Stop Browser Leaks

avoid non https websites, minimize plugin use

avoid browser fingerprinting, turn off "autofill"

Updated: September 23, 2019
By: RSH Web Editorial Staff
Browser Leaks

There’s a lot you can do to browse the web anonymously and avoid being tracked. But no matter what you may have done or set up the browser can still leak personal information that could then be exploited by attackers for their gains. Here is how your Browser might be compromising your privacy and what you can do about it

Avoid Websites without the HTTPS protocol

Websites with just “HTTP” prefix means anything you do there is unencrypted. This will include what you type as well as links you click on. While this may not be a big concern for public sites where you are simply Surfing for information, it could be a concern on any site where you are entering personal information such as login, passwordsor any other information you would not want hackers to see. We have seen some websites include the https prefix on their "Home" page, then default to the unencrypted “http” on their other pages. Would you like to give your password or input payment details at that site? A recent update to Chrome now flags sites as Secure if they are fully encrypted or Not. The alert appears on the left of the URL box, and it flags sites whose encryption is faulty

Check that page URLs are prefixed with “https” before entering any log-in or payment information. Download the HTTPS Everywhere extension for Firefox, Chrome and Opera, which automatically encrypts your browser’s communications with major websites if it finds faulty HTTPS links

Minimize plugin use and extensions

The web is full of small apps known as pluggins designed to give your browser added features. These include extensions such as Adobe Flash and Java which allow your browser to play animated content. Unfortunately these apps can be riddled with vulnerabilities that hackers may have exploit to grab your personal info. Simply having plug-ins and extensions installed makes your browser vulnerable to attacks. Check your browser settings to see what plug-ins and extensions you have downloaded, and disable those you infrequently or never use. You might consider disabling the big three, Microsoft Silverlight, Adobe Flash and Java. Many sites no longer use these plug-ins to play video. Netflix has dropped Silverlight, and YouTube doesn’t use Flash. If you receive too many messages that you need to run these plug-ins, invest in a script-blocker extension such as NoScript (Firefox) or ScriptSafe (Chrome). These stop all Flash and Java by default, with options to build a whitelist of trusted sites that need these plug-ins

Avoid Browser Fingerprinting

Browser fingerprinting is a powerful method that websites use to collect information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution and various other active settings. They say so they are able to load the web pages correctly. Plugins like Adobe Flash and Java also happen to relay a lot more information, including the hardware you’ve installed, the plug-ins installed and, most tellingly, the exact lineup of fonts you have on your computer. This list combines to make a “fingerprint” that’s overwhelmingly unique to your browser, making it highly trackable even if you’ve disabled trackers AND turned off "cookies". You can test your Browser at Panopticlick, A browser tester set up by the Electronic Frontier Foundation. The site will tell you how unique your fingerprint is and provide all the details. There is not much you can do about browser fingerprinting. Chameleon (Firefox) and Random User Agent (Chrome) have decent reviews at their respective app stores

Stop Phishing Attacks on Browser Autofill

Your browser’s autofill function exists to make it easier to fill in forms that ask for the same information, name, address, date of birth.... The convenience of saving such information can out weigh the concerns over the security of a Browser. Be warned that Browsers have been tricked into revealing saved personal information without the user realizing it. This phishing attack has happened with hidden text boxes coded into a malicious site, alongside a couple of visible requests for common information like your name and email address. When you type in the info, the autofill feature ends up adding other information saved to the browser autofill, which could include enough details to enable credit card fraud
What is Phishing

Avoid typing in any personal information on websites you’re not sure about. NEVER keep credit card information saved in your Browser And better still just turn off the autofill feature entirely

Here is how with the most common browsers

Firefox
Go to > Options > Privacy & Security > Forms & Passwords. Click in the box to remove the check mark

Chrome
Go to > Preferences > Show advanced settings > Passwords and forms. Here, you can manage what information is saved to auto-fill and un check “Enable Autofill to fill out web forms in a single click.”

Microsoft Edge
Go to > Settings > Advanced Settings > Autofill settings. You can enable or disable the browser from automatically filling out passwords

Safari
Go to > Preferences > AutoFill. Manage what information is autofilled and delete or edit what’s saved

Opera
Go to > Settings > Privacy & security > Autofill. Manage what information is autofilled and delete or edit what’s saved

Chromium
Go to > Customize > Settings > Advanced > click the arrow in the Autofill settings box

Vivaldi
Go to > Settings > Security > Disable it


Other Websites of interest

More information these Websites can show about us

Device Info
Device Info is a web browser security testing, privacy testing, and troubleshooting tool

http://ipleak.net/
An excellent site to test your browser leaks, also to test your VPN, if your real IP address is shown, then you have a problem with your VPN

Using a VPN While Traveling

PRISM Break
Opt out of PRISM, the NSA’s global data surveillance program. Stop the American government from spying on you by encrypting your communications and ending your reliance

privacytools.io
You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides knowledge and tools to

Riseup
Riseup is an organization which provides online communication tools for people and groups working

Panopticlick
Panopticlick is a web page provided by the Electronic Frontier Foundation. It tests the amount of personally-identifying data your web browser gives away to websites and

That One Privacy Site
A neutral and comprehensive analysis and reviews of the benefits and drawbacks of commercial VPN and email services, with a particular focus on security, privacy, ethics

DNS leak test
DNSleaktest.com offers a simple test to determine if you DNS requests are being leaked which may represent a critical privacy threat. The test takes only a few seconds

What every Browser knows about you
This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission

Privacy Heroes
We're an alliance of privacy-focused online services on a mission to defend Internet users from surveillance, hacking, and censorship

Webbkoll
This tool helps you check what data-protecting measures a site has taken to help you exercise control over your privacy

Device Info
Device Info is a web browser security testing, privacy testing, and troubleshooting tool

Other detection tools from BrowserLeaks.com
WebRTC Leak Test Local/NAT/Public IP Address discovery using JavaScript
Font Fingerprinting Font metric-based fingerprinting using JavaScript and Flash fonts detection
SSL/TLS Client Test Shows brief information about your HTTPS connection
ClientRects Fingerprinting Displays the exact pixel position and size of the rectangle of a drawn HTML elements
CSS Media Queries Pure-CSS Media Queries Test Suite
Social Media Login Detection Cross-origin login detection for most major social networks
Firefox Resources Reader Firefox "resource URI" fingerprinting, platform and locale detection
Do Not Track Detects DNT support in your web browser


Tweet  Share  Pin  Tumble  Email


 

1997 -   |  RSH Web Services  |  All Rights Reserved.