How I browse the web

Previously on this blog, I wrote about why I routinely block execution of JavaScript. I think it opened some eyes. In this post I’ll look at the precise software and settings I use for web browsing.

During a typical day, I use three browsers. Internet Exploder I use for the handful of sites which are crippled (apparently by intent) and with which I absolutely must interact. In practice this means those who’ve lost their minds deployed Microsoft Exchange. Google Chrome I use for Google Maps and some other sites… if they ever fix the sandbox I’d use it far more often.

Most browsing is done in Firefox. Today I’m running Firefox 10.0.2. I have several extensions installed – principally NoScript, AdBlock Plus, Fireshot, TinEye and HTML Validator. Only the first two are security-oriented.

NoScript is a JavaScript blocker. I use it in the most restrictive form; it only allows JavaScript to execute if I’ve approved it. Right now I’m allowing scripts from wordpress.com (hosting site), wp.com (hosting site), gravatar.com (icons and avatars); and I’m forbidding quantserve.com (advertising metrics). noscript example

My “whitelist” runs to about 1100 entries; these are all JavaScript sources I’ve come to trust. Everyone else is in the temporary list.

Yes, it’s annoying to have to whitelist everything. There are a few sites where I can’t come up with a good mix, and thus for vimeo and wimp (video sites) I go use Chrome. This is certainly not for everyone… but doing things this way allows me a great peace of mind in clicking and exploring.

AdBlock Plus is, as the name implies, an advertising blocker. I run it in full-blocking mode – by default it operates in “nice” mode (or something like that) to allow “some” ads.

Dear website operators – I will pay subscription fees. I will not sit through interminable ads – nor do I enjoy having ads which carry along malware infections as part of the “animation” scripting. It’s always a shock to see just how many ads play on some sites… and the lack of care with which so many companies use ads (aside – if you’re a car repair emporium is it really wise to run advertising for brands of tires you don’t sell – and ads which go to your competitor when clicked?).

The other tools mentioned above… Fireshot is used for screen grabs; HTML Validator looks for problems in HTML (useful when testing the website you just created); TinEye searches for the source of photos.

Here are some more hints for safe browsing:

1) I don’t do games. I block every new Facebook game which comes along; the only online game I’ve played in many a year was Angry Birds for about 5 minutes via Chrome. That was enough.

2) I don’t download new software to be able to see the wonderful video-of-the-day. If it won’t play on Firefox I evaluate the source; and perhaps play it in Chrome. But first I check NoScript to see where the playback scripts come from.

3) If I’ve never heard of the site before, I open a window for Google search and enter the name of the site and see if Google thinks it’s ok. The StopBadware gang is quite adept at turning over rocks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s