Chapter 3: Safe Browsing

Web browsing risks:

  • Data collection of your identity
  • Data collection of your browsing behaviours, including the pages you have visited, and when
  • Data collection of your passwords and autofill information
  • Data collection of your location (and previous locations)
  • Malware (malicious software, sometimes spyware) injections
  • Being blocked from accessing certain sites
  • Being blocked from using anonymous browsers

InfoSec action:

  • Use a general purpose browser, with privacy-enhancing extensions, for daily activities
  • Use the Tor browser for anonymous browsing, for censorship resistance, and to hide your real location

A web browser is the software you use to access the World Wide Web. For many of us, web browsing is 'The Internet', and in many senses it is a window to the world.

Because of the huge opportunities in web browsing, some states impose restrictions on access to certain websites, which impedes people’s freedom, and of course poses a problem to local journalists, researchers, and foreign correspondents. Whilst web access is largely unrestricted in the West, we have serious privacy issues with our web browsing. It remains that most service providers and websites collect vast amounts of data about their users. The British Government is currently trying to pass legislation that would force internet providers to record every single internet connection of every single person, including location data and device identifiers.

This chapter explains some options to minimise the impositions on freedom and privacy in web browsing, under a range of circumstances.

What browsers to use

Many people are unaware of the privacy issues with browsers, and use whatever browser is already on their system. However, there are alternatives that are more integrally secure, and that can be vastly improved by adding ‘extensions’ – extra software that improves the functionality of your browser.

While there are dozens of browsers with specialised purposes, here we will recommend three open source browsers:

  • Firefox, as a general purpose web browser for Linux and Windows
  • Chromium, as a general purpose web browser for Mac
  • Tor, as a secure browser that anonymises your location and identity, and overcomes web censorship (suitable for Linux, Windows and Mac).

Expert info: We recommend Firefox for Linux and Windows but not Mac as Firefox can conflict with Tor on a Mac (Firefox and Tor are based on the same code).

A general-purpose browser

Your daily web browsing centres around generally unrestricted sites and sites that you log in to, such as social media platforms, LinkedIn, newspapers, YouTube, shops, and so on.

Firefox
A popular open source web-browser

For Windows, download Firefox for your operating system and language at www.getfirefox.com.
On Linux distributions/Ubuntu, Firefox should already be installed.

Chromium
An open source clone of Google Chrome

Download Chromium for Mac at https://www.macupdate.com/app/mac/36244/chromium
(Alternatively, go to https://www.macupdate.com  and search for Chromium)

Extensions
A general-purpose browser is certain to make your identity, location and activity available. However, there are some extensions we can use to increase our privacy and security somewhat.

You can find a range of privacy enhancing extensions at https://addons.mozilla.org/en-US/firefox/extensions/privacy-security/, which should be suitable for both Firefox and Chromium.

We particularly recommend the following open source extensions:

HTTPS Everywhere: forces encryption for all connections between your web browser and the webserver you are visiting.
https://www.eff.org/https-everywhere

NoScript: blocks JavaScript. JavaScript is an essential element of many websites, but can be exploited to track your browsing behaviour, leak your passwords, and to inject malware. NoScript is very effective but you will need to grant or deny privileges on a per website basis depending on how much you trust them.
https://noscript.net/

Ghostery: blocks a wide range of trackers in its database, which track your browsing behaviour. Do make sure to switch off ‘GhostRank’ under Settings > Options, as this itself reports back data for marketing purposes.
https://ghostery.com

LastPass: is a password generator and manager for Firefox.
https://lastpass.com/

Tor
https://www.torproject.org/

About Tor

The Tor browser was especially designed for anonymity by routing all its traffic through the Tor (‘The Onion Router’) network. Therefore, this browser prevents internet providers storing accurate information about your web browsing history.

The Tor network is a global network of computers called Tor nodes that have encrypted connections with each other. When the Tor browser starts, it will connect to one of these nodes. This node will connect to a second node that will in turn connect to a third node. These nodes could be anywhere in the world, and the first and third node will not be aware of each other. The third node will connect to the wider internet and fetch webpages from the sites you're visiting. Those sites will not be able to see where you are or who you are (as long as you do not identify yourself by logging into services associated with your real identity).

Since the Tor browser runs all its traffic trough several other places around the world it is slower than regular browsing but this is a price well worth paying for being online anonymously.

In order to ensure the safety of the browser, Tor automatically enables HTTPS-Everywhere, and automatically avoids extensions such as Flash, RealPlayer, and QuickTime. However, you can adjust the settings to improve usability as you like.

Overcoming restrictions

If the network provider you are using (this may be the entire country or just a University network) blocks access to the Tor network, you can use ‘bridges’ to achieve access.

Bridges are ‘private’ Tor relays (nodes or computer points that receive traffic on the Tor network and pass it along) that are less likely to be blocked, and thus help circumvent censorship.

Launch the Tor Browser. Click on the green onion (to the left of the address bar) and click Tor Network Settings > tick ‘My ISP blocks connections to the Tor network’.

You now have a box to enter one or more ‘bridges’ - strings of numbers that identify a Tor relay. To get bridges, go to https://bridges.torproject.org or if you cannot access that site, send an email to bridges@torproject.org , from a gmail.com or yahoo.com email address, with the line ‘get bridges’ by itself in the body of the message, and bridges should be sent back to you. Using a bridge can be an extremely slow way of connecting to the internet – but if you need it to circumvent censorship, it works very well.

Staying anonymous

The latest version of the Tor browser gives users a security slider to determine their security options. In the Tor browser, click on the green onion (to the left of the address bar) and select ‘Privacy and Security Settings’ to see the slider and the various options. The slider is set to low by default, which increases usability. To benefit from the high level of privacy that Tor can offer, or if you need to browse anonymously, you should set the slider to the highest level. 

Do not open documents (such as .doc and .pdf) downloaded via Tor while still being online. These document formats can contain elements that independently connect to the internet, thereby revealing your real IP address. Make sure you are offline first or use a separate computer for working with such documents.

Don't run bittorrent over Tor since this may betray your real IP address and will consume disproportionate amounts of capacity on the Tor network.

Make sure you use the latest version of the Tor browser. You will be alerted on the Tor browser homepage when updates are available, or you can click on the green onion in the browser window (to the left of the address bar) to ‘Check for Tor Browser update’.  

Install Tor

Mac, Windows:
We highly recommend starting with Tails via a cloned USB stick. Manual installation is not always easy, and as such does not have a perfect success rate.

Linux/Ubuntu:
1. Download the Tor browser for Linux at https://www.torproject.org/, and select ‘Save file’. Wait for the download to complete.
2. In your file directory, go to Downloads (or wherever you saved the download), right click on the Tor download,  andselect &