When I watch one of my friends of family members use their computer I usually see them using the default browser like Safari or Internet Explorer/Edge on their computers. When I ask if they’ve customized or secured their browser I get blank looks. This is also true on their phones with most people just using Safari on their iPhones or the built in Chromium on their Android device. That’s not necessarily a problem but running a browser with its default settings in place means you aren’t being protected from the many malicious and accidental issues on the net. This becomes an even more important thing as we start to use our own devices for work. Checking email is one thing, but using our phones to pay bills, pay employees, order supplies and the other million things we use the net for means we need to do more to make those devices secure.

So in an effort to help out my friends, family and also the wider SMB environment I put together this list of the extensions that I personally use to make me more secure AND to guard my privacy while online. I use a lot more extensions than these in my day to day browsing but we will concentrate on privacy and security extensions today.

Security & Privacy Extensions for Chrome & Firefox

Here’s my curated list of security and privacy browser extensions listed in preference of use.

LastPass: Start with Lastpass or a similar extension from Dashlane or 1Password. This extension will let you store your passwords and accounts and give you access to them in your browser. If you were to install only one extension, make it a password manager and make sure you enable multi-factor authentication (MFA)!

Technical Skill: Easy

Link: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd?hl=en

Tor Browser: If you are truly interested in running as anonymous a browser experience as possible, you should download the Tor browser. This is a separate application, so requires changing your browser. Tor is technically built on Firefox, but acts as a separate installation, so you can have your standard Firefox and Tor. Tor was made famous by Edward Snowden & Mr. Robot. But more importantly, it’s pedigree is highly respected, having been written originally in the US Navy and based on the onion routing protocol which was funded by DARPA (part of the US govt). Essentially, its a browser that employs multiple privacy and anonymity techniques including routing your traffic anonymously and not caching your web content. I don’t use Tor as my everyday browser, I still use Firefox or Chrome for that, but when I want to be anonymous, or check out a vendors website, or don’t want to deal with trackers at all, I use Tor. In my head I’ve created a distinction where if I don’t hundred percent trust a website or activity, I use Tor.

Technical Skill: Medium

Link: https://www.torproject.org/

Anti-virus: You should have an anti-virus or endpoint protection solution in place, which should also include a browser extension that protects your browsing experience in real time. Some examples are Avast, Symantec, Trend Micro, Kaspersky, Norton, McAfee, ESET, Sophos, AVG, F-Secure, Avira and Webroot. I use BitDefender on my Mac and Windows machines and it comes with an extension called TrafficLight. Regardless of what solution you’ve bought, make sure the browser extension is installed and enabled. This can provide a lot of protection especially for less technical employees who don’t necessarily understand how to verify URLs and websites are legit.

Technical Skill: Easy

HTTPS Everywhere Install the HTTPS Everywhere extension and your browser will automatically go to the encrypted version of a site if it exists. And if there is no encrypted (SSL/TLS) version of the site, it will let you know and warn you. I love installing this extension for non-technical people as it provides a lot of protection in a simple package. For technical users, you can think of this extension as a poor man’s version of HSTS.

Technical Skill: Easy

Link: https://www.eff.org/https-everywhere

Ghostery: I’ve been using this extension for YEARS. This extension tells you what trackers are running on a website.

Technical Skill: Easy

Link: https://www.ghostery.com/

Ublock Origin: This extension is super powerful. I mean, like wow! It blocks adware, bad domains, tracking software, javascript, plugins and certain types of bad content for you. This one is a no brainer. Install it and you’ll be safer out the box. Do NOT use AdBlock or AdBlock plus, both have been taken over by potentially dubious actors and are now displaying ads.

Technical Skill: Easy

Link: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Privacy Badger: This extension learns the behaviour of tracking software across the totality of your web experience and blocks based on that aggregate behaviour. Privacy Badger seems to play nice with other blocking software like Ublock Origin.

Technical Skill: Medium

Link: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp

No Coin:This browser extension looks for crypto-jacking websites and blocks them. End of story.

Technical Skill: Easy

Link: https://github.com/keraf/NoCoin

Facebook Container : This extension blocks Facebooks ability to track your browsing habits. Only works on Firefox.

Technical Skill: Easy

Link: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/

Block Site: There’s a certain amount of overlap with this extension and Ublock but I still prefer this one if you want to simply block a website for a limited period of time, or for ever.

Technical Skill: Medium

Link: https://chrome.google.com/webstore/detail/block-site-website-blocke/eiimnmioipafcokbfikbljfdeojpcgbh?hl=en

Hoxx VPN:: This one might cause a stir but I have found this to be useful in certain circumstances. The trick is to understand, and explore, its potential use as it’s not true VPN, but instead more akin to a browser specific encrypted web proxy. This is an extension you install in your browser and you connect to a “VPN Server” in one of 16 countries and your web session with that browser session. Works great for testing web apps from different locations, or more generally when I need my http requests to come from within the US or UK or wherever, I flick this on. Also works as a general privacy overlay, but if you need a real VPN, please build one yourself with WireGuard, OpenVPN or SecureStack. Or install a true VPN client from this list.

Technical Skill: Medium

Link: https://hoxx.com/

No Script: This is a very powerful extension as it blocks all javascript, Flash and other plugins from running. You can enable individual plugins temporarily or permanently. Be aware this extension requires a decent technical understanding as installing it will disable all plugins by default. This will protect you but also affect your browsing experience. There is also a certain amount of overlap with some of the other blocking extensions so the average user might not need this one if they are using Ublock Origin, Block Site or similar.

Technical Skill: High

Link: https://noscript.net/

uMatrix:(Firefox only) This extension acts like a application aware firewall. You can block any part of a http/https request including sender, request type, header contents, etc. This extension requires some technical understanding so if you are not technical and you install this, all thats gonna happen is that it will block javascript and other components running on the websites you visit, which is of limited value unless you are going to some really dodgy sites. I’ve just started using this extension so I don’t know how much it will supplant Ublock Origin and some of the other extensions I’ve listed above. Because this extension requires technical skillz it will be of limited value to some people who would probably be better served by a bundle of extensions including Ublock, Privacy Badger, etc. Regardless, this extension is on the list because in the right hands it is pretty powerful.

Technical Skill: High

Link: https://addons.mozilla.org/en-US/firefox/addon/umatrix/

This list was put together with love. If you have suggestions for other extensions that should go on this list, please hit me up. Cheers!