Monday, 20 February 2017

Top extensions for securing your web browser

Top extensions for securing your web browser

Every now and again in this column, we like to go through and update our list of the best add-ons for securing your browser

These are the very top add-ons for making you safe from tracking cookies and metrics, from malicious website code and from hackers trying to intercept your browser traffic. They will block ads and bypass geoblocks and content filters as well — the latter particularly relevant now that certain websites are being blocked by Australian ISPs. All of these are available in the Chrome Web Store and in the Firefox Add-ons directory.


LASTPASS


If you’re not using a password manager by now, you should be ashamed (and welcome to the Privacy and Security column, first time reader). A password manager generates and stores good passwords for the sites you visit, allowing you to have unique passwords for each site without busting your brain trying to remember them all. If you didn’t know, using dictionary words for passwords is a no-no, as is using the same password for multiple sites (you can be 100% sure that if someone cracks your Twitter password, they’re also going to give that password a try on Google, Paypal, Facebook and dozens of other popular sites.)

LastPass still reigns as our top pick for password managers, with a host of features including two-factor authentication and cloud storage of password libraries. It will cost you a small amount of money to get it on mobile as well, but the desktop browser add-on is free.

WOT: WEB OF TRUST


Web of Trust is a community rating service, letting users rate sites for trustworthiness and child safety. You can contribute to its ratings by clicking on the trustworthiness and child safety bars when you visit a site, and see the community consensus for that site. You’ll also see a little ratings icon next to search result links to indicate its trustworthiness level.

If you head into the settings, you can control how the add-on uses those ratings. You can set the threshold at which WOT will send you a warning about an untrustworthy site and you can enable parental controls, which completely blocks sites with a low child safety rating. If you find the link safety icons annoying, you can disable them or only enable them for sites that are dangerous.

It is, overall, a very handy service. Of course, because it relies on user ratings it can be gamed, but in our experience, it generally provides solid ratings.

UBLOCK ORIGIN


For a long time, AdBlock Plus reigned as the king of the ad-blockers, but since the company that created it started making questionable moves (like allowing ads from companies willing to pay it), we’d recommend moving on to uBlock Origin, a tool that’s actually better than AdBlock in many ways. It’s certainly lighter and faster by a considerable margin, and it still blocks everything that AdBlock did.

If you’re willing to drill down, it also gives you quite fine control over the rendering of page elements. You can block large media files for a site, as well as pop-ups, style sheets and fonts. You can even enter “element picker mode” and actively block parts of a site that you never want to see again.

DISCONNECT


Although there are some great alternatives like Ghostery and Privacy Badger, we still think Disconnect is the way to go when it comes to blocking tracking cookies, analytics, social media widgets and all the other embedded web page annoyances that can be used to follow your online activity. It also forces HTTPS where it’s available, so that as many sites as possible employ end-to-end encryption.

With Disconnect, you can very quickly see what it’s blocking and there’s a running tally of how much data it has blocked. You can whitelist a site you’re on and see, with a very handy visualisation tool, all the third-party sites that the site you’re visiting is trying to grab data from.

CLICK & CLEAN


Click & Clean serves as a quick browser cleaner, capable of removing your history, cache, download history and cookies with the touch of a button. Yes, you can do all those things without the add-on, but this makes it much easier to access. This add-on also lets you clear your history/cache/cookies/passwords/form history for a certain period, so you can just clean, say, the last 24 hours.

The app also features a lot of quick access buttons, like buttons for quickly firing up incognito mode, visiting a privacy testing website, generating good passwords (though it won’t remember them — it’s not a password manager) and more. There are also optional system utilities that can be installed along with the add-on.

HOTSPOT SHIELD FREE VPN PROXY


When it comes to VPN add-ons, there are some great ones available in Chrome now: ZenMate VPN, TouchVPN, Betternet, Tunnelbear and several others offer worthy free services (be careful of Hola, however — the company has proven very dodgy with its privacy practices).

When it comes down to it, we’re currently landing on Hotspot Shield as our favourite. It doesn’t have some of the features of its competition (features that are handled by other add-ons listed here), but its free service is simple, unlimited and doesn’t ask for user details or require registration. You can choose your connection country from a list — although if you want to connect to the US or UK, you need a Premium account. It will also direct you to an ad page when it connects on the free version.

UMATRIX


uMatrix is very much a tool for advanced users, but if you can understand what it does, then it gives you unprecedented control over the downloading and execution of page elements on a site-by-site basis. It allows you to block sites from downloading images, plugins, scripts and even frames and style sheets.

When using uMatrix, red = blocked and green = allowed. For example, if the cookie column for google.com is red, then cookies for that site are disallowed. There are ‘default’ rules (indicated by light red or light green) and you can change them to hard rules by clicking on the bottom or top half of a field to change the field to green or red. So if you wanted to allow google.com to use cookies, then just change the cookies field for that site to green.

You can also click on column and row headers to change the default rules for that entire class of object. For instance, you can switch the default to block website scripts by clicking on the script column header to change it to red (or switch the default to allow scripts by changing it to green).

Obviously, this can break a lot of sites if you block things that the site needs, and you need to know a little about how websites work to get the most out of it. But it’s the most powerful and useful tool we’ve seen for really controlling how websites behave. Once you understand its operation, it’s fast to get things done and great tool for truly managing the web.