About how to effectively use browser extensions, configurations, etc., to better protect privacy
💡
Advance notice:
To prevent potential backdoors, this article primarily selects open-source extensions.
This article is not specifically written for ad blocking; although some extensions have ad-blocking features, this is not the focus of the article.
I am not a professional, and there may be errors in some places; please forgive me.
The methods in this article cannot provide complete protection, but they aim to protect as much as possible.
For Chinese users, do not use domestic browsers; use Chrome, Firefox, or other browsers; otherwise, everything is in vain.
The recommended extensions in this article are not all suggested for installation; more extensions may expose more characteristics.
A modified browser still cannot compare to professional fingerprint browsers. If you need higher privacy protection, please choose a fingerprint browser or Tor.
In the ocean of the digital world, the most eye-catching are those flickering ad beacons trying to attract our attention; however, the real threats often lurk in the shadows. In the deep sea of code, countless invisible trackers act like data torpedoes, silently recording our every click and every pause.
These uninvited guests not only ignore our "Do Not Track" signals but also continue their ways even after we explicitly refuse. Faced with such rampant privacy invasions, how can ordinary users protect themselves?
Protection on the browser is like our first line of defense. Although they are not an all-powerful shield and cannot be compared to heavy armor like fingerprint browsers or Tor, for most web adventurers, these small guardians are the easiest to deploy privacy protection pioneers.
This article will guide you on how to equip your browser with these small but powerful armors. Of course, this is just the starting point of the privacy protection journey. In future articles, we will continue to explore more layers of protective strategies to help you navigate this turbulent sea of data with ease.
Now, let’s start with this crucial first step: configuring the browser to build a solid first line of defense for your web surfing journey.
First, the term "Fingerprinting" refers to a technical means by which websites or third-party services identify and track users by collecting various characteristic information from the browser.
Similar to fingerprint recognition in real life, everyone’s fingerprint has its unique patterns, allowing for accurate identification of individuals. Likewise, every browser has its unique "fingerprint," generally consisting of:
-
Browser type and version
-
Operating system type and version
-
Screen resolution
-
Installed fonts
-
Browser plugins and extensions
-
Hardware information, such as CPU, GPU, etc.
Or more methods, so even if you use a VPN, they can still find you.
Browser Selection#
Choosing a suitable browser is the first step in protecting online privacy. Different browsers have significant differences in privacy protection; here are some suggestions:
Mainstream Choices#
-
Chrome: For most users, Chrome already provides sufficient security. It has regular security updates and supports various privacy-enhancing extensions.
-
Firefox: Going a step further than Chrome, Firefox does better in privacy protection. It blocks third-party tracking cookies by default and offers more privacy setting options.
Advanced Choices#
- LibreWolf: If you want to find a balance between Tor and a regular browser, LibreWolf is a good choice. It is based on Firefox but goes further in privacy and security settings. Note that:
-
To better prevent feature exposure, LibreWolf may bring some inconveniences, such as enforcing the use of the English interface.
-
For ordinary users, this level of protection may be somewhat excessive.
Special Cases#
-
Tor Browser: If you need the highest level of anonymity, Tor Browser is the first choice. However, daily use may affect browsing experience and speed.
-
Fingerprint Browser: If the focus is on isolating different account environments, a fingerprint browser is the first choice.
Special Notes#
-
Do not use domestic browsers: Most Chinese browsers have trackers embedded.
-
Weigh privacy against convenience: Remember, stronger privacy protection usually means sacrificing some convenience. Choose a balance that suits your needs.
-
Keep updated: Regardless of which browser you choose, ensure you update to the latest version in a timely manner to receive the latest security patches.
In addition, if you choose a browser that comes with stronger privacy protection by default, the following extensions may be redundant or even counterproductive.
Extensions#
1. uBlock Origin#
💡
Warning: uBlock Origin will soon be unavailable on Chrome due to not using the Manifest V3 standard.
uBlock Origin is an open-source filtering extension that uses very little memory and CPU and is easy to use.
You can find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).
After installation, uBlock Origin will enable the following rules by default:
-
EasyList
-
Peter Lowe’s Ad server list
-
EasyPrivacy
-
Malware domains
If you wish to load more rules, click the uBlock Origin icon to enter the settings.
You can enable some built-in rules here or import rule URLs at the bottom.
After making changes, be sure to click the Apply Changes button to update the rules.
Of course, more rules mean higher resource usage, so find a balance that works for you.
2. Privacy Badger#
Privacy Badger is also an open-source filter developed by the Electronic Frontier Foundation (EFF). What sets it apart is that it actively learns about potential trackers. The basic principle is that if it detects a third-party service that repeatedly appears and collects data on three sites, it will automatically block it. It also has a feature called three-color slider settings:
-
Green: Third-party resources detected, but no tracking behavior found; no blocking.
-
Yellow: Tracking behavior detected; blocks tracking cookies but does not fully block to avoid web page anomalies.
-
Red: Tracking behavior detected; completely blocks trackers and cookies.
For elements like video players and comment boxes that may involve tracking but are also useful, Privacy Badger will replace them and activate them upon clicking.
Additionally, Privacy Badger regularly receives automatic learning updates from EFF's servers to intercept trackers as much as possible.
Similarly, you can find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).
💡
Currently, Privacy Badger has been pointed out that its feature of learning to block new trackers while you browse may have potential security vulnerabilities. This feature is disabled by default after installation, but you can enable it in the settings if you are not concerned.
3. Decentraleyes#
💡
Has not been updated for a long time; it is recommended to look at the later LocalCDN.
Decentraleyes enhances privacy protection by locally hosting commonly used JavaScript libraries, which can improve webpage loading speed while avoiding tracking from CDNs. It can complement regular ad blockers and prevent website functionality from being compromised.
You can also find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).
4. CanvasBlocker#
CanvasBlocker is an extension that can block or spoof websites from performing browser fingerprinting through certain APIs.
Although the name is CanvasBlocker, it can actually protect several APIs; Canvas is just one of its functions.
APIs supported for protection include:
-
canvas 2d
-
webGL
-
audio
-
history
-
window
Window size (disabled by default)
-
DOMRect
-
SVG
-
TextMetrics
-
navigator (disabled by default)
-
screen
You can also find and install it by searching in the browser's extension store (such as the Chrome Web Store or Firefox Add-ons).
5. Font Fingerprint Defender#
💡
This does not seem to be an open-source extension, but I did not find other alternative extensions for Firefox; if there are any, feedback is welcome.
Font Fingerprint Defender is an extension that reports false available font information to web pages, preventing tracking based on available font combinations as fingerprints.
6. All Fingerprint Defender#
💡
Note that this extension is only available for Chrome, and I have not used it myself.
This extension is used to prevent fingerprints left by Canvas, WebGL, fonts, and AudioContext in the browser.
7. WebRTC Network Limiter#
💡
Official Google extension; since I have not used Chrome, I cannot determine its effectiveness. You can look for better extensions in the Chrome Web Store.
Google's official extension can solve the potential IP address leakage issue caused by WebRTC and has passed multiple levels.
8. AdGuard#
AdGuard's browser extension is open-source and does well in ad blocking and privacy protection. It also comes with features to disable WebRTC, remove tracking parameters, check website reputation, disable third-party cookies, etc. The interface is clean and beautiful, making it a good choice.
9. NoScript#
NoScript is quite a strict extension; it is pre-installed in Tor. It uses a whitelist to block websites from running JavaScript, Java, Flash, and other scripts and plugins unless you explicitly allow them, along with strong cross-site scripting (XSS) protection. The built-in whitelist has configurations for popular websites, which can reduce the configuration burden for ordinary users. Of course, you can also import whitelists shared by others. If you are just temporarily visiting a website, you can conveniently set a temporary whitelist.
Of course, it requires some learning time; for ordinary users who are completely unwilling to change their usage habits, NoScript may not be the best choice.
10. LocalCDN#
Similar to Decentraleyes but supports more libraries and is updated more frequently.
Configuration#
1. DOH (DNS over HTTPS)#
If you have been following my blog, you must have seen the last article.
If you are using Linux and have correctly configured DOH according to the article, then your computer is entirely using DOH, and you can skip this step.
If you cannot do this or only want to enable DOH in the browser, please continue reading.
Currently, the vast majority of modern browsers have DOH functionality, and you can find suitable DOH servers for you on the following websites.
💡
In China, many overseas DOH servers are blocked, so please find a suitable server for you and ensure it is not blocked. This article will not elaborate on this.
💡
Choosing a DOH server located in the same country as your IP address or using a DOH service like Cloudflare DNS that automatically selects the nearest server can avoid inconsistencies between the IP address and DNS server location.
Firefox#
For Firefox, open the browser settings, go to Privacy & Security, and find DNS over HTTPS.
Enter your DOH address.
Now, you are using DOH on Firefox.
Chrome#
In Chrome, open Settings, go to Privacy and Security - Security, and find Use Secure DNS.
Now, you are using DOH on Chrome.
Other Browsers#
Most modern browsers provide DOH functionality; you can use a search engine to find out how to enable it.
This article is transcoded by SimpRead, original article address blog.ypingcn.com
Read the detailed tutorial produced by our site to learn how to set up and enable HTTPS-based secure DNS (DoH) on Firefox. Protect your web browsing security and enhance data confidentiality.
[AD] -- The content advertisement is below; click to support the author, Want to filter ads? -- [AD]
Quick Download: Download the latest international version of Firefox (Simplified Chinese)
Quick Setup List:
| Introduction | Address |
| Aliyun | https://dns.alidns.com/dns-query |
| Tencent Cloud DNSPod | https://dns.pub/dns-query |
| OneDNS Intercept Version | https://doh.onedns.net/dns-query |
| OneDNS Pure Version | https://doh-pure.onedns.net/dns-query |
| Cloudflare Default | https://cloudflare-dns.com/dns-query |
| Cloudflare Firefox Version | https://mozilla.cloudflare-dns.com/dns-query |
| Cloudflare Virus Blocking | https://security.cloudflare-dns.com/dns-query |
| Cloudflare Virus Blocking and Adult Content | https://family.cloudflare-dns.com/dns-query |
| AdguardDNS Default | https://dns.adguard.com/dns-query |
| AdguardDNS Family Protection | https://dns-family.adguard.com/dns-query |
| AdguardDNS No Filtering | https://unfiltered.adguard-dns.com/dns-query |
Every website needs to know the IP address to access it correctly, but it is impossible to record every IP address due to the sheer number; there needs to be a way for users to use this, which is the purpose of the Domain Name System (DNS). DNS is a protocol that converts the address in the address bar into a specific network IP address, but its design did not consider security, making it easy for third parties to hijack and modify results.
Secure DNS (DNS-over-HTTPS, abbreviated as DoH) represents "DNS over HTTPS," which is an encrypted communication method for DNS requests and responses via the HTTPS protocol. Traditional DNS communication uses plaintext UDP protocol, which is vulnerable to eavesdropping, tampering, and other attacks, while DoH can encrypt DNS traffic, thus enhancing security and privacy protection. Using DoH can also prevent certain network intermediaries (such as public Wi-Fi) from hijacking and polluting DNS traffic, thereby improving the reliability of accessing internet services. More and more browsers and operating systems are beginning to support DoH to enhance users' online security and privacy protection.
Below are some setup tutorials and notes for using DoH in Firefox.
1. Enable or Disable DNS-over-HTTPS#
The entry point for settings has changed after version 114.0, and you need to set it according to different versions.
1.1 Versions below 114#
- Click the hamburger menu button in the browser (top right corner) and select Settings.
- In the
Generalpanel (the first menu,about:preferences#general), scroll down to theNetwork Settingssection and click theSettingsbutton. - In the dialog that opens, scroll down to find the
Enable HTTPS over DNScheckbox; check it if needed, or uncheck it otherwise. - Choose the address provided by the corresponding supplier or enter the required address yourself (recommended in the next chapter of this article).
1.2 Versions 114 and above#
Version 114.0 was released on 2023-06-06.
- Click the hamburger menu button in the browser (top right corner) and select Settings.
- In the
Privacy & Securitypanel (the fourth menu,about:preferences#privacy), scroll down to theDNS over HTTPSsection. - In the
Secure DNS Usage Policysection, choose Enhanced Protection (try using system DNS if DoH fails) or Maximum Protection (use only DoH). - Choose the address provided by the corresponding supplier or enter the required address yourself (recommended in the next chapter of this article).
2. DoH Providers#
In addition to the built-in providers in the browser, there are many other options.
2.1 Alidns#
A service provided by Alibaba Cloud, effective in China but does not support ad filtering and other features.
Address: https://dns.alidns.com/dns-query
2.2 DNSPod#
Produced by Tencent Cloud, effective in China; after registering an account, it supports setting ad filtering, but the supported filtering rules are limited and the effect is weak.
Address: https://dns.pub/dns-query
2.3 OneDNS#
OneDNS is a DNS recursive resolution service provided by Beijing Weibu Online Technology Co., Ltd., which has security protection capabilities and can effectively guard against threats such as malware and ransomware, as well as block various ad disturbances and fraudulent websites, purifying the network environment and protecting data security.
Address: [Intercept Version] https://doh.onedns.net/dns-query
[Pure Version] https://doh-pure.onedns.net/dns-query
2.4 Cloudflare#
A well-established network service provider, also built into Firefox.
Default https://cloudflare-dns.com/dns-query
Firefox Version https://mozilla.cloudflare-dns.com/dns-query
Virus Blocking https://security.cloudflare-dns.com/dns-query
Virus Blocking and Adult Content https://family.cloudflare-dns.com/dns-query
2.5 AdGuard#
(Not recommended for use under domestic network conditions due to network reasons)
A long-established ad filtering provider that supports setting ad filtering and other custom content after registering an account.
Default (blocks ads and trackers) https://dns.adguard.com/dns-query
Family Protection (blocks ads, trackers, adult content, and enables safe search and safe mode where possible) https://dns-family.adguard.com/dns-query
No Filtering https://unfiltered.adguard-dns.com/dns-query
2.6 NextDNS#
(Not recommended for use under domestic network conditions due to network reasons)
An ad-blocking DNS service provider that allows 300,000 queries per month for free and supports DoH, DoT, and other methods.
It supports many ad filtering rules and has good filtering effects. However, since its services are overseas, the results of website resolution are mostly overseas versions, which may affect the browsing experience to some extent.
3. Exclude Specific Domains#
Excluding specific domains means that the configured domains will not use DoH resolution but will remain consistent with the system method, suitable for internal network domains or other domains with special needs.
The method of setting has also changed after version 114.0, and you need to set it according to different versions.
3.1 Versions below 114#
- Enter
about:configin the address bar and press Enter. - A warning page may appear. Click "I accept the risk, continue!" to accept the related modification risks and continue to open the
about:configpage. - Search for
network.trr.excluded-domains; if you cannot find it, you need to create a new one. - Click the Modify button next to it.
- Add the domains to the list; if there are multiple domains, separate them with commas. After editing, click the checkbox to save the changes, and it will take effect.
3.2 Versions 114 and above#
Version 114.0 was released on 2023-06-06.
- Click the hamburger menu button in the browser (top right corner) and select Settings.
- In the
Privacy & Securitypanel (the fourth menu,about:preferences#privacy), scroll down to theDNS over HTTPSsection. - Click the
Manage Exceptionsbutton, enter the domains you need to add, and save.
2. Disable WebRTC#
WebRTC uses STUN/TURN servers to establish direct peer-to-peer connections between browsers, which may lead to the leakage of real IP addresses, even if a VPN is used.
You can disable it using an extension; here is a method to disable it manually.
💡
Note that this may cause functionality issues on websites like Discord calls.
Firefox#
Enter about:config in the address bar and press Enter.
A warning message will appear; click the "Accept the risk and continue" button.
In the search bar, enter media.peerconnection.enabled.
Click the toggle button to change it to false.
Chrome#
In the latest version, it cannot be disabled in chrome://flags/. In older versions, you can find disable-webrtc.
It is recommended to install an extension to disable it.
Firefox Protection Against Fingerprinting#
This is a feature unique to Firefox that provides additional protection against fingerprinting by erasing characteristics, allowing you to blend in with the crowd.
To enable it, first go to **about:config **.
A warning message will appear; click the "Accept the risk and continue" button.
In the search bar, enter privacy.resistFingerprinting.
Switch it to true to enable it.
Conclusion#
However, even with the most reliable tools, true privacy protection starts with each user's daily habits. No matter how advanced the technology, it cannot fully compensate for user behavior negligence.
Chaos Bookmark, a concise navigation tool to improve efficiency and share quality information and resource collections.