The easiest defense is at the level of the Internet browser itself. Selecting software that has historically proven to be secure, such as Mozilla Firefox or Google Chrome, immediately places your users in a safer arena. On the other hand, Internet Explorer is a notoriously insecure piece of software, and Apple's Safari browser has proven to be similarly vulnerable. Both browsers were hacked on the first day of the 2011 “Pwn2Own” event at the CanSecWest computer security conference, while no participants even attempted to hack Firefox and Chrome.³ It should not have to be mentioned, but Internet Explorer 6 still holds a modicum of marketshare in the United States and is regarded by some as the most insecure piece of software ever developed.⁴ Part of the reason for this is the ActiveX Controls that interactive websites can use in Internet Explorer. These controls run with the same level privileges as the user running the program, which gives malware opportunities to interact with many elements of the Windows operating system, including downloading files and executing programs. If your library or any of your users are still using Internet Explorer 6, migration to a newer version is absolutely essential. It speaks volumes that Microsoft itself has an Internet Explorer 6 Countdown site that advises “friends don't let friends use Internet Explorer 6,” yet that same site shows 1.4 percent market share in the United States as of September 30, 2011.⁵

On the other hand, Google Chrome has developed a few innovative approaches to security.⁶ First of all, plug-ins such as Shockwave Flash are often a source of security vulnerabilities, which is further exacerbated by users failing to update to the latest versions when they become available. To address this issue, Chrome packages plug-ins along with its own automatic updates that run seamlessly in the background, never providing the user an opportunity to opt-out of valuable security patches. Especially for large, public computing labs not running virtualized software, automatic updates save IT staff time and reduce user confusion. Second, Chrome “sandboxes” plug-ins so that even when vulnerabilities are exploited, they cannot break into the larger operating system environment. Thus problems analogous to malicious ActiveX Controls with too great of privileges are circumvented. Finally, Chrome also works to inform users of site security, from highlighting the “https” prefix in green font beside a safety lock to warning when users are about to visit a malicious website.

It is worth noting that Google's branded version of the Chromium open-source project automatically reports certain information back to the Mountain View-based company, including crash reports, mistyped URLs, the location where Chrome was downloaded, and anything typed into the address bar (or “omnibar” in Chromium-speak). These tracking activities could be circumvented by using SRWare Iron, a fork of the Chromium project that is more or less identical to Chrome but with the Google reporting stripped out and a few additional privacy measures added in. However, Iron does not yet include Chromium's automatic updating mechanism and thus may pose ulterior problems beyond Google's monitoring.

Before Chrome was released to the public in December 2008, Mozilla had long been pioneering safety on the Internet. The Firefox browser comes with a robust private browsing mode and is less susceptible to attacks than Internet Explorer. The fact that both Firefox and Chromium are open-source also enhances their security, since it is easier for savvy users to discover, report, and fix problems. However, perhaps the chief advantage of Firefox is the large number of powerful add-ons that can provide additional security measures to users. Specific add-ons will be recommended below.

Finally, newer and more secure Internet browsing platforms are being designed with security in mind from the start. While security concerns clearly dictated aspects of Chromium's architecture, additional efforts are underway to make even more secure software. Opus Palladianum (by researchers at the University of Illinois) and Microsoft's Gazelle project both promise to bring a higher level of security to the browser, but neither is available for public trial yet.

Once a library has deliberately chosen a browser, an appropriate configuration can provide a base layer of protection. Selecting a targeted set of user preferences helps users to avoid exposing their data, either to others using the same computer or malicious users who have gained access to their files. The goal is to make the browser as amnesiac as possible while still maintaining usability. Browsing history, download history, form autofill information, and most especially passwords should all be erased each time the browser is exited. Figure 1 shows an example of effective settings in Firefox 4’s Security menu. Both Chrome and Firefox offer private browsing settings that enforce a certain level of privacy: for the most part, closing and reopening a private browsing window will clear all saved information such as logins and history. This is called “Incognito mode” in Chrome and “Private Browsing mode” in Firefox.

On public computers, appropriate browser settings are vital. Someone should never be able to open a browser only to return to the previous users’ session in a password-protected service or view their navigation history. While it is simple to choose a good configuration in a browser, maintaining those settings over time may be difficult as users have access to the software's menus. However, Firefox allows administrators to create a permanent set of preferences to which the browser returns each time it restarts. By locking down settings, users can alter preferences during their browsing session, but their changes will be lost when the browser is closed. Chrome has an extension that password-protects the preferences menu.

Finally, below the browser itself and its settings, one can also encourage use of HTTPS sites instead of their insecure alternatives, a one-by-one version of the HTTPS Everywhere add-on mentioned in the next section. No one should be signed into Twitter or Facebook with an HTTP at the beginning of the URL; both services offer an “HTTPS-only” box—Facebook's is unchecked by default—buried in their user preferences. Twitter's checkbox is under Settings > Account > HTTPS Only (the very last option listed) while Facebook's corresponding setting is more obscured given the immensity of their Account menu, under Account Settings > Security > Secure Browsing. Because of the sensitive information available on social networking sites, as well as the possibility of impersonation or identity theft, these settings are increasingly important. Many libraries teach social networking classes; spending a moment to point out the importance of HTTPS-only can be a valuable addition to lesson plans.

While there was some publicity when those social media titans introduced secure sites, many more sites provide HTTPS alternatives. Perhaps the best example is the underutilized Google SSL (https://encrypted.google.com), which sends one's Google search terms over a secure transfer protocol. While search terms may seem innocuous, there are certainly numerous situations wherein a user may prefer to keep them private, such as researching medical or legal issues. Chrome users can set Encrypted Google as the omnibar's default search engine by selecting “Manage Search Engines” in the “Basics” Preferences menu. DuckDuckGo (https://duckduckgo.com) is another search engine that offers an HTTPS version that can be set as the default. DuckDuckGo promises not to track its users’ activities as an added benefit. HTTPS for e-mail services is even more important; Gmail has HTTPS on by default (see the “Always use https” radio button under Mail Settings > General > Browser Connection) while Yahoo! Mail, for instance, does not provide an analogous option.

Besides employing appropriate settings, there are browser extensions or add-ons that can augment functionality beyond what is typically available. Extensions can range from the somewhat trivial—changing the color or “theme” of the browser—to completely transformational, very nearly converting one browser into another. See Table 1 for a sample of useful extensions for Chrome and Firefox, both of which have impressive options available. All the add-ons outlined here are free downloads from the respective Chrome Web Store (https://chrome.google.com/webstore?category=ext) and Firefox Add-ons (https://addons.mozilla.org) listings. Analogous options can be discovered for most browsers, as both Internet Explorer (http://www.iegallery.com) and Safari (http://extensions.apple.com) have their own add-on galleries.

Extensions are typically developed by third parties, not browser developers, and have varying degrees of longevity. While extensions in the official directories listed above are vetted to some degree, there have been instances of malicious code exposing users to further harm rather than protecting them. It is always worth researching an extension before using it in the field, especially when the stakes are as high as they can be in matters of privacy. Reading reviews, including the brief ones in Mozilla's Add-ons or the Chrome Web Store, can alert you to potential issues that other users have encountered. Noting the number of downloads and currency of updates is an indicator of how likely the extension is to be maintained into the future. Lastly, testing the extension in a safe environment can help verify that it indeed does what it asserts to do. For instance, one can install HTTPS-Everywhere on a test workstation, then visit several high-profile websites where a user would want their traffic to be encrypted, e.g., Amazon, Gmail, Google Search, Facebook, and Yahoo! Mail. Does the URL begin with “https”? If not, then the extension is not living up to its claims.

Since extensions can significantly alter the browsing experience, it is worth contemplating how users will react and even performing usability tests before employing too many on public workstations. Updates also can break extensions and disorient the user upon opening the browser, as in figure 2. Some of the best extensions will be nearly seamless, such as AdBlock, where it is often not evident that content is being hidden, but others will be extremely disruptive, as when NoScript breaks the shopping cart application of an online vendor. Even Web of Trust may confuse patrons who do not know what the green circles signify. Then there are also extensions which work, but only to a limited degree. BlackSheep (https://www.zscaler.com/blacksheep.html), for instance, is meant to detect whether anyone on the same connection is using FireSheep. However, mere detection is not preventive and thus there are far more appealing alternatives.

No amount of secure software design and customization can entirely eliminate the threats that exist online. Phishing forms can cause users to turn over valuable information regardless of the security of their browsing platform. Hidden HTTPS-only options are very much left to the user's discretion; a user signed into Facebook will be on an HTTPS site only if they have selected the option for themselves. The best extensions can be circumvented, whether by innovative attackers or users who do not understand their options. Even with the stellar NoScript and HTTPS-Everywhere add-ons, a user can opt-in to malicious scripts and manually override HTTPS protection for particular domains. Thus educating users and library staff is the best way to enhance online privacy. Teaching workshops on the subject, or marketing particular solutions to known problems, is inherently valuable because it spreads awareness of an increasingly important issue.

Librarians must encourage users to develop approaches to Internet privacy that best suit their particular modes of browsing. All of the options listed in this article come with their own benefits and drawbacks; there is no panacea. If someone is uncomfortable moving beyond their outdated version of Internet Explorer, then pushing a new user interface with complicated privacy options on them solves little, but librarians can at least be informed about the risks present. Some users may prefer the ultimate defense of a dozen extensions in a locked-down settings environment, while others will be content simply using a state-of-the-art browser. Though protecting privacy is enshrined in the American Library Association's Code of Ethics as a fundamental tenet of the librarian profession, librarians can strive to inform our patrons about online security far more than we currently do. If we install Firefox or Chrome with every available security extension on our public computers, it will still be for naught when our users go into a coffee shop with a public Wi-Fi connection, open up Internet Explorer on their laptop, and log in to Facebook using unencrypted HTTP. Publicizing security services that your library provides as well as universally available ones can help make our users safer no matter where they are.