IntroductionPrivacy and security are becoming increasingly important topics. Though it's impossible to be 100% secure, there are measures that you can take, especially on Linux, to help defend your online privacy and security when browsing the web.
Firefox is probably your best option when selecting a browser for these purposes. Google Chrome cannot be trusted. It's owned by Google, a company known for data collection, and it's closed source. Chromium may be okay, but can't be guaranteed. Only Firefox has maintained a degree of commitment to user rights.
Firefox SettingsThere are some settings in Firefox that you can set to better protect your privacy. These are readily available and help to control the data that you share when you browse.
Health ReportThe first thing that you can set to limit the amount of data being sent is the Firefox health report. Sure, the data is just being sent to Mozilla, but it's still transmitting data.
Open up the Firefox menu and click on "Preferences." Go to the "Advanced" tab on the side and click "Data Choices." There you can disable any data reporting.
SearchBy default, newer versions of Firefox use Yahoo as their search engine. Some distributions configure them to use Google instead. Either way isn't ideal. Firefox does have the option to use DuckDuckGo as the default instead.
To enable DuckDuckGo, open up the Firefox menu and click on "Preferences." Head over to "Search" on the side menu. Then, use the "Default Search Engine" drop down menu to select DuckDuckGo.
Do Not TrackDo Not Track isn't perfect, but it does send a signal to sites telling them not to record your activity through analytics tools. Those sites may or may not comply, but it's still best to enable Do Not Track in case they do.
Open the Firefox menu again. Click on "Preferences" then "Privacy." At the top of the page there is a "Tracking" section. In the line that reads, "You can also manage your Do Not Track settings," click the link. A pop-up will appear with a checkbox allowing you to enable Do Not Track.
Disable PocketThere is no evidence that Pocket is doing anything nefarious, but it may be a good idea to disable it anyway, since it does link to a proprietary application.
Disabling Pocket isn't too difficult, but you have to be careful that Pocket is the only thing that you mess with. To get to the configuration that you need, type
about:configin Firefox's address bar.
The page will lode a table of settings. At the top of that table is a search bar. Search for "Pocket" there.
You will be taken to a new table containing the results. You are looking for a setting called, "extensions.pocket.enabled." When you find it, double click on it to switch it to "false." You can edit the other Pocket related settings there too. It's not necessary, though. Just be sure not to edit anything that's not directly related to the Pocket extension.
The most effective ways to protect your privacy and security in Firefox come from add-ons. Firefox has a massive add-on library, and many of those add-ons are free and open source software. The add-ons highlighted in this guide are among the best for securing your browser.
HTTPS EverywhereThe Electronic Frontier Foundation developed HTTPS Everywhere in response to the large number of sites not using SSL certificates and the tendency for many links to not use the
https://prefix and sending users to unsecured version of sites. HTTPS Everywhere ensures that if an encrypted version of a site exists, it is used.
HTTPS Everywhere is available for Firefox through the Firefox Add-on Search here
Privacy BadgerThe Electronic Frontier Foundation is also behind Privacy Badger. Privacy Badger aims to pick up where Do Not Track leaves off by blocking unwanted tracking from websites. It is also available through the Firefox Add-on repository here
Ublock OriginNow for one of the more commonly privacy add-ons, ad blocking. In this case, the ad-blocker of choice is uBlock Origin. uBlock Origin is a lighter weight ad blocker that doesn't make exceptions when it comes to which ads it blocks. uBlock Origin will generally block any ad, especially the more invasive ones. You can find uBlock Origin here
NoScript is a available through the Firefox add-on repository
https://addons.mozilla.org/en-US/firefox/addon/noscript/. If the page says that it is unsupported on your version of Firefox, click "Download Anyway." It's been tested and is working with Firefox 51.
DisconnectDisconnect does much the same thing as Privacy Badger. It just provides yet another barrier of protection. You can find it in the add-on repository
https://addons.mozilla.org/en-US/firefox/addon/disconnect/. If the page says that your version of Firefox isn't supported, click "Download Anyway." It has been tested and is working with Firefox 51.
Random Agent SpooferThe Random Agent Spoofer can change the browser signature of Firefox to make it appear as though it is virtually any other browser on any other platform. Though it has many other applications, it also guards against browser fingerprinting.
Browser Fingerprinting is yet another way that sites can track users based on the browser and operating system they are using. Browser fingerprinting affects Linux users and users of other "alternative" operating systems more than Windows users because their browser signatures are more unique.
You can add the Random Agent Spoofer through the Firefox add-on repository
https://addons.mozilla.org/en-us/firefox/addon/random-agent-spoofer/. Like some of the others, the page may say that it isn't compatible with the newest versions of Firefox, and again, that wouldn't be true.
You can use the Random Agent Spoofer by clicking its icon on the Firefox menu bar. A drop down will appear with different browser options to emulate. One of the better options is to select "Random Desktop" and a random interval to change. This way, there is absolutely no pattern to track. It also ensures that you only get the desktop versions of sites.
Private DNSAvoid the use of Public or ISP DNS servers! Even though you configure your browser to the absolute privacy standard, your DNS query against public DNS server reveals all domains you have visited. Services such as Google Public DNS ( IP's: 220.127.116.11, 18.104.22.168 ) will log your IP address, information about your ISP and geolocation. This information may be shared as part of any legal processes and enforceable governmental requests.
What information does Google log when I use the Google Public DNS service?From this reason, if possible configure and use your private non-forwarding DNS server. Nowadays, this task may be as trivial as a deployment of some preconfigured DNS server Docker container on your local host. For example, given that the docker service is already installed on your system, the below command will deploy your private local DNS server:
# docker run -d --name bind9 -p 53:53/udp -p 53:53 fike/bind9DNS server is now up and running:
# dig @localhost google.com ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @localhost google.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51110 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 242 IN A 22.214.171.124Now, set your nameserver within
Closing ThoughtsNo security or privacy solution is perfect. The steps in this guide are definitely an improvement, though. If you are really serious about privacy, the Tor Browser
https://www.torproject.org/projects/torbrowser.html.enis a better option. Tor is a bit overkill for daily use, but it actually does employ some of the same measures outlined in this guide.