[GUIDE] Configure Chrome for Privacy and Security

Discussion in 'other software & services' started by Hungry Man, Feb 6, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Just some tips to keep things secure and private. I use Chrome Canary, which is v18 and includes the PPAPI Flash plugin. I don't know if other versions include it. I would suggest that if you want a separate private Chrome that you consider Canary*, since it is a separate installation and will not share about:flags preferences. You can also try Chrome portable:
    http://portableapps.com/apps/internet/google_chrome_portable

    *Canary is "bleeding edge" Chrome - it is not always stable. Sometimes it flat out won't work for a day or two. It may be preferable to just use a portable version.

    Using Tor with Chrome

    http://lifehacker.com/5614732/create-a-tor-button-in-chrome-for-on demand-anonymous-browsing



    Disable anything that may "leak" information (recommended if you use TOR):
    underhood.png

    Block 3rd Party Cookies and set plugins to "Click to Play" (Not shown: Block tracking of physical location):

    contentsettings.png


    Some privacy/ security oriented extensions:
    Untitled.png

    Links for those extensions:

    Adblock Plus:
    https://adblockplus.org/en/development-builds#installation

    Adblock Plus Beta/ Experimental use the WebRequestAPI to block ads within plugins. It also provides Do Not Track functionality.

    PasswordFail Extension:
    https://chrome.google.com/webstore/detail/ockgeenjbijlgilppfieaklfopnbdpge

    PasswordFail informs you when a site uses weak or no encryption when you're entering your password.

    KB SSL Enforcer:
    https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof

    KBSSL Enforcer is an attempt at "HTTPS Everywhere" for Chrome.

    Proxy Switchy!
    https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj

    Allows switching proxies - this is how you get your TorButton working.

    TrafficLight
    https://chrome.google.com/webstore/detail/cfnpidifppmenkapgihekkeednfoenal

    BitDefender's tool that informs about tracking on pages and blocks malicious content.

    View Thru
    https://chrome.google.com/webstore/detail/jkncfnbcgbclefkbknfdbngiegdppgdd

    View Thru shows shortened urls as their full counterpart.

    ScriptNo Experimental
    https://code.google.com/p/scriptno/downloads/list

    Allows referrer/domain spoofing, browser spoofing, blocking unwanted content, blocking social widgets, blocking tracking, and of course blocking various scripts/tags.


    Miscellaneous:
    You can disable WebGL in about:flags.
    Canary users can use the PPAPI Flash, which is more secure than the NPAPI version.


    about:flags

    Disable HTML5 interactive form validation Mac, Windows, Linux, Chrome OS
    Disable showing validation messages and preventing form submission.
    Enable


    Disable hyperlink auditing Mac, Windows, Linux, Chrome OS
    Disable sending hyperlink auditing pings.

    Did I miss anything?
     
    Last edited: Feb 10, 2012
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Nice guide, haven't seen some of those extensions before.
     
  3. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    Thanks for the guide. Are there any ramifications to running extensions in incognito mode?
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes. If you run an extension in incognito it will have access to your incognito tabs/ whatever the sandbox allows it to.

    So if Adblock plus need "Acess to all data on all webpages" it can now access that in incognito. If an extension is compromised or is malicious and you allow it to run incognito it will be able to see what you're doing.
     
  5. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    OK, thanks. Sometimes the obvious escapes me.
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I hadn't heard of Canary Chrome. Thanks for the heads up. What are "about:flags preferences"?
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Type "about:flags" into the chrome URL bar and it will show some experimental features.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I'm not sure that I understand why you have all of these unchecked? Prediction services etc...
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because they're communicating with Google. Normally I have no issue with that - they provide a great service. If you're using something like TOR you want to limit any communications with any service to avoid data leaking.

    As I said
    There are also privacy implications in general with these services - that's why Google has listed them in the "Privacy" section.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for explaining that. And thanks for recommending Canary. I just downloaded it. Is there a portable version of it that you recommend?
     
  11. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,149
    great guide Hungry Man

    my chorme doesn't want to install TrafficLight , is there a component that could be incompatible with it?

    by the way , it's off topic is there a PasswordFail Extension for firefox
    i use both

    thanks for the guide
    cheers
     
  12. tlu

    tlu Guest

    It's explained here:
    Thus, Canary can be rather problematic whereas Dev has undergone at least some testing. I'd prefer the latter.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Canary is definitely not as stable as developer. The reason I would suggest it is purely because it allows a separate install.

    In retrospect I think a portable version would actually be the superior option so I will link to that in the first post.
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What version of chrome? What error comes up?
     
  15. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Well all cookies should be cleared once the browser is closed + no 3rd party cookies can be set.
     
  17. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    No..not all, for example not for wilder's or other forums, other wise you would have to login again. :)
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    True. Just the third party ones I suppose.
     
  19. guest

    guest Guest

    Can't you make a whitelist of cookies that should last for more than a single browser session? That's what I do in Firefox (with the help of "Cookie Whitelist, With Buttons" extension).
     
  20. guest

    guest Guest

    Wise decision. I have a Chrome Portable here that I sometimes "play" with. It's the Dev build:

    From: http://portableapps.com/apps/internet/google_chrome_portable

    Download Google Chrome 18.0.1025.7 Dev
    for Windows, Multilingual
    1+24MB download / 76MB installed
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, you can whitelist.
     
  22. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    I thought it was impossible to whitelist cookies in chrome. I use vanilla for keep some cookies and i've configured chrome for deleting all cookies at close (vanilla protect which i choose to keep)

    EDIT : cookies is really better than vanilla !
    But what's the advantage of encrypted storage ? It protects from a cookie stealing ?
     
    Last edited: Feb 12, 2012
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If your cookie is encrypted it can't be spoofed by things like FireSheep to gain access to accounts or information.

    You can whitelist cookies - I don't have access to windows right now or I'd explain.
     
  24. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Do you use it ? Or other ?
    I don't understand how to access to options panel for the extension cookies.
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Under The Hood -> Content Settings -> Manage Exceptions

    You can then whitelist and blacklist.
     
Loading...
Thread Status:
Not open for further replies.