Categories
Security Tools

How to use Chrome securely

  1. Install uBlock Origin extension. (If you’re not from US, check its options to turn on ad block lists for your country)
  2. Do not install any other extensions ever! (exceptions: 1Password, Google Arts & Culture).
  3. Create separate “people” for different activities: e.g. home, work, browsing sketchy websites. (Click on avatar → Manage People.)
  4. If you want to turn on sync, set up encryption passphrase. It’s a separate passphrase from your Google account — your sync data will be encrypted locally with it before hitting Google servers.
  5. Disable saving/auto fill of passwords, payment, and addresses. (https://twitter.com/Sc00bzT/status/1085521985017466881)

That is all (for now).

Categories
Security

Securing Go web applications

There are lots of security-related things to keep in mind when writing a web application, as the Web is a place full of danger: cross-site scripting (XSS), cross-site request forgery (CSRF), clickjacking, brute forcing, spam and so on.

Go gets many things right by default: for example, templates from the standard library make it hard to accidentally introduce XSS vulnerabilities. But what about other attacks? Fortunately, there are a few open source Go packages that can help us.