Skip to content

Web Browsing Security Checklist

Intro

Most websites on the internet will use some form of tracking, often to gain insight into their users behaviour and preferences. This data can be incredibly detailed, and so is extremely valuable to corporations, governments, and intellectual property thieves. Data breaches and leaks are common, and deanonymizing users web activity is often a trivial task.

This section outlines the steps you can take, to be better protected from threats, minimise online tracking and improve privacy.

Checklist

Critical or Essenital Activities

  • Block Ads
    Priority: Essential
    Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement. uBlock Origin is a very efficient and open source browser addon, developed by Raymond Hill. When 3rd-party ads are displayed on a webpage, they have the ability to track you, gathering personal information about you and your habits, which can then be sold, or used to show you more targeted ads, and some ads are plain malicious or fake. Blocking ads also makes pages load faster, uses less data and provides a less cluttered experience.

  • Use a Privacy-Respecting Browser
    Priority: Essential
    Use a privacy-respecting browser. Some good options:

    See more: Privacy Browsers.

  • Remove Unnecessary Browser Addons
    Priority: Essential
    Extensions are able to see, log or modify anything you do in the browser, and some innocent-looking browser apps have malicious intentions. Only install extensions you really need, and remove those which you haven't used in a while.

  • Keep Browser Up-to-date
    Priority: Essential
    Browser vulnerabilities are constantly being discovered and patched, so it's important to keep it up to date. You can see which browser version you're using here, or follow this guide for instructions on how to update. Some browsers will auto-update to the latest stable version.

  • Check for HTTPS
    Priority: Essential
    If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore be read by anyone who intercepts it.

  • Multi-Session Containers
    Priority: Essential
    Compartmentalisation is really important to keep different aspects of your browsing separate. For example, using different profiles for work, general browsing, social media, and online shopping will reduce the number of associations that data brokers can link back to you. One option is to use Firefox Containers which is designed exactly for this purpose. Alternatively, you could use different browsers for different tasks (Brave, Firefox, Tor etc).

  • Use Incognito
    Priority: Essential
    When using someone else's machine, ensure that you're in a private/incognito session. This will prevent browser history, cookies and some data being saved, but is not fool-proof — you can still be tracked.

  • Manage Cookies
    Priority: Essential
    Clearing cookies regularly is one step you can take to help reduce websites from tracking you. Cookies may also store your session token, which if captured, would allow someone to access your accounts without credentials. To mitigate this you should clear cookies often.

  • Block Third-Party Trackers
    Priority: Essential
    Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in the background. Privacy Badger, DuckDuckGo Privacy Essentials, and uBlock Origin are all very effective, open source tracker-blockers available for all major browsers.

Basic Activities

  • Watch out for Browser Malware
    Priority: Basic
    Your system or browser can be compromised by spyware, miners, browser hijackers, malicious redirects, adware etc. You can usually stay protected by: ignoring pop-ups, being wary of what you're clicking, and not proceeding to a website if your browser warns you it may be malicious. Common signs of browser malware include: default search engine or homepage has been modified, unfamiliar toolbars or extensions, significantly more ads, and pages loading much slower than usual.

  • Ensure Website is Legitimate
    Priority: Basic
    When logging into any online accounts, double check the URL is correct. Storing commonly visited sites in your bookmarks is a good way to ensure the URL is easy to find. When visiting new websites, look for common signs that it could be unsafe: browser warnings, redirects, on-site spam and pop-ups. You can also check a website using a tool such as

  • Do Not Sign Into Your Browser
    Priority: Basic
    Many browsers allow you to sign in to sync history, bookmarks and other browsing data across devices. However, this not only allows for further data collection, but also increases attack surface by providing another avenue for a malicious actor to access personal information.

Optional Activities

  • Beware of Redirects
    Priority: Optional
    While some redirects are harmless, unvalidated redirects are used in phishing attacks to make a malicious link seem legitimate. If you are unsure about a redirect URL, you can check where it forwards to with a tool like RedirectDetective.

  • Disable Automatic Downloads
    Priority: Optional
    Drive-by downloads are a common method of getting harmful files onto a user's device. This can be mitigated by disabling auto file downloads, and being cautious of websites which prompt you to download files unexpectedly.

  • Disallow Access to Sensors
    Priority: Optional
    Mobile websites can tap into your device sensors without asking. If you grant these permissions to your browser once, then all websites are able to use these capabilities without further permission or notification.

  • Disallow Location
    Priority: Optional
    Location Services lets sites ask for your physical location. This should be disabled in browser settings. Note that there are still other methods of determining your approximate location.

  • Disallow Camera/Microphone Access
    Priority: Optional
    Check browser settings to ensure that no websites are granted access to your webcam or microphone. It may also be beneficial to use physical protection such as a webcam cover and microphone blocker.

  • Disable Browser Password Saves
    Priority: Optional
    Do not allow your browser to store usernames and passwords, as these can be easily viewed or accessed. Use a dedicated password manager instead.

  • Disable Browser Autofill
    Priority: Optional
    Turn off autofill for any confidential or personal details. This feature can be harmful if your browser is compromised in any way. Instead, consider using your password manager's Notes feature.