Top security web browser plugins
Plugins that you should have installed to browse internet safely. Of course you don't need to install them all. One java script blocker and one ad blocker and one privacy/tracker blocker is enough. On the list you can find best plugins for Chrome/Firefox/Opera. It is also good to have VirusTotal plugin installed to scan files before download.
HTTPS Everywhere is a browser extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
HTTPS Everywhere can protect you only when you're using sites that support HTTPS and for which HTTPS Everywhere includes rules.
Fat-free hardenable opportunistic encryption for Firefox.
There are numerous similar extensions out there, but HTTPZ is different because it is not smart: it is Zmart. The following summarizes how it works with the default settings:
When you are about to navigate to a site over HTTP, that request is aborted and a new one is started over HTTPS. If that new request results in an error, it is automatically redirected back to HTTP. If navigating to the site over HTTP throws an error too, HTTPZ does nothing more then. Otherwise, if it succeeds, the host is added to the ignore list, and all subsequent requests to it are ignored by the extension for seven days. When you navigate to a site over HTTPS by yourself, or because of some external factor (like Firefox filling the address with https:// based on your history and so on), HTTPZ ignores that request, regardless of the outcome. When you navigate to a site over HTTPS and the servers redirect you to HTTP, the extension notices this and automatically adds that hostname to the list of sites to ignore.
HTTPZ is meant to be unobtrusive and lightweight, it respects your privacy, and it is free of trans fats. Additionally, it is very configurable, and should be slightly more secure than some of the alternatives out there, since it has a couple of built-in ways to defend against SSL stripping attacks.
The EU regulations require that every website must get user's permission before installing cookies. Imagine how irritating that becomes when you surf anonymously or if you delete cookies automatically every time you close the browser.
This browser extension will remove these annoying cookie warnings from almost all websites :)
You can report any website which still warns you about cookies: make a right click and choose 'Report a cookie warning' from the menu.
This browser extension will always remain absolutely free!
An efficient blocker add-on for various browsers. Fast, potent, and lean.
uBlock Origin is NOT an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites -- through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and uBlock Origin's own filter lists.
Ghostery sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity. After showing you who's tracking you, Ghostery also gives you a chance to learn more about each company it identifies. How they describe themselves, a link to their privacy policies, and a sampling of pages where we've found them are just a click away. Ghostery allows you to block scripts from companies that you don't trust, delete local shared objects, and even block images and iframes. Ghostery puts your web privacy back in your hands. Ghostery has different builds for the different browsers.
Control your cookies! This extension is inspired by Self-Destructing Cookies. When a tab closes, any cookies not being used are automatically deleted. Prevent tracking by other cookies and add only the ones you trust. Easily import and export your cookie whitelist.
Main features • Auto deletes cookies from closed tabs • Whitelist support for sites you want to keep cookies • Export or import your white list of cookies expressions/rules • Internationalization (i18n) • Available for both Chromium/Chrome and Firefox/Tor Browser • Open source. MIT License.
Privacy Badger is a browser-add on tool that analyzes sites to detect and disallow content that tracks you in an objectionable, non-consensual manner. When you visit websites, your copy of Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies.
The extension uses two different approaches to block miners. The first one is based on blocking requests/scripts loaded from a blacklist, this is the traditional approach adopted by most ad-blockers and other mining blockers. The other approach which makes MinerBlock more efficient against cryptojacking is detecting potential mining behaviour inside loaded scripts and kills them immediately. This makes the extension able to block inline scripts as well as miners running through proxies.
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows. Watch the "Block scripts in Firefox" video by cnet.
For Android: NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla's Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.
This open source (GPL) effort has started in the very beginning of 2011, and has been partially funded by the NLnet Foundation.
NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of "classic" NoScript:
- Easy per-site active content permissions management.
- The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
- ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
- ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**
A simple extension that brings some of NoScript 's functionality to Chrome while emphasizing simplicity and intuitiveness (no affiliation to NoScript or NotScripts). Formerly known as ScriptNo
Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc. uMatrix: A point-and-click matrix-based firewall, with many privacy-enhancing tools.
uMatrix put you in full control of where your browser is allowed to connect, what type of data it is allowed to download, and what it is allowed to execute. Nobody else decides for you: You choose. You are in full control of your privacy.
Out of the box, uMatrix works in relax block-all/allow-exceptionally mode, meaning web sites which require 3rd-party scripts are likely to be "broken". With two clicks, uMatrix can be set to work in allow-all/block-exceptionally mode, which generally will not break web sites.
Regarding the myth that "Chromium-based browsers can't reliably block JavaScript", see: https://github.com/gorhill/httpswitchboard/wiki/Blocking-javascript-execution-reliably-in-Chromium-based-browsers.
-
See ALL the remote connections, failed or attempted, depending on whether they were blocked or allowed (you decide).
-
A single-click to whitelist/blacklist one or multiple classes of requests according to the destination and type of data (a blocked request will NEVER leave your browser).
-
Efficient blacklisting: cookies won't leave your browser, JavaScript won't execute, plugins won't play, tracking pixels won't download, etc.
-
You do not have to solely rely on just one particular curated blacklist (arguably with many missing entries) outside which nothing else can be blocked: You are in full control.
-
Ease of use: uMatrix lets you easily whitelist/blacklist net requests which originate from within a web page according to a point-and-click matrix:
- domain names (left column)
- from very specific
- to very generic
- type of requests (top row)
- cookies
- CSS-related resources (stylesheets and web fonts)
- images
- plugins
- scripts
- XHR (requests made by scripts)
- frames
- others
-
Guard your browser against CSS Exfil attacks!
CSS Exfil is a method attackers can use to steal data from web pages using Cascading Style Sheets (CSS). This plugin sanitizes and blocks any CSS rules which may be designed to steal data.
VirusTotal Browser Extension. Avoid infections and other unwanted outcomes when you receive a suspicious file or link by checking the file or link with VirusTotal’s free and easy service. VirusTotal's mission is to help make the internet a safer place while helping to improve the security and antivirus industries and the online safety of other members of the VirusTotal Community.
By default the extension also allows you to collaborate with the security industry by sharing the DNS resolutions (ip address to domain name mappings) performed by your browser. These will never be tied to your identity and the sharing can be deactivated in the extension settings.
"User Agent Switcher and Manager" spoofs browser's User-Agent string. This string is used by web servers to provide content to you. Based on your browser type and operating system, web servers might provide different HTML content (like a different styling or lower resolution images) or JavaScript engine might operate differently. Using this extension you can alter your browser's "User-Agent" string and hence get the content for that particular device of interest. One particular use case of this spoofing is to get the mobile content instead of the desktop content for faster and lighter web browsing.
Automatically change the user agent after specified period of time to a randomly selected one, thus hiding your real user agent.
User agent - a string that is sent along to any website you visit. This is a sort of "fingerprint" your browser leaves behind which contains:
- The name and version of your browser;
- The name of the operating system (Mac, Windows, Linux, etc.) and its version;
- Information about some of the plugins installed on the browser;
- Other information that identifies and exposes you.
This extension has been created to stop data leakage. It automatically replaces user agent strings after a specified period of time with a randomly selected one. User agent strings can also be set manually. The extension is incredibly lightweight, using very few resources. User agent randomization can be customized by the user (what browsers and OS are spoofed, etc.). Exceptions list available with option of wildcards. Protects against JavaScript exploits to hide your identity and protect your anonymity.
Websites have increasingly begun to rely much more on large third-parties for content delivery. Canceling requests for ads or trackers is usually without issue, however blocking actual content, not unexpectedly, breaks pages. The aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.
• Protects privacy by evading large delivery networks that claim to offer free services. • Complements regular blockers such as uBlock Origin (recommended), Adblock Plus, et al. • Works directly out of the box; absolutely no prior configuration required.
Decentraleyes is no silver bullet, but it does prevent a lot of websites from making you send these kinds of requests. Ultimately, you can make Decentraleyes block requests for missing CDN resources, too.
Simpler introduction: https://git.synz.io/Synzvato/decentraleyes/wikis/Simple-Introduction
Am I Protected?
The following testing utility shows you if you are properly protected. It's the recommended and, probably, fastest way to see if this add-on is installed, enabled, and correctly configured.
Full link to testing utility: https://decentraleyes.org/test
Frequently Asked Questions
Full link to FAQ: https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions
Technical Information
-
Supported Networks: Google Hosted Libraries, Microsoft Ajax CDN, CDNJS (Cloudflare), jQuery CDN (MaxCDN), jsDelivr (MaxCDN), Yandex CDN, Baidu CDN, Sina Public Resources, and UpYun Libraries.
-
Bundled Resources: AngularJS, Backbone.js, Dojo, Ember.js, Ext Core, jQuery, jQuery UI, Modernizr, MooTools, Prototype, Scriptaculous, SWFObject, Underscore.js, and Web Font Loader.
-
Cloud Firewall is a browser extension/addon that allows users to block connections to sites, pages and web resources (images, videos, etc) hosted in major cloud services if the user wishes to do so.
Example 1: If "Block Amazon" is toggled ON in Popup, all websites hosted on Amazon AWS will be blocked. Future version of addon will have an "allow all clouds in this site" button in UI for excluding some sites from blocking rules.
Example 2: If "Block Amazon" is toggled ON in Popup, let's say a website is hosted "on-premise (not in cloud)", but has some "resources" like images, video and scripts hosted on Amazon AWS cloud, only those "3rd party" resources are blocked. "3rd party" = these resources. "1st party" = site in address bar + resources delivered from same domain on-premise server.
Regarding Toggle switches in popup menu, the default upon install is "Allow all supported tech companies/clouds". Any allow/block toggling is not persisted across browser restarts i.e. whenever the browser is restarted, all switches are toggled OFF = allow top companies/clouds when browser launches. For advanced users : You have the option to persist the allow/block rules using the switch in Settings page.
The inspiration behind the creation of this addon was the "Life without the tech giants" series by Kashmir Hill and Dhruv Mehrotra.
This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet.
Many websites use tracking elements in the URL (e.g. https://example.com?utm_source=newsletter1&utm_medium=email&utm_campaign=sale) to mark your online activity. All that tracking code is not necessary for a website to be displayed or work correctly and can therefore be removed—that is exactly what ClearURLs does.
Another common example are Amazon URLs. If you search for a product on Amazon you will see a very long URL, such as: https://www.amazon.com/dp/exampleProduct/ref=sxin_0_pb?__mk_de_DE=ÅMÅŽÕÑ&keywords=tea&pd_rd_i=exampleProduct&pd_rd_r=8d39e4cd-1e4f-43db-b6e7-72e969a84aa5&pd_rd_w=1pcKM&pd_rd_wg=hYrNl&pf_rd_p=50bbfd25-5ef7-41a2-68d6-74d854b30e30&pf_rd_r=0GMWD0YYKA7XFGX55ADP&qid=1517757263&rnid=2914120011
Indeed most of the above URL is tracking code. Once ClearURLs has cleaned the address, it will look like this: https://www.amazon.com/dp/exampleProduct
Why use this extension as opposed to similar ones? Most other “link cleaners” employ about a dozen rules when looking for tracking parameters to remove. ClearURLs utilizes over 130 rules, so its capabilities are more comprehensive. And ClearURLs is open source, so everyone can join in to the project and/or can check the source code to error or malicious code.
What do we collect? This extension protects and respects your privacy. We do not—and will never—collect any of your usage data.
What do I do if I have trouble? Visit our GitLab page or check out our wiki.
Write us... If have any suggestions or complaints, please contact us on GitLab.
Neat URL cleans URLs, removing parameters such as Google Analytics' utm parameters.
Custom rules can be added using the global format or the domain specific format (parameter@domain). A domain specific parameter would be, for example, utm_campaign@phoronix.com.
Parameter rules
A parameter is something that starts with ?. You can add your own parameter in the options of Neat URL. The ? is ommitted in the options, so a ?ved parameter becomes "ved". There are a few exceptions to this rule (see below)
Parameters can be global (for every domain): utm_source
Parameters can contain @ signs (domain-specific): nb@tweakers.net
Parameters can contain @ signs with a wildcard so every subdomain will match too: param@*.wired.com
Parameters can contain @ signs with a wildcard at the end of a domain name (matches every domain name which begins with "google" and ends in an unknown suffix: param@google.*
Parameters can also apply globally (first rule), except for a (wilcard) domain (second rule):
ref !ref@amazon.co.uk
The excluded domain always takes precedence. Should you include "ref" and "!ref", "!ref" will apply.
Other valid parameters (exceptions to the ? rule): #xtor=RSS-8 (remove this parameter - be sure to include its value as well when you are using anchor tags) #xtor=RSS-8@futura-sciences.com $/ref@amazon.* (remove everything after /ref on amazon domains - this will only apply when there are no query parameters left after removing the filtered query parameters) $$/ref@amazon.* (remove everything after /ref on amazon domains - this will always apply, even when there are other query parameters after removing the filtered query parameters - this option is available because the user should be in control but beware that double dollar signs are dangerous, it might break the URL)
Invalid parameters: param@.google. (too many wildcards) !ved (this is some random string - not supported, but it might work) /ref@amazon.*$ (dollar sign should be at the beginning)
Don't waste your time with compliance. FastForward automatically skips annoying link shorteners.
Some web pages use intermediary pages before redirecting to a final page. This web extension tries to extract the final URL from the intermediary URL and goes there straight away if successful. As an example, try this URL:
www.google.com/chrome/?or-maybe-rather-firefox=http%3A%2F%2Fwww.mozilla.org/
Please give feedback(see below) if you find websites where this fails or where you get redirected in a weird way when this add-on is enabled but not when it's disabled.
See the add-on's preferences (also available by clicking the toolbar icon) for options.
By default, all URLs but the ones matching a no-skip-urls-list are checked for embedded URLs and redirects are skipped. Depending on the pages visited, this can cause problems. For example, a dysfunctional login. The no-skip-urls-list can be edited to avoid these problems. There is also a skip-urls-list mode to avoid this kind of problem altogether. In skip-urls-list mode, all URLs for which redirects should be skipped need to be added to the skip-urls-list manually.
Some websites use multiple URL parameters like this:
www.example.com/page-we-want-to-skip?first=www.want-to-go-here.com&second=www.do-not-care-about-this-url.com
Skip Redirect does not know which is the right parameter, but you can edit the no-skip-parameter-list. Adding first would skip to the URL of second and vice versa. Adding both, first and second would cause no skipping.
Privacy, simplified.
At DuckDuckGo, we believe the Internet shouldn't feel so creepy, and getting the privacy you deserve online should be as simple as closing the blinds.
Our add-on provides the privacy essentials you need to seamlessly take control of your personal information, no matter where the Internet takes you: Escape Advertising Tracker Networks — Our Privacy Protection will block all the hidden third-party trackers we can find, exposing the major advertising networks tracking you over time, so that you can track who's trying to track you. Increase Encryption Protection — We force sites to use an encrypted connection where available, protecting your data from prying eyes, like ISPs. Search Privately — You share your most personal information with your search engine, like your financial, medical, and political questions. What you search for is your own business, which is why DuckDuckGo search doesn't track you. Ever. Decode Privacy Policies — We’ve partnered with Terms of Service Didn't Read to include their scores and labels of website terms of service and privacy policies, where available.
Our add-on also adds a toolbar icon that shows you a Privacy Grade rating when you visit a website (A-F). This rating lets you see how protected you are at a glance, dig into the details to see who we caught trying to track you, and learn how we enhanced the underlying site's privacy measures. The Privacy Grade is scored automatically based on the prevalence of hidden tracker networks, encryption availability, and website privacy practices.
Too many people believe you simply can’t expect privacy on the Internet. We're fighting to change that, and have made it our mission to set a new standard of trust online. Install DuckDuckGo and take back your privacy!
Terms of Service; Didn't Read (ToS;DR) is an active project to fix the biggest lie on the web. We help you understand the Terms and Conditions and Privacy Policies of websites.
Terms of service are often too long to read, but it's important to understand what's in them. Your rights online depend on them. Get informed about your rights by installing the browser extension for Firefox, Chrome, Opera or Safari.
Examples:
Facebook
- Very broad copyright license on your content -> No promise to inform about government requests
- Facebook automatically shares your data with many other services
- Transparency on law enforcement requests
- You can give your feedback before changes
- No pseudonym allowed -> (more info on the forum)
Google
- Google can use your content for all their existing and future services
- Limited copyright license to operate and improve all Google Services
- Inform about data requests
- Google posts notice of changes, with a 14-day ultimatum.
- Transparency on law enforcement requests -> Partial archives of their terms are available -> Jurisdiction in California -> (more info on the forum)
As you can see there are quite a few plugins providing protection against various threats on the network. Read about these add-ons and the threats that are waiting for you while surfing the web. I also invite you to my website https://0ut3r.space/ for more interesting info.
You might want to look into these apps. A lot are outdated or redundant. For example, uBlock Origin and NoScript, Scriptsafe or uMatrix. uBlock satisfies everything from the latter 3.
Also, while the user-Agent header apps can be useful, they along with privacy badger have been found to make it easier to fingerprint your device. A better implementation is about:config settings to turn on fingerprint protection or to use something better like Mullvad browser or Tor browser.
I agree with this. Privacy Badger isn't as good as people make it out to be, also becoming redundant with something like uBlock Origin. Privacy settings within Firefox such as cookies and about:config changes are usually more than enough when combined with uBlock,
Reply written