Browse the web more securely
فهرست
... فهرست ...A web browser is one of the digital tools most of us use daily. It is the main way many people access the internet. Many people are familiar with Edge, Safari and Chrome – browsers that come installed with our devices.
Because we rely so much on browsers, they are often targets for people who want to compromise your privacy or security. Follow the steps below to choose a more secure browser and make its protection stronger.
Choose a web browser... or two!
- Install Firefox for your platform and in your language (available for Windows, macOS, Linux, Android and iOS).
- On Android and iOS, consider installing Firefox Focus, a light-weight browser which comes with privacy-oriented settings by default.
- Install Chrome for Windows, macOS, Linux, Android or iOS.
- Consider installing the free and open-source Chromium instead of Chrome. On Linux, you can install Chromium through your software installer in many distributions. On Android, you can install it through FFUpdater, a free and open-source installer and updater app that you can get from F-Droid.
- Optionally consider installing the DuckDuckGo Privacy Browser for Windows, macOS, iOS and Android.
- For advanced privacy and to access websites that are not accessible in the institution or country you connect from, you can consider using the Tor Browser (for Windows, macOS, Linux or Android), but consider this may change your browsing experience dramatically. Read more on this in our guide on anonymization tools.
- On Android, you can install a selection of secure and privacy-oriented web browsers through FFUpdater, a free and open-source installer and updater app that you can get from F-Droid.
Learn why we recommend this
Most operating systems come with pre-installed browsers. For example the default macOS and iOS browser is Safari, and the default Windows browser is Edge. These web browsers are not designed with a focus on privacy and security, and we strongly suggest to use more security and privacy-oriented software as your default browsers.
- We recommend the Firefox web browser, made by Mozilla. Firefox is free and open-source software and has better built-in security than others browsers.
- Firefox Focus is a light-weight, privacy-oriented web browser for mobile devices. Read Mozilla's blog post on the differences between Firefox Focus and other browsers.
- Chrome and Chromium, both developed by Google, also have high-quality security. While Chromium is free and open-source, Chrome is proprietary freeware based on open-source components. Since Chrome is developed by Google, consider whether it might send more data about you to Google than you are comfortable with and consider not logging in to your Google account when using it.
- The DuckDuckGo Privacy Browser is a privacy-oriented browser that automatically blocks web trackers and upgrades insecure HTTP connections to HTTPS when possible.
- The Tor Browser is a modified version of Mozilla Firefox that allows you to anonymize your connections by browsing the web through the Tor network. Read more on this in our guide on anonymity tools.
It can be a good idea to install more than one browser, and use one for more sensitive activities and the other for your everyday needs. Read more on this in our guide on multiple identity management.
Change your device's default browser
- Avoid using less secure and less privacy-friendly browsers like Edge or Safari as your primary web browser. Deactivate or uninstall browsers you don't use.
- Learn how to change your default browser to Firefox on Linux, macOS and Windows. Use the "Customize this article" drop-down menu in the right-hand side of the window to find the right instructions for your device. For Android and iOS read the following instructions.
- You can also decide to make Chrome your default browser on Windows, macOS and iOS. But we strongly recommend not to log in with your Google account.
- To avoid signing into your Google account on Chrome, go to the browser Settings, select Google services and make sure Allow Chrome sign-in is unchecked.
- Change which web browser opens websites by default on Ubuntu.
- Stop the Edge browser from automatically starting when you start Windows.
Learn why we recommend this
Not all web browsers are created equal. Some protect your privacy and security more effectively than others.
By setting a browser focused on privacy and security as your default browser, the links you click in other apps will open directly in a more secure browser. In any case, always think twice before you open a link you receive through messages or emails.
Read more on why you should pause before you click when you receive a link in our guide on malware.
Make sure your browser is up to date
- Firefox should update automatically, but it is important to periodically check whether you have the latest version of the browser.
- Chrome/Chromium should also update automatically, but it is important to periodically check for updates. Learn how to do this in the official guide on how to update Chrome.
- Learn how to set up the Tor Browser to update automatically and how to update it manually.
Enter web addresses in the address bar
If you know the complete web address of a website (for example securityinabox.org), type it in the address bar to avoid going through a search engine to access it.
If you just type the name of the website (Security in a Box) without its extension (.org), the browser will open your default search engine with several results, some of which may be malicious.
If you use the address bar to search the web, consider replacing Google with a more privacy-friendly option as your default search engine.
Firefox
- Learn more on the Firefox address bar in the Mozilla guide on how to search with the address bar.
- Consider whether you want to change what Firefox suggests when you type in the address bar.
Chrome/Chromium
Learn why we recommend this
The address bar is the familiar text field at the top of a web browser’s interface. When you browse the web, the address bar displays the address of the web page you are visiting (in our current case, this is https://securityinabox.org/en/internet-connection/safer-browsing). By typing a web address into the address bar, you'll request a website or a specific page of a website.
Address bars also offer additional functionalities, like performing web searches or providing suggestions for websites.
Set your default search engine
Choose a default search engine that does not track you:
- DuckDuckGo (our top recommendation)
- StartPage
Firefox
Chrome/Chromium
Learn why we recommend this
Search engines like Google and Bing build profiles of people who use them, track your device specifically and share their users' personal information with third parties. Your browser uses one search engine by default when you use the address bar to perform a web search or when you right-click a selected string of text and click Search.
Review the camera, microphone and other site permissions
- Firefox
- Chrome/Chromium
Learn why we recommend this
Permissions can be like a door or window you leave open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.
Secure your connections
- Activate HTTPS-Only mode.
- When you visit websites, look at the address at the top of your browser. Make sure the address begins with
https://, not justhttp://.
Learn why we recommend this
The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the website, making it harder for people trying to spy on you to see, for example, sensitive data you enter or what pages you visit in that site.
Enable Tracking Protection settings
- Enable strict privacy protection in your browser to avoid being tracked by third parties when browsing the web.
- Firefox:
- Set Enhanced Tracking Protection at least to Standard; consider whether you want to set it to Strict (more sites will look like they are broken).
- Chrome/Chromium:
- Firefox:
- Set your browser to delete data when you end your browsing session.
- Sometimes, a website may not work correctly with enhanced tracking protection settings. In such case, you can disable tracking protection temporarily for that particular website.
Learn why we recommend this
When you browse the web, cookies and trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.
Turn off the browser's built-in password manager
- Remove all saved logins.
- Disable the password manager.
Learn why we recommend this
Most browsers can generate, save and encrypt passwords for you. However, we recommend you turn this feature off and use a separate password manager like KeePassXC instead. Browser-based password managers put you at greater risk of an attacker tricking your browser into giving up your passwords.
If you decide to use a browser-based password manager, avoid using it to store passwords for highly sensitive accounts and read our recommendations on how to protect the passwords you store in your browser.
Use protective browser add-ons/extensions
- You can choose which add-ons/extensions to install and decide how to configure them, depending on your circumstances.
- If you are using a device that is managed by someone else (for example in a public library or at your workplace), you might have to make these adjustments repeatedly.
- Install and configure:
- Privacy Badger (for Firefox, Chrome/Chromium and Firefox on Android)
- Why? Prevents tracking and collection of metadata through your browser.
- uBlock Origin (for Firefox and Firefox on Android) and uBlock Origin Lite for Chrome/Chromium
- Why? Blocks advertising and trackers, some of which might be malicious.
- Facebook Container, if you use Facebook or Instagram (Firefox only, only for computers)
- Why? Keeps Facebook from gathering data on where you have been online and associating it with your profile.
- Zoom Redirector for Firefox and Xoom Redirector for Chrome/Chromium (only for computers)
- Why? By making Zoom links open in your browser, this add-on keeps the call within your browser's protections.
- NoScript (for Firefox, Chrome/Chromium and other Chromium-based browsers like Edge, Brave or Vivaldi) (optional, but recommended; available for computers and for Firefox on Android)
- Note that NoScript will often make websites look empty or broken. Learn how to configure NoScript so this happens less often.
- Why? It may be possible for an adversary to get to your device using malicious code in a script downloaded along with a webpage you are viewing. NoScript blocks all code from unknown websites, protecting your device from infection.
- Privacy Badger (for Firefox, Chrome/Chromium and Firefox on Android)
Learn why we recommend this
When you browse the web, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages.
We recommend installing these browser extensions or add-ons to protect against these security and privacy issues.
Remove unwanted add-ons/extensions and manage pop-ups
- Remove all add-ons/extensions that you do not use or recognise.
- Make sure your browser is set to block pop-ups.
Learn why we recommend this
Malicious people may try to trick you into installing malware through your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, remove add-ons/extensions you are not using to be sure you only use pieces of software that you really need.
Browser add-ons/extensions can be malicious and could be used to spy on you just as any other program or app. It is therefore important to only install add-ons/extensions that you can trust, possibly only from trusted sources, like the Mozilla add-ons repository for Firefox or the Chrome web store for Chrome/Chromium extensions. If you really need to install an add-on/extension from a different source than the official repositories, read Mozilla's tips for assessing the safety of an extension before you proceed.
Delete your browsing history
Firefox
- Set up a button that makes it easy to quickly delete your recent cookies and the history of pages you visited.
- Tell Firefox to clear your history automatically or remove single websites from your history.
- You can also delete your browser history manually.
Chrome/Chromium
- Delete the history of pages you visited.
- If you are logged in with your Google account when you use Chrome or Chromium, learn how to delete all your Google activity.
Learn why we recommend this
Your browsing history is a list of websites you have visited. The default option in Firefox and Chrome/Chromium is to remember your browsing, download, form and search histories.
Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent by mistake to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with and the things you have been reading about.
Use private browsing or Incognito mode
If you would like to avoid saving your history just for one browsing session, you can use the private browsing, or Incognito mode feature.
- Understand more about what private browsing (or Incognito mode) will NOT protect you from, including your IP address not changing, leaving traces in the device you are using or being spied upon through malware in your computer.
Firefox
Chrome/Chromium
Learn why we recommend this
If you open a browser window in "Private browsing" or "Incognito mode", the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if you need to better protect your privacy from somebody with access to your device.
Note that private browsing/Incognito mode will not protect you from malware or surveillance. Read our guides on malware and anonymity to learn how to address such risks.
Consider not showing what you last viewed on startup or your most visited sites
- Firefox
- Chrome/Chromium
- Make sure your startup page is set to open with a new tab, not where you left off.
- Customize your New Tab Page unchecking My shortcuts and Most visited sites.
Learn why we recommend this
If you are worried that somebody else will have access to your browser, turn off the feature that shows the webpages you had open when you last closed your browser and stop your browser from suggesting to open your most visited sites.
[Advanced] How to recognize and report a malicious website
Most modern browsers recognize malicious and unsafe websites by default and will warn you if you try to access phishing, malware or social engineering sites. If you see such a warning, it's best not to visit that website. If, on the other hand, you open such a website without being warned, consider reporting it to improve spam detection systems that protect Google's search results.