Security and Privacy Enhancing Chrome Extensions
The extensions on this list will harden your Chrome/Chromium installation against security risks and invasions of privacy.
Step one is using an open source and Google free Chromium fork like https://alternativeto.net/software/brave/ instead of Google Chrome, which is most likely tracking you. Remember to click the "Allow in incognito" checkbox on the "Extensions" page for all of the extensions on this list that you install, otherwise the extensions won't work in incognito mode.
Be sure to also get a secure, anonymous, no logs, leak proof VPN service that is based outside of the Five Eyes (the US, the UK, Australia, Canada, and New Zealand) and the Enemies of the Internet. You'll find a list of options here.
Are you more of a Firefox kind of person? Don't worry, we got you covered as well.
uBlock Origin is the most efficient ad blocker of its kind. This will protect against malvertising, some malicious sites, corporate user tracking (to some extent) as well as speed up loading times, remove ads, and prevent WebRTC from leaking local IPv6 addresses even when connected to a VPN. You can find a uBlock Origin backup file containing filter lists that I recommend and personally use here. (Ctrl + S to save the backup file and then import it by clicking the "Restore from file..." button at the bottom of the "Settings" tab, select the backup file in the dialog box that will pop up, go to the "3rd-party filters" tab and click the yellow "Update now" button). The WebRTC leak prevention setting is not selected, so if you are going to be using a VPN or otherwise don't care about missing content on sites using WebRTC, activate it in the "Settings" tab. Add whatever regional filters are relevant to your browsing habits in the "3rd-party filters" tab, otherwise you will probably see some ads on the non-English sites you visit. The http://www.hostsfile.org/Downloads/hosts.txt filter list is sometimes a bit aggressive when it comes to blocking domains, so if it gets in the way of your browsing too much, delete or deactivate it. The same can be said about Blockzilla to a small degree, but it's not nearly as bad. If you want descriptions of what each and every filter list blocks or want to add subscriptions yourself, check out filterlists.com.
uMatrix contains similar ad blocking functionality as uBlock Origin via host files, though it can't handle cosmetic filters/element hiding, only network filters, aka domain blocking. It also has several other features like sandboxing and deletion of cookies and web storage from blacklisted domains which are defined by the same filter lists that ad blockers use, scheduled deletion of session cookies and cache, hyperlink auditing (tracking technique) prevention, HTTP referer blocking (I recommend letting Referer Control handle that though, so that you are able to whitelist sites that break), and strict HTTPS (blocking of unencrypted HTTP content - called mixed content - from being loaded into HTTPS pages). As for which extension to use when it comes to uMatrix and uBlock Origin, if you want a full-fledged ad blocker with element hiding and not just domain blocking, then use uBlock Origin. If you like uMatrix features, like how it handles sandboxes and deletes cookies from blocked domains, use uMatrix. Nothing says that you can't use both either. Using hosts files in uMatrix while at the same time using filter lists with cosmetic filter rules in uBlock Origin is a totally viable option. You can find a uMatrix backup file containing filter lists that I recommend and personally use here. (Ctrl + S to save the backup file and then import it by clicking the "Restore from file..." button at the bottom of the "About" tab, select the backup file in the dialog box that will pop up, go to the "Hosts files" tab, click the "Auto-update hosts files." checkbox and click the yellow "Update now" button). In case you want to combine uMatrix with uBlock Origin, here is a backup file for uBlock Origin that only contains the filter lists that uMatrix can't handle. If you want descriptions of what each and every filter list blocks or want to add subscriptions yourself, check out filterlists.com.
Privacy Badger is an add-on developed by the Electronic Frontier Foundation (EFF) that blocks online trackers. While uBlock Origin also does this with the right filter lists, Privacy Badger uses behavioural heuristics and can therefore block trackers that are not in any filter list yet. It can prevent WebRTC from leaking local IPv6 addresses even when connected to a VPN.
Decentraleyes prevents tracking from major content delivery networks by blocking requests to those CDNs and replacing the files with local files to keep sites from breaking.
HTTPS Everywhere is an add-on developed by the Electronic Frontier Foundation (EFF) that encrypts communications on supported HTTPS sites. Most major sites are supported, as well as a lot of less known sites.
Cookie AutoDelete automatically clears a site's cookies and local storage after the site has been closed.
Random User-Agent is a Chrome add-on that spoofs the user agent headers on a regular interval that the user chooses. This makes browser fingerprinting harder for ad tracking companies to preform. I recommend setting Random User-Agent to change the user agent every minute, to protect against detection by JavaScript, and to enable every desktop user agent as a possible user agent for the extension to switch to. Some websites will not function properly some of the time depending on the user agent (Google Drive, addons.mozilla.org) or all of the time (Slack, phpBB forums), but you can whitelist those sites or temporarily disable the add-on.
HTTP referer lets webmasters know from which web page you clicked on the link to their website from. Referer Control lets the user control what HTTP referer is sent. I recommend blocking HTTP referer completely and whitelist sites that need HTTP referer it to function, like Fosshub for example.
This is not a Chrome extension, but a website. However, since a good privacy respecting search engine is vital to a privacy oriented browser setup, I'm including it anyway. StartPage is a search engine that proxies and anonymizes Google search results, giving you the same search results (with minor differences due to Google's filter bubble), but with your privacy intact. Searching for something at StartPage will give you this URL: "https://www.startpage.com/do/asearch". As you can see it is impossible for anyone, including your ISP and anyone else monitoring your Internet connection to get any search terms out of that URL. You can set custom settings which are stored in an anonymous ID that will look something like this: "ee6603f119dd79b5a29f3111ca32aa18". This way ISPs and anyone else monitoring your Internet connection won't know what custom settings you're using just by looking at the URL. StartPage is run by Ixquick, which is based in the Netherlands, a country with very strong privacy laws. Ixquick has been awarded with the first European Privacy Seal and is the first and only EU-approved search engine. StartPage does however also proxy Ads by Google, but there are zero external domains that get loaded into search pages, everything is 100% proxied, and uBlock Origin will block it regardless. Searx is another Google proxy, and it is open source, but it doesn't look that good. Searx does however currently include 20 other search engines besides Google and you can customize it to include whatever search engines you want. There's also DuckDuckGo, which is very privacy friendly, but I personally think that Google proxies fetch better search results than DuckDuckGo.
ScriptSafe will block scripts and some other elements on all sites and exceptions have to be set on a per site basis, which is too much work for the general user. However, you can turn off the blocking and take advantage of the extension's other features, which include fingerprint protection, remove Google Analytics (UTM) tracking, timezone spoofing, WebRTC protection, user agent spoofing, and HTTP referer spoofing (I recommend letting Referer Control handle that though, so that you are able to whitelist sites that break).
Negotiator blocks cross-site requests (content loaded from external domains), which prevents tracking and Cross-Site Request Forgery (CSRF) attacks. It can also block cookies and HTTP referer (I recommend letting Referer Control handle that though, so that you are able to whitelist sites that break). You must set what to block yourself and there are no lists of preset rules that you can subscribe to, so using this extension will take some effort on your part.
Google search link fix will clean the URLs of Google and Yandex search results, giving the user tracking free direct links instead of annoying and privacy invasive redirect links.
With VTchromizer you can scan URLs using VirusTotal's 64 anti-virus engines by just right clicking and then clicking "Scan with VirusTotal" in the context menu. It is developed by one of VirusTotal's software engineers.
Malvelope is an extension that integrates with webmail providers and allows users to easily send PGP encrypted emails. PGP has, as far as the security community is aware, never been cracked. If you use Yahoo! Mail, Gmail, Outlook.com, AOL Mail, or some other spying and tracking infested email service you should switch to an end-to-end encrypted, privacy respecting no logs email service that is based outside of the Five Eyes and the Enemies of the Internet like Proton Mail.
