On Tue, 2015-05-19 15:20:51 -0700, newsletter@lists.riseup.net wrote:

Essential browser extensions --------------------------------------------------------

Your web browser is not your friend: it allows your behavior to be tracked as you browse the web, often leaks personal information, and is a festering sore of endless security problems.

This is not by accident, but by design. Despite their marketing, the browser companies care more about making advertisers happy than your privacy or security.

For example, there was a huge debate in the 1990s [1] about the privacy implications of third-party cookies, which is why the official cookie technical specification required [2] that these type of "surveillance" cookies be disabled by default. Guess what? Nearly all browsers ignored this requirement under pressure from ad companies [3]. Fast-forward to 2010: after a Mozilla engineer disabled third-party cookies by default, advertisers became rabid and "coincidentally" Mozilla executives ordered the change reversed immediately [4]. After that, the browser companies quietly issued a new cookie standard which allowed third-party cookies to be enabled by default.

The cookie debacle is just one example. If any of the browser companies gave two shits about your security or privacy, then they would kill off foreign http-referers, Flash, Java applets, and third-party cookies (among many other obvious changes). Google has a very good browser security team, but their hands are tied by policy decisions that keep advertisers happy.

So, basically, we are fucked. Despite that, you can make your web browser experience a little bit better and more secure by following Riseup's handy guide to essential web browser extensions:

https://help.riseup.net/en/better-web-browsing

[1] Shah, R. C., & Kesan, J. P. (2009). Recipes for cookies: how institutions shape communication technologies. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=565041

[2] https://tools.ietf.org/html/rfc2109

[3] Bruner, R. E. (1997, May). Advertisers win one in debate over "cookies": Netscape move may settle sites concern over controversial targeting tool http://adage.com/article/news/advertisers-win-debate-cookies/405/

[4] Soghoian, C. (2010). Thoughts on Mozilla and Privacy. http://paranoia.dubfire.net/2010/12/thoughts-on-mozilla-and-privacy.html

The sysadmins of riseup.net are Debian developers. I know some of them. Another good guide is at: https://help.riseup.net/en/security/message-security/openpgp/best-practices which was written by Daniel Kahn Gillmor, a Debian developer.