banner
leaf

leaf

It is better to manage the army than to manage the people. And the enemy.
follow
substack
tg_channel
HomeArchives作品集情报公司研报钱的属性指南针计划友情链接

The Network Invisible Series: Starting with the Browser - Hide Your Online Footprint

#隐私143
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses effective ways to use browser plugins and configurations to enhance privacy protection. It emphasizes the importance of using open-source plugins to avoid potential backdoors and advises against using domestic browsers in China, recommending Chrome or Firefox instead. The text highlights that while browser modifications can help, they cannot match the privacy offered by specialized tools like fingerprinting browsers or Tor. Key points include: 1. **Fingerprinting**: Websites use various browser characteristics to track users, similar to how fingerprints identify individuals. 2. **Browser Selection**: Choosing the right browser is crucial for privacy. Recommendations include: - **Chrome**: Good security with regular updates. - **Firefox**: Better privacy features than Chrome. - **LibreWolf**: A privacy-focused version of Firefox. - **Tor Browser**: Best for anonymity, but may slow down browsing. 3. **Plugins**: Suggested plugins for enhanced privacy include: - **uBlock Origin**: An efficient ad blocker. - **Privacy Badger**: Learns and blocks trackers. - **Decentraleyes**: Hosts JavaScript libraries locally to improve speed and privacy. - **CanvasBlocker**: Prevents browser fingerprinting through various APIs. - **Font Fingerprint Defender**: Reports false font information to hinder tracking. The article concludes that while these measures improve privacy, they are not foolproof, and users should balance privacy with convenience. Regular updates to the chosen browser are also recommended.

About how to effectively use browser extensions, configurations, etc., to better protect privacy

💡

Advance notice:

To prevent potential backdoors, this article chooses open-source extensions as much as possible.

This article is not specifically written for ad blocking; although some extensions have ad-blocking features, this is not the focus of the article.

I am not a professional, and there may be errors in some places; please forgive me.

The methods in this article cannot provide complete protection, but aim to protect as much as possible.

For Chinese users, do not use domestic browsers; use Chrome, Firefox, or other browsers; otherwise, everything is in vain.

The recommended extensions in this article are not suggested to be installed all at once; more extensions may expose more characteristics.

A modified browser still cannot compare to professional fingerprinting browsers; if you need higher privacy protection, please choose a fingerprinting browser or Tor.

In the ocean of the digital world, the most eye-catching are those flashing ad beacons trying to attract our attention; however, the real threats often lurk in the shadows. In the deep sea of code, countless invisible trackers act like data torpedoes, silently recording our every click and every pause.

These uninvited guests not only ignore our "Do Not Track" signals but also continue their ways even after we explicitly refuse. Faced with such rampant privacy invasions, how can ordinary users protect themselves?

Protection on the browser is like our first line of defense. Although they are not an all-powerful shield and cannot be compared to heavily armored solutions like fingerprinting browsers or Tor, for most web adventurers, these small guardians are the easiest to deploy privacy protection pioneers.

This article will guide you on how to equip your browser with these small yet powerful armors. Of course, this is just the starting point of the privacy protection journey. In future articles, we will continue to explore more layers of protective strategies to help you navigate this turbulent sea of data with ease.

Now, let’s start with this crucial first step: configure your browser to build a solid first line of defense for your web surfing journey.

First, the term "Fingerprinting" refers to a technical means by which websites or third-party services identify and track users by collecting various characteristic information from the browser.

Similar to fingerprint recognition in real life, everyone's fingerprint has its unique patterns, allowing for accurate identification of individuals. Likewise, each browser has its unique "fingerprint," generally consisting of:

  • Browser type and version

  • Operating system type and version

  • Screen resolution

  • Installed fonts

  • Browser plugins and extensions

  • Hardware information, such as CPU, GPU, etc.

Or more methods, so even if you use a VPN, they can still find you.

Browser Selection#

Choosing a suitable browser is the first step in protecting online privacy. Different browsers have significant differences in privacy protection; here are some suggestions:

Mainstream Choices#

  1. Chrome: For most users, Chrome already provides sufficient security. It has regular security updates and supports various privacy-enhancing extensions.

  2. Firefox: Going a step further than Chrome, Firefox does better in privacy protection. It blocks third-party tracking cookies by default and offers more privacy setting options.

Advanced Choices#

  1. LibreWolf: If you want to find a balance between Tor and regular browsers, LibreWolf is a good choice. It is based on Firefox but goes further in privacy and security settings. Note that:

  • To better prevent feature exposure, LibreWolf may bring some inconveniences in use, such as enforcing an English interface.

  • For ordinary users, this level of protection may be somewhat excessive.

Special Cases#

  1. Tor Browser: If you need the highest level of anonymity, Tor Browser is the first choice. However, daily use may affect browsing experience and speed.

  2. Fingerprinting Browser: If the focus is on isolating different account environments, a fingerprinting browser is the first choice.

Special Notes#

  • Do not use domestic browsers: Most Chinese browsers have embedded trackers.

  • Weigh privacy against convenience: Remember, stronger privacy protection often means sacrificing some convenience. Choose a balance that suits your needs.

  • Keep updated: Regardless of which browser you choose, ensure timely updates to the latest version for the latest security patches.

In addition, if you choose a browser that comes with stronger privacy protection by default, the following extensions may be redundant or even counterproductive.

Extensions#

1. uBlock Origin#

💡

Warning: uBlock Origin will soon be unavailable on Chrome due to not using the Manifest V3 standard.

uBlock Origin is an open-source filtering extension that occupies very little memory and CPU and is easy to use.

You can find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).

Once installed, uBlock Origin will enable the following rules by default:

  • EasyList

  • Peter Lowe’s Ad server list

  • EasyPrivacy

  • Malware domains

If you wish to load more rules, click on the uBlock Origin icon to enter settings.

image

image

You can enable some built-in rules here or import rule URLs at the bottom.

After making changes, be sure to click the Apply Changes button after updating the rules.

Of course, more rules mean higher resource usage; please find a balance that works for you.

2. Privacy Badger#

Privacy Badger is also an open-source filter developed by the Electronic Frontier Foundation (EFF). What sets it apart is that it actively learns about potential trackers. The basic principle is that if it detects a third-party service that repeatedly appears and collects data across three sites, it will automatically block it. It also has a feature called three-color slider settings:

  • Green: Third-party resources detected, but no tracking behavior found; no blocking.

  • Yellow: Tracking behavior detected; blocks tracking cookies but does not completely block to avoid webpage anomalies.

  • Red: Tracking behavior detected; completely blocks trackers and cookies.

For elements like video players and comment boxes that may involve tracking but are also useful, Privacy Badger will replace them and activate upon clicking.

Additionally, Privacy Badger regularly fetches automatic learning updates from EFF's servers to intercept trackers as much as possible.

Similarly, you can find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).

💡

Currently, Privacy Badger has been pointed out that its learning to block new trackers while you browse feature may have potential security vulnerabilities. It is disabled by default after installation; if you are not concerned, you can enable it in the settings.

image

3. Decentraleyes#

💡

Has not been updated for a long time; it is recommended to look at the later LocalCDN.

Decentraleyes locally hosts commonly used JavaScript libraries, which can improve webpage loading speed and enhance privacy protection by avoiding tracking from CDNs. It can complement regular ad blockers without impairing website functionality.

You can also find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).

4. CanvasBlocker#

CanvasBlocker is an extension that can block or spoof websites from performing browser fingerprinting through certain APIs.

Although the name is CanvasBlocker, it can actually protect many APIs; Canvas is just one of its functions.

Supported APIs for protection:

  • canvas 2d

  • webGL

  • audio

  • history

  • window

Window size (disabled by default)

  • DOMRect

  • SVG

  • TextMetrics

  • navigator (disabled by default)

  • screen

You can also find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).

5. Font Fingerprint Defender#

💡

This does not seem to be an open-source extension, but I did not find other alternatives on Firefox; if there are any, please provide feedback.

Font Fingerprint Defender is an extension that reports false available font information to web pages, preventing tracking based on available font combinations as fingerprints.

6. All Fingerprint Defender#

💡

Note that this extension is only available for Chrome, and I have not used it myself.

This extension is used to prevent fingerprints left by Canvas, WebGL, fonts, and AudioContext in the browser.

7. WebRTC Network Limiter#

💡

Official Google extension; since I do not use Chrome, I cannot determine its effectiveness. You can look for better extensions in the Chrome Web Store.

Google's official extension can solve the potential IP address leakage problem caused by WebRTC and has passed multiple levels.

8. AdGuard#

AdGuard's browser extension is open-source and performs well in ad blocking and privacy protection. It also comes with features to disable WebRTC, remove tracking parameters, check website reputation, disable third-party cookies, etc. The interface is clean and beautiful, making it a good choice.

9. NoScript#

NoScript is quite a strict extension; it is pre-installed in Tor. It uses a whitelist to block websites from running JavaScript, Java, Flash, and other scripts and plugins unless you explicitly allow them, along with strong cross-site scripting (XSS) protection. The built-in whitelist has configurations for popular websites, which can reduce the configuration burden for ordinary users. Of course, you can also import whitelists shared by others, and if you are just temporarily visiting a website, you can easily set a temporary whitelist.

Of course, it requires some learning time; for ordinary users who are completely unwilling to change their usage habits, NoScript may not be the best choice.

10. LocalCDN#

Similar to Decentraleyes but supports more libraries and is updated more frequently.

Configuration#

1. DOH (DNS over HTTPS)#

If you have been following my blog, you must have seen the last article.

If you are using Linux and have correctly configured DOH according to the article, then everything on your computer is DOH, and you can skip this step.

If you cannot do this or only want to enable DOH in the browser, please continue reading.

Currently, most modern browsers have DOH functionality, and you can find suitable DOH servers for you on the following websites.

💡

In China, many overseas DOH servers are blocked; please find a suitable server for you and ensure it is not blocked. This article will not elaborate on this.

💡

Choosing a DOH server located in the same country as your IP address, or using a DOH like Cloudflare DNS that automatically selects a nearby server, can avoid inconsistencies between the IP address and DNS server location.

Firefox#

For Firefox browser, open the browser settings, go to Privacy & Security, and find DNS over HTTPS.

image

Fill in your DOH address.

image

Now, you are using DOH on Firefox.

Chrome#

On Chrome, open settings, go to Privacy and Security - Security, and find Use Secure DNS.

image

Now, you are using DOH on Chrome.

Other Browsers#

Most modern browsers provide DOH functionality; you can use search engines to find how to enable it.

This article is transcoded by SimpRead, original article address blog.ypingcn.com

Read the detailed tutorial produced by our site to learn how to set up and enable HTTPS-based secure DNS (DoH) on Firefox. Protect your web browsing security and enhance data confidentiality.

[AD] -- Below is content advertising; click to support the author, Want to filter ads? -- [AD]

Quick Download: Download the latest international version of Firefox (Simplified Chinese)

Quick Setup List:

IntroductionAddress
Aliyunhttps://dns.alidns.com/dns-query
Tencent Cloud DNSPodhttps://dns.pub/dns-query
OneDNS Ad-Blocking Versionhttps://doh.onedns.net/dns-query
OneDNS Clean Versionhttps://doh-pure.onedns.net/dns-query
Cloudflare Defaulthttps://cloudflare-dns.com/dns-query
Cloudflare Firefox Versionhttps://mozilla.cloudflare-dns.com/dns-query
Cloudflare Virus Blockinghttps://security.cloudflare-dns.com/dns-query
Cloudflare Virus and Adult Content Blockinghttps://family.cloudflare-dns.com/dns-query
AdguardDNS Defaulthttps://dns.adguard.com/dns-query
AdguardDNS Family Protectionhttps://dns-family.adguard.com/dns-query
AdguardDNS No Filteringhttps://unfiltered.adguard-dns.com/dns-query

Every website needs to know the IP address to access it correctly, but it is impossible to record every IP address due to the vast number; there needs to be a way for users to use this, which is the origin of the Domain Name System (DNS). DNS refers to a protocol that converts the address in the address bar into a specific network IP address, but its design did not consider related security, making it easy for third parties to hijack and modify the results.

Secure DNS (DNS-over-HTTPS, abbreviated as DoH) represents "DNS over HTTPS," which is an encrypted communication method for DNS requests and responses via the HTTPS protocol. Traditional DNS communication uses plaintext UDP protocol, which is vulnerable to eavesdropping, tampering, and other attacks, while DoH can encrypt DNS traffic, thereby enhancing security and privacy protection. Using DoH can also prevent certain network intermediaries (such as public Wi-Fi) from hijacking and polluting DNS traffic, thus improving the reliability of accessing internet services. More and more browsers and operating systems are beginning to support DoH to enhance users' online security and privacy protection.

Below are some setup tutorials and notes for using DoH in Firefox.

1. Enable or Disable DNS-over-HTTPS#

The entry for settings has changed after version 114.0, and you need to set it according to different versions.

1.1 Versions below 114#

  1. Click the hamburger menu button in the browser (top right corner) and select Settings.
  2. In the General panel (the first menu, about:preferences#general), scroll down to the Network Settings section and click the Settings button.
  3. In the opened dialog, scroll down to the bottom, find the Enable HTTPS over DNS checkbox, check it if needed, or uncheck it otherwise.
  4. Choose the address provided by the corresponding supplier or enter the required address yourself (recommended in the next chapter of this article).

1.2 Versions 114 and above#

Version 114.0 was released on 2023-06-06.

  1. Click the hamburger menu button in the browser (top right corner) and select Settings.
  2. In the Privacy & Security panel (the fourth menu, about:preferences#privacy), scroll down to the DNS over HTTPS section.
  3. In the Security DNS Usage Policy section, choose Enhanced Protection (try to use system DNS if DoH fails) or Maximum Protection (only use DoH).
  4. Choose the address provided by the corresponding supplier or enter the required address yourself (recommended in the next chapter of this article).

2. DoH Providers#

In addition to the built-in providers of the browser, there are many other choices.

2.1 Alidns#

A service provided by Alibaba Cloud, effective in China, but does not support ad filtering and other functions.

Address: https://dns.alidns.com/dns-query

2.2 DNSPod#

Produced by Tencent Cloud, effective in China, supports setting ad filtering after registering an account, but the supported filtering rules are not many, and the effect is weak.

Address: https://dns.pub/dns-query

2.3 OneDNS#

OneDNS is a DNS recursive resolution service provided by Beijing Weibu Online Technology Co., Ltd., which has security protection capabilities and can effectively protect against threats such as malware and ransomware, as well as block various ad harassment and fraudulent websites, purifying the network environment and protecting data security.

Address: [Ad-Blocking Version] https://doh.onedns.net/dns-query

[Clean Version] https://doh-pure.onedns.net/dns-query

2.4 Cloudflare#

A well-established network service provider, also built into Firefox.

Default https://cloudflare-dns.com/dns-query

Firefox version https://mozilla.cloudflare-dns.com/dns-query

Virus blocking https://security.cloudflare-dns.com/dns-query

Virus and adult content blocking https://family.cloudflare-dns.com/dns-query

2.5 AdGuard#

(Not recommended for use under domestic network conditions due to network reasons)

A long-standing ad filtering provider, supports setting ad filtering and other custom content after registering an account.

Default (blocks ads and trackers) https://dns.adguard.com/dns-query

Family protection (blocks ads, trackers, adult content, and enables safe search and safe mode where possible) https://dns-family.adguard.com/dns-query

No filtering https://unfiltered.adguard-dns.com/dns-query

2.6 NextDNS#

(Not recommended for use under domestic network conditions due to network reasons)

An ad-blocking DNS service provider that allows 300,000 queries per month for free and supports DoH, DoT, and other methods.

It supports many ad filtering rules and has good filtering effects. However, since its services are overseas, the website resolution results are mostly overseas versions, which may affect the browsing experience to some extent.

3. Exclude Specific Domains#

Excluding specific domains means that the configured domains will not go through DoH resolution but will remain consistent with the system method, suitable for intranet domains or other domains with special needs.

The setting method has also changed after version 114.0, and you need to set it according to different versions.

3.1 Versions below 114#

  1. Type about:config in the address bar and press Enter.
  2. A warning page may appear. Click I accept the risk, continue! to accept the related modification risks and continue to open the about:config page.
  3. Search for network.trr.excluded-domains; if it cannot be found, you need to create a new one.
  4. Click the Modify button next to it.
  5. Add the domains to the list; if there are multiple domains, separate them with commas. After editing, click the checkbox to save the changes, and it will take effect.

3.2 Versions 114 and above#

Version 114.0 was released on 2023-06-06.

  1. Click the hamburger menu button in the browser (top right corner) and select Settings.
  2. In the Privacy & Security panel (the fourth menu, about:preferences#privacy), scroll down to the DNS over HTTPS section.
  3. After clicking the Manage Exceptions button, enter the domains you need to add and save.

2. Disable WebRTC#

WebRTC uses STUN/TURN servers to establish direct peer-to-peer connections between browsers, which may lead to real IP address leakage, even if a VPN is used.

You can disable it using an extension; here is a manual method to disable it.

💡

Note that this may cause functionality issues on websites like Discord calls.

Firefox#

Type about:config in the address bar and press Enter.

A warning message will appear; click the "Accept the risk and continue" button.

In the search bar, type media.peerconnection.enabled.

Click the toggle button to change it to false.

image

Chrome#

In the latest version, it cannot be disabled in chrome://flags/; older versions can find disable-webrtc.

It is recommended to install an extension to disable it.

Firefox Protection Against Fingerprinting#

This is a feature unique to Firefox, providing additional protection against fingerprinting by erasing characteristics, allowing you to blend in with the crowd.

To enable it, first go to **about:config **.

A warning message will appear; click the "Accept the risk and continue" button.

In the search bar, type privacy.resistFingerprinting.

Toggle it to true to enable it.

Conclusion#

However, even with the most reliable tools, true privacy protection begins with each user's daily habits. No matter how advanced the technology, it cannot completely compensate for user behavior negligence.

https://ypingcn.com/

Chaos Bookmark, a concise navigation tool to improve efficiency and share quality information and resource collections.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.