Jump to content

User:Mardus/sandbox

From Wikibooks, open books for an open world

Browsing securely in the 21st century

[edit | edit source]

In light of the chip-based Meltdown and Spectre security vulnerabilities, which can be exploited via web browsers through JavaScript, then proper Internet browsing hygiene has become increasingly important.

For PCs and like computers, it's the kernel fixes, OS patches, and general computing hygiene.

The NoScript extension for Firefox is especially useful, as it blocks JavaScript and (NPAPI) plugins by default, and is based on building one's own whitelist.

Adblockers, OTOH, usually rely on blacklists, which must be continually updated.

Mobile

[edit | edit source]

One might run a local VPN or like service in one's home for Wi-Fi, but that has limited coverage, as connecting a device outside the home without any protection is still like being in the wild.

Apple's walled-garden philosophy with iOS also extends to the company's insistence on using the operating system's one browser engine only.

iOS 9 is the first major version of the operating system to support APIs for separately installable content blockers for the Safari browser.[1][2] The earliest model supported by iOS 9 is iPhone 4S (Sept. 2013).

People with iPhone 4, iPhone 3GS, and older are stuck.

Despite iOS9 and later being widespread across the iPhone and iPad model ranges, iOS users are less likely to be technical, and so, less likely to install adblockers.

Android

[edit | edit source]

Amongst Android users, there may be more tech-savvy people, but that does not invalidate the presence of non-technical people.

Android's open source nature, and the possibility to run third-party code, allows older versions of the operating system to be used well past the official end-of-life date. This approach has given Android users greater levity in extending the useful lifetime of their devices far beyond the threshold projected by OS developers.

In Android, there are three avenues where to block content:

  • the mobile Internet,
  • the OS level, which involves all the apps,
  • and the browser level. This typically involves third-party browsers.
The mobile Internet
[edit | edit source]
Android 2.1–4.x — Rooting

To block bad content on the mobile Internet and all apps, one requires blocking on the OS level, which for Android 2.1–4.x requires rooting the device (phone or tablet). Rooting is very technical, not all devices can be rooted, and it may go awry, potentially rendering the device useless. For a non-technical person, rooting is therefore not recommended, especially, if the Android device is their only one.

Android 5.0 and newer — DNS

Android 5.0 and later offer greater possibilities: One must temporarily allow third-party app installs, download the F-Droid store app, and from there, install the DNS66 app, which relies on a number of host lists. This is very similar to using a hostfile.

Proxy-based adblocking
[edit | edit source]
Adblock Plus 1.3.0.369 settings page on Android 2.3.6

For Android 2.2–4.x, one can still install the native Adblock Plus app (ABP), which can run as a service, and functions as a proxy. The native ABP package has not been maintained for about two years, but it still works. Filter lists can be updated, but the selection of filters has remained static. Without OS rooting, ABP only works on Wi-Fi, but does block in-app ads. This approach is useful, when the following conditions are met:

  • The user is on Wi-Fi only, and almost never uses the mobile Internet, where in-app ads would not be blocked;
  • The user actively uses apps that would include advertising;
  • the device has 512 Mb, 768 Mb, or more RAM, as ABP takes its share of memory when running in the background.

There are a few considerations for users of low-spec devices, which class includes gadgets with 1 Gb RAM, down to 768 Mb, 512 Mb, or below:

Adblock Plus or a similar OS-level content blocking app runs in the background as a service, as do several other built-in and downloaded apps. This means, that in addition to CPU cycles and battery life, ABP also takes up RAM memory, thus reducing the overall amount of available resources. Users must then contend with running a lesser number of other apps, and which of those apps they would be willing to compromise in favour of better overall performance and security.

This all depends on the number, kind, and size of apps a person chooses to use on a daily basis. Most people rely on several third-party comms apps that were separately downloaded and installed. These almost always run as services that can very quickly fill both the device RAM and storage, and by default are each set to automatically synchronise local content and contacts with the cloud. Syncing can be time-consuming and resource-intensive.

The alternative to dedicated apps is to use the web browser and the mobile-web version of a service.

Browser-based blocking
[edit | edit source]
2.2 Froyo & 2.3 Gingerbread
[edit | edit source]

People with Android 2.2 and 2.3 might have a lighter deal in 2018, since most social and comms apps no longer even support Gingerbread, thus making browser security a primary concern.

In Android 2.2/2.3, the default web browser is functional, but obsolete, as its rendering engine and other technologies date back to 2010. Some services do have support for older mobile browsers, but such support is typically basic, and relies on security certificates that would still be valid. As time goes on, sites and services change and update their certificates, and they can no loger be connected to.

For the modern web, the workaround is to use hardened or newer browsers, such as:

  • Firefox
  • Opera
  • Opera Mobile
  • Orweb
=2.2 Froyo & 2.3 Gingerbread=
[edit | edit source]

The most fully-functional modern browser is Firefox for Android. Including the NoScript Anywhere (NSA) extension renders it as one of the most secure.

Compared to the default browser, Firefox has a substantially more modern rendering engine, it includes its own certificate store, and is extensible with useful add-ons.

The mobile Firefox also has derivatives that are geared for specific purposes, such as GNU IceCat, Adblock Browser, and orFox. In terms of add-ons, the derivatives are mostly compatible, but only IceCat works on older Androids, and is the most version-compatible with the original. Firefox can at times be relatively resource-intensive on old hardware, if a particular site's scripting misbehaves. For the purposes of brevity, we'll concentrate on Firefox.

Android 4.0 ICS still enjoys greater support by sites and services, as its default browser is better-equipped in terms of web standards support.

Parameter matching with :not

[edit | edit source]
A:not([href*="en.wikibooks.org"]) {color:green;}

A[TARGET="_blank"]:not([href*="en.wikibooks.org"]) SPAN {color:maroon;}
  1. Fleishman, Glenn (September 17, 2015). "Hands-on with content blocking Safari extensions in iOS 9". Macworld. Retrieved December 20, 2016.
  2. Raymundo, Oscar (September 28, 2015). "How to enable Safari ad-blockers in iOS 9". Macworld. Retrieved December 20, 2016.