From 07caee6df3b80ffb73acf7dcaf12de25da3bad9f Mon Sep 17 00:00:00 2001 From: Mateusz Konieczny Date: Fri, 5 Nov 2021 12:31:05 +0100 Subject: [PATCH] Flash died, so it is blocked by default in general --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2dcec99..af9dee8 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,6 @@ This section outlines the steps you can take, to be better protected from threat **Disable Browser Autofill** | Optional | Turn off autofill for any confidential or personal details. This feature was designed to make online shopping and general browsing more convenient, but storing this sensitive information (names, addresses, card details, search terms etc) can be extremely harmful if your browser is compromised in any way. Instead, if essential, consider using your password manager's Notes feature to store and fill your data **Protect from Exfil Attack** | Optional | The CSS Exfiltrate attack is a where credentials and other sensitive details can be snagged with just pure CSS, meaning even blocking JavaScript cannot prevent it, read more [this article](https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense) by Mike Gualtieri. You can stay protected, with the CSS Exfil Protection plugin (for [Chrome](https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/)) which sanitizes and blocks any CSS rules which may be designed to steal data. Check out the [CSS Exfil Vulnerability Tester](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) to see if you could be susceptible. **Deactivate ActiveX** | Optional | [ActiveX](https://en.wikipedia.org/wiki/ActiveX) is a browser extension API that built into Microsoft IE, and enabled by default. It's not commonly used by legitimate sites any more, but since it gives plugins intimate access rights, and can be dangerous, therefore you should disable it ([see how](https://www.howtogeek.com/162282/what-activex-controls-are-and-why-theyre-dangerous/)) -**Deactivate Flash** | Optional | Adobe Flash is infamous for its history of security vulnerabilities (with over [1000 issues](https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html)!). See [how to disable Flash](https://www.tomsguide.com/us/disable-flash-how-to,news-21335.html) and [Flash alternatives](https://www.comparitech.com/blog/information-security/flash-vulnerabilities-security). Adobe will end support for Flash Player in December 2020 **Disable WebRTC** | Optional | [WebRTC](https://webrtc.org/) allows high-quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are not using a proxy or VPN. In FireFox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in about:config. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/) **Spoof HTML5 Canvas Sig** | Optional | [Canvas Fingerprinting](https://en.wikipedia.org/wiki/Canvas_fingerprinting) allows websites to identify and track users very accurately though exploiting the rendering capabilities of the [Canvas Element](https://en.wikipedia.org/wiki/Canvas_element). You can use the [Canvas-Fingerprint-Blocker](https://add0n.com/canvas-fingerprint-blocker.html) extension to spoof your fingerprint or use [Tor](https://www.torproject.org) - Check if you are susceptible [here](https://webbrowsertools.com/canvas-fingerprint/) **Spoof User Agent** | Optional | The [user agent](https://en.wikipedia.org/wiki/User_agent) is a string of text, telling the website what device, browser and version you are using. It is used in part to generate your fingerprint, so switching user agent periodically is one small step you can take to become less unique. You can switch user agent manually in the Development tools, or use an extension like [Chameleon](https://sereneblue.github.io/chameleon) (Firefox) or [User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg) (Chrome)