Add-ons to control scripts used by your browser

[LSW]

You may have seen my two recent posts about Cyber Threats, Bad Rabbit and CoinHive. In the first I said top block all Flash, in the second block all JavaScript.

Flash: As many of you know this is dying out and has always been a major security vulnerability. As it is dying out you can usually block it without much issue.

JavaScript (JS): I have always preached against JS, before because it was not always supported like with early cell phones and because people like me often turned it off and web site readers could have issues with it. But face it, web sites still use it and it has grown rather than diminished in popularity. You cannot reasonably block it without breaking many sites you go to. So, what to do?

Eventually I will post a tools thread, but this is important enough for its own thread. In the CoinHive story I pointed out that more and more sites are placing JS on their sites that mine cryptocurrency like Bitcoin using YOUR CPU, but WITHOUT your knowledge, WITHOUT your permission, and WITHOUT sharing the profits with you (.05 Bitcoin I about $285 as of this writing).

NoScript: This is the quickest and easiest thing to use. It is a Firefox Plugin you can get from Mozilla. It by default, blocks everything. Once installed most web sites will be broken. It takes patience, but as you visit sites, you will need to give permissions for the sites. You can allow the base website permanently. Same goes for some other clear needs. The rest, you can leave them blocked, or allow them temporarily to see what are required for the site to work and which ones are just fluff or downright invasive. Don’t need it? Don’t allow it. Don’t allow Facebook, don’t allow Google analytics, these are tracking you and are not needed to use the sites. It also blocks Java (many vulnerabilities), Flash (massive vulnerabilities), and some other hazardous things you may not know about.

uBlock Origin: This name exactly! uBlock is a different software! uBlock Origin is another Firefox plugin. It does much the same as NoScript and much much more. It is theoretically the better of the two if you have serious issues with your privacy/security. It also has a bit of a learning curve. I intend to use it but have yet to find the time to really sit down and learn how to use it correctly. NoScript is fine for most of you, but if you want more control over what happens in your browser or your paranoid, put the time in to really understand uBlock Origin so you can set it up correctly. There are videos on YouTube on how to use it, so check it out first. It can also replace add blockers.

uMatrix: uBlock Origin’s big beefy brother. It is almost identical, but offers the ultimate control over what happens in your browser. It can also replace add blockers. This should be held in reserve until you are well versed and comfortable with uBlock Origin. It is only for advanced techno types.

Remember, these will be a pain in your but to begin with and you will want to just get rid of them… do not do that. These can protect your privacy while surfing. Google Analytics tracks you to decide your interests and then make money off your habits by using targeted adds. Yea the data is nifty for web site owners… but it is bad for us users.

Go ahead and install Noscript/Ublock Origin and visit a few sites and see what pops up for scripts:

• Killersites Forum: Killersites and Google Analytics
• Forbes.com: Initially you will get a white page as all is blocked. Now go to the tool and look, you will see Forbes & ForbesImg (Forbes Image Server), so approve both of them. Now look again after a refresh, the list has grown to about 25 scripts trying to run/connect and you normally would have no idea. Even having an idea they are there, do you know what they do, what data about you they handle and why they need it?
• Hulu: Hulu has 23 scripts, but my films work fine with only 10 approved.

I often listen to Keith Olberman on GQ’s web site. It took me at least 20 min. to get the video collection page working correctly and playing the video. I had to grant temporary permissions to each one until something worked and then make that permanent and try again with the next. It can take a lot of time and energy. But once done, you can surf in more privacy than you did before.

Some of these or those like them ar available for Chrome. But Chrome is developed by the folks tracking you for a profit so there are fewer. If you want privacy, use Firefox.