Firefox | Setting the default browser - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > General tab. Check the box “Always check to see if Firefox is default browser on startup”. Auto-install updates - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) General tab > Firefox Updates section. Select 'Automatically install updates (Recommended)'. Block unwanted pop-ups - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Permissions section. Check 'Block pop-up windows'. Block unwanted add-ons - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Permissions section. Check 'Warn you when websites try to insall add-ons'. Don't save passwords - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Browser Privacy section. Uncheck the 'Ask to save logins and passwords for websites' box. Using a master password - If you do save passwords, set a Master password so they aren't easily accessible to anyone with access to the system. For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Browser Privacy section. Check 'Use a master password'. Set a master password that is compliant with campus Password Standards Note: The master password setting is not appropriate for passwords that provide access to P3 or P4 sensitive data. Java/javascript - Java is now disabled by default in Firefox, but can be activated for trusted sites. More info here. Cookies and Site Data - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > CContent Blocking. Select 'Custom' and set Cookies to block 'Third-party trackers'. Also place checks to block Cryptominers and Fingerprinters. Tracking Protection - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Content Blocking. Check 'Always' under 'Send websites a “Do Not Track” signal that you don’t want to be tracked'. Deceptive Content and Dangerous Software Protection - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Security section. Check 'Block dangerous and deceptive content', 'Block dangerous downloads' and 'Warn you about unwanted and uncommon software'. Firefox Data Collection and Use - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Firefox Data Collection and Use section. Uncheck 'Allow Firefox to send technical and interaction data to Mozilla', 'Allow Firefox to install and run studies' and 'Allow Firefox to send backlogged crash reports on your behalf'. Install uBlock Origin (Ad-blocker) - Add-ons > “uBlock Origin” by Raymond Hill |
Safari (Mac) | Setting the default browser - Go to Safari menu > Preferences > General tab and click the 'Set Default...' button. Auto-download updates - Updates for Safari are handled by System Preferences > Software Update located under the Apple menu. Set to Daily updates. Block unwanted pop-ups - Go to Safari menu > Preferences > Websites tab, click 'Pop-up Windows' from the left-hand pane and set 'When visiting other websites:' to 'Block and Notify'. Block unwanted plugins/phishing - Go to Safari menu > Preferences > Websites tab and uncheck undesired installed plug-ins in the left-hand pane. Set your browser to not set passwords - Go to Safari menu > Preferences > AutoFill tab and uncheck the 'User names and passwords' box. Java/javascript and Fraudulent Websites - Go to Safari menu > Preferences > Security tab and place a check to enable 'Warn when visiting a fraudulent website' and a check to 'Enable JavaScript'. Privacy - Go to Safari menu > Preferences > Privacy tab and select 'Prevent cross-site tracking'. Open 'safe' files after downloading - Go to the Safari menu > Preferences > General tab. Uncheck the box that says 'Open 'safe' files after downloading'. |
Edge (PC) | Block Pop-ups - Settings > Privacy & security > Block pop-ups ON Turn off Flash - Settings > Advanced Settings > Use Adobe Flash Player OFF Autofill Settings - Settings > Passwords & autofill > Autofill
|
Internet Explorer (PC) | Setting the default browser - ITS recommends that IE is not used as the default browser. However, you can still use IE to connect to campus systems, without having it set as the default. Auto-download updates - Updates for Internet Explorer are handled by Windows Update located in Control Panels. Set to Daily updates. Block unwanted pop-ups - Go to Tools menu > Internet Options > Privacy tab and set the slider to MEDIUM. Check the 'turn on pop-up blocker” box. Block unwanted plugins - Go to Tools menu > Internet Options > Advanced tab and scroll down to Multimedia. Uncheck Play animations” and “Play sounds” in webpages if they are checked. Set your browser to not set passwords - Go to Tools menu > Internet Options > Content tab and click the AutoComplete Settings button and uncheck the 'user names and passwords...' box. Using a master password - IE doesn't have a master password function, but you should disable the auto-complete function for passwords. See the section above. Note: The master password setting is not appropriate for passwords that provide access to P3 or P4 sensitive data. See the campus Password Standards for additional information and alternatives. Java/javascript - Java is handled with Security Zones in IE. See the Additonal suggestions below. Handling cookies* - Go to Tools menu > Internet Options > Privacy tab and click the “Advanced” button. Check the “Override” box and the “Accept” button for First-party cookies and “Prompt” button for Third-party cookies. The “Always allow…” button should not be checked. Click OK. When done, click the Apply button. Disable ActiveX Filtering - Open IE, press the Alt key, open the Tools menu, and click ActiveX Filtering, if it isn’t already checked. Additional suggestions - IE has security zones that can be set up for different levels of protection. In the Help menu, type'zones' and choose Change IE Security Settings. ITS recommends setting the Internet Security Zone to HIGH. You can also identify 'trusted sites' and set those to MEDIUM-HIGH. |
Google Chrome | Accessing Settings in Chrome - From the right-most menu, select Settings: Setting the default browser - Go to Settings and click the 'Make Google Chrome My Default Browser' button. Auto-download updates - To make sure that you're protected by the latest security updates, Google Chrome automatically updates whenever it detects that a new version of the browser is available. The update process happens in the background and doesn't require any action on your part. Block unwanted pop-ups - Go to Settings > Advanced > Content Settings > Pop-up and redirects and turn on 'Blocked' under Pop-ups and redirects'. Block unwanted plugins - Go to Settings > Advanced > Content Settings > Unsandboxed plugin access and turn on 'Ask when a site wants to use a plugin to access your computer (recommended)'. Do not save passwords - Go to Settings > Passwords and turn off 'Offer to save passwords. JavaScript - Go to Settings > Advanced > Content Settings > JavaScript and turn on 'Allowed (recommended)'. Handling cookies* - Go to Settings > Advanced > Content Settings > Cookies > and turn on 'Allow sites to save and read cookie data (recommended)', and 'Block third-party cookies'. Make Flash ask for permission - Go to Settings > Advanced > Content Settings > Flash > and turn on 'Ask first (recommended)'. Automatic Downloads - Go to Settings > Advanced > Content Settings > Automatic downloads and turn on 'Ask when a a site tries to download files after the firest file (recommended)'. Camera Access - Go to Settings > Advanced > Content Settings > Camera and turn on 'Ask before accessing (recommended)'. Microphone Access - Go to Settings > Advanced > Content Settings > Microphone and turn on 'Ask before accessing (recommended)'. Install uBlock Origin (Ad blocking) - uBlock Origin by Raymond Hill |
activeTab
permission grants temporary access to the site the user is on and allows the extension to use the 'tabs'
permission on the current tab. It replaces the need for '<all_urls>'
in many cases and displays no warning on installation.Without activeTab | With activeTab |
---|
activeTab
permission grants an extension temporary access to the currently active tab when the user invokes the extension. If the extension is compromised, the attacker would need to wait for the user to invoke the extension before obtaining access, and that access would only last until the tab is navigated or closed.activeTab
permission is enabled for a tab, an extension can:tabs.executeScript
or tabs.insertCSS
on that tab.tabs.Tab
object.activeTab
:file://
URLs or operate in incognito mode, users will need to enable access for those features inside the extension’s detail page at chrome://extensions. extension.isAllowedIncognitoAccess()
or able run on file://
URLs with extension.isAllowedFileSchemeAccess()
.'tabs'
permission results in a seemingly unrelated warning: the extension can Read your browsing activity. Although the chrome.tabs
API might be used to only open new tabs, it can also be used to see the URL that is associated with every newly opened tab by using their tabs.Tab objects.chrome://extensions
, ensure developer mode is enabled and click PACK EXTENSION..crx
file and a .pem
file, which contains the extension’s private key. .pem
file in a secret and secure place; it will be needed to update the extension..crx
file by dropping it into the Chrome Extension's Management page..crx
file the browser will ask if the extension can be added and display warnings. 'tabs'
warning will not show if the extension also requests '<all_urls>'
. To verify the most recent warnings shown for extension permissions, follow the steps in Viewing Warnings. Permission | Description | Warning |
---|---|---|
| Grants the extension access to all hosts. It may be possible to avoid declaring any host permissions by using the activeTab permission. | Read and change all your data on the websites you visit |
'https://HostName.com/' | Grants the extension access to 'https://HostName.com/' . It may be possible to avoid declaring any host permissions by using the activeTab permission. | Read and change your data on HostName.com |
'bookmarks' | Grants your extension access to the chrome.bookmarks API. | Read and change your bookmarks |
'clipboardRead' | Required if the extension uses document.execCommand('paste') . | Read data you copy and paste |
'clipboardWrite' | Indicates the extension uses document.execCommand('copy') or document.execCommand('cut') . | Modify data you copy and paste |
'contentSettings' | Grants your extension access to the chrome.contentSettings API. | Change your settings that control websites' access to features such as cookies, JavaScript, plugins, geolocation, microphone, camera etc. |
'debugger' | Grants your extension access to the chrome.debugger API. |
|
'desktopCapture' | Grants your extension access to the chrome.desktopCapture API. | Capture content of your screen |
'downloads' | Grants your extension access to the chrome.downloads API. | Manage your downloads |
'geolocation' | Allows the extension to use the HTML5 geolocation API without prompting the user for permission. | Detect your physical location |
'history' | Grants your extension access to the chrome.history API. | Read and change your browsing history |
'management' | Grants the extension access to the chrome.management API. | Manage your apps, extensions, and themes |
'nativeMessaging' | Gives the extension access to the native messaging API. | Communicate with cooperating native applications |
'notifications' | Grants your extension access to the chrome.notifications API. | Display notifications |
'pageCapture' | Grants the extension access to the chrome.pageCapture API. | Read and change all your data on the websites you visit |
'privacy' | Gives the extension access to the chrome.privacy API. | Change your privacy-related settings |
'proxy' | Grants the extension access to the chrome.proxy API. | Read and change all your data on the websites you visit |
'system.storage' | Grants the extension access to the chrome.system.storage API. | Identify and eject storage devices |
'tabCapture' | Grants the extensions access to the chrome.tabCapture API. | Read and change all your data on the websites you visit |
'tabs' | Grants the extension access to privileged fields of the Tab objects used by several APIs including chrome.tabs and chrome.windows. In many circumstances the extension will not need to declare the 'tabs' permission to make use of these APIs. | Read your browsing history |
'topSites' | Grants the extension access to the chrome.topSites API. | Read a list of your most frequently visited websites |
'ttsEngine' | Grants the extension access to the chrome.ttsEngine API. | Read all text spoken using synthesized speech |
'webNavigation' | Grants the extension access to the chrome.webNavigation API. | Read your browsing history |
optional_permissions
in the manifest.