Best Internet and Computer Security Practices and Suggestions
- 14 minutes read - 2945 wordsLast updated 26 May 2024
This particular idea has been knocking around in my head for awhile now. Let me first say that I am not a qualified security or IT professional, nor a security researcher. I’ve just been using computers for a hell of a long time, and spent a lot of time on the Internet (I’ve been online in some form or another since I was 9 years old, starting with the DOS AOL client [!]).
I used Windows for way longer than I would have preferred, and didn’t follow the greatest security practices on there; it was a learning curve. I spent a lot of time on keygen and crack sites that were really rather dangerous and virus-ridden back in the day (Astalavista, anyone?). Now I love running Linux because everything’s free, and honestly, security through obscurity for the most part. I’m pretty careful these days, though, both on my laptop and on my phone.
One caveat: I use pretty much exclusively Linux and Android these days, and Windows only on my work computer, so this is pretty heavily Linux-based. However, I’ll be writing about browser and Internet security in particular, and that’s fairly OS-agnostic. If you have Windows suggestions, great! My spouse runs Windows on their laptop, mostly to be able to play subscription-based Web games that won’t really work on Linux (I set them up with Linux Mint for awhile on an older laptop).
I do have a few Windows suggestions, though, from back in the day that still mostly hold true, so I’ll mention those up front. I am not as well-versed in Windows, though, as Linux, so YMMV with these suggestions.
Software to stay safe on Windows
Windows Defender
I don’t normally recommend Microsoft products, at all, but Windows Defender isn’t half bad. Let it run scheduled scans, whatever, and you’ll largely be fine with it, as far as I can tell. It’s updated often and takes care of most things. I don’t really know much else in the Windows ecosystem these days.
ClamWin
ClamWin is a nice Windows port of the popular cross-platform ClamAV virus scanner. Keep in mind that this does not scan files on-access, and only works via manual scanning. There was previously a great free program called ImmuNet which did have auto-scanning and worked using the ClamAV engine, but it has since been discontinued.
What browser should I use?
Now, this next part really depends on what browser you use. I’ll start by recommending my favorite browsers, but most people will have their preferences already dialed in. Here’s just my personal favorites.
Firefox (& variants)
Firefox has been around for a long time. IIRC, it first came out in the early 2000s, maybe 2002 or 2003? Anyway, a long time. And it’s only gotten better over the years, with a focus lately on security, privacy, and stability.
I’m sure you’ll do just fine overall with vanilla Firefox. It’s tried-and-true and gets the job done. I’m not sure if this is still true, but Firefox has some telemetry (i.e., sending data back to Mozilla) that is opt-out, rather than opt-in. This looks like a useful guide to hardening your Firefox experience.
However, if you’d like to avoid that built-in telemetry and have even more of a focus on privacy, I’d highly recommend one of Firefox’s many forks. I personally use LibreWolf, which is a really nice fork of Firefox that prioritizes privacy and limiting, if not eliminating, tracking, not only by Mozilla, but also, more importantly, by others. It has a bit of a learning curve to install, and it mostly focuses on Linux support, but otherwise it behaves just like the Firefox you know and love.
If you’re looking for a hardened Firefox flavor on Android, I highly recommend Mull. It is a fork of Firefox for Android and really quite nice. Really recommend installing uBlock Origin on here as well, it will make your browsing life a lot better on mobile as well.
Google Chrome (& Chromium variants)
I can’t say I’d recommend Chrome these days, not with the amount of tracking and data-Hoovering Google loves to do to each and every one of us. I used to be hugely into Chrome, and actually compiling Chromium, the open-source basis for Chrome, routinely from source myself. Chromium is available in package form on most OSes, particularly Linux distributions, and that’s the only one I’d recommend on laptops.
I have to use Chrome for work, and Google suite in general, which I’m not thrilled about, but oh well, whatcha gonna do? But I don’t use vanilla Chrome in my personal life. Chromium, though, is a backup if LibreWolf has issues with any websites.
Otter Browser
Otter Browser, per their own description, “aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5.” I remember using Opera back in the day, mostly on Windows, and remember it being a nice experience. They provide some links to unofficial packages, but recommend compiling from source for the best experience. So I can’t say that this is necessarily the easiest option for more casual users, but it is a nice little browser. I haven’t explored it all that much, but have enjoyed using it a bit so far.
If you happen to be on Debian, Ubuntu, or a derivative of either, they do provide a Debian packaging recipe which is extremely helpful. It doesn’t work “out of the box,” but will work just fine with a few tweaks:
- Clone the git repository located here into whatever directory you prefer
- Install whatever build dependencies are needed (per README.md)
- Copy packaging/debian/* to the root of the git source directory
- Do the CMake build steps found in README.md (except for the
makesteps; we’ll get to that in a sec) - Call
dpkg-buildpackagefrom the root of the git source directory- I use
dpkg-buildpackage -uc -bto create a simple .deb package
- I use
Let it build and do its thing, and you should (fingers crossed) have a working Otter Browser .deb package. I just ran through these steps right now and the package built just fine!
If you have other browser suggestions, let me know. I used to use Vivaldi, which is based on Chrome, and used Brave for a bit on Android, but they’re not my style. YMMV.
I’ve picked a browser. How do I secure it?
Glad you asked! Again, this is the largely OS-agnostic part, dependent mostly upon the browser you use. Since Firefox and Chrome-based browsers are what most people use, I’ll focus on steps you can take to harden your browser, or make it more secure against malware and attacks from webpages and others.
Nothing is 100%, of course, but I hope these tips are helpful. They’ve made my browsing experience much better overall.
The extensions I’ll mention below are available, as far as I know, both on Firefox and Chrome-based browsers.
Ad-blocking and other extensions
uBlock Origin
uBlock Origin is the gold standard in ad- and malware-blocking, however, for your browser. It can be as granular or as broad as you want. The wiki has a ton of information if you want to dig in, but it also tells you how to use “easy mode” which should block just about anything you need blocked.
NoScript (Firefox | Chrome)
NoScript lets you block individual elements of a website, based on the elements loaded from various sites. For example, you can block Google Analytics, which has trackers everywhere, or DoubleClick, which is now owned by Google. You aren’t missing anything by blocking those.
Keep in mind that it’ll take a little while to figure out your protection, since you’ll be allowing certain sites and blocking others. Once you’ve set that up for each site you visit, though, you shouldn’t really have to tweak it.
(N.B.: I used to use NoScript & uBlock Origin together; I do not consider this necessary any more, and just use uBlock Origin personally. Do whatever makes you happy!)
ClearURLs
Have you ever noticed the utm_source, utm_medium, utm_campaigns, and other such tags after the ? in a URL? Well, bad news: those are tracking terms and identifiers that will pass along data to advertisers and the websites you’re visiting. They’re a pain to get rid of, especially on phone browsers.
However, on your computer/laptop browser, there’s an extension that will strip them from URLs you visit, and it’s called ClearURLs. Highly recommend using this one!!
LibRedirect
Do you want to wean yourself off of Google services? Corporate social media? Or maybe you still want to use them, but you want to avoid the worst parts of the tracking that came along with them. LibRedirect rewrites YouTube, Twitter, Instagram, Reddit, Google Maps, and even Google searches to open and free alternatives (Invidious, Nitter, Bibliogram, libreddit, OpenStreetMap, and DuckDuckGo/other non-Google searches, respectively). You can tweak the hell out of it and redirect all, some, or none of these services. It’s wonderful.
I used to use an addon called Privacy Redirect, but as far as I can tell, it is no longer maintained, so this is a good replacement.
LocalCDN
I can’t entirely figure out what this is for. It “emulates Content Delivery Networks to improve your online privacy.” If you spend enough time tweaking NoScript or uBlock Origin, you’ll see a lot of elements in a webpage loading that have “cdn” in their URLs. Basically, these sites are relays through which resources on a page load, and often they are injected with tracking and other nastiness. LocalCDN aims to avoid those CDNs and source those elements in other ways.
Like I said, I’m not 100% sure how it works, but it helps improve privacy as well. Check out their FAQ for a little more information.
I’ve hardened my browser. Now what?
We’re not quite done with the browser. I personally think DNS-over-HTTPS (DoH) is worthwhile to enable in your browser. There are a number of DoH providers out there, but I prefer AdGuard, which is free.
Speaking of that, AdGuard DNS is really great. DNS, or Domain Name Service, is what translates those numerical IPs into alphanumeric hostnames and vice versa. Basically, so you can go to https://www.google.com/ instead of whatever its IP address is, since the words are a lot easier to remember.
AdGuard DNS has built-in adblocking, so you can avoid even more ads by using it. They also provide apps for various systems, but I just tend to use their DNS, if anything.
How do you set it up, you ask? Apparently AdGuard has clients for Windows, Mac, and Android. But you can also set it up in your connection settings so you’re using AdGuard’s DNS servers. They provide instructions for whatever OS you’re using (I use Debian), so check out this page.
The link I just mentioned also tells how to set up DoH through AdGuard. DoH is fairly easy to set up in Firefox, and even in Chrome (though it’s a bit harder in the latter), and AdGuard’s site will tell you what URLs to use – check out the “DNS Privacy” section.
You can even set up AdGuard as your DNS servers in your router, enabling it for every computer on your network! As far as I know, there are instructions listed on the AdGuard DNS page for that also.
I highly recommend NetGuard if you want to block ads directly at the DNS level, in addition to any of the measures above. It is an Android app that routes all Internet traffic through an Android VPN, which allows it to block or allow whatever connections you want. A previous version of this post mentioned that development stopped on the app, but that is no longer the case, and it is fairly actively maintained. The author asks that you make a one-time donation for “pro” features, and I highly recommend it; I purchased the pro features awhile back and I use it on both my phone and tablet. The pro features allow more granular control, such as filtering internet access requests (please see the website for more info). I previously recommended the app Blokada, which became more and more unwieldy and almost required a subscription to be of any use at all. I would much rather use NetGuard, which can even be downloaded through the F-Droid Android app store (focusing on free and open source apps), than something like Blokada.
There are other software packages out there like NetGuard, but it has been my favorite after trying many others.
Speaking of VPNs, I have been using Mullvad VPN for close to a year now, and absolutely love it. Great clients for Win, OSX, iOS, Linux, and Android all available. I previously had a “lifetime” VPN subscription that really wasn’t that good (unmaintained client, spotty servers), and decided to switch to Mullvad. It’s €5/month flat rate, and you can pay for as little as a month or as long as a year (maybe longer?). Basically, you have an account number that you can top up with credit, and then can use the VPN through that account number on up to 5 devices at a time. Alongside OpenVPN support, it also offers WireGuard VPN support, one of the newer VPN technologies out there. They declare they do not keep any logs and their customers’ privacy is their primary concern, so I feel good about using their service. I pretty much always use it on my laptop these days; the client also optionally allows you to block ads, trackers, malware, and other unwanted content.
I was using Mullvad pretty much all the time on the phone, but now I’m mostly just using it when on public wifi, and NetGuard otherwise to keep ads blocked on the phone. I know everyone is hawking VPNs these days – and honestly, not sponsored, never sponsored – but I have been very happy with theirs. VPNs are a dime a dozen now, with many advertised nonstop by YouTubers &c., but I think Mullvad is the real deal, and also have friends who swear by it. So if you’re interested in a VPN, you could do far, far worse.
More general best security practices
A password manager
We all have so many passwords to remember these days. I used to basically use the same password on almost every site, with only a few variations (yikes!). Many say that your passwords should be fairly long; some say you should set it to a mnemonic phrase of words you can easily remember. Everyone’s got a slightly-different philosophy on it.
Personally, I like being able to generate very random 30+ character passwords and save them in an encrypted vault.
That’s why I really love Bitwarden. It’s free and open-source, although they do have some paid perks if you’re so inclined. You can set up an account on their site (perfectly fine), but if you want to take it to the next level, you can self-host Bitwarden on your own server. I run Bitwarden as an app through YunoHost, a software suite that runs on top of Debian server, and it’s very nice. The YunoHost variant is called Vaultwarden and is written in Rust.
Bitwarden has Firefox and Chrome extensions, and even a great Android app, so I can use it on all my devices (well, laptop and phone!), but it also has a great web interface.
I am sure there are plenty of other good password managers out there, but I’m a huge fan of Bitwarden.
Bottom line: start using a password manager and secure all of your online accounts with stronger passwords.
Two-Factor Authentication (aka 2FA)
Have you ever logged into a website and they ask to send you an email or a text to confirm it’s really you? Well, that is a very common form of two-factor authentication – where you not only need to provide a password, but also another layer of authentication (the second factor), in order to prove you’re you. Which is a good thing.
However, text messages (and even emails) can be intercepted or tampered with in transit. It’s not super likely or super common, but it does happen. I’ve heard of people’s SIM cards being cloned or stolen, and then they’re able to receive SMS texts with authentication codes and then log into someone’s account. Not great.
A more secure way to do two-factor authentication (or for short, 2FA), is via a client which receives authentication codes, or “one-time pads,” which expire after a certain amount of time and are then regenerated perpetually. Google has been doing this for quite a while with Google Authenticator, but plenty of other organizations created their own 2FA implementations.
My favorite is Aegis Authenticator. Not only can you password-protect (and encrypt) the vault of websites you’re generating codes for, but you can securely back up, export, and even import lists of code providers. There are others that are great, I’m sure, but I really enjoy Aegis. It’s for Android, though, so if you use iOS, I’m sure there is something comparable.
I also have to use 2FA for my work, and unfortunately I need to do so on my personal phone. As a result, to “firewall” things and keep work stuff completely separate from personal, I grabbed another 2FA app, Authenticator Pro, which has worked very well. The link has links both to Google Play and the IzzyOnDroid F-Droid repository (I prefer the latter, of course).
Epilegomena
I’m happy to hear your suggestions for things to add (or remove, even!) from this list, so please do. I’m pretty well-covered myself, though, with this particular suite, but I am sure other suggestions would help others!
Thanks for reading!