Ten Secure Browsing Extensions for Firefox

« Facebook Backlash Watch: Creepy, Clingy, Not Interested In Saying Goodbye | Main | Zero-Day Exploits Down. So what? »

November 27, 2007

Ten Secure Browsing Extensions for Firefox

Linux.com: Ten Firefox extensions to keep your browsing private and secure:

"Most people lock their doors and windows, use a paper shredder to protect themselves from identity theft, and install antivirus software on their computers. Yet they routinely surf the Internet without giving a second thought to whether their browser is secure and their personal information safe. Unfortunately, it's easy for someone with nefarious intentions to use a Web site to glean data from -- or introduce spyware to -- your computer. Even worse, sometimes all you have to do is randomly click on a site to have your data probed in a most unwelcome way.

"Mozilla Firefox has several security settings you can adjust via the Preferences pane, but there are also more than 150 privacy and security extensions you can add as well. They are easy to install and take little time to set up; some even work automatically after you restart your browser. Let's have a look at some of the most popular and most useful."

This isn't a bad list, but there are a few things worth noting on the picks:

As a reader in that article's comments points out, TrackMeNot has issues:

"[...] some of the program's searches are worse than yours. The dictionary includes: HIV, atomic, bomb, bible, bibles, bombing, bombs, boxes, choke, choked, chokes, choking, chain, crackers, empire, evil, erotics, erotices, fingers, knobs, kicking, harier, hamster, hairs, legal, letterbomb, letterbombs, mailbomb, mailbombing, mailbombs, rapes, raping, rape, raper, rapist, virgin, warez, warezes, whack, whacked, whacker, whacking, whackers, whacks, pistols

"Does anyone reall [sic] think that searches on 'erotic rape,' 'mailbombing bibles,' and 'choking virgins' will make their legitimate searches less noteworthy? And four, it wastes a whole lot of bandwidth. A query every twelve seconds translates into 2,400 queries a day, assuming an eight-hour workday. A typical Google response is about 25K, so we're talking 60 megabytes of additional traffic daily. Imagine if everyone in the company used it.

"I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it's not going to hamper computer analysis very much. Or anyone who isn't lazy. But it wouldn't be hard for a computer profiling program to ignore these searches."

Secure Password Generator isn't a bad idea, either, but I'd suggest it's not the best idea. I wrote about Password Composer for Practically Networked. It has the benefit of generating random passwords that don't require anything more than remembering a master password. Presumably you can keep one password in your head without having to write it down or divulge it to anyone.

The Petname extension seems clever, too:

"The petname tool will be enabled anytime you visit a site using SSL strong encryption. Initially, the petname tool will display the text 'untrusted'. If you decide to form a relationship with the site, overwrite this text with a reminder note describing the new relationship. The petname tool will remember this reminder note and display it every time you visit the site. Be sure to always check that the petname tool is displaying the expected reminder note before sending personal information to a site. If you have the misfortune to land on a spoof site, you'll know it because the petname tool will be displaying the text 'untrusted', instead of your expected reminder note."

It's a poor man's two-factor authentication, but two-factor authentication doesn't work with complete reliability even when it's not being done by a poor man. I don't know if I'd want the added layer of complexity this add-on introduces.

(via Lifehacker, where there are a few good additional comments on the problems with Tor routers)