Secure|Browser

How to setup a secure browser for when you deal with Ethereum

Disclaimer:

Whilst we endeavor to ensure the accuracy of this general information, we accept no responsibility for any claims, losses, or expenses as a result of any material in this publication. The websites provided in this guide may contain information contributed by others over whom, and in respect of which, we have no influence. We expressly state that we do not endorse all of the information on any other sites linked to. We accept no responsibility or liability (howsoever caused) for such information.


Ultimately, if your system is already compromised by a virus then following our very opinionated steps (as we would) will not be of much use or help to you. We accept no responsibility or liability for what damage (howsoever caused) results of your following this guide or using this information as provided, so by continuing you acknowledge that this is just our opinion and is merely a starting point for further reading to be done by yourself.


In other words, we encourage you to do your own research, seek out experts you trust, and to discuss security best practices with your own network security community to help you make your own decisions.


PS: Do not install or use Adobe Flash players!  Do install and use NoScript to help mitigate the potential for JavaScript attacks!


VIDEO GUIDE HERE

Odoo text and image block

Planning to handle sensitive data on-line?

This guide is designed to help people safely minimize their risks when using the internet. Computer software is composed of math. Peer reviewed software technologies that are open to public inspection have been the most secure and reliable historically. Security best practices generally suggest that we should trust as few parties as possible. Another interpretation of this guideline is that we should not trust any computer code that is proprietary, closed, and not peer reviewed; This means we should exclusively rely on a combination of security best practices and open source technologies for our security.

In other words trust no one -- no Google, no Microsoft, no Apple, no Kaspersky. Most of these companies have repeatedly failed to protect people by being negligent or by using their software to data mine and back-door people intentionally for profit or for the benefit of state actors.

(Microsoft) (Google) (Apple) (Kaspersky)

Closed source software, also known as proprietary software, cannot be trusted because the code cannot be audited or peer reviewed.

So say, "Hello free software. Hello Gnu. Hello Mozilla."

Step 1. Install Firefox

You'll want to download the latest stable version of Firefox from this address:

Goto Mozilla Firefox download page



Step 2. Configure Firefox

Next, you'll want to configure most of the options found when you navigate to:

about:preferences 


Startup with Show a blank page

Disable Check spelling as you type

Disable search suggestions

Remove all Search Engines you don't trust

Disable password remembering

Set Never remember history

Disable DRM content

Always Use Tracking Protection

Always send "Do Not Track" signal

Disable all Firefox Data Collection and Use

Block all dangerous and deceptive content

Set Address Bar to only suggest Bookmarks

Step 3. Mandatory Firefox add-ons and extensions

At a minimum, you'll want to install some or all of the following extensions

We want to help you make your browser more secure than average. We expect that you are going to be dealing with very sensitive data. Consider this a push in the right direction. The following extensions should all be installed and enabled. These add-ons and extensions are designed to reduce your risks when browsing. While these extensions will help, they are not a magic bullet.


Read more about these three suggested add-ons through their Mozilla listing

HTTPS-Everywhere at Mozilla 
Ublock Origin at Mozilla            
Privacy Badger at Mozilla         
MetaMask at Mozilla                  


HTTPS-Everywhere
Passive.

Easy to use.

Little to no configuration required.

Will not disrupt your web experience.


Ublock-Origin
Passive.

Easy to use.

Little to no configuration required.

Will often disrupt your web experience.


Privacy-Badger
Passive.

Easy to use.

Little to no configuration required.

Will rarely disrupt your web experience.


MetaMask
Passive.

Easy to use.

Little to no configuration required.

Will rarely disrupt your web experience.


Step 4. Install NoScript, a much stronger weapon

This add-on has a learning curve, but it is stronglyrecommended.

You have definitely heard of and seen the term JavaScript before. JavaScript is a programming language that is used in almost all websites, including this one because it is so versatile and allows so many useful features. You should never browse the web with unrestricted JavaScript enabled on all websites . NoScript is a very simple tool that shoots firsts and asks questions later. When you load a web-page for the first time, NoScript will block all JavaScript that you have no explicitly enabled. This will be very annoying for you at first, but you have a quick and easy way to set the JavaScript on websites you visit to trusted if you trust them.


This tool should be installed on every computer and every browser. It only takes a few minutes to learn. This is one of the best security tools you can use. 

   VIDEO GUIDE HERE   

NoScript on Wikipedia

NoScript at Mozilla       

NoScript
Very proactive. Will block all JavaScript until you explicitly white-list it.

Easy to learn. You can learn it in five minutes.

Extensive and constant configuration required.

Will constantly disrupt your web experience.

VIDEO GUIDE HERE   


Eternal vigilance is the price of liberty


We consider the above configurations to be just a starting point. Ultimately, a broader education of and adherence to security best practices is required. Simple steps to improve your security can go a long way. Whenever possible, bookmark the websites that you rely on (such as https://www.MyEtherWallet.com) and attempt to do most of your navigations to these websites through your bookmarks, rather than manually typing the addresses. If you want to take your browsing safety to the next level, consider learning about and implementing VPNs and various sand-boxing methods. Always keep your system, browsers, extensions, and tools up to date. As always, trust no one, not even us.