Bottle up your bits and bytes when you browse the web
A few weeks ago, I was up early, gleefully pounding away at the keyboard, finally making headway on a piece of work that had plagued me. Then my 2-year old Macbook popped up an error message I’d never seen before. I’m like GO AWAY PLS I’M CURRENTLY KILLING IT and closed it. Then another one popped up. I paused, took a screenshot. Another popped up, and I panicked, grabbed my phone, and googled what to do.
That’s right, I had to google it, too.
Long story short, I nuked my computer. I couldn’t let some no-rent-paying hanger-on virus get to the sensitive data - on my machine, in my cloud accounts, communicated via various programs - that *isn’t mine.* Like wearing a mask, I committed to a duty of care to the people I was surrounded by.
As I was rebuilding the computer that day, I reconsidered how to secure my browsers. Security Positive regularly hardens devices for activists (hello deals from the Apple Store!). But our guides support the most vulnerable and targeted, and I didn't think I needed to configure my stuff to such an extreme.
Then I scream-read TechCrunch’s reporting on an Oracle subsidiary, BlueKai, that was not only collecting billions of pieces of data on every internet user that ever existed, but was apparently not concerned with stewarding that data, spilling it like a giant glass of milk all over the internet.
Savvy marketers have realized that by adding website cookies and other tracking tech to follow you around the web, companies like BlueKai can gather much more than your language, location, connecting those basic pieces to more nuanced ones, like what websites you look at and for how long, and even which emails you open. They gather “this vast amount of tracking data to infer as much about you as possible — your income, education, political views, and interests — to target you with ads that should match your apparent tastes.”
For most of us, it's just gross that a handful of people are making a ton of money off our unpaid labor. But for some folks, it's life threatening. Quite negligently, BlueKai’s super-comprehensive database was revealing home addresses, email addresses and other identifiable data in connection to users’ web browsing activity — from purchases to newsletter unsubscribes — for sensitive users and in pretty sensitive places in the world.
You don't need to give them any more of your data for free. Evict that tracking crap by 1) choosing a better browser and 2) adding a handful of tools to curtail the tracking.
We use Mozilla’s Firefox browser as our first choice, as it’s regularly updated, allows for third-party privacy (and other) extensions, and Mozilla has a long and good reputation as a tech builder and provider, unlike the big companies. As a back-up we use (with caveats):
Google Chrome, which is sleek and regularly updated, but you need to turn sync off and watch that the browser doesn’t log you in when you log into your Gmail, as Google doesn't deserve a click more from you, and
Our three must-have browser extensions are:
HTTPS Everywhere: this tool connects you to the HTTPS version of a website. As you know, the “S” means secure, a shorthand for your visiting a site through an encrypted connection, so any information exchanged cannot be seen by outsiders. You’ll also never notice that it’s there.
NoScript: this extension is amazing. It blocks everything that’s not running from a trusted site, which will mean you have to adjust the settings for each tab, but you can rest assured that that powerful little extension is keeping everyone on their best behavior.
Runner up: Web of Trust. This little pal rates websites with a red, yellow, or green (or gray, if no rating) so you can avoid dangerous links and websites, and therefore scams, malware, and phishing. It draws on millions of user ratings to let you know what you can trust before you visit. If you get a warning and still want to see a website, use a tool like PDFmyURL to screenshot and download it without ever having to visit.
If you want to see more options for your browsers, or for your Apple devices, see our guides:
>>> iPhone hardening checklist -->
>>> Macbook hardening checklist -->