Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please suggest newsletter topics.

Less than a generation ago, before the world wide web became globally popular, before smart phones existed, the most widely used apps on a computer probably were a word processor and spreadsheet. Today the most widely used app is, by far, a web browser.

Data mining, tracking, and privacy intrusions are now the norm rather than the exception. Much of this possible because of the web browser. A big challenge today is avoiding this behavior. Choosing a trustworthy web browser is a good start.

There are many ways to track users through web browsers. Common tracking mechanisms include traditional web browser cookies, DOM cookies, Flash cookies, Java, JavaScript, Flash, Silverlight, drive-by downloads, web bugs, ads, referrer headers, finger printing, and browser hijackers.

The trustworthiness of many web browsers today are questionable because the source code is proprietary. With a closed source development model nobody can study the code to know what tracking takes place or whether back doors are used.

Software released as free and open source is easier to study and inspect.

Many users are familiar with Microsoft Internet Explorer. Early versions were notoriously horrible with security. Security is improved with more recent versions but the question of trustworthiness remains. Internet Explorer is a closed proprietary web browser — from the people who designed Windows 10.

The newer Microsoft Edge web browser is touted as being safer and more secure. Yet this web browser is part of Windows 10, an operating system designed to snoop and track users. Edge is a part of that snooping and tracking design.

Google Chrome is not fully free and open source. Important components of the software code are closed and proprietary. The Google folks are forerunners and masters in the data mining and tracking business. Despite various browser security designs, whether Chrome is trustworthy is debatable. For people who use other Google products and services, the question probably is irrelevant. For other users the question remains difficult to answer.

A version of Chrome without the questionable components is called Chromium. Some people call Chromium, “Chrome without the spyware.”

While not a Google product or service, the Chromium project is maintained and controlled by the Google folks. The Google folks do not make downloading and installing Chromium easy, instead only promoting Chrome. For Windows users there is only one place to download and install Chromium. Whether that specific Windows Chromium package is trustworthy is unknown. Linux users can obtain trustworthy copies of Chromium through their distro repositories. Because of the proprietary components, the differences in the web browsing experience between Chrome and Chromium are sufficient to discourage some people from using Chromium.

While additional web browsers exist, many are proprietary to one degree or another and face the same trustworthiness question.

Two web browsers that are both fully open source and trustworthy are Mozilla Firefox and Mozilla SeaMonkey.

Both Mozilla web browsers have roots in the original Netscape web browser suite called Netscape Communicator. Communicator included a web browser, email client, newsgroup client, instant messenger, address book, and HTML editor. The web browser component was available separately as Netscape Navigator, which had been available for several years before Communicator. In terms of usage share, in the 1990s Navigator was the most widely used web browser.

In 1998 the Netscape folks formed the Mozilla Organization, under which future development would continue. The source code was publicly released as free and open source.

The Mozilla Organization later became The Mozilla Foundation, which is a non-profit entity that was formed in 2003.

Early after the release of the Netscape source code, the web browser suite was renamed to Mozilla.

Some developers wanted a reduced footprint and split the web browser component into a separate project. Development continued under the name Phoenix, later Firebird, then finally Firefox.

The first official Firefox 1.0 version was released in 2004.

The Firefox logo is the red panda.

During those early days of development, the email component of the suite was split into a separate project named Minotaur. After the initial success of Firefox, the Minotaur project was revived as Mozilla Thunderbird.

The full Mozilla suite was renamed to SeaMonkey. While today the Mozilla Foundation folks provide infrastructure support for SeaMonkey, all development is through community participation. Development for Firefox and Thunderbird is officially sponsored through the Mozilla Foundation.

Development today is active for all three projects, Firefox, SeaMonkey, and Thunderbird.

With online security and privacy being more important today than ever before, choosing a well designed web browser is paramount to protecting privacy and promoting security. Firefox is a reasonable choice.

Firefox is available in two versions. The regular release is provided through a rapid release development model. New versions of Firefox are released approximately every six weeks.

The other version is called the Extended Support Release (ESR). This version does not receive rapid development changes like the rapid release version but receives critical security patches. Security patches for the ESR version are released at least monthly. A new ESR version is available every 8 to 10 months.

The rapid release version tends to be more suitable for the technically savvy and technology enthusiasts. The ESR version is more palatable for non technical users and those who do not like the frequent update schedule, such as business and enterprise users.

The default Firefox provides provides many security and privacy features. Many are enabled as the default, although not all. Some nominal sweat equity is required to further configure Firefox.

Firefox provides a graphical user interface (GUI) for many options and features, yet most are considered “hidden” features. Changing these options is easy. There are tens of thousands of online articles addressing most of these options.

Additional privacy and security support is available through add-ons, often called extensions.

Exploiting web browser security and privacy are found in two significant components: plugins and JavaScript.

Web browser plugins should not be confused with web browser add-ons. Typically an add-on, or extension, is something that adds to or extends the functionality of the web browser but is native to the browser. A plugin usually refers to a third party tool that hooks into the browser but is not native to the browser.

Web browser plugins include Adobe Flash Player, Silverlight, PDF viewers, certain audio players, and Java — for running Java applets. Java should not be confused with JavaScript — they are two different programming languages.

Most browser plugins have a history of being poorly designed for security. For example, several potential exploits are discovered every month for both Flash and Java. Not installing plugins is one way of reducing potential security exploits.

Controlling JavaScript is more challenging but possible for those who are willing.

Controlling potential security exploits is only the beginning of the journey with web browsers. Controlling the flood of data mining and tracking is important too. There are many ways web site developers track visitors.

Firefox is a good choice for controlling these elements of web browsing. More to follow.

Technical tip: Security is an afterthought or non existent with many computer based products. The chances are high for many network-enabled devices to get infected with malware. Learn how to perform a device factory reset. Do not buy such devices unless the vendor provides reset instructions. Learn to segregate these untrustworthy devices from other devices on your network using a router.

Family time: How many eyelids do camels have? Think you know? Search the web.

Next issue: Firefox Security and Privacy – Part 1

Ow!
Video

• Author
• Recent Posts

Backwoods Geek

Backwoods Geek wrote his first computer program in 1977. He started using desktop computers in 1982 to write training and job aids. These days his home includes routers, switches, computers, a home theater PC, a laptop, and bluetooth phones. His professional career includes instrumentation and controls, computers, industrial training, technical writing, and teaching computer classes. Pastimes include sitting on the front porch, observing wildlife, cutting firewood, reading, watching movies, and tinkering with computers. He is uncomfortable around morning people until afternoon, likes dry and off-the-wall humor, and usually tells jokes with a straight face. He is a believer in the old adage that, "No matter where you go, there you are."

Latest posts by Backwoods Geek (see all)

• Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
• Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
• VPNFilter Router Malware (Notice 2018-007) - May 30, 2018