...the act of using a web browser safely and smartly

Welcome! I'm Jon Fedor and this is InCyber Regular, edition four. We talk about cyber security issues and awareness for smaller enterprises and the cyber-curious.

In today's edition: Browsering, the state of our inputs (proaction vs reaction), and moving from risk to risk-averse.

What's the guidance on browsers anyway?

We all use them. We all need them. That means trouble. Trouble in the sense that we all have a common attack point: what browser does X-person use? Great. We'll crack it.

Browser security gets pretty complicated. There's a great Darknet Diaries episode about legit hacking competitions focused on writing browser exploits to get remote code execution.

But not to worry. Basic browser hygiene breaks down to:

1. Handling cookies and other tracking data (how u get trakd)
2. Device or browser fingerprinting (the pattern of how you use your device can be used to identify who you are)
3. Enforced plug-in security (be *very* wary of what plugins you install)
4. Forcing https for websites (which most modern browsers do)
5. Browsing in private or incognito mode

These are the highlights of what to look for.

Other interesting facts:

1. 60%+ of all internet traffic goes through Google's Chrome browser and *whoa* are they collecting data on your usage
2. The Electronic Frontier Foundation published an excellent tool you can use to check your browser hygiene including whether your browser / device has a unique fingerprint

So. What can you do? Is it hopeless? Are we doomed? Keep reading for answers...

But first here's a thought

Ever think about how most of your inputs are reactive? Thinking about social media posts, the news, notifications, (omg Kim and Kanye divorced?), even texts and phone calls are primarily focused on:

this thing happened and it's causing these results. Past tense.

That's true in security as well. But in security it's particularly bad for the majority of inputs to be reactive.

The gold standard is proactivity.

How do you get back on the gold standard (little FDR joke there...)?

Use a unique password for every single account you have or create in the future.

From risk to risk-averse

There are a number of steps you can take.

1. Educate yourself

• Read this from Krebs: On browser extensions as botnet backdoors.
• Know what risks you're going to accept.
• Follow these three rules for online safety.

2. Take action

• The Protonmail organization recommends switching browsers; use Brave or Firefox.
• Browse in private mode.
• Don't install something you didn't go looking for in the first place
• Get a quick report on whether or not your browser fingerprint is unique and trackable even if you use ad-blockers. Gosh, I love EFF.
• Stop. Reusing. The same. Password(s).

3. Tell your friends

Sharing is caring.

Thanks!

If you enjoyed this or learned something or want to rake me over the coals, feel free to forward this email. Or pass along the link to sign up for InCyber Regular.

If you didn't enjoy this, let me know how I can make this weekly resource better. And I will.

Have a good'un, Good Lookin'.