Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Most Secure Browser In an Age of Surveillance?

Soulskill posted about a year ago | from the lynx-seems-pretty-safe dept.

Software 391

An anonymous reader writes "With the discovery that the NSA may be gathering extensive amounts of data, and the evidence suggesting makers of some of the most popular browsers may be in on the action, I am more than a little wary of which web browser to use. Thus, I pose a question to the community: is there a 'most secure' browser in terms of avoiding personal data collection? Assuming we all know by know how to 'safely' browse the internet (don't click on that ad offering to free your computer of infections) what can the lay person do have a modicum of protection, or at least peace of mind?"

cancel ×

391 comments

Internet Explorer (5, Funny)

futuramasd (2958127) | about a year ago | (#44083037)

IE10 and 11 are superb browses. They containing many very good tactics to secure the browser and computer, for example, true sandboxing and JIT hardening. Most other browsers don't come even close.

Secondly, the sandboxing means that IE is usually able to block an attack on plug-ins like the Flash Player and JAVA VM. This alone makes surfing with IE remarkably safe.

IE really is an different kind of beast in the sea of mediocre browsers. It has come long way and is aiming for the top.

- John Futura
Security Consultant

Re:Internet Explorer (5, Insightful)

NewtonsLaw (409638) | about a year ago | (#44083051)

Yes, but how do you know that MS hasn't inserted a nice big back-door for the spooks?

From a "security" perspective, you'll have to go with an open-source browser -- but even that's not a guarantee.

To be sure, you'll have to compile it yourself from a set of source files that you have gone through with a fine-toothed comb, checking each line for any chance of hidden functionality.

Oh, come to think of it -- you'll also have to assemble all the libraries from similarly vetted sources -- oh, and that means you'll need to use a compiler you've built from vetted sources -- but hey, that would involve using another compiler that could already be compromised so...

You'll have to hand-code (from source to binary) every bite of the compiler you use and then type it in through a BIOS that you've also hand coded -- entering the BIOS code through a set of toggle switches on the front panel.

Bottom line -- you don't *know* for sure that *any* browser is going to be secure.

Re:Internet Explorer (2)

kthreadd (1558445) | about a year ago | (#44083071)

Have we actually heard anything that suggests that they put in back doors into software? All I've heard is that NSA has collected data going in and out of their datacenter, not individual customers.

Re:Internet Explorer (5, Informative)

Anonymous Coward | about a year ago | (#44083133)

They at least get early Zero-Day access. I'm guessing they have more.

http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

Re:Internet Explorer (4, Interesting)

benjymouse (756774) | about a year ago | (#44083287)

They at least get early Zero-Day access. I'm guessing they have more.

http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

MS gives advance information about security patches to AV vendors. The intention is to allow those AV vendors to create scanning signatures which will enable AV products to pick up the attacks. Attackers have show a lazy tendency to just reverse engineer patches instead of finding vulnerabilities themselves. Less than 1% of attacks are zero-day attacks these days.

Some of AV vendors that receive such vulnerability information are foreign companies. Yes. Some of those AV companies are Chinese.

Is it not reasonable to afford the NSA the same advance warning? The advance warning is a few days before the patch is made public, around the same time that the public receive advance notification (with less details than the AV companies and NSA). It is not like they have months to exploit it.

But tinfoil hatters and Microsoft haters always spin it as something nefarious. There is *nothing* to suggest that there are NSA backdoors in Windows or any other OS for that matter.

Re:Internet Explorer (1)

Taco Cowboy (5327) | about a year ago | (#44083423)

Some of those AV companies are Chinese.

Care to list out the name of the AV companies which are owned and/or operated by the CHINESE ??

I am interested in factual information, not fear mongering !!

Re:Internet Explorer (5, Informative)

cyssero (1554429) | about a year ago | (#44083467)

Rising [rising-global.com] are a Chinese company listed as an anti-virus partner by Microsoft [microsoft.com] .

Re:Internet Explorer (4, Interesting)

Yvanhoe (564877) | about a year ago | (#44083203)

Yes : the whole NSA key debacle [wikipedia.org] . You are free to choose to believe Microsoft denegations that the item they called _NSAKEY is a key they gave to the NSA. This is not the kind of smoking guns Snowden provided, but I do think this qualifies as "something that suggests they put in back doors into software."

Re:denegations (0)

Anonymous Coward | about a year ago | (#44083427)

What does that mean please? My dictionary doesn't have it.

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083295)

Have we actually heard anything that suggests that they put in back doors into software? All I've heard is that NSA has collected data going in and out of their datacenter, not individual customers.

Well we know they have put back doors into Skype for the scumballs to listen in on so it is a fairly safe bet that ALL versions of IE have them as well .

Re:Internet Explorer (2)

flyingfsck (986395) | about a year ago | (#44083449)

No, no, Microsoft did not put the backdoor into Skype - Ebay did that. Microsoft just improve and maintain the backdoor.

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083349)

Skype has been backdoored [guardian.co.uk] , even before MS got their hands on it. You can bet MS wasn't in the dark about this, either.

Re:Internet Explorer (3, Funny)

Anonymous Coward | about a year ago | (#44083181)

You actually trust your hardware ???!!!!

You have to start with a handful of diodes and a soldering iron you naive, easily deceived person.

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083339)

Even if you hand code BIOS, the world is still rigged against you. You can not win.

Re:Internet Explorer (3, Interesting)

maxwell demon (590494) | about a year ago | (#44083355)

Of course you can win. All you have do is to build up a massive surveillance system yourself. Then you know exactly who is trying to listen to you with which methods, and can enact appropriate counter measures. :-)

Re:Internet Explorer (1)

Anonymous Coward | about a year ago | (#44083535)

Nonsense. That's a logical fallacy along the lines of: you don't know if the NSA is spying on us all, because you personally haven't discovered this.

You don't have to compile Firefox from source. If an open source product has an NSA backdoor, it only takes ONE user to bring down the entire product, or the Mozilla Foundation in the example, and shame them forever. This in itself is a guarantee.

Re:Internet Explorer (1)

LoneHighway (1625681) | about a year ago | (#44083053)

Your answer had nothing to do with protecting against data collection.

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083057)

Is that a joke?

There is no security in proprietary software no matter how hardened it is.

Re:Internet Explorer (2)

kthreadd (1558445) | about a year ago | (#44083075)

Of course there can be security, the problem is rather if you trust it.

Re:Internet Explorer (5, Informative)

smash (1351) | about a year ago | (#44083117)

When the backbone is compromised, you're pretty much fucked unless you run strong encryption everywhere and obfuscate who you are talking to. Irrespective of whether your browser is open source - if it doesn't do the above, you're boned.

How ?? (1)

Taco Cowboy (5327) | about a year ago | (#44083447)

When the backbone is compromised, you're pretty much fucked unless you run strong encryption everywhere and obfuscate who you are talking to

1. How strong must those strong encryption be ?

NSA has their hands on the latest and greatest gadgets, including quantum computers, which can, theoretically, decrypt anything

2. Unless we have our own secured backbone trunks, there is no way we can successfully "obfuscate" our presence online, even TOR can be broken

Re:Internet Explorer (4, Informative)

Mitchell314 (1576581) | about a year ago | (#44083061)

Pretty sure it there's no big difference in security/privacy between modern browsers when you take the usual steps. Y'know, disable the problemchild plugins, limit cookies, use privacy mode, and keep javascript on a white-list basis. Of course, you can still technically be tracked by behavior and server-side stuff, but those have bugger-all to do with the browser.

Re:Internet Explorer (0)

aflag (941367) | about a year ago | (#44083063)

How much did MS pay you?

Re:Internet Explorer (5, Insightful)

kthreadd (1558445) | about a year ago | (#44083087)

Well he is technically correct. IE is as of version 10 actually a good browser. The only problem is that it's only available on Windows and the source code is not available under an open source license. If both of these were false I then I wouldn't mind running it.

Re:Internet Explorer (2)

smash (1351) | about a year ago | (#44083119)

Agreed with the above. For all the crap I've said about Windows 8, IE10 is actually an acceptable browser. It's not 1999 anymore kids, Microsoft really have pulled their finger out with IE in the last couple of years, and credit to them where credit is due.

Re:Internet Explorer (4, Insightful)

Bert64 (520050) | about a year ago | (#44083455)

That's what people said about IE5 & 6 at the time they were released and look how that turned out. Those who forget the lessons of history are doomed to repeat them.

Re:Internet Explorer (3, Interesting)

jakimfett (2629943) | about a year ago | (#44083461)

As a web developer, I have to disagree. Strongly. Not only does IE10 bring its own set of (annoying and visually breaking) problems, but it disables all the hacks we (used to) use to fix the appearance of things in previous browsers.

That said...from a "standards compliance" perspective, IE has made some marginal improvements. Marginal. At best.

Re:Internet Explorer (4, Interesting)

mwvdlee (775178) | about a year ago | (#44083481)

Not enough, apparently.
Only two posts celebrating MS security since he's opened his account a few days ago is far too few.
Even if those two are the only posts he's made as yet.

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083089)

All well and dandy but if you don't block cookies, ip addresses, accounts/usernames, online purchases, etc, etc the whole surveillance is still very alive. It's one thing to have a secure computer from viruses and hacks, and uninstalling flash and java is a very good start, but that nor sandboxing will protect you from surveillance tactics.

This message approved by not a Security Consultant

Re:Internet Explorer (1)

smash (1351) | about a year ago | (#44083125)

You're still fucked [narus.com] .

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083183)

http://www.recordedfuture.com/ [recordedfuture.com]

another ^ thing to fsck us all

Re:Internet Explorer (-1)

Anonymous Coward | about a year ago | (#44083109)

Thanks bro, it's a new for me. I agree they containing many very good tactics to secure you computer and browser - blogpanik.blogspot.com

Re:Internet Explorer (0)

Anonymous Coward | about a year ago | (#44083165)

Have you read the user license of SmartScreen feature, .... you agree to send all your url with parameters to ms.

Well... (5, Insightful)

Anonymous Coward | about a year ago | (#44083049)

I'll be uncharacteristically calm here, and ask that someone provide this, "evidence suggesting makers of some of the most popular browsers may be in on the action."

And in any case, let's be realistic. The NSA doesn't really need help from your browser if they're watching all your traffic. :p

Re:Well... (1, Informative)

Seumas (6865) | about a year ago | (#44083247)

Well, we know that Microsoft and Google have apparently been giving a feed of data to the NSA for quite some time, now.

They make two of the three dominant browsers.

Anyway, the only thing you can do is utilize strong encryption. Nothing else matters, because everything you do goes through your ISP and can be (and probably is) picked up/tracked there. Unless you're encrypting, that's your weakest point.

Re:Well... (1)

gnasher719 (869701) | about a year ago | (#44083499)

Well, we know that Microsoft and Google have apparently been giving a feed of data to the NSA for quite some time, now.

Please be a bit precise here. What exactly is claimed have Microsoft and Google given to the NSA? And how exactly do we "know"?

No such thing (5, Insightful)

Anonymous Coward | about a year ago | (#44083059)

Security should begin at the hardware level, the kernel should be inaccessible from a hardware perspective. The next best thing is a complete secure OS, so your options are limited to something like TAILS.

https://tails.boum.org/

I wouldn't say its 100% secure, its certainly not, but it does raise the bar a little and for them to use anything against you, they would need to admit to having the ability to break encryption. That's not going to happen. That said, always be careful as it will be used in other ways should it be required.

Other than that, there is no such thing as "safe".

Re:No such thing (5, Interesting)

UltraZelda64 (2309504) | about a year ago | (#44083217)

I was thinking Incognito/TAILS, exactly. Those guys seem incredibly serious about privacy and security. I haven't messed a whole lot with it myself lack of memory, no discs to spare, runs like crap in a VM...), but I recall it even featured Tor and a Tor Firefox extension and it had strict rules about *not* allowing certain "convenience" features in the name of privacy (ie. swap partition). No doubt, with security features and precautions like those, its Firefox browser is probably locked tight as hell by default.

Aside from this, I figure with all the extensions available and some additional services, you could help to protect yourself. You could start by doing the usual in your browser (disable third-party cookies, install the Adblock Plus, NoScript and DoNotTrackMe extensions, etc.). Reduce your reliance on American companies and/or servers. Example: Since Google's going to be killing off Talk/XMPP support, I decided to look around for alternatives, and chose many XMPP servers to test and decide which one to use. I originally was interested in performance and was going to choose one closest to me, in my own country if possible (the United States). Now, I am almost 100% certain my primary XMPP account will *not* be on an American server, unless I happen to decide to try my hand at setting up and maintaining my own XMPP server.

And... services. Obviously Tor can work as in Incognito if you want to use that, but another option would be a VNC provider. Specifically, one that respects your privacy (ie. does not store any more log data than they need to operate), and possible more importantly--again--one that is not in the United States. I'm not sure of a good VNC provider, but I can say that it's pretty pathetic when you are forced to subscribe to and pay a foreign provider just to try to ensure your own privacy. But, well, it looks like the U.S. government has no end in sight when it comes to royally fucking up own economy.

And last... you run Windows? Mac? Might want to change your operating system. It's already been discovered that various U.S. government agencies have deals with Microsoft to learn about zero-day exploits before anyone else in the world... who knows what other deals they might have, or what other American companies also have deals. Definite possibility of backdoors as well.

The real problem is that PRISM works (from what I can understand) by splitting the signal in between, for example, Microsoft's or Google's servers and their respective ISPs (Steve Gibson brings some pretty good points in a recent episode of Security Now). This means they get *everything*, so if it's encrypted (https:// for example) the government *may* not be able to read the data itself as it's transferred for storage in their own top-secret storage rooms... but they can definitely look at the activity to find out what IP address communications are between at any given time (or... just ask the company running the servers who that user is).

You'll just call attention to yourself (4, Insightful)

evilsofa (947078) | about a year ago | (#44083527)

Doing what you prescribe will do the very thing that you are trying to avoid - get you on the NSA's list of people who are probably not American and must be up to something really interesting.

http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa [slashdot.org]

https://www .. (1)

dgharmon (2564621) | about a year ago | (#44083259)

Have you noticed that most sites have gone https:/// [https] only since a workable man-in-the-middle was devised ...

Re:No such thing (1)

b4dc0d3r (1268512) | about a year ago | (#44083363)

How does it raise the bar? The site is a binary download, which asserts that it takes my privacy seriously.

Can I download the source? Oh, sure, but between the Obfuscated C contest, Underhanded C, and compiler bugs/"quirks", can I really trust it?

I would prefer the recommendation of a privacy group, not Anonymous Coward. And for the record I would trust Linux and GCC if I were to compile from source. I wouldn't trust a binary from a random ass website.

Re: TAILS: invalid security certificate?!! (0)

Anonymous Coward | about a year ago | (#44083501)

I see, we're supposed to trust this bunch who offer no http services but only https via a certificate which is not valid for their domain, are we? They take security really, really seriously, do they? How, exactly? Doesn't that seem a tiny bit feeble? Some of the commenters here are praising this site but what I can see of it is not at all reassuring...

Re:No such thing (0)

Anonymous Coward | about a year ago | (#44083523)

This is how trusted computing works. Remember how that worked out?

Tor Browser Bundle (TBB) R/O system (5, Interesting)

Anonymous Coward | about a year ago | (#44083065)

A LiveCD with TBB:

https://www.torproject.org/ [torproject.org]

for LiveDVD/USB preconfigured not to leak try TAILS:

https://tails.boum.org/ [boum.org]

in both instances unplug your HDD(s) before use.

Re:Tor Browser Bundle (TBB) R/O system (2)

flyingfsck (986395) | about a year ago | (#44083463)

Tor is fine, except that most end points are likely run by the likes of the NSA and FBI...

Re:Tor Browser Bundle (TBB) R/O system (2)

Nutria (679911) | about a year ago | (#44083521)

most end points are likely run by the likes of the NSA and FBI...

Then why isn't the FBI rounding up scads of drug buyers and paedophiles on a daily basis?

Tin-foil Hat Boy says, "because they *are* drug pushers and paedophiles", but that's a stretch.

Lynx (5, Insightful)

Anonymous Coward | about a year ago | (#44083067)

Face it, who's going to bother writing anything to exploit flaws in lynx? It just isn't worth it.

Re:Lynx (4, Insightful)

stox (131684) | about a year ago | (#44083079)

Not only that, but it lacks the features to exploit. Which is actually an important point in security, to only have the features you need and nothing else. Less surface area to attack.

Re:Lynx (2)

kthreadd (1558445) | about a year ago | (#44083105)

Why not even go a step further and don't use the web at all?

Re:Lynx (0)

Anonymous Coward | about a year ago | (#44083507)

Shut up! Shut up! Shut up! Every time you go blabbing good ideas around, others will negate them! So shut the hell up, you idiot!

Helpful guidelines from EFF (5, Informative)

LoneHighway (1625681) | about a year ago | (#44083069)

The EFF has provided an up to date list of privacy-enabling tools in the age of Prism. http://prism-break.org/ [prism-break.org]

Re:Helpful guidelines from EFF (0, Troll)

Anonymous Coward | about a year ago | (#44083143)

Wow, i just looked through that list of recommendations. Anyone who claims wordpress is secure and that an iOS device is tracked and an Android device isn't tracked is foolish, every cellular device can be tracked regardless of the OS.

EFF is more and more sounding like the NRA

Re:Helpful guidelines from EFF (1)

Yvanhoe (564877) | about a year ago | (#44083229)

They recommend self-hosted worpress.

They put iOS and Android in the same "do not trust" column. The only difference is that for Android phones, they are able to recommend alternatives : Replicant and CyanogenMod. While not perfect, these are by far better alternatives.

Re: Helpful guidelines from EFF (-1)

Anonymous Coward | about a year ago | (#44083319)

Self-hosted wordpress does not make it any less secure, just read through all security bugs.

Re:Helpful guidelines from EFF (1)

jovius (974690) | about a year ago | (#44083283)

They don't claim the recommended options are necessarily more secure, but they are freer and more in your control. They can also be tinkered with by yourself (also to be more secure, if you wish), and the code is more available.

That's a great list, and the least what one can do is change from Google to some other default search engine. Some of those listed are actually proxies to Google so they use its engine while filtering out all unnecessary information.

Re:Helpful guidelines from EFF (0)

Anonymous Coward | about a year ago | (#44083145)

They mention Namecoin for DNS. It would be nice if people would start actively developing it again.

Re:Helpful guidelines from EFF (-1, Troll)

Osgeld (1900440) | about a year ago | (#44083379)

EFF is a joke, I fully expected that to ask for a 10$ donation to keep you the user, secure

Re:Helpful guidelines from EFF (0)

Anonymous Coward | about a year ago | (#44083459)

This is one of the dumber comments I've read on Slashdot

There is none (1)

Anonymous Coward | about a year ago | (#44083077)

They record where your traffic goes, not what's in it, they don't need to know the specifics, who you're talking to will tell them that. You can use encryption, and they'll still know who you're talking to. You can use Tor and they'll just record everything you send/receive before it enters the Tor network and if they're interested they'll put effort into decrypting it. You can use a vpn, but they'll just look at the traffic from both sides of the vpn making it pointless.

So really your best bet is to not communicate with any site that isn't 100% american, to never say anything bad about the powers that be regardless of truth and just totally forget your basic fundamental and 1st amendment right to free speech.

Re:There is none (1)

smash (1351) | about a year ago | (#44083103)

land of the free, home of the brave, etc.

Re:There is none (1)

Z00L00K (682162) | about a year ago | (#44083273)

You have two alternatives - either to not go online at all or spread your traffic randomly to confuse the matter.

w3m / lynx (4, Funny)

smash (1351) | about a year ago | (#44083091)

sacrifices may be required

Re:w3m / lynx (1)

AHuxley (892839) | about a year ago | (#44083327)

Lynx on the OpenBFS filesystem :)

actually it's pretty irrelevant (5, Insightful)

smash (1351) | about a year ago | (#44083099)

... the snooping is done on your ISP's backbone, and the browser you use makes little difference. Government level snooping is a whole different kettle of fish to bad companies stealing info from you via tracking cookies.

Re:actually it's pretty irrelevant (1)

SuricouRaven (1897204) | about a year ago | (#44083137)

You'll have to block the tracking cookies too, otherwise the government will just ask the companies for the information.

Re:actually it's pretty irrelevant (5, Insightful)

Anonymous Coward | about a year ago | (#44083433)

It's best to leak as little info as possible, so Firefox + NoScript.

What really should be done is making this Orwellian nightmare illegal. There is zero reason to wiretap EVERYBODY ALL THE TIME!

Free speech is one of the most important principles of the USA. And no privacy means no free speech. This dystopia is unconstitutional.

Chrome phones home with ID code (4, Interesting)

Anonymous Coward | about a year ago | (#44083305)

Except that Chrome phones home the first time you start it up to check for upgrades. This has the unfortunate 'effect' of informing Google of the browser ID at this IP address, and as a consequence it informs the NSA of the linkage of browser ID and IP address.

Post NSA, I try to avoid Google services. They try to grab data for themselves, but in the process grab it for the NSA, and if the choice is NSA+Google or no Google, then I go without Google.

I opt for Firefox with the 'check for updates' turned to manual checks.

It's a minor thing, but it helps in as much that the choice of browser can help (not much if you're in the USA, quite a bit if you're not and behind an ISP NAT).

Safebrowsing (1)

Anonymous Coward | about a year ago | (#44083127)

I won't enable Google's safebrowsing [google.com] in Firefox or Chrome even if this faq is for the Google Toolbar. With stock Firefox safebrowsing enabled, looking at the network traffic can see that every new site visited triggers a google api call with a long encoded data url.

12. What information is sent to Google when I enable the Enhanced Protection Feature?

When enabled, the entire URL of the site that you're visiting will be securely transmitted to Google for evaluation. In addition, a very condensed version of the page's content may be sent to compare similarities between authentic and forged pages. For example, if the condensed 'fingerprint' of the page you are visiting matches the 'fingerprint' of a popular bank's site but the page's URL is different, that's a good sign that the page you are on is designed to mislead users.

curl (0)

Anonymous Coward | about a year ago | (#44083147)

curl is pretty secure. Even in the hands of a novice, it can resist phishing attacks: you won't even figure out how to leak your data!

If you want true security, you really have to not transmit any information. This can be done by reading the web over someone's shoulder. This allows download only internet access, which has high security, but you must avoid transmitting information to your operator, and need to be wary of cameras.

An improved version of this is wiretapping: as long as you only copy someone's traffic, you can get lots of web content without disclosing anything about yourself. This is vulnerable to treasonous contractors though, so try and keep the work in-house.

hard to hide what sites you visit (5, Insightful)

Viking2054 (2919437) | about a year ago | (#44083163)

Considering that the internet transmits your public IP address in every header you send across the internet and also contains the IP address of the destination, there is no way for you to hide what sites you visit without going through a proxy server. As far as I know, Header information in every packet is plain text and there is no way to encrypt that because if it was encrypted then no router would be able to forward your packets onto the next step in its final destination. So your browser, e-mail program, or anything else that sends and receives data through the internet is going to leave a trail for the government to potentially record. It may not lead back to you specifically, but it will lead to someone in your household or in your neighborhood that is using your wi-fi for internet access, provided you haven't locked down your wi-fi. If you have locked down your wi-fi then the government can claim it was only you, someone in your household or someone you have given your wi-fi password to, which significantly lowers their potential suspects or targets.

If you send everything you do through a proxy server with a vpn connection to the proxy, then that has a very good chance of making you mostly anonymous. However, a warrant and the cooperation of the proxy service owner might make it possible for the government to still connect the dots back to you. Also, sending everything through a proxy server with all the non-routing information encrypted (via vpn) may actually lead to you being watched more closely then if you don't.

If what you are really after is encryption of the contents of what you see and do on the internet, your best bet is probably still a VPN through a proxy server. Especially since SSL and some of the other methods for encrypting data between two end points on the internet aren't as secure as they were once thought to be. I don't know of anyone that has come up with a replacement for SSL that has been adopted by very many content providers. And even if the web browsers may have adopted some new security encryption scheme, it won't be effective until most if not all content providers also adopt and implement it.

Sandbox the sucker... (0)

Anonymous Coward | about a year ago | (#44083169)

IE, Firefox, Chrome, and Safari are all decent browsers. However, all of them send to the server what fonts you have, which almost always is unique to a machine (EFF's panopticlick will show that to be the case pretty often.)

However, there are things to do to help with "supercookies". On Windows, I highly recommend running Sandboxie, and put the sandbox on a different volume than everything else. This way, any changes are redirected away from files, and when the browser is closed, anything it writes is gone. Of course, nothing is 100%.

If you want a better browser solution that takes some doing, there is always having a virtual machine on another box (so your machine doesn't have the CPU and I/O impact.) That way, malware could nail the VM client and possibly the server, but jumping through a terminal will be difficult. When done browsing, revert to a previous snapshot.

Of course, none of this is NSA-proof, but I look at what is more of a threat or privacy issue. Companies and behavioral targeting firms are far more of an issue to me than the NSA [1], as well as trying to isolate and block malware.

The most important thing, regardless of browser: Get an ad blocker. This is more important than even an antivirus utility because a lot of infections squirm their way through ad servers.

[1]: With SELinux and security guidelines, the NSA has actually helped things, so I really don't consider them something I need to worry about, as their data stays theirs, and doesn't wind up sold to all comers.

Re:Sandbox the sucker... (1)

flyingfsck (986395) | about a year ago | (#44083475)

"doesn't wind up sold to all comers" - Really? There is the Snowdon guy who has some NSA data for sale. Ever heard of him?

The only way to win is not to play at all (4, Insightful)

OzPeter (195038) | about a year ago | (#44083185)

So you fix your browser .. are you also going to fix your ISP, whoever they buy their feed from etc etc until you get all the way to the actual web server? And how do you know to trust them?

Or are you going to build your own internet ,. with hookers and blackjack?

Re:The only way to win is not to play at all (0)

Anonymous Coward | about a year ago | (#44083347)

It is even worse, now that is out what the british are doing:

Even if you fix your own ISP, even if are your own ISP, they'll !still! intercept your communication at where the big cables come and go. Everything that touches GB, US, Canada or Australia in !any! way is to be considered compromised.

The browsers! (4, Funny)

fustakrakich (1673220) | about a year ago | (#44083187)

They do nothing!

A stolen one... (2)

Bob_Who (926234) | about a year ago | (#44083199)

Identity theft assures your privacy, so to speak. However, that would be illegal. Good thing they're looking for authentic criminals.

It's a political problem.. (2)

Johann Lau (1040920) | about a year ago | (#44083207)

.. that can only be solved politically. If you want peace of mind, prepare for decades of serious struggle, and learn to be okay with that.

If your ISP and the websites you use hand over everything, if things gets collected at packet level wholesale; what does it even matter what browser you use? It doesn't, not one bit.

Re:It's a political problem.. (0)

Johann Lau (1040920) | about a year ago | (#44083249)

That said, while it's slightly off-topic, maybe this can be useful to some:

http://prism-break.org/ [prism-break.org]

proxy your browser's traffic through Tor (0)

Anonymous Coward | about a year ago | (#44083233)

I use Firefox with the FoxyProxy plugin to proxy certain sites through Tor.

security for dummies (1)

WeeBit (961530) | about a year ago | (#44083237)

In all honesty I don't know whom to believe anymore when it comes to security one day you are secure and the next day you're not. Either way you be-damned. Your not secure even when you are secure so just pick a browser and enjoy the ride. Your mileage will vary.

None of them (5, Insightful)

timmyf2371 (586051) | about a year ago | (#44083241)

None of the browsers will protect you from surveillance.

Work on the basis that your ISP is compromised and that the web services you use have shared their databases with Government agencies. When you consider this, changing your browser is going to have little to no impact.

I think the only way you can really be secure from surveillance is to use the tor browser and only use web services which can't trace you. So, no Google, Apple, social networking or any of the cool stuff we take for granted these days.

Re:None of them (2)

cheros (223479) | about a year ago | (#44083465)

The OP is right insofar that a browser is only one part of the chain of events that ties an identity (and associated habits) to you. Even when you use something Firefox or Opera in so-called "private" mode, your traffic still originates from the same point, creating a common item between things that happen (and BTW, you should set your browser to be something else than the default "OS + browser ID").

The expensive way to address that is to route your traffic via some privacy proxy. The expensive way to do this (used by most VIPs and privacy conscious celebrities) is to use specialist companies which map this traffic via VPNs to any part of the planet. The cheap way to do this is by using Tor, but it would be decent of you to then keep your Internet use as much as possible to text as other people are paying.

Failure of Premise (5, Interesting)

mrbene (1380531) | about a year ago | (#44083277)

OP says "what browser should I use" I automatically add "for the Facebooks".

Here's the low-down:

  1. If you install any software, it can identify your machine uniquely. This goes for apps, doubly.
  2. If you use an ISP without TOR or other proxy, your ISP knows exactly what sites you're going to.
  3. Even if you use obfuscation techniques (TOR, other proxy), the exit node knows where you're going. TOR is designed to prevent the exit node from knowing where you entered from, but this fails if you send unencrypted identifying data across the wire.
  4. Additionally, using TOR obfuscates your country of origin, thereby giving NSA the freedom to retain your activity indefinitely.
  5. If you authenticate anywhere, you've provided that party (and the NSA) with a unique ID for yourself.
  6. If you authenticate and also provide actual information about yourself, a link to your physical self can be made. Remember, there's an 87% chance that your DOB, ZIP, and Gender [blogspot.com] are a unique combination. And if it isn't unique, you probably only share these with one or two other people.

That's just off the top of my head. The software you use to disclose the information isn't the problem - you are.

You're worrying about the wrong surveillance (1)

Anonymous Coward | about a year ago | (#44083285)

I don't like being surveilled by the NSA, but at least they theoretically work for me (as a US citizen). Far worse is corporate tracking through ad and analytics beacons, and other behind the scenes data sharing. Lynx is the only browser with any hope of avoiding that, since it doesn't pull any 3rd party content when you browse a page.

Re:You're worrying about the wrong surveillance (1)

Fruit (31966) | about a year ago | (#44083359)

Neither does Firefox if you install the RequestPolicy plugin. Highly recommended.

Re:You're worrying about the wrong surveillance (1)

flyingfsck (986395) | about a year ago | (#44083525)

...or Gostery

wget (2, Interesting)

Anonymous Coward | about a year ago | (#44083289)

wget -m -k -K -E -l 1000 -t 3 -w 1 http://www.website.com/

Then after waiting a while (ok, maybe a long while), open the page/articles you *really* wanted to read in a text editor. Sure, the NSA might know which *site* you visited through normal spying means, but they'll never figure out which *page* you were really after.

Of course, they might think you read all the pages, and spend a few million dollars of taxpayer money trying to determine whether it's possible for someone to read 1 page per second and whether that implies terrorist connections, but they're clearly already misusing your tax dollars so you shouldn't really care if they misuse some more.

Re:wget (2)

flyingfsck (986395) | about a year ago | (#44083541)

Hmm, I think that you are onto something. One could make an obfuscating browser that sends out page requests to random sites to keep the network link full and defeat NSA traffic analysis. It should also log into sites like Slashdot, Al Jazeera and Facebook and post random comments...

Don't Bet On It (2)

b4upoo (166390) | about a year ago | (#44083301)

You can bet that any browser worth its salt has had agents involved in its creation whether or not the people who built the product were aware of it at all. You can also bet that encryption products whether free or commercial often have back doors or keys built in. That is the very essence of intelligence gathering. Do not assume that physical or software products are free of snooping abilities.
                I suppose your best chance might be a browser that was never popular or used by many people at all.
                Think back a few years and recall the tunnel that we put under the Berlin Wall in order to tie into a major Soviet phone trunk line. We intercepted phone calls for years from that tunnel. If we could do that about 1968 or 1970 just imagine what could be done today. DARPA was the motive force behind the creation of the net. DARPA more than any other entity would have great reason to spy on communications. This is not a new issue.

Discovery (0, Troll)

Osgeld (1900440) | about a year ago | (#44083307)

gee, must be getting old, but I remember rumors of the NSA monitoring your phone calls via computer since I was a little kid in the 80's

now its a discovery that sending the equivalent of a post card though the mail might be read!

OMFG! worlds shattered for the ignorant blissful youth, least you weren't murdered on your college campus by the national guard like your grandparents, you arrogant little turds

I mean for fucks sake, no god damned shit, you send plain text whizzing around the world and blindly accept that no one would ever read it based on unicorn farts and wishes tossed into a fountain, and NOW that you have acted like little asshat turds are you worried that people you never intended to see it, actually see it cause its the story of the month on babble TV

  time to wake up and live in the real world childern, the padded corners and poofy bumpers are long gone

Re:Discovery (1)

Anonymous Coward | about a year ago | (#44083357)

You are very rude and vulgar.

Re:Discovery (1)

Osgeld (1900440) | about a year ago | (#44083383)

dont piss yourself after being exposed to the real world there sonny

pointless? (1)

Junior J. Junior III (192702) | about a year ago | (#44083405)

When data collection occurs on the server side, and the network protocol is mostly happening in cleartext, what good is having a "secure" browser?

Re:pointless? (0)

Anonymous Coward | about a year ago | (#44083431)

only cleartext you say? how about they also have all the CA's private keys.

The only hoops to jump through are the plausible deniability ones, such as we found a collision attack in your incorrect Terminal Server certificate so now we can sign all our code...

Don't worry guy! (0)

Anonymous Coward | about a year ago | (#44083415)

I'm sure as long as you use one of the OS's secured by the NSA you'll be fine...

http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development
http://news.softpedia.com/news/NSA-Has-Legitimate-Code-Running-in-Linux-Kernel-and-Android-361289.shtml

Entertainment with one day of hard work. (-1, Offtopic)

mariopjckmen (2960103) | about a year ago | (#44083445)

Online gaming sites are really great place for game lovers to get all kind of games which they would like to play. Spider Solitaire also a one very famous game on internet to download and play with getting a fun. http://www.y8kizi.com/ [y8kizi.com]

Your Mom already knows your watching porn (0)

Anonymous Coward | about a year ago | (#44083469)

What else are you hiding that isn't already SSL encrypted? You should be asking for more secure plugins for your "ultra secure" browser.

Vote for an EFF congressmen/women ! (0)

Anonymous Coward | about a year ago | (#44083529)

What about passing a law that makes backdoors illegal and give congress power to enforce the law ?
Make software companies liable for backdoors ?
Make backdoors just as illegal as home-made nukes ?

Living in a democracy with power given to the lawmakers to ensure we have a respected private life ?
Is it already too late ?

whats the point? (1)

bloodhawk (813939) | about a year ago | (#44083547)

If you are concerned about the NSA then their is no secure browser as the browser is only as secure as the ISP's and content providers you are accessing and given what the US Government is demanding they share that means no browser is secure.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...