Back to Blog Posts Home

My Web Browser setup

Written on 28/07/21

As you might have seen in my introduction blog post, I mentioned that I am an Online Privacy Enthusiast. I don’t want some mighty corporation, or a government whose decisions I don’t agree with, or some rando cyber-criminal to have access to what I do online. Corporations want to shove ‘personalized’ advertisements down my throat, governments agents want to have promotion in their jobs by arresting innocent citizens, and cyber-criminals just want to settle an old grudge.

Online Privacy starts from your web browser, the piece of software which enables you to access various websites. Most people only use a Web Browser on their computers these days, whether it is an actual web browser, or a slimmed-down web browser disguising a website as a desktop application…

Unfortunately, the web has been largely took over by the ‘Big Tech’ who want to earn money at all costs. The World Wide Web, which was earlier simple and encouraged individuals to have their own piece of land on the internet, now is a highly centralized, complex, resource-intensive, non-private piece of garbage. As a reason, I can’t recommend a newcomer to technology the World Wide Web. There has been attempts for a better internet, like Gopher any the newer Gemini. Though, these attempts never took off as well as the WWW.

What needs to be done then?

The best option currently (until alternative internet projects become popular) is to fix the internet on your machine. It can be done with web browser addons, like adblockers, content blockers, hosts files, VPNs, Tor, etc. In this article, I’ll tell you about my setup to access the internet.

Web Browser

As I said, Online Privacy starts from your web browser. That’s why, you need a good web browser. I personally keep four browsers:

  1. Firefox Web Browser: The MOST customizable web browser, period. While there are some weird things going on with Mozilla, the non-profit behind the browser, which as a foundation focusing on software development shouldn’t be caring about, I don’t mind it and keep using Firefox. I use two profiles in it, with two different user.js. A user.js is basically a configuration file for Firefox. A user.js goes into your Firefox profile directory. If you’re on GNU/Linux, it is in $HOME/.mozilla/firefox/*****.<profilename>/. My user.js’s are:

I also use Enterprise Policies, which are given for enterprises using Firefox. The policies are typically stored in /usr/lib/firefox/distribution/policies.json. My Policies disable app update (not required when using a package manager), FF Accounts, Pocket, EME, Telemetry, DNSOverHTTPS, Default Browser Checking, Network Prediction, Auto-downloads, Search Suggestions, Captive Portal and Firefox Studies.

  1. Brave Web Browser: A backup browser. Earlier it was ungoogled-chromium, but I left it due to it not having proper updates in the Debian repository, and Brave having better Fingerprinting Protection, and has a built-in adblocker which is not dependent on the soon-to-be-removed adblocking functionalities of Google Chromium. I don’t use their crypto-bait Brave Rewards, and disable several tracking domains which Brave connects to automatically on startup using the hosts files.

  2. Tor Browser: A browser which I use for running JavaScript on random websites, due to it being the gold standard of privacy and security on the World Wide Web. If it wasn’t painfully slow, I would use it instead of having a hardened Firefox profile.

  3. links: The browser I use for websites which don’t require either CSS or JS, and which I am not logged into as well. It is a very slim command-line web browser with mouse support.

Addons: uBlock Origin, LocalCDN, uMatrix

uBlock Origin is currently the best content blocker according to me. It works on lists, and also has the option to manually disable domains. My dynamic filtering rules for my hardened profile can be found here.

I also use LocalCDN, which makes the browser use locally downloaded frameworks instead of remote ones, to prevent the big tech from tracking.

Lastly, uMatrix is an advanced form of uBlock’s Dynamic filtering. This addons is no longer in development, but I still use it because why not?

Operating System level domain blocking: hosts and hosts.deny

The hosts file (/etc/hosts on GNU/Linux) allow changing the IP linked to a domain. For example, I can make google.com to redirect to searx.space using the hosts file. Similarly, I can make google-analytics.com to redirect to 0.0.0.0, which essentially means redirecting it to localhost. This can be used as a domain-blocking mechanism. However, you need to add every domain and subdomain seperately, which is a huge pain. To bypass this, you can use a hosts file created by others, like Steven Black’s hosts. I don’t trust it much, however, as this doesn’t block toxic stuff sites like cloudflare.com, google.com, gstatic.com, facebook.net, spotify.com, etc. The file is also a hosts file, instead of the hosts.deny file exclusive to Unix systems, which makes me believe that the creator likes people using Windows. The creator seems like a person who would legalize drugs in his country because the kids playing GTA said it’s cool. (also, stay particular vigilant with hosts files got from random people. hosts file serves the purpose of providing the IP addresses for domains. You can also say that google-analytics.com goes to evil-tracking-domain.com’s IP address by replacing 0.0.0.0 with another IP address. A malicious hosts file can contain other ip addresses instead of 0.0.0.0 as well. NOTE: hosts.deny doesn’t suffer from this problem, as it just blocks a domain/IP rather than giving a bogus IP to a domain)

A similar file is the hosts.deny file, which is exclusive to Unix(-like) systems. This doesn’t redirect a domain to localhost, but rather blocks the domain altogether. You can use a list like the Ultimate.Hosts.Blocklist’s superhosts.deny, which is nothing but hosts.deny with the domains included in their hosts file as well.

I have a custom hosts file, with some domains I aggregated by wandering on the web. I find that the domains are not in StevenBlack’s hosts, so I just added it here. NOTE: This hosts file contains some useful domains which I deemed as potential harmful (for example cloudflare.com, spotify.com).