choose the "Malware domains" subscription by finding it on this list and clicking its "Subscribe" link. Adblock also has a new "Allow some non-intrusive advertising" function, if you want to let some ads through. You can also disable ad blocking on a site-by-site basis. I realize this is depriving other sites of revenue, but frankly if I can't trust a site to have ads that won't try to harm my computer, I don't care how great the site is; they still aren't getting me to enable their ads (I've had to take this stance with one of my favorite forums and what it comes down to really is tough love. I've reported more than my share of ad problems, they've done nothing to stop it from happening in the future, so this is what they get. They fix it, I'll enable their ads again. Simple as that.)
5. Use HTTPS encryption on every site it's available on.
HTTPS isn't a cure-all but it does help protect your log in information, credit information, and personal details when you submit those things online. Most sites that ask for credit info should already have https, but your other details are valuable too. There's a great add-on/extension for both Firefox and Chrome called HTTPS-Everywhere from the Electronic Frontier Foundation (a legal and advocacy group dedicated to protecting your interests when it comes to new technology and law). Using HTTPS is an important step but it's not perfect. This won't protect your information from misuse or abuse by the sites, companies, and individuals you give it to, or by sites that don't offer encryption, but if the site has encryption, it will use it and protect your information as it travels from your computer through the rabbit warren of web servers to the hands of the site and its parent company. You should still be vigilant and use good judgment before you trust anyone with your personal information. Which brings me to number 6...
6. Use a traffic light site rating system to warn you about phishing, malware, and scams.
I use the WOT (Web of Trust) extension/add-on on both Firefox and Chrome. You just make sure the icon is visible in your browser's url bar and set its add-on options to show red warnings in search results. Then anytime you see red, you'll know to stay away and anytime you see yellow, you can click on the icon and select "View the scorecard details" to see why other people have suggested it's not a site you should trust. Warning: WOT uses user ratings so it can give false red warnings for sites that opinionated people might have reason to dislike. You can always check the scorecard and read people's reasons and make your own decision.
I chose these specific tips to all be things you can set up and then mostly forget about. That's the best kind of security for the not-so-tech-savvy. However, if you're up for it, here's a bonus that's a little more involved...
7. Use an extension/add-on to block scripts.
Scripting is one of the main ways your computer ends up infected with something. It's also how advertising companies find out a lot of information about you which they sell for their own gain without you getting anything (except "a better user experience" if you believe that). On the other hand, it's also what makes the web pretty and simple to use so there's a trade off here and that's why this is a bonus and not a full tip.
On Chrome, you can use the "NotScripts" extension and on Firefox, you can use "NoScript" to block all scripts by default and use a whitelist just like the cookie add-ons mentioned above. It's not as easy to manage a scripting whitelist as a cookie whitelist because scripts on a single page may come from many urls, some good and some not so good. You'll have to spend more time tweaking permissions than you did with cookies and that won't ever quite stop. And if you get it wrong, you may find it really frustrating just trying to watch a simple video clip.
On Firefox, you have much more control with "NoScipt". If you don't like the whitelist option, you can also tell it NOT to block all scripts globally, and instead just take advantage of its other protections such as blocking XSS (Cross-site scripting) and alerting you if you go to click on a hidden button (such as an Like button disguised as a close popup window button) --- both BIG problems on facebook and other sites too).
1. Update your browser, patch your Operating System regularly, and use active antivirus shields.
This should be a no-brainer but Microsoft reports a frightening number of people still using IE 6 and 7. You MUST keep your browser up to date, your important plugins (like Flash and Adobe Reader) updated, and your Operating System patched. You MUST also use antivirus. If you're on Windows, try AVG or Avast. If you're on Mac, try Sophos. If you're a Windows user and not sure if your system and software are up to date and safe, try Secunia PSI. It will scan your computer and tell you which programs aren't up to date, then give you a simple way to get those patches you need.
2. Clear all your caches every time you close your browser.
There just isn't any reason not to do this. It takes up space you could be using for other things. It stores information about you that companies can retrieve to follow you around online and build a profile from you (and once that stuff is out there, there's no getting it back). Besides, chances are pretty good you've never, ever actually needed to get cached info from previous sessions. So if it's not doing you any good and it's taking up space, it just makes sense to get rid of it.
Firefox:
Start with Tools>Options (Edit>Preferences for those of you using Linux). Under the Privacy tab, select "Clear History When Firefox Closes" and click the "Settings" button beside it. In the dialog the opens, choose which things you want cleared and which you want to remain. You should definitely clear cache. The rest are all personal preferences.
You're not done yet though. You still have other caches - for Flash, and possibly for Silverlight. To take care of the Flash cache, you'll need the addon called "Better Privacy". Once you've installed it, go to its Options window (through the Add-ons manager). It should automatically find your Flash cache. If you know you have Flash cookies you need to save, you'll have to select the cookie from the list and click the "Prevent automatic LSO deletion" for each one (however, most people don't need any of these Flash cookies and won't miss them when they're gone). Now click on the "Options & Help" tab. Select "Delete Flash Cookies on Firefox Exit" and uncheck the box beside "Always Ask". Also check the boxes beside "Also delete Flashplayer default cookie" and "On cookie deletion also delete empty cookie folders".
Now, there's no way I'm aware of to delete Sliverlight cookies automatically through Firefox. You can, however, disable the plugin if you're not using it. (You can also just disable it now, and then only enable it later if you find a site you're used to using asking for it). While you're in the plugins screen (it's in the Add-ons manager), also disable any other plugins you don't use. I keep everything but Flash and my pdf reader disabled.
Chrome:
Install the extension called "Click&Clean", go to the Extensions Settings page and click this extension's Options, then select "Clear Private Data When Browser Closes" from the left hand column. Under "Chrome", check the box next to Empty the Cache. Under "Advanced" with the green plus sign beside it, check the boxes next to "Flash Local Stored Objects", "Silverlight Cookies", and "Java Cache".
3. Block all cookies except for the sites you log into regularly.
You only really need cookies for two things --- logging in and some searches. But lots of sites will set cookies on your system anyways. If you happen to browse to a site that follows EU law, you might see a message talking about cookies and the site will tell you why they set cookies. Usually it's "to give you a better user experience". I've been blocking cookies for a long time and I very rarely notice any difference. Best not have them clogging up your system and following you around the internet then.
Firefox:
First, using the browser's own Clear Recent History option (in the Tools menu), clear all cookies. Now that you've got a clean slate, install an addon like Cookie Monster or CS Lite. Both these addons are cookie whitelisting addons --- meaning they block cookies unless you tell them otherwise. Set them (via their Add-on Options) to block all cookies by default, then when you are browsing a site you want to log in to, click the icon and give the site temporary permission to set a cookie (if you're not likely to visit the site again --- this class of permission resets after you close your browser), permission to set a cookie for the session (if you regularly visit but will log in each time), or permanent permission (if you visit regularly and don't want to log in each time you open your browser). If you give session or permanent permission, you only have to do that once and the add will remember it for next time so within a few days, you'll be able to just use it and forget about having to do anything special to keep your cookies clean.
Chrome:
Clear all cookies by Settings>Show Advanced Settings> and under Privacy, Clear Browsing Data. Make sure the pulldown menu in the window that pops up says "the beginning of time" and that the box next to "Delete cookies and other site and plug-in data" is checked, then click the "Clear browsing data" button. Now install the extensions "Vanilla Cookie Manager" and go to its Options (through the browser's Settings>Extensions menu) and select "Auto delete unwanted cookies after 5 minutes" from the pulldown menu. In the whitelist section, type the domains for any site you want to allow to set cookies. As you browse, you will see the outline of a cookie with a bite taken out of it in your url bar. You can click on this to add that domain to the whitelist (use the option with the star * before the url to get all the site's pages at once). Just make sure to rescind that permission when you're done using the site by going repeating the process (the "Add url to whitelist" option will have changed to "remove url from the whitelist"). Once a site is on the whitelist, it stays there, so once you've browsed for awhile, you will have already added all your regular sites to the list and it will just work in the background to keep your cookies clean.
4. Use Adblock Plus.
I realize this is a controversial one, but its important! Whether you use Firefox or Chrome, you do need this to protect yourself. Most sites that display ads buy them as a bundle, sight unseen, from a cyber advertising company. Too many of these bundles are chock full of R-rated content, animations that take forever to load, sound effects that play unexpectedly on mouse-over, and drive-by downloads of viruses. Adblock stops those. You can control how much it blocks by choosing a different subscription (via the extension's/add-on's Options). For complete blocking, I like EasyList+EasyPrivacy. However, it can also be used to block only malware domains, if you'd prefer --- just choose the "Malware domains" subscription by finding it on this list and clicking its "Subscribe" link. Adblock also has a new "Allow some non-intrusive advertising" function, if you want to let some ads through. You can also disable ad blocking on a site-by-site basis. I realize this is depriving other sites of revenue, but frankly if I can't trust a site to have ads that won't try to harm my computer, I don't care how great the site is; they still aren't getting me to enable their ads (I've had to take this stance with one of my favorite forums and what it comes down to really is tough love. I've reported more than my share of ad problems, they've done nothing to stop it from happening in the future, so this is what they get. They fix it, I'll enable their ads again. Simple as that.)
5. Use HTTPS encryption on every site it's available on.
HTTPS isn't a cure-all but it does help protect your log in information, credit information, and personal details when you submit those things online. Most sites that ask for credit info should already have https, but your other details are valuable too. There's a great add-on/extension for both Firefox and Chrome called HTTPS-Everywhere from the Electronic Frontier Foundation (a legal and advocacy group dedicated to protecting your interests when it comes to new technology and law). Using HTTPS is an important step but it's not perfect. This won't protect your information from misuse or abuse by the sites, companies, and individuals you give it to, or by sites that don't offer encryption, but if the site has encryption, it will use it and protect your information as it travels from your computer through the rabbit warren of web servers to the hands of the site and its parent company. You should still be vigilant and use good judgment before you trust anyone with your personal information. Which brings me to number 6...
6. Use a traffic light site rating system to warn you about phishing, malware, and scams.
I use the WOT (Web of Trust) extension/add-on on both Firefox and Chrome. You just make sure the icon is visible in your browser's url bar and set its add-on options to show red warnings in search results. Then anytime you see red, you'll know to stay away and anytime you see yellow, you can click on the icon and select "View the scorecard details" to see why other people have suggested it's not a site you should trust. Warning: WOT uses user ratings so it can give false red warnings for sites that opinionated people might have reason to dislike. You can always check the scorecard and read people's reasons and make your own decision.
I chose these specific tips to all be things you can set up and then mostly forget about. That's the best kind of security for the not-so-tech-savvy. However, if you're up for it, here's a bonus that's a little more involved...
7. Use an extension/add-on to block scripts.
Scripting is one of the main ways your computer ends up infected with something. It's also how advertising companies find out a lot of information about you which they sell for their own gain without you getting anything (except "a better user experience" if you believe that). On the other hand, it's also what makes the web pretty and simple to use so there's a trade off here and that's why this is a bonus and not a full tip.
On Chrome, you can use the "NotScripts" extension and on Firefox, you can use "NoScript" to block all scripts by default and use a whitelist just like the cookie add-ons mentioned above. It's not as easy to manage a scripting whitelist as a cookie whitelist because scripts on a single page may come from many urls, some good and some not so good. You'll have to spend more time tweaking permissions than you did with cookies and that won't ever quite stop. And if you get it wrong, you may find it really frustrating just trying to watch a simple video clip.
On Firefox, you have much more control with "NoScipt". If you don't like the whitelist option, you can also tell it NOT to block all scripts globally, and instead just take advantage of its other protections such as blocking XSS (Cross-site scripting) and alerting you if you go to click on a hidden button (such as an Like button disguised as a close popup window button) --- both BIG problems on facebook and other sites too).