Privacy & Security – SnowHaze

Set SnowHaze as Default iOS Browser

Yvan — Tue, 20 Oct 2020 09:37:00 +0000

Safari has always been the default browser on your iPhone and iPad, meaning that all links you click on will be opened in Safari. Since the launch of iOS 14 in September 2020, Apple lets you choose your preferred default browser.

We are very excited about this new feature because it removes a crucial deficiency in you daily privacy routine. Take for example a marketing email with a link in it. By default it would open in Safari, exposing you to all the trackers and unique identifiers of the visited site. This would not happen when opening the same link in SnowHaze, since trackers are blocked and identifiers are stripped from the URL.

Let’s go through three simple steps to change your default browser to SnowHaze:

1. Open the iOS Settings and scroll down to SnowHaze.

2. Click on “Default Browser App”.

3. Select “SnowHaze”

Congratulations! From now on every link will open in SnowHaze and you can relax knowing that you personal data is safe.

How does a VPN work, and what is it useful for?

Jan — Fri, 17 Jul 2020 08:13:31 +0000

Whenever you connect to the internet, your device sends data packets to a server. During transit, the packets pass different stations, the first one being your internet service provider. All of these stations reroute your package and help it reach its final destination. Imagine a VPN as an encrypted tunnel between your device and a SnowHaze VPN server. Whatever you do online is first rerouted and sent through this tunnel before it reaches its final destination. This way, the VPN hides your actual IP address and ensures the encryption of your data. Originally, VPNs were used to connect different locations of a business to a single network. These days, VPNs are popular mainly for their advantages in terms of privacy and security. They present a simple yet very effective and efficient tool for hiding and encrypting internet traffic. Other common uses of VPNs include streaming videos from abroad, peer-to-peer file-sharing, or accessing blocked or censored websites.

Contrary to what many VPN companies want you to believe, a VPN is not a one-stop solution for anonymity. A VPN offers a set of unique features that are difficult to obtain differently, like hiding the IP address and ensuring encryption. However, there are other common threats that a VPN does not protect against. Unencrypted e-mails, for example, are still unencrypted once they leave the protection of the encrypted VPN tunnel. Many websites use a multitude of tracking technologies, some of which a VPN can protect against, and some of which it can’t. Therefore, it is essential to combine a VPN with other tools such as encrypted e-mail services and private browsers to get the best protection. That said, there are several threats and scenarios where only a VPN can help.

Why would I need a VPN?

You connect to public Wi-Fi

Public Wi-Fi is available at most airports, hotels, and restaurants. Although very practical for remotely working, shopping, or streaming a Netflix series, they also pose a significant security risk. It is relatively easy to intercept traffic in public Wi-Fi. A hacker might even create a malicious hotspot with the sole purpose of sniffing your traffic. Without encryption, the hacker can potentially access sensitive information like passwords or credit card details. Unfortunately, it is challenging to distinguish credible hotspots from their malicious counterparts. With a VPN, the traffic is always encrypted between your device and the VPN server. Even if a Wi-Fi is malicious and intercepts your traffic, it is encrypted and reads like gibberish.

You travel abroad

In foreign countries, some services that you paid for may be blocked. This includes many streaming services but goes as far as search engines; for example, Google is blocked in China. Losing this access is annoying, and this is where a VPN can help. With a VPN, all your traffic is sent to the VPN server first. The VPN server then reroutes the traffic to the final destination. Thus the server of the final destination only ever sees the VPN servers IP address and not yours. If you connect to a VPN server in your home country, you can continue to enjoy all the services that you are used to.

You are shopping online

Salaries and purchasing power vary drastically between countries. Merchants exploit this to increase profit by increasing prices for countries where people have a higher purchasing power. Some merchants even go a step further and use personalized rates. These are based on data about you that is available to the merchant. This process is known as dynamic pricing. Ever wondered when you kept seeing an ad of a product that you once searched online? It is data about your past search history, income, and more that are used to personalize prices. A VPN can help here as it makes it harder for companies to track you. Furthermore, you can connect to a VPN server in a country with lower purchasing power and might receive more moderate prices. This is the case when a merchant uses IP address-based dynamic pricing. Thus, a VPN can help you to profit yourself from dynamic pricing!

You want to protect your browsing activity from your local network and ISP

Whenever you want to connect to the internet, your device initiates a connection with your internet service provider (ISP). Your ISP then redirects your communication to the server of the requested service, be it streaming a video, visiting a website, or sending a message. Because your ISP has to reroute the traffic, it knows which services you are using, who you are in touch with, or which websites you visit. Depending on the connection, the ISP also sees which video you are streaming, or the actual content of the message exchanged. When using a VPN, this is different. In simple terms, you can imagine a VPN as a tunnel between you and SnowHaze VPN servers. Your ISP still needs to reroute your traffic, but only to our servers independent of the service requested. Furthermore, everything is fully encrypted and reads like gibberish for your ISP or other third parties. Thus, a VPN effectively cuts out your ISP. A VPN reduces the amount of collectible data remarkably and prevents third parties from selling and sharing this data with others.

You are a high-risk individual

High-risk individuals like investigative journalists or political activists often face considerable risks associated with their valuable work. Contrary to what many VPN companies want you to believe, a VPN is not a one-stop solution for anonymity. As a high-risk individual, you need to take a multitude of precautions to protect your privacy and ensure your security. Of these precautions, a VPN is an inevitable part to ensure encryption and hide the IP address. Using an end-to-end encrypted e-mail or messaging provider gives an additional layer of security to protect sensitive messages. Combined with a VPN, an excellent private browser can protect from some forms of tracking that a VPN cannot protect from, like canvas fingerprinting.

You use file-sharing services

Peer-to-peer connections (P2P) offer a fast and reliable method to share data. This data may include anything from legitimate documents to illegal videos. Despite the legitimate use cases of P2P, many ISPs throttle the bandwidth of or completely block P2P connections. With a VPN, the ISP cannot distinguish between different connections. Subsequently, your ISP cannot throttle or block any of your P2P connections.

How to use a VPN?

Using a VPN is straightforward. First, get a subscription for SnowHaze VPN here. There is a seven days free trial available in our iOS version. Once you have your subscription, you find detailed tutorials on how to set up your VPN here. Whenever you wish to protect your traffic, you simply turn on the VPN. Then your device connects to one of our VPN servers and establishes the secure communication channel. Everything between your device and the VPN server is now effectively cut out and can’t intercept your communication, including your ISP and other third parties. The service you are accessing now only sees the IP address of the VPN server. This unblocks content such as videos or websites that are blocked based on IP location.

VPN Anonymity with Zero-Knowledge Auth (ZKA)

Yvan — Thu, 16 Jul 2020 08:41:00 +0000

Our infographic visualizes the technology behind ZKA.

Zero-Knowledge Auth (ZKA) is our new protocol that ensures the highest level of anonymity for our VPN. Most VPN providers are not private at all because they store a lot of information about you, like your name and address, your payment information, and logs about your internet traffic.
There are trustworthy VPN companies who promise not to log your usage of their services. They mostly live up to their promise and do not collect data about you. However, we still put the trust into their hands. If they are subject to a data breach, personal information might still be leaked. And the company itself technically has the power to find out what sites you visit.

ZKA revolutionizes the entire process from registration up to the usage of the VPN. There is no longer the need to share personal information. When you connect to the VPN, you don’t even need an anonymized account number to log in. Continue reading below for a detailed explanation.

ZKA Registration

The first step in using SnowHaze VPN anonymously is to generate a cryptograaphic key pair (Read more about cryptography here). First a secret code is generated by performing random calculation on your device. This ensures that this code is strong. We call it Master Secret and it is the basis for all the following operation.
A key pair (private key and public key) is then derived from your Master Secret. The Master Secret acts as starting point such that the keys derived from it are always the same. Since you are the only one knowing your Master Secret, only you can derive your key pair. The public key is sent to the server, where it is stored as a new database entry. The server only knows the public key and will associate all information like payments and validity to your public key.
The server does not know about your Master Secret, which is why it has to be safely stored. If you loose your Master Secret, it’s impossible to recover your subscription.
Users not wanting to loose the Master Secret have the possibility to register with email and password, like most of us are used to from other accounts. In this case, your Master Secret is encrypted with your password and safely stored on the server. The server cannot see it, since it is stored in an encrypted form. Your email is also not visible for the server because it was hashed (Read more about hashing here). The server never sees neither your Master Secret nor your email nor your password. When logging in, you request the encrypted version of your Master Secret from the server, and decrypt it on your device. Now the Master Secret can be used to derive the key pair and sign in.
Note that at any point you can add email and password to your registration or unlink your email and password from your registration.

ZKA Payment

The next step is to activate your registration by adding a payment. You choose a subscription option and pay either by credit card, or anonymously using cryptocurrencies or cash. Your successful payment is sent to the server along with your public key. The server can then credit your public key. From now on, you are allowed to connect to the VPN server. In order to connect with a VPN server, you must prove that you have the right to access it. This happens using tokens.

ZKA Token Generation

The server regularly (e.g. once a week) generates login tokens. All the newly generated tokens are randomly grouped into boxes and every box is assigned to a user. The server doesn’t know which user gets which tokens, neither which tokens are together in a box. When you want to use the VPN for the first time, your device first requests the box containing the tokens and stores it on your device. After that the new box containing new tokens is regularly updated (e.g. once a week).

ZKA VPN Connection

Before connecting to a VPN server, your device randomly picks a token out of the box and sends it to the server. The server let’s you connect if the token is valid. The only information that is exchanged with the server is the token. Remember that the tokens were randomly put into the boxes, which were randomly distributed among the users. The server only knows the public key of a user, and simply sends the box of tokens to the user that requests it using the corresponding private key. There is nothing tracing back to the public key when you connect to the server.

ZKA VPN Usage

Since you have a valid token, the server let’s you connect. Your internet traffic is now encrypted and rerouted over the VPN server. The IP address that websites see is the one from the VPN server. This hides your true IP address protects your location. The server records nothing about your traffic and cannot tie two separate connections to a user. Enjoy the first truly anonymous VPN service.

ZKA Verification

If you are still reading this, we obviously got you interested. As a clever mind your might ask yourself “Sounds good, but how do I know that what you describe is the same as what runs on the server?”. Good question, we thought you might wonder. You can actually verify this yourself.

There is a dedicated process in an enclave of the server, which is in charge of generating and distributing the tokens. This technology by Intel called Software Guard Extensions (SGX) provides a guarantee that the code running in this enclave was not altered. Since all the code is open source, you can check that the fingerprint of the enclave is the same as the one for the code. This gives you the proof that we are running the very same code on our production servers.

Visit our Github page for the verification script and more details https://github.com/snowhaze/zka-sgx

Infographic: Zero-Knowledge Auth Explained

Yvan — Tue, 16 Jun 2020 17:34:40 +0000

Read the text explanation here.

About Business Ethics and VPNs

Yvan — Sat, 27 Apr 2019 10:54:10 +0000

When using a VPN service, you entrust your entire traffic to a single company. This company reroutes all your traffic to give you the advantages of spoofed IP address, encrypted connection, and uncensored internet. However, these advantages come at the cost that you are to some degree at the mercy of your VPN provider.

It is undisputed that the benefits of a VPN greatly outweigh the risks. But it is still worthwhile to take a closer look at the business ethics of VPNs. Shockingly enough, the VPN business makes up for some of the shadiest online companies. Yes, in a market advocating trust, privacy, and security, businesses do, concerning the business practices, not live up to the claims. Read below to learn about some of the most common lies in the VPN industry:

Affiliates

VPN companies use affiliates for advertising their services. Affiliates usually get a generous financial kickback for every signup they generate. Affiliates-marketing is an easy and cheap way for a company to grow sales and is not per se a problem. However, affiliates often engage in misleading customers, spam social media and e-mails, and run smear campaigns against other VPN providers, e.g., when PrivateInternetAccess distributed lies about ProtonVPN

No logs

The “no-logs” claim is an absolute standard in the VPN business. It means that a company is not keeping any logs or storing any other data on the VPN servers. I mean, who wants a company to keep track of what you do online? Not a lot of VPN users… So companies that openly advertise that they keep logs are at a disadvantage, I get it. But unfortunately, it has been shown over and over again that many VPN companies just claim to have a no-log service, while in fact, they don’t. While no-logs sounds super easy, in fact, it is not. It requires some extra effort from your side, from the data center, the software, the employees and so on. While no-logs sounds like default, it is definitely not. Depending on the jurisdiction of the VPN company, no-log services might not even be legal. Therefore, we can still assume that a large number of VPN providers just claim to be no-logs for business purposes but have not invested the time to make it no-log.

Tracking

Privacy-conscious users make up a significant fraction of VPN customers. For many, no-logs is a must and tracking from the VPN provider a no-go. I agree VPN providers have access to the entire traffic of a VPN user, and while some parts of the traffic are encrypted, the amount of data available is still dizzying. Privacy protection as a service is also part of the sales pitch of most VPN brands. I found an article on how to protect from tracking through Google on the website of a very renowned VPN provider. Sadly but not unsurprisingly, I also found a Google Analytics script on the exact same site. I guess a reasonable start would be to protect their users from their own services..?

White label solution

Running a VPN service is neither cheap nor easy. Especially, when you are running a no-log VPN service on dedicated servers, adequate resources are needed, as we know first-hand at SnowHaze. Many of the numerous VPN services are mere white-label services that license from wholesale VPN solution providers. In the white-label solution market, there is one (and only one) thing that matters: price. VPN providers that opt for white-label solutions, usually opt for the cheapest ones. These, however, rarely meet the privacy and security standards that are advertised.

Bought reviews

Whenever you search online for “best VPN” or something alike, hundreds of results with lists like “best VPN in 2019” or “top 10 VPNs for streaming” pop up. What seems like a helpful guide to get the best for your buck is actually paid advertisement and completely misleading for customers. Because most of these reviews are actually paid ones. The more a VPN provider pays, the better it ranks.

Summary

As I show in this article, dubious business practices are omnipresent. There are a staggering number of players in the VPN market that concentrate on phony advertising instead of providing a high-quality product for the customer. It is difficult for an advanced VPN user to assess the quality of a service, and it is nearly impossible for a novice user to do so. With the high competition in the VPN market, many successful companies focus on cutting the cost of the service with implications on privacy and security, to then spending the profits in dishonest marketing.

We know that the VPN market is oversaturated. There really is no need for just another VPN service. That’s why we decided to do it differently. Many VPN companies do not live up to their claims.

That’s why we decided to create the first VPN with privacy by design – our users can verify that we keep what we preach.
That’s why we don’t have user accounts – we know nothing about our users and hence cannot leak or log anything.
That’s why we refrain from dubious marketing practices – we instead spend our money on improving our product than paid reviews.

How your WiFi setting is used to track you

Yvan — Fri, 19 Apr 2019 07:31:35 +0000

Tracking happens not only when you’re actively browsing the web, but all the time. Some tracking methods used are really subtle and usually not noticed. Have you ever wondered how your phone automatically connect to your home network as soon as you enter your house? Your phone is constantly sending out signal in the quest of a known network. Your device is basically communicating with all nearby WiFi networks without taking a break. This communication is not restricted to known networks, but it happens with all networks.

The information that is shared with a network contains data about your phone but also a list of all networks known to your phone. Most users have connected with a lot of networks in the past. The combination of all these networks is almost unique for each of us and acts like the fingerprint of your device. This unique fingerprint is sent to all nearby networks and can be used to track you in real-time.

If you are in a mall, at the airport or simply moving around in your city, many routers belonging to the same network see your phone’s signal. This allows to follow your path very precisely. It is possible to see where you’ve been, how long you spent in a shop and when you take a break. This is valuable information when it comes to analyzing people’s behavior in order to better place advertising, decide a new shop’s location, or send location specific offers.

There are different ways to fight against that.

The first and simplest trick is to turn of WiFi when you’re not using it. Make sure to turn it off in the settings and not just from your Control Center as this doesn’t completely deactivate the WiFi signal.

Reset your network settings regularly. Each time you connect to a new network, your fingerprint gets more unique. Regularly resetting your network settings removes all WiFi network, VPN connections and restores the default settings. You will have to reconnect to your networks and reenter the passwords. However, it is worth it to do some housekeeping now and then.

The last trick is more advanced but very effective. Use a Faraday cage. A Faraday cage physically blocks all incoming or outgoing electromagnetic waves. As soon as you put your device in a Faraday cage, it becomes completely isolated from the outside world and cannot send or receive any signal. You can buy different kinds of sleeves depending on the item you want to protect. Sizes range from small for credit cards and passports to entire bags.

So next time you are on your way, there might be someone tracking your way around town by looking at your WiFi signal. Just try one of the tricks to remain unobserved.

The Checklist to avoid Email Scams

Yvan — Fri, 29 Mar 2019 13:15:39 +0000

We are all getting these scam email that wants you to inherit 15 million dollars or inform that your bank account has been hacked. It’s not hard to tell that this is junk, but when the messages look more professional, it suddenly becomes harder to spot fake emails. Unfortunately, still, a lot of people fall for these tricks.

Due to data breaches, billions of account information get public every year. This data contains account information like name, email, maybe age, and credit card details. It doesn’t take much for hackers to join these details and create a genuine-looking email that asks for your sensitive information. Now I know you’re smart and don’t fall for that. But some of your friends or family members might. If one breach leaks millions of accounts, there’s got to be someone that falls for it.

Here are the most essential hints to spot fake emails:

Who is the sender? Look at the email address, and the domain (the stuff after the @ symbol). Does it look suspicious? If the domain doesn’t correspond to the sender, it is most likely a scam, e.g., americanexpress@mail38382fwi8e.com or amexpress@gmail.com. However, don’t solely rely on that as it is quite easy to change the apparent sender information.
Who was the message sent to? If the email was sent to “undisclosed recipients,” not to your address, or if no recipient at all appears, your alarm bells should ring.
Where do the links point to? Don’t directly click on links in emails. Hover with your mouse to see the destination or try to copy it. Does the link point to the site that is pretending to send the current message? If the link points to any other site, don’t click it, especially if it is a shortened link (bit.ly, goo.gl, t.co, TinyURL, ow.ly) or cloud storage (Google Drive, Dropbox, etc.). With link shorteners, you don’t know where you will be redirected to.
Are there spelling mistakes? Luckily, scammers make a lot of spelling and grammatical errors. If the language in the message has poor quality, it’s most likely a scam. However, there are still bad people who master your language.
Are there any attachments? Never save or open attachments from untrusted senders. Dangerous files can be disguised as .pdf, .docx, or .jpg and take over your computer. Be extremely vigilant with .zip or .exe files.
Does the message urge you to some action? Subjects like “URGENT: …”, “Click here,” or “Your payment of $2000.00” try to hasten a reaction from your side. Also, a message like “2 incoming messages have been blocked by your mailbox, click here to get the messages.” makes us curious. Take a second look before you do something. Often you don’t have an account with the pretending bank or don’t use that service.
Do they ask for information? Be careful if the sender asks for some sort of information like names, account information, or passwords. Never share any sensitive information. Even if it is really your bank: Log in to your account not by clicking the link, but by entering the address in your browser yourself.
Have you turned on automatic replies? Many configure an automatic response when they are out of the office or on vacation. These automatic replies are also sent to scammers, which in turn know
- that they have reached a real address,
- your full name and workplace,
- your schedule and vacation information (means your house is empty during that time).

I highly recommend to turn off these notifications.

This scam message could win an award as it raised almost all flags we just discussed.

Go through this checklist when you get a suspicious email. Even if the message is from a friend, it is worth to quick check that everything looks ok. Also, don’t forget that the information of many billion more accounts will be leaked in the future. It is just a matter of time. Share your information wisely; many services ask for more data than necessary. Don’t share your real birthday, phone number, or address with any site.

A smart way to avoid having your data in the next leak is to get rid of old, unused accounts. Change your profile data to random information and then delete it. You can always create a new account when you need it again.

If we manage to spread awareness these kinds of messages will soon no longer fool anyone.

Encryption: when and why?

Yvan — Sat, 16 Mar 2019 11:42:12 +0000

Encryption sounds powerful and somehow mystical. Encryption is the almighty solution when it comes to protecting your digital data. At the same time, many use it without fully understanding it. But who cares as long as it works.

Is encryption always the solution? How can I encrypt different kinds of data? And what if I no longer know my password?

To start, we will clarify a few things. First, not all encryption methods are the same. There are a million ways to perform encryption. Depending on the need, we look for different encryption algorithms, which are either fast, or slow, or strong, or weak, or even undecryptable. We won’t go into all possible encryption algorithm, but note that the strength of your encryption depends on the algorithm you use.

This is also encryption, but not secure at all: Ceasar cipher shifts the alphabet and reassigns each letter to a new one.

Secondly, there is an important aspect that is often forgotten. Encryption should be the last thing to protect your data and only kick in after everything else has failed. It’s great if all your devices are fully encrypted, but this encryption protects your data only from the moment your device has left your possession. We should, therefore, do our best to protect the devices that hold our data physically.

We can also encrypt data that we send to other people. Be it a picture sent on Whatsapp, a PDF sent by email or a file uploaded to Dropbox. We usually don’t want to share our messages and pictures with everyone. By encrypting the data we send out, we make sure that only the desired persons can access it.

And lastly, a quick glimpse into the data that we send out without noticing. Whenever you visit a website, there are so many metadata that are generated: your location, the page you visit, the time, your device settings, your keyboard settings, cookies, fingerprints, etc. Same if you upload a picture to your cloud. This picture contains information about the data and location when it was taken, but also about your camera, the aperture time, or the battery status. We can protect most of the data we create by encrypting it. When we share data, we want to transfer it through an encrypted channel, e.g. a VPN, end-to-end encryption or at least HTTPS.

Enough of the motivation, I think you get why encryption is essential. So, let’s come to solutions. For the threats briefly mentioned above, we have collected a short summary of software, which helps you protect your data.

1. Use end-to-end encrypted messengers like Wire. Messages are encrypted between sender and receiver, and nobody can read them in between. Since you are connected with your conversation partner over service, key exchange happens automatically, and you don’t have to worry. Other solutions besides Wire are Signal, Telegram or Threema.

2. Encrypt emails with PGP or let Protonmail do it for you. Your emails including all sensitive attachments can be intercepted and read without you noticing. Especially confidential material should never leave unencrypted. It is a bit more advanced if you do it on your own because you have to get the public key of the receiver. And it requires that both parties have encryption keys. When sending messages between Protonmail addresses, they take care of the encryption, and you can relax.

3. For securing data on your computer, you can encrypt it. Locally encrypted containers or entire encrypted drives can be created with VeraCrypt. VeraCrypt creates drives, which are fully encrypted and encrypts all files copied into that drive. When creating a new encrypted container, it guides you through all the steps and allows you to choose the encryption algorithm.

4. “There is no such thing as a cloud, it is just someone else’s computer.” Therefore, if you still need to upload files to cloud storage, you might consider encrypting all your data before uploading them. Boxcryptor automatically encrypts everything before sending it to the cloud.

5. A VPN encrypts all your moving data that quits or enters your device. This will therefore also encrypt the traffic that contains your unencrypted emails and the sites you visit. A hacker in a local network or your internet service provider can therefore not see the sites you visit or the messages you share.

If you loose your encryption key, you are locked out and loose your data.

Finally, whatever is encrypted can only be decrypted by knowing the correct key. Many services perform encryption and automatically manage the encryption keys, like in end-to-end encrypted messaging. If you manage the keys on your own like with PGP or VeraCrypt, keep them safe and don’t lose them. Once you forget your password, your data will also be inaccessible to you.

Paypal on last place: Password requirements of your online services

Yvan — Fri, 11 Jan 2019 13:10:17 +0000

We have looked at the requirements that major online services have for your passwords. We all know that websites ask us to create strong password and want a minimal length, uppercase and lowercase letters, etc. However, not all really have the same notion of security. Spotify only requires 2 characters for a password. So you could use xx as password (Please don’t!). Paypal sets an upper limit of 20 characters; not so secure for a service that handles your online payments. Have a look at the graphic and get a password manager if you don’t already have one.

My Privacy and Usability Browsing Guide

Yvan — Mon, 03 Dec 2018 12:21:00 +0000

Between privacy and usability I am very far away from the usability part

Often users ask me how I use my browser and how I handle the balance between privacy and usability. Let me describe the entire process from starting up my computer to the first search result. Here, I must admit that between privacy and usability I am very far away from the usability part. You will still find something for you in this article, I promise. So let’s start.

I start my computer, and the first thing I do is turning on my VPN or at least verify that it is correctly turned on. When starting up, it usually happens that the wireless connection can’t be found immediately and we don’t want the VPN to idle because it doesn’t find a network. Whenever I want to check if my VPN is still properly connected, I visit ipleak.net to check my IP location.

As recommended in previous articles, I use Firefox with many add-ons and adapted privacy settings. Have a look at our earlier articles on how to have the best privacy with Firefox add-ons and how to boost your privacy and security with hidden Firefox settings.

All add-ons are active when I start up Firefox. Regularly, I change the user agent with the User Agent Switcher add-on. Today, I chose Chrome on macOS. My browser opens directly the private search engine Startpage. With Startpage, I have found the best search engine both combining privacy and usability. This time it’s not either or, but you can actually have both!

When I get onto a page, my NoScript add-on blocks all JavaScript. In case the site doesn’t load properly or I want to use all features, I can turn on the scripts that I want. NoScript has two benefits: First, it shows me the tons of scripts that are running in the background and that most people are not aware of. Secondly, it empowers you to choose who is allowed to get your data and who is not. Some script from domains that I fully trust land on my whitelist and are always enabled. I know it can be tedious to figure out what scripts must be loaded to display the site correctly, but having full control over it is a great feeling.

Naturally, all cookies are discarded after every session. Therefore, I have to log into my accounts every time. This is really easy when you use a password manager. You can just copy and paste email and password or even have it filled in automatically. Who would want to type in over 50 random characters on every log in?

So all this might sound complicated and tedious, but you quickly have the routine and do this in no time. It helps in understanding the threats to privacy and security and keeps you aware of the risks. Now, don’t think that I’m paranoid that every site might steal my data. It is not more paranoid than when you look left and right before crossing a road because you are aware of the risk of getting run over by a truck. It becomes natural and is not annoying at all.

The cool thing is that my browser resides within a virtual machine (like a separate computer within the computer) and my physical device never directly access the internet. And the best thing is that every time I shut it down, this virtual machine auto-destroys itself and regains the state of before starting up. Everything that accessed the computer, all fingerprints or malware is deleted, and a clean version is restored. So even if I’m not careful, my primary device never gets infected.

Every time my computer is shut down, it auto-destructs itself.

There clearly is a middle way between usability and privacy. In my opinion, the most important thing is being aware of the security risks. The extra effort is definitely worth it compared to having malware on your device, having your data stolen or being watched by Facebook. I wanted to make everything I described above much more comfortable and more accessible. Honestly, not many will read this article to the end and start changing the way they browse. With SnowHaze, we made these things more comfortable and more usable. If you care about your privacy and that of your family, tell them about SnowHaze. It’s free there’s no longer a reason to not be protected.