Browser Hardening for Normal People
A handful of settings and habits that make everyday browsing safer. No tinfoil hat required.
Most of us live inside a web browser. Email, banking, shopping, news, all of it runs through that one window. So the browser is also where most of the online danger lives: phishing, malware, tracking, fake sites.
On this week’s Secrets of Technology, Tom Grelinger and I worked through how to make your browser safer without turning into a paranoid hermit. Think of it as locking your doors and maybe adding an alarm. You don’t need a concrete bunker with guard towers.1
Here are the tips worth your 15 minutes.
Start with three principles
Keep everything updated. Your browser, your phone, your computer. When a security update shows up, it usually means someone found a hole that needs patching. Turn on automatic updates and stop thinking about it.
Use the protections already built into your browser before you go buy anything extra. Modern browsers ship with strong security features. Start there.
Keep it simple. Fewer extensions, fewer exceptions, fewer custom tweaks. Every extra thing you bolt on is one more place for trouble to hide.
The incognito myth
Private or incognito mode does not make you invisible.
It clears your local history and cookies when you close the window, which is handy. But your internet provider, your employer, your school, and the websites you visit can all still see where you go. It cleans up after your session on your own device. That’s the whole job.
Turn on what your browser already gives you
The exact names differ by browser, but the useful switches are the same. Go into your privacy and security settings and turn these on:
Enhanced safe browsing (Chrome) or SmartScreen (Edge). These warn you off known-bad sites and downloads.
Always use secure connections (HTTPS-only mode). Forces the encrypted version of a site.
Block third-party cookies. These are the ones advertisers use to follow you around the web and build a profile on you.
Tracking protection (Firefox calls it Enhanced Tracking Protection, Safari calls it Intelligent Tracking Prevention).
Fraudulent website warnings. Leave them on even when they nag you.
DNS filtering: the best return for your money
If you do only one thing from this whole list, do this one.
DNS is the internet’s phone book. It turns a name like amazon.com into the numeric address your device actually connects to. A DNS filtering service blocks access to malicious, unsafe, or inappropriate websites by intercepting and filtering domain name requests before a connection is ever established.
Set it up once on your router and it protects every device on your network: phones, tablets, laptops, the smart TV, all of it. Most services are free or close to it.
A few I’d point you to:
NextDNS. What I use. Very configurable.
Cloudflare for Families. Set your DNS servers to 1.1.1.2 to block malware, or 1.1.1.3 to block malware plus adult content. (One thing we got slightly wrong on the show: plain 1.1.1.1 is Cloudflare’s fast resolver, but it does not filter anything. Use the .2 or .3 address if you want the blocking.)
Many routers also let you set different profiles, so the kids’ devices can be locked down tighter than yours.
Extension hygiene
Every extension you install can theoretically read the pages you visit, change what’s on them, and see what you type. That’s a lot of trust to hand a free toolbar.
You should have one good password manager and maybe one trusted content blocker. Everything else has to earn its way into your browser. Skip anything that promises to speed up your computer or shower you with coupons. And if your browser ever flags an extension as no longer meeting its standards, don’t just disable it. Uninstall it.
One heads-up for Chrome users: the full version of uBlock Origin no longer runs there after Google’s extension changes. If you want it, you’ll need Firefox or Brave. Chrome offers a lighter version that works, though it isn’t the same.
Lock down your logins
Use a password manager. Everyone. No exceptions.
Turn on multi-factor authentication everywhere it’s offered.
Use passkeys where you can. They’re easier than passwords and much harder to steal. Store them in a cross-platform password manager and the same passkey works on your phone, laptop, and desktop.
A word on Apple’s Private Relay
If you have Apple’s iCloud+, iCloud Private Relay is a nice privacy layer. It routes your traffic through two hops, so no single company knows both who you are and where you’re going.
It isn’t a VPN, and it doesn’t always play nicely with everything. I keep it off because I record podcasts over the internet. But for most people it’s a quiet win against tracking.
Your phone matters most
Most browsing happens on phones now, so hardening only your computer misses the point.
The single most important mobile habit: stay away from random free VPNs, “browser cleaner” apps, and sketchy hotspot tools. There’s no free lunch. A lot of those apps make their money by harvesting the very data they claim to protect.
Setting up a device for someone else
If you’re helping a parent or grandparent, keep it simple. Pick one (or at most two) browsers, not five2. Turn on the built-in protections, add a password manager, and stop. The fewer settings there are to maintain, the fewer you’ll forget to check later.
The rapid-fire checklist
Keep your browser and devices updated
Turn on built-in safe browsing and HTTPS-only
Block third-party cookies
Install one trusted content blocker, not three
Use a password manager and passkeys
Turn on multi-factor authentication
Set up DNS filtering on your router
You’re never going to get perfect privacy online. Aim for the balance of security and convenience that’s good enough for you, and good enough for the people in your life who’ll never read a post like this one.
You can hear the full conversation on Secrets of Technology at StarQuest: https://starquest.fm/TEC347
Sources
Cloudflare, “Introducing 1.1.1.1 for Families” (the 1.1.1.2 malware and 1.1.1.3 malware-plus-adult-content addresses): https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
CISA, “Evaluating Your Web Browser’s Security Settings”: https://www.cisa.gov/news-events/news/evaluating-your-web-browsers-security-settings
I know this is two weeks in a row of posts based on my tech podcast. I promise I’m not turning this into a tech blog. It’s just I found both these topics interesting and I think others might too.
Sometimes you need more than one browser because they offer different limits or functions.