Skip to content

Category: Browsers

Facebook, Privacy, and Staying Safe Online

Care about your privacy in the wake of all the Facebook news?

Switch to Mozilla Firefox as your main browser. It is now faster than Chrome or Internet Explorer, it uses less memory, and it goes a lot further to care for your privacy online and keep you safe. https://www.mozilla.org/en-US/firefox/new/

Use Facebook in a restricted container to prevent it from tracking you when you are not on Facebook: https://blog.mozilla.org/fire…/facebook-container-extension/

Install the uBlock Origin add-on for Firefox to prevent trackers, ads (which are in and of themselves trackers), malware, and other nasties from harming you online. https://addons.mozilla.org/en-…/firefox/addon/ublock-origin/

Install EFF’s Privacy Badger add-on for Firefox to prevent even more tracking that uBlock doesn’t necessarily cover. https://addons.mozilla.org/…/firef…/addon/privacy-badger17/…

This setup will not only help you keep Facebook at arm’s length, it will help you in general to avoid malicious advertisements, malware, ransomware, and various types of web browser hijacking while surfing the Internet. Of course, you can always choose to leave Facebook altogether with these alternatives.

Remember too that you will be safer and enjoy more privacy online if you make a point of using a hardwired internet connection, rather than wi-fi. Although wi-fi can be useful in many ways, hardwired is the way to go if you care about your personal safety, online and offline.

Enjoy, and stay safe!

Microsoft Windows has Free Virtual Machines

Wish I had know about these earlier. Microsoft offers free Windows virtual machines for VirtualBox, VMWare, and others. You can choose from Windows 7, Windows 8, or Windows 10 (a few different flavors of each). They last 90 days before expiring, but you can snapshot them right after you install them to make it easy to reset that 90 days by rolling back to the snapshot.

Officially, these are for testing out the Edge browser, but you can also use them for whatever else 😉

Check them out here:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

 

 

Just In Time, the Brave Browser Becomes My Default

Last night I saw a respected security professional I follow on Twitter mention the Brave web browser, and how good he thought the mobile version is. Brave was started by the Mozilla Project co-founder Brandon Eich, and is based on Chromium, the open-source base that Google Chrome is constructed upon.

Today, I caught wind that Chrome is soon going to prevent you from doing things such as disabling its DRM management feature called Widevine. The problem with this is summarized here:

…a single browser may now require two different DRM plugins to play all DRM content. These plugins have their own security issues, but unlike with the Flash vulnerabilities, security researchers are banned from looking for them, due to Section 1201 of the Digital Millennium Copyright Act (DMCA). That means malicious hackers, who already engage in other criminal activities, may freely take advantage of all the vulnerabilities they find in these DRM plugins before companies discover them on their own.

In short, because of the closed nature of the DMCA, we end users are at risk unnecessarily, and we will soon have no ability to disable this plugin should we wish to do so. I started to look around for better options regarding browser privacy, just to see what the latest developments were.

Enter The Brave

Brave offers a browser that works on all platforms (Windows, Mac, Linux) and on mobile. It blocks ads by default, blocks malware, and is lean and fast. Putting user privacy and security at the forefront, along with speed, this thing is a powerhouse as it forces https on websites and prevents malware-serving advertisement networks from invading your workspace.

But the difference is the paradigm shift in supporting advertisers, as opposed to simply blocking them out completely:

Brave intends to keep 15% of ad revenue for itself, pay content publishers 55%, ad partners 15% and also give 15% to the browser users, who can in turn donate to bloggers and other providers of web content through micropayments.

I have yet to figure out how or if that will work, exactly, and it doesn’t seem to be fully impemented in the browser yet, but it seems like a great way to solve the elephant-in-the-room problem the Internet faces today: how to earn money and keep users safe at the same time, so that they don’t need to run ad blockers and anti-tracking plugins?

Stay tuned for more info as I learn it, and as I figure out Brave.

Let’s Encrypt The World

lets-encrypt-logoI have been a big fan of free SSL certificate authority LetsEncrypt.org since it was in Private Beta. Now in Public Beta, and now being a Certificate Authority recognized by every major web browser, it’s time for you to start using it on your website!

The great thing about Let’s Encrypt is that it is free. Why? Because the sponsors behind it believe encryption is for the public good. And they are correct. No more do you need to pay $80/year or more for an SSL certificate through some company like GoDaddy. This all may sound too good to be true, but it isn’t.

Wait, what?

In case you are unfamiliar with what I’m talking about here, LetsEncrypt.org offers you free SSL (Secure Socket Layer) certificates for your website. This make your website secure and encrypted for your visitors, just like your bank does, by changing your site’s address from using http://  to https://.

Being a user of the WHM/CPanel web hosting tools for the handful of websites I run, I found a great set of instructions and scripts you can use to get this set up and running in that environment. Just follow the instructions in the WHM forum here. Be sure to set up the cron job so that your cert(s) get renewed automatically. If you forget, it’s very easy to do it by hand from the command line, but the cron job makes it so that you don’t need to remember.

Encrypt WordPress

If you are a WordPress website owner, you can configure it to use the SSL certificate by editing your site’s URL in Settings > General. I especially recommend this for WordPress admin area logins, but there’s not reason you shouldn’t be using SSL on your whole site anymore. This is especially true considering Google favoring SSL-enabled sites over non-SSL sites.

Redirect Traffic to HTTPS

Using an .htaccess file, you can set it up so that any traffic going to your http:// website is automatically redirected to your https:// version. This is the snippet I use in my .htaccess file for that:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Go forth and encrypt all the things!

Responsive Design and WordPress

This year we have seen the dawning of the responsive design craze amongst web designers and developers. I remained skeptical about the trend, primarily because I was raised in the world of good usability and accessibility, and breakpoints and adaptive images seemed incongruous and presumptuous with the foundations of those schools of thought. While responsive design proponents like to say that multi-device adaptation is providing good usability, I disagree.

Relating to my favorite CMS, WordPress, the whole responsive design trend has rubbed me in even more wrong ways. I’ve watched designer after designer dive into responsive WordPress themes, and I’ve even tried using a few myself, only to leave me wondering…why?

This article has some great analyses on this exact topic, and it provides some good food for thought in regards to responsive design and WordPress. From the article:

My biggest issue with responsive design is that it is a reactive client-side approach which, in the context of a server-side content management system like WordPress, seems completely unnecessary.

What are your thoughts on responsive design and WordPress?

Tips, Tricks, Enhancements

I love the things that make my job easier, make a task simpler, or help protect me in the event of a problem. I collect lists of these things so that I can share them with you, my dear blog readers. Enjoy!

Lazarus
A web browser add-on that auto-saves any web form you are filling out. Never again will you lose that perfect Facebook political argument reply you’d been working on for an hour until your browser crashed. It be free. It be cool.

Feedly
This is what has replaced my Google Reader account now that Google has announced it will be shutting down Reader this summer. It’s simple, though it takes a little getting used to, and it will import all your feeds from Google Reader automatically.

Mailplane
My favorite way to use GMail and Google Calendar on my Mac(s). It lets me keep multiple accounts open at once in a tabbed interface, seamlessly switching back and forth to get things done. It also works with Google tasks.