Ask HN: How do you remain secure while surfing the web

Step one: figure out the difference between security and privacy.

1. Don't automatically click on short links. There are plenty of url expanders online that you can copy & paste the link into that will tell you where the link goes. 2. Be very carefully clicking on links you don't already trust. That doesn't mean they are all malicious, most aren't. Just use your judgement. 3. Use https whenever possible. Things like banking sites & anything your are entering your banking info into or social security number etc; should always use https, no exceptions. Otherwise it's possible for hackers to monitor your traffic & steal your info. Look for the "https everywhere" extension. It's available on Chrome & Firefox & maybe others. 4. Watch the end of the url (the .com, .org, etc;). They're called Top level domains (TLDs for short). Government sites will always end in .gov, Military is .mil .org is generally organizations, .biz is for businesses .com or .net can be pretty much anything else. Two letter TLDs are generally for countries, .us is The US for example. There are also special ones like .bike for bike shops. There used to be a whitehouse(.com) that targeted people who didn't realize it should be .gov & when they clicked on it, they were redirected to a bunch of malicious sites that downloaded & installed malware without their knowledge. 5. If possible avoid using sites like banking sites in coffee shops/restaurants or anywhere else where you don't know you can trust the wifi connection like at home. Hackers sometimes create fake (but working) wifi networks hoping people will connect to them thinking they are the one setup by the business & when people connect them they can see everything users do & steal any data they send like login info for websites they visit. If you must use them there at least use something like tor to hide & secure your traffic from potential hackers.

When I care, at home, I use a VPN (Private Internet Access), and I also use BRAVE browser.<p>At work we use a tool call SILO. It enables fully anonymous browsing. It is like a VPN but it runs a virtual computer somewhere else, and sends you the images. When your session ends it throws the virtual PC away. So any bad stuff is gone.

It depends on what your threat model is and what your technical skills are, but here are some basics:<p>Fundamentals:<p>* If you are a Windows user, stop using an administrative account and set up a low priv user account for day to day work.<p>* Update your software, OS, router, etc<p>* Use a password manager (Bitwarden, LastPass, Dashlane, KeypassXC, 1Password, etc) and employ long and unique passwords on every site<p>* Employ the strongest 2FA available whenever possible<p>* Use a full tunnel VPN when you are on a network you don&#x27;t control (an algo setup with a cloud provider, built in openvpn appliance on your router, custom setup, commercial offering from a reasonable provider like ProtonVPN or Mullvad, your school &#x2F; workplace&#x27;s VPN depending on what you are doing, etc). Better yet, avoid networks you don&#x27;t control when possible.<p>* Use an adblocking extension such as ublock origin<p>* Set your browser to clear browsing data when you close it<p>* Set up a preference for HTTPS in Firefox or use the https everywhere extension<p>* Use DNS over HTTPS which is now built in to firefox<p>* Treat random communications as hostile. Did you get a crazy employment offer that is too good to be true? Does your long lost cousin want you to help them launder money? Are there hot girls or boys in your neighborhood looking to chat with you? Its a scam.<p>More advanced:<p>* Disable macros in office &#x2F; your PDF reader<p>* Set up script blocking with umatrix, ublock origin, or no script. Check out thehatedone on youtube for tutorials. privacytools.io is another good resource.<p>* Set up a VM for handling links and attachments. Configure a linux VM, update it, and snapshot it. Whenever you receive a link to a site you are not familiar with, a shortened link, or an email attachment, open them within the VM. If the link or attachment is malicious and code is executed, any payload executed will be constrained to the VM and likely will not be able to break out of the VM and harm your actual host OS. Additionally, many malicious payloads won&#x27;t execute at all if they detect that they are operating in a virtual environment (to try to thwart reverse engineering or analysis by defensive products). After you deal with the attachment or link, revert to the VM snapshot (thus unwinding any changes made since the snapshot) and you will end up with a clean safe state again.<p>* Open attachments in Google Drive if you don&#x27;t want to deal with a VM. Any payloads present will be executed on Google&#x27;s servers rather than your box.<p>* If you are running linux, set up apparmor for your browser of choice. Start with the default policies (aa-profiles) and modify to fit your setup.<p>* When in doubt, check certs. Major corps are probably not getting certs from lets encrypt.

Update your hosts file with something like this <a href="https:&#x2F;&#x2F;github.com&#x2F;StevenBlack&#x2F;hosts" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;StevenBlack&#x2F;hosts</a>