The Web browser is the primary portal through which the vast majority of connected users access and interact with the Internet. Each browser has its own security and privacy settings and those settings have an enormous impact on the nature of the relationship between users’ data and the services they encounter online. Google’s Chrome browser has extensive, easy to navigate privacy settings that let users manage everything from digital certificates to location tracking to “Do Not Track” requests.

In the latest installment of Threatpost’s occasional how-to video series, we look into the ways we can manage Google Chrome privacy settings and security while navigating the web in the Chrome browser.

Sometimes these videos are more crisp on Youtube than on Threatpost, so if you’re having any trouble making everything out clearly, you can also view the Chrome Browser Privacy Settings video here on our Youtube page.

Categories: Cloud Security, Privacy, Videos, Web Security

Comments (6)

  1. Brian Donohue
    1

     

    Here is the video transcript if anyone is interested in following along with the video in print:

    It’s been a little while since the last installment of Threatpost’s How-to series. Today we’re going to end the hiatus ambitiously, with a video about security and privacy in Google’s Chrome browser.

    There is a lot going on in the Chrome settings page, which you can find by clicking on the three parallel, horizontal lines in the very top right of the Chrome browser, but we like to keep these videos under five minutes, so we are going to try to focus on the important stuff, almost all of which is hidden behind little blue letters that read ‘Show advanced settings.’

    We’ll start with the privacy settings. As is (sort of) noted on ‘Chrome’s privacy settings’ page, any services that “enhance your browsing,” do so by using your information, therefore the privacy-wary among us will want to uncheck each of the boxes here that DOESN’T read “Send a ‘Do Not Track’ request with your browsing traffic.” If you’re security conscious as well as privacy conscious, then you will also want to check the box that reads “Enable phishing and malware protection.” You‘ll obviously want to enable ‘Do Not Track,’ which uses an HTTP header to inform advertising and social networks and other would-be trackers that the user whose traffic they are receiving has requested that they not be tracked online.

    Next we will dive into the content settings. Google recommends allowing that local data be set (presumably for performance-related reasons), but the most private option is to block all sites from setting any data. We also recommend “Block[ing] third-party cookies and site data.” We have certainly read malware analyses here at Threatpost detailing attacks that hide their payload inside images, so opting “not to show any images” is the most secure (albeit slightly extreme) choice. The “handlers” section gets a little wonky for this video series, so we’ll skip it, but it is probably best to run your plug-ins on a click-to-play basis, pop-ups should be disallowed in every circumstance, you should either not allow location tracking, desktop notifications, mouse disabling, and microphone or camera access altogether or, at the very least, set it so that Chrome asks for permission when a site wants to take those actions or manipulate that hardware. You DEFINITELY want to make it so that a sites ask when they want to have unsandboxed access to your computer. The sandbox is a security mechanism that acts as a sort of virtual environment, separate from your personal computer, and in which Chrome can safely run third-party code and programs as you browse without the risk of infecting your computer.

    As a general rule, you want to clear your browser data as often as reasonably possible, if for no other reason, then to make it so your browsing history isn’t accessible to anyone who logs on your computer at any old time.

    Another general rule: if it’s convenient then it probably isn’t secure. So, if you want to be serious, saved passwords and auto fill are a no-no. Plus, as you can see, if you store passwords in chrome, anyone with access to your computer can see those passwords IN PLAIN TEXT in your settings.

    Other quick things you’ll want to consider include encrypting synced data (if you want access to your chrome apps and plugins on multiple devices), establishing a separate encryption passphrase to unlock that data on other devices, and always keeping an eye out for questionable certificates and disabling them on your own (don’t wait for Google) if you know a certain certificate or root cert has been compromised. Most malware is signed with a self-signed or stolen certificate; if you’re not sure, don’t allow it.

    As I said earlier, there is just too much security- and privacy-related stuff going on in the Chrome browser for us to cover it all in a few minutes. However, if you are interested in getting into it, Chrome’s fairly manageable privacy settings page is probably a good place to start.

  2. Anonymous
    2

    This warning is too small to read even on a giant screen.   The voice goes so fast, rattling through everything that one cannot hope to remember it.  What you need to provide is sheets of instructions that one can print off and hold in hand while making these adjustments to Chrome.  Please keep in mind that not everyone is a computer whiz kid.  However I do have two college degrees so I am not a dummy.  The master’s degree is in Educational Communications so I am educated enough to tell you that you are falling down in the communications function.

  3. Anonymous
    4

    What is Srware Iron.  I’m really not that good at understanding all of the security stuff.  My son however has an assioates in Information technology systems, but he is not always available to help me.  

     

    My facebook acct was hacked by a former neighbor girls that were always in trouble with the law. So they also have my cell # and keep calling me using the unavailable feature should I inform the police dept since they where tenants and not owners and do I need to change all my passwords to be on the safe side. I have only hanged my facebook password so far.  Any thought and suggestions would be greatly appreciated.

    Thanks for your help!

    Nancy

  4. Brian Donohue
    5

    I will post the transcript of the video in the comments section so you can reference that if you’d like.

    Moving forward we will try to move more slowly through the steps and link to a written guide when possible.

    Thanks for the feedback.

Comments are closed.