Friday, January 5, 2018

Some Web Browser Security & Privacy Related Measures

Stealing Personal Information via Automatic Form Filling

Countermeasures.
 
1. disable brouser login autofill. For Firefox and Palemoon:
enter in the address bar about:config 
set the variable signon.autofillForms to false.

2. install ad blockers or tracking protection extensions to prevent tracking by invasive third-party scripts. The domains used to serve the two scripts (behavioralengine.com and audienceinsights.net) are blocked by the EasyPrivacy blocklist.

3. install the NoScript add-on.


Link:
Web trackers exploit browser login managers
 


dom.event.clipboardevents.enabled

dom.event.clipboardevents.enabled lets websites get notifications if the user copies, pastes, or cuts something from a web page, and it lets them know which part of the page had been selected. The emitting of the oncopy, oncut and onpaste events are controlled by this preference.

Type : boolean
Default value : true

true (default)
The oncopy, oncut and onpaste events are enabled for web content.
false
The oncopy, oncut and onpaste events are disabled for web content.


Third Party Cookies. Firefox and Pale Moon Settings: 

Under the "Privacy" tab, complete the following steps:
Select "Use custom settings for history"
Deselect "Remember search and form history"
Set "Accept third-party cookies" to Never
Set cookie storage to "Keep until I close Firefox"

Additionally, under the "Security" tab:
Verify that "Warn me when sites try to install add-ons", "Block reported attack sites" and "Block reported web forgeries" are all selected.
Deselect "Remember passwords for sites".


Web Push notifications

These allow Firefox to deliver on-screen notifications from websites, even when those sites aren’t loaded. Web push notifications keep a connection to the site in the background so you can get notifications even after the last tab for the site is closed. Regular notifications end when you close the last tab for a site.

There are two different preferences for notifications, a master switch, and one which is specific to background (web push) notifications that can appear after you leave the site which sends them.

Perhaps you would prefer to turn off notifications:
(1) In a new tab, type or paste about:config in the address bar and press Enter.
(2) In the search box above the list, type webno and wait while the list is filtered
(3) To disable PUSH NOTIFICATIONS, double-click the dom.webnotifications.serviceworker.enabled preference to switch its value from true to false
(sites can still generate desktop notifications while you have a tab open to the site)
(4) To disable ALL NOTIFICATIONS, double-click the dom.webnotifications.enabled preference to switch its value from true to false
(this is a master switch, you won't get any desktop notifications from sites)



Google Chrome security: site isolation feature


When you turn on site isolation, Chrome offers more security protections for your browser.
Chrome will load each website in its own process. So, even if a site bypasses the same-origin policy, the extra security will help stop the site from stealing your data from another website. 

  1. On your computer, open Chrome.
  2. In the address bar at the top, enter chrome://flags/#enable-site-per-process and press Enter.
  3. Next to "Strict site isolation," click Enable.
  4. Click Relaunch now.