Skip to main content

Safe Browsing

Your browser is one of the most targeted applications on your device. It handles passwords, cookies, files, payments, cloud apps, work portals, school platforms, and developer dashboards. Safe browsing means reducing what untrusted websites, ads, extensions, and downloads can do to you. The goal is not paranoia. The goal is a repeatable set of habits that prevents common attacks and makes suspicious activity easier to notice.

Understanding HTTPS and Its Limits

What HTTPS Does

When a site uses https://, your browser uses TLS to protect the connection between you and that site. HTTPS provides:
  1. Encryption: Other people on the network cannot read the content of the connection.
  2. Integrity: Traffic cannot be modified in transit without detection.
  3. Server authentication: The site presents a certificate that links the connection to a domain.

What HTTPS Does Not Do

HTTPS does not prove that a site is safe, honest, or legitimate. A phishing site can use HTTPS. A malicious download site can use HTTPS. The padlock protects the connection, not your judgment.
Before entering credentials, check the actual domain, not just the padlock.

DNS Security

DNS translates names such as example.com into IP addresses. If DNS is manipulated, you can be sent to the wrong destination even when you type the right name.

DNS Attacks

  • DNS spoofing or poisoning: False DNS records redirect users to malicious destinations.
  • DNS hijacking: A router, endpoint, or resolver is configured to use attacker-controlled DNS.
  • Typosquatting: Attackers register lookalike domains that rely on user mistakes.

Protective DNS Options

  • DNS-over-HTTPS (DoH): Encrypts DNS queries inside HTTPS.
  • DNS-over-TLS (DoT): Encrypts DNS queries using TLS on a dedicated port.
  • Filtering DNS providers: Providers such as Quad9 can block known malicious domains.
Changing DNS is helpful, but it is not a complete security solution. You still need MFA, browser updates, link verification, and extension hygiene.
Before clicking a link, slow down and verify it.

The Hover Test

On desktop, hover over a link without clicking. Your browser shows the real destination in the bottom corner. On mobile, long-press carefully to preview the URL without opening it.

Common Deception Techniques

TechniqueExampleWhat to check
Typosquattingpaypa1.comCharacter substitutions
Subdomain abuselogin.paypal.com.evil-site.comThe real domain before the first single slash
URL shortenersbit.ly/exampleExpand or verify before opening
Homograph attacksLookalike letters from other alphabetsCopy and inspect the domain if it looks strange
Path manipulationevil-site.com/paypal.com/loginThe host is still evil-site.com
QR phishingQR code on a poster, email, or invoiceTreat QR codes like links and verify the opened domain

Verification Tools

  • VirusTotal: Scans URLs and files across many engines.
  • URLScan.io: Shows redirects, scripts, requests, and screenshots.
  • Google Safe Browsing Transparency Report: Checks whether a URL is known to be dangerous.

Browser and Editor Extensions

Extensions are powerful. A browser extension may read pages, change content, access cookies, or intercept forms. An editor extension may read project files, run commands, access terminals, or interact with repositories. Recent supply chain incidents involving developer tooling show that extensions should be treated as software, not decoration.

Extension Safety Rules

  1. Install less: Keep only extensions you actively use.
  2. Check permissions: Be skeptical of broad permissions such as reading all websites, running shell commands, or accessing every repository.
  3. Prefer trusted publishers: Verify the publisher, project history, reviews, and update cadence.
  4. Avoid lookalikes: Check names carefully. Typosquatted extensions are common.
  5. Audit quarterly: Remove anything unused, abandoned, or unfamiliar.
  6. Separate work and personal profiles: Do not mix high-risk browsing with work accounts and developer tools.
  7. For teams, use an allowlist: Organizations should centrally manage approved browser and IDE extensions.

Warning Signs

  • A simple extension asks for broad file, shell, cookie, or account access.
  • The publisher is new, renamed, or hard to verify.
  • The extension recently changed ownership.
  • Reviews mention unexpected network activity or popups.
  • A new update requests much broader permissions than before.

Download Safety

Malware often arrives as a download that appears useful, urgent, or familiar.

Safer Download Habits

  • Download software from the official vendor site or official app store.
  • Avoid cracked software, unofficial installers, and “free premium” tools.
  • Verify checksums or signatures when vendors provide them.
  • Be careful with archives such as .zip, .rar, .7z, and disk images.
  • Treat unexpected documents with macros as suspicious.
  • Do not run scripts copied from a random website without understanding them.
For developers, do not blindly run install commands from an issue comment, chat message, or unknown repository. Commands such as curl ... | sh can execute anything the remote server returns.

Cookies, Sessions, and Tracking

Cookies are small pieces of data stored by websites. They can keep you logged in, remember preferences, or track behavior across sites.

Session Cookies

A session cookie can prove you are already logged in. If malware steals that cookie, an attacker may bypass the login screen and MFA prompts. This is why device security matters even when your password and MFA are strong.

Tracking and Fingerprinting

Websites can track users with third-party cookies, scripts, advertising IDs, and browser fingerprinting. Browser fingerprinting uses details such as screen size, fonts, timezone, plugins, language, and device characteristics to identify a browser. Good habits:
  • Use a reputable browser with tracking protection.
  • Clear cookies for sites you no longer use.
  • Avoid installing many unnecessary extensions.
  • Use separate browser profiles for work, personal, banking, and testing when practical.

Malvertising

Malvertising is malicious advertising delivered through legitimate ad networks. It can redirect users to scams, fake updates, phishing pages, or malware.

Why Ad Blockers Are Security Tools

A reputable content blocker such as uBlock Origin can:
  • Block known malicious ad domains.
  • Reduce tracking scripts.
  • Prevent some drive-by download paths.
  • Improve page load performance.

Drive-By Downloads

A drive-by download happens when visiting a page triggers a download or exploit attempt without clear user intent. Modern browsers are much better at stopping this than older browsers, but keeping the browser and operating system updated remains essential.

Safe Login Checklist

Use this checklist before entering a password, MFA code, recovery code, or token:
  • Is the domain exactly correct?
  • Did I navigate there myself, or did a message send me here?
  • Is the request expected and consistent with normal workflow?
  • Is the site asking for more access than it needs?
  • Is there a safer verification channel, such as opening the app directly?
  • Am I on a trusted device without suspicious extensions?

Key Takeaways

  1. HTTPS protects the connection, not the site.
  2. Verify domains before logging in.
  3. Extensions are part of your attack surface.
  4. Treat downloads and install commands with caution.
  5. Session cookies can be stolen, so device hygiene still matters.
  6. Use content blocking and tracking protection to reduce exposure.