Lurking within your browser are some very dangerous threats to your security. These threats are so severe that even with the best security practices if you don't address them it can result in complete deanonymization. That includes if you're using TOR. Luckily there are a few tools and simple changes to secure our privacy and stay anonymous. Massive criminal operations have been taken down as a result of not following what's written in this guide so ignore it at your own risk(especially if you're using the TOR Browser).
Ways Your Browser Can Betray You:
- Through allowing RTC connections
- Through javascript exploits that circumvent TOR & Your VPN
- Through browser fingerprinting(will be covered in a later post)
The following guide addresses the first 2 issues. It works in Windows, Mac, & Linux using Firefox & TOR Browser. Don't let the pictures fool you it should take you no more than a few minutes to deploy these changes and have a much more secure browser. We'll start off with the most important which is preventing RTC leaks.
Hardening Your Browser
Firefox
Securing the Config File
- Type in URL bar about:config. A prompt will pop up click "I accept The Risk".
Then type the following in the search box. Then double click each item you've typed in so it says FALSE: - media.peerconnection.enabled
- geo.enabled
We've secured the config file. Now we need to make Firefox private by default.
Other Settings:
- Click 3 lines icon in the upper right corner and then click "Preferences"
- Make sure the following are as shown in each Menu item:
- General:
- Homepage: https://ipleak.net(this let's you check your IP/VPN when you first start browser)
- General:
- Add Startpage to your Search Engines by clicking here & set Startpage.com as default & delete all other search engines. When done it should look like this.
- Privacy & Security(make as shown):
Extensions
Download the following:
- uBlock origin and make sure it is enabled. As you can see it has protected me from over 40K trackers since installed!
- NoScript(I recommend running on full settings only if needed or on non-trusted sites. This is b/c it can cause sites not to function however medium settings often works)
We have now secured Firefox. Most importantly we have prevented RTC leaks and the potential for Javascript exploits. We will now move on to TOR.
Hardening TOR
- Go to Advanced Settings in top right
- In "General" change homepage to https://ipleak.net
- In Privacy set master password to strong random password
- Near bottom change so it is set at Safest(especially when on places such as the darknet)
- Near bottom change so it is set at Safest(especially when on places such as the darknet)
So there you have it. Our browser is now protected from dangerous IP leaks and vulnerabilities that can allow a company to track us or an attacker to deanonymize us. I hope you enjoyed this tutorial. Please upvote, follow, and let me know if you have any questions or topics you'd like me to cover in the comments. Until next time stay safe out there.
Nice how-to guide and useful suggestions for Startpage and UBlock Origin of which I wasn't aware. In the Firefox Privacy and Security settings you have highlighted Permissions (Location, Camera, etc), but have left them unset. Do you have any rule-of-thumb recommendations for those?
Hey thanks for the comment. I recommend you should leave those blank. When you click on the settings it should look like this. Thank you for pointing that out. I also recommend if you haven't already you go through all my guides in numerical order(PersSec101-109) as they are designed to be implemented step-by-step. Anytime a website wants access to any of those sensitive things(camera, microphone, location) you should only enable it intentionally with forethought. Also I am updating the guide to talk about moving your Firefox database to an encrypted file container for extra security in case your device gets seized(should be available by tomorrow). Doing this encrypts all your bookmarks and other sensitive information.
Anyways here's what it should look like for all settings.
Congratulations @hack-tha-world! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
To support your work, I also upvoted your post!
Do not miss the last post from @steemitboard: