Updates advice regarding Tor (#19)

This commit is contained in:
Alicia Sykes 2022-07-14 11:57:03 +01:00 committed by GitHub
parent f6d7ed9d73
commit 3b5d43ebcd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -113,7 +113,7 @@ This section outlines the steps you can take, to be better protected from threat
**Enable 1st-Party Isolation** | Optional | First party isolation means that all identifier sources and browser state are scoped (isolated) using the URL bar domain, this can greatly reduce tracking. In Firefox (under `network.cookie.cookieBehavior`), it is now possible to block cross-site and social media trackers, and isolate remaining cookies. Alternatively, to enable/disable with 1-click, see the [First Party Isolation](https://addons.mozilla.org/en-US/firefox/addon/first-party-isolation/) add-on
**Strip Tracking Params from URLs** | Advanced | Websites often append additional GET paramaters to URLs that you click, to identify information like source/ referrer. You can [sanitize manually](https://12bytes.org/articles/tech/firefox/firefox-search-engine-cautions-and-recommendations#Sanitizing_manually), or use an extensions like [ClearUrls](https://github.com/KevinRoebert/ClearUrls) (for [Chrome](https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk) / [Firefox](https://addons.mozilla.org/en-US/firefox/addon/clearurls/)) or [SearchLinkFix](https://github.com/palant/searchlinkfix) (for [Chrome](https://chrome.google.com/webstore/detail/google-search-link-fix/cekfddagaicikmgoheekchngpadahmlf) / [Firefox](https://addons.mozilla.org/el/firefox/addon/google-search-link-fix/)) to strip tracking data from URLs automatically in the background
**First Launch Security** | Advanced | After installing a web browser, the first time you launch it (prior to configuring it's privacy settings), most browsers will call home (send a request to Microsoft, Apple, Google or other developer) and send over your device details (as outlined in [this journal article](https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)). Therefore, after installing a browser, you should first disable your internet connection, then launch it and go into settings and configure privacy options, before reenabling your internet connectivity. This does not apply to all browsers, in [this article](https://brave.com/brave-tops-browser-first-run-network-traffic-results) Brave claims to be the on of the only browser to call out to a single, controlled TLD exclusively
**Use The Tor Browser** | Advanced | [The Tor Project](https://www.torproject.org) provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience, as well as the possibility of DNS leaks from other programs (see [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of the more secure browser options for anonymity on the web
**Use The Tor Browser** | Advanced | [The Tor Project](https://www.torproject.org) provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience, as well as the possibility of DNS leaks from other programs. There are also security threats specific to Tor to be aware of, such as malicious exit nodes (see [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of the more secure browser options for anonymity on the web
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript-based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will really reduce your attack surface, mitigate a lot of client-side tracking and [JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/)