If you use a modern browser like Google Chrome, or the more privacy focused Brave Browser then you’ve probably heard of browser extensions before. Here are a few browser extensions internally mandated at Route 1337 LLC that can enhance your privacy and security with minimal risk of breaking the sites you use.
uBlock Origin
uBlock Origin
(not uBlock) is one of the most popular ad-blocking browser extensions out there. While we understand Ad-blocking can cost smaller sites and services needed revenue,
we have decided that blocking all ads is a better move than risking the growing threat of malvertising1.
Forbes famously served malicious ads to users after asking them to disable their adblockers2, which is a big part of why we decided to push forward with this extension.
Additionally, search engine ads are frequently used to get phishing sites at the top of the results page3 where you might click on them thinking they are a trustworthy site.
For these reasons we recommend an ad-blocker as your first line of defense in every browser you use.
The EFF’s Privacy Badger
Privacy Badger by The EFF
is a browser extension that takes a novel approach to protecting your privacy. It analyzes the pages you visit and attempts to figure out what services follow you across otherwise
unrelated sites. It then decides to block the ones that appear to be tracking you. While uBlock Origin might require some configuring, Privacy Badger is meant
to be more install and forget.
Consent Manager
Consent Manager is another privacy focused tool.
This extension attempts to automatically hide those tracking cookie banners and decline consent via omission. It’s fast enough that we never even see the banners. Not only is this a
nice user experience enhancement, but it lets you know when sites ignore your wishes and set the cookies anyway.
The caveat to this tool is that it doesn’t actively click reject buttons, so sites that (possibly illegally) assume silence equals consent, will still set the cookies.
In our experience we see a roughly estimated 30% of the sites we visit day to day complying with rejection by omission. This is still a decent security and UX improvement.
Suspicious Site Reporter
Finally we have Google’s own Suspicious Site Reporter, which serves a very important function in our opinion.
At some point major browsers decided that their default behavior is to now hide the full URL from the end user by default. In our opinion, and the opinion of many others4, this dumbing down of the browser UI is actually harmful.
Users were taught for years to look for things like https:// and the full URL to make sure they’re in the right place.
paypal.co is fake but less obviously so than http://paypal.co/paypal.com/securelogin.php
It’s been a debated topic but we’ve found in our own internal research, that a full URL is clearer to non-tech savvy friends and family than just the top level domain.
We don’t use this extension to actually report suspicious sites to Google, but having it installed in Chromium-based browsers reverts this behavior and properly shows
the full URL, including the protocol, subdomains, and path as we’ve all expected for years.
Final Thoughts and Disclaimer
These browser extensions are recommended based on the experiences of our staff, along with some informal internal research using friends and family.
Cyber security is an iterative process. Every tool you install, and every choice you make either increments or decrements your overall security posture.
Internally we mandate these extensions on all company owned computers via MDM. Externally we all voluntarily use them as good personal choices.
Browser extensions are not the be-all/end-all of web browsing security, and we still recommend vigilance and a suspicious eye be kept on the sites you visit.
We are not affiliated with any of the tools or projects recommended in this tutorial. While our expertise in cyber security informed our choices, we are making these recommendations as personal opinion with no implied warranty or liability.
We do offer consulting services if you need help deploying and managing these extensions and their configurations.