How To Stay Safe While Online

If you would like to know what you can do to stay safe while online then please read my article:
How to Stay Safe While Online

If anyone has any comments they can leave them either on that site or below. Either way I’ll respond to any comments and consider your suggestions for future changes.

Thanks.

Nice article Chiron :-TU

A couple of things of the top of my head, maybe more once I’ve had time to think

1. There are browsers other than Chromium, it’s clones and Firefox
2. You might want to mention flash cookies and DOM storage and methods for blocking, something like BetterPrivacy Maybe mention etags.
3. An alternative to add-ons for a degree of browser anonymity are ‘greasemonkey/scriptish’ scripts, a lot of which will run in most of the major browsers. A good example is GoogleMonkeyR
4. A good adjunct to NoScript in firefox is RequestPolicy
5. A good alternative to Cookie Monster, with a few added features is Cookie Controller
6. Disconnect is also available for firefox.
7. Make mention of how to deal with making secure financial transactions online. (Possibly a little to large a subject)
8. Maybe some consideration of add-ons that assist with certificate validation, such as Certificate Patrol or Perspectives etc.
9. Don’t forget about the command line options in Chromium and about:config in firefox. Opera?
10. Maybe include something about the use of routers and their place in the security chain.

Hope that’s ok

Looks nice on a quick view, one thing that I’m missing is a ‘general password policy’ that a user might adopt.

Like use a unique password for important sites like email etc.
and use a shared password for less important sites like e.g. you have to create an account here to send an ecard kind of stuff.

Making sure users don’t use the same password between ‘important’ sites and ‘less-important’ sites can increase security and reduce damage on a hacked database from some web site. So in case the ecard server got hacked those people can’t use that password to logon to your mailbox(es)/facebook etc.

I’ve used this extension after you’ve mentioned it previously in the forum, (a few months?) and it’s a great extension. :-TU

I did read your article and enjoyed it.
I use FF and already do many of those things (I was so pleased with myself lol…as I’m no expert)

I have a question. I do use NoScript and I gave your suggestion of of Request Policy a try.

While those two add on’s seem similar they certainly have different results.

You seem to imply using both would be a good angle. Can you give a few words as to why?

I didn’t enjoy how links from my homepage gave me warnings each time from RP, but maybe there is something to learn here.

I don’t mind a bit of work being careful, if I did mind that I certainly wouldn’t have been able to stand NoScript all these years. I do love the control over a site’s behavior on my machine.

Thanks for your articles. I will recommend them.

Thank you.

To the best of my knowledge NoScript blocks scripts from starting. Thus, this may prevent a script from sending you to another site.

However, Request Policy blocks your browser from communicating with sites that it is not already on, unless you whitelist them. That therefore prevents your browser from inadvertently transmitting your browsing habits without your knowledge.

Please let me know if you have any other questions.

Thanks.

Good article, thank you

You’re welcome. Please let me know if you have any questions.

I’d like to know how you come up with these amazing articles - I have learnt so much!?

Easy, just hang around in security forums long enough, compile many bookmarks of useful (and related) information, and eventually get tired of having to figure out which link was for which. At that point you just create an article with everything carefully organized and adjust it as time goes on using the comments others leave and even more useful information you come across by hanging around security forums. ;D

Seems like a pretty nice article. Of course there are always things that could be added, but overall it’s a great article. It would be impossible to include every little thing to keep people safe online.

If you have anything in particular you would like to see added please feel free to let me know so I can consider it. Most of the ideas in my articles come from others.

I am new here and it’s my first post here.

I really enjoy it.

Thanks writer.

Using a VPN is also a great way to stay safe online!

NoScript has been a blessing for me at times.

I see a VPN as more oriented towards privacy. That is why it’s discussed here, in my article about How to Protect Your Online Privacy.

Also, NoScript is discussed in my article about How to Harden Your Browser Against Malware and Privacy Concerns.

Let me know if you have any questions.

Thanks.

Hello,
are Ghostery and RequestPolicy working the same way to protect our privacy ?
if not, what is the difference ?
Ghostery blocks trackers and what i read on the RequestPolicy website looks like it does the same thing.

I use most of the time Comodo Dragon but I really miss the NoScript add-on on this chromium browser. NoScript is the best add-on for me to secure browsing on Firefox. there are some extensions for chromium looking like NoScript on FF but they just look like, There’s nothing as good as Firefox NoScript for chromium.

thanks for your work to help people security over the internet.

Both do work in very similar ways. In fact, there are many extensions which perform similar contributions. For my advice on which to use please see my article here.

Let me know what you think.

Thanks.

hello,
I read about all your advices to stay safe using the different browsers you mentioned.
All those add-ons are needed to keep your browsing safe from most kind of attacks to break into the system,
and to protect the browsers from getting annoying add-ons that would take control over your settings and open pages you don’t want.

I didn’t noticed important differences between ghostery and requestPolicy, except some security options into requestpolicy that seems not usefull at all from my personal view, as NoScript is so good to secure Firefox. and there’s no other add-on on any of the other browsers to compare to NoScript for FireFox.
But chromium security is so good that it’s hard to bypass. I tried a lot of websites with various kind of attacks from some website listing them using dragon, and I loaded those bad websites after dragon page alert, and no exploit was able to compromize dragon security.
So nothing was able to break into the system to compromize it.
What I noticed recently for Dragon is that the add-on “AdBlock” is better than “adblock plus” to filter ads and it has options to secure browsing that Adblock Plus doesnt include. and AdBlock is able to stop absolutly any kind of ads that Adblock plus doesnt filter (like new ads on Facebook for exemple).
But at the end, the way to set the browsers are the first thing to do. on Dragon you have lot of settings that keep you safe.
But there’s a thing I disagree, it’s about using LastPass to save login/pass.
I tried it and I need a lastpass account to use it, what I’ll never do.
I don’t like to have to create an account to manage my passwords.
and I never save any log/pass on my browser.
I have a lot of accounts but I printed all on 2 pages and I use this way to protect my accounts.
And it’s a good thing to train your memory
Sometimes I need to look at my papers as passwords are longs and suite of characters without any meaning like for exemple : PP0_#98[at]szFF&aZ1,
But after sometime you typed it, you remember most of all.
I clean all data on exit each time i close the browser, can be annoying, but I prefere this solution.
I got only Flashplayer loaded but I block it from storing anything on the machine.
But there’s still the temp folder C:\Users******\AppData\Local\Temp to look at, sometimes you find bad things in it.

I don’t use no AV, as they run on database and their scanners are easy to dupe. people use a way to package the files so the scanner cant open it as people using multiple packagers with commands for the scanner to access that send it from erroneous to erroneous way to unpack, so it’s unable to be scanned, some AV try several minutes then say the file is correct, some others AV try some seconds then say the file is safe,
maybe some others as they cant scan it alert the user of the potential danger and block it, but I don’t know which ones really do that.
I even bypassed very well-known AV just by changing the size of the file using another icon…
So scanners are useless, only signed files from trusted vendors should be allowed to download and stored on the SSD or HDD.
That’s why I only use comodo FW and D+ with highest security settings.
I do not use a lot D+ paranoid mode except to find unknown malwares.
For files i don’t know, I use the virustotal uploader to have an idea, but with all those false positives, it’s not easy,
Because I use tools to modify Bioses that are detected by almost all AV at virustotal as malwares, as I know it’s wrong, because the files are coded by a serious group of people.
So how to trust AV when they fail to detect malwares and detect files that are not malwares…

update : I forgot an important thing, I use a VPN with openVPN-256.
and to encrypt you SSD where you installed your system is also a good thing.
If someone can access you machine, he will not be able to steal and use your files as he’ll get only encrypted files.

It sounds like you have a very good security configuration. However, I do believe that LastPass is a good fit for most users. It encourages them to easily create different, strong, passwords for each website, and it does so in such a way that it is safe for the user to keep it on their computer (as it is heavily encrypted).

Thanks.

Hello,

i just installed some extension on Dragon named “ScriptBlock” that is based on NoScript,
did you test it ?
It seems a good start even if it’s not exactly the NoScript firefox add-on.
give it a try and tell me what you think about it.

best regards.