Chrome & Firefox Security Tips You Need to Know 

Considering the video was targeted towards Chrome _and Firefox_ users, it would've been worth mentioning that Guardio is a Chromium-only extension (Chrome, Edge, ...)

the always ask where downloads go is a really good option to help prevent drive-by downloads and also will help keep you organized

Here's a fun one: you can add --js-flags="--jitless" to any chromium browser to disable the JIT compiler! As many exploits are JIT compiler issues, disabling it also "fixes" them (this is what Super Duper Secure Mode does in Edge). (unfortunately, this disables WASM as well, but most people probably wouldn't notice).

I was listening to music but this is more important.

Google: for more security let me check all your browsing history and many more identifiable information... Amm, well that's not very privacy friendly...

Edge's enhanced security disables JIT to make your browser less vulnerable to exploits. I know you specifically only mentioned what Chrome's setting does (and Firefox's anti-tracking thing is clear enough), so I am adding onto what Edge's setting does. For Firefox, there is also a hidden setting in about:config that can turn on CRLite, which checks for revoked certificates.

Another useful and informative video. Thanks ThioJoe! 😄

The editing that was done for this was very dedicated, thanks for sharing 👍😃

One of my security tips is to always set Chrome to "ask where to download a file." This also means you can cancel a download by hitting escape or clicking "cancel" and that a malicious site can't just download a file onto my disk... at least not through a normal file download.

Thanks for all the useful tips man

This was very helpful thanks thio

Excellent information Thio so thank you soo much!

I really appreciate you giving tips for FireFox as well. Makes it easier to nudge people towards the better browser when videos like this exist.

I would consider using Guardio. However, I instantly get suspicious of any company that doesn't show their pricing upfront, but instead just allows a free trial and take my credit card to activate this free trial.

If only guardio was there for firefox too, i'm still waiting for it!

I use a package manager to get updates while I'm AFK for brief periods. I also use nextdns on my router. I like that it has advanced filtering and give 300000 free queries per month (which is more than enough for my household of 6 light users).

Thanks for this amazing video and thanks for making Google Chrome a better browser! Love your contents keep up the good work!

I set my downloads folder to always ask but the default save dir is the temp folder, so every time I reboot the file is gone, not cluttering my drive. useful for installers and junk files.

Hi! Thank you for the video! Love your vids (miss the fake guides though :) )! Could you please make such exact video about securing Safari on Mac and iOS?

Thanks for the info

I always set the download to _”ask where to save”_ option, mainly because I don’t like being forced to save thing where they tell me….*I* want to choose where to save a file. I also manually check for browser updates every time I turn on my pc, but I don’t know why I do that….probably some past experience I forgot about. 🤷‍♀️

Thank you very much I wasn't aware about encrypted SNI 🤓

ThioJoe is the best youtuber to watch at 7am in the morning.

Thank you will use these tips will make browsing more safe

Thanks for your sharing

Encrypted SNI - I had no idea! This is extremely cool.

I generally prefer adguard for my dns, because I feel like I might as well be blocking ads on dns level while I'm at it. Also, I like to disable third party cookies by default and only enable the ones that absolutely needed it.

You should also mention the Random User Agent extension which randomizes your user-agent session (that's what the server receives : browser (firefox, chrome, safari, etc.) At random (yet reasonable) intervals. Also setting up the DNS to your network on your operating system as well. We must encourage everyone to start verifying the checksum of the files they are downloading. This would reduce risks of downloading something from an untrusted source which might have been compromised in the past or even still be compromised up to this day. Also, why don't we have a button or an option to manually report suspicious and broken websites to Google and other Web Browsing Safety services this way we can all make the Web a better place? Don't get me wrong but I believe we should use the word "Internet" more carefully because it technically means "connection to the online digital world" and not "Website browsing".

3 million celebration yay!!!

Interesting video ever from thiojoe

You almost have 3 million subscribers!

Great video! Question: How do I set SNI in Firefox in the Android version on a smartphone?

Thanks for the informative video, I definitely learned how to harden my browsers!

can you make a video about optimizing chrome, since i like the layout and features. but it takes up to many ram and is to laggy

Guardio isn't a "browser extension" in general, it's only a "Chrome extension", as I've never found it on any other browser and they say on their site "Add to chrome", even when accessing the page with another browser.

Could you provide a link for your desktop wallpaper?

Gonna say it here since you couldn't say it in the video without being demonetized: ADBLOCKERS SHOULD BE TREATED AS SECURITY PLUGINS, THEY ARE THAT ESSENTIAL. Especially considering how shitty of a job Google does in screening AdSense uploads, plus allowing arbitrary javascript so any ad can, merely by existing on a page, download and auto-launch any program they want (even bypassing the "always ask where to save" prompt).

@ThioJoe Can you sahre the link of that wallpaper in background computer screen

So the staged release thing, that's also something we do at work. It means that if a dev merges in a change that breaks something, hopefully you can catch it and easily roll back when only 1%, 5%, 25% of your users are using the broken version, rather than breaking 100% of people's days

While I'm sure this is fine working from home, I have to wonder how many of these settings interfere with filtering that may be found on public/semi-public WiFi systems. I know of at least one that uses Cisco equipment that requires you to use their DNS and block other DNS. Presumably, the filtering is going on at the DNS level.

Thio, I'm looking for a way to clean MOST of my cookies but I'd like to keep some of the essential ones. I couldn't find any easy way to do that on chrome. Do you have any recommendations on how to accomplish that?

Thio, why does my pc always disk check on startup? Even though I'm shutting down the pc the right way.

Hi thio, on my laptop I keep seeing "Managed by your organization" for my chrome browser. I don't use my pc for any organization and its 90% of the time at home. Should I be worried about this?

You should make a video on 'Your browser is being managed by your organization.' in the browsers

Encrypted DNS is not available in chromium based browsers if the organization deactivates this. Firefox still works tho

After enabling the ECH settings in Firefox, the Cloudflare test still says failed for Secure SNI in my testing. Is this actually working for anyone else?

It has it own pros and cons for group update. One reason I think of is the server lag that need bandwidth to handle download speed. Example in youtube days they were overload with bandwidths that they need to add servers which cost money for them. Guess it same with the windows os update.

I woke up early in the morning and found this video.

The SNI thing didn’t work for me in Edge even after I followed the steps in the video. It still doesn’t show me the ClientHello option. And in Firefox I couldn’t pass the Cloudflare test after setting everything up either. Just weird.

I switched back to Firefox, I used to use it way back in the mid 00s but switched to Chrome, I decided to go back to Firefox because I don't like how Google is attempting to shut down ad blockers, plus you can use an ad blocker on Firefox for android, something the Chrome version refused to let you do. I would like to say it was totally successful, but SADLY I am forced to KEEP USING Chrome for some online software I need to use for work. It will load in Firefox, but is somewhat unreliable and on occasion will have issues so bad I am actually forced to use Chrome to load it, so now I just load it in Chrome every time. I know this is the company that makes the software/website's fault, but dang am I annoyed I can't permanently cut ties...

I use a browser extension to reduce browser fingerprint called Canvas Blocker Fingerprint Protect.

Would have liked to see Brave included in this video.

A slow rollout sounds stupid until you have a fast rollout of a critical bug break your application for the entire user base, swamping your support team with so many requests from angry users, they quit, and in turn recalling your programmers from vacation so that they can figure out what got broken and whether a rollback or another rushed fix to the entire user base is called for.

I don't remember my account password , but I do have the recovery key , how do I use it to get my settings , saved passwords and bookmarks back ? Please need urgent help have to fill college admission form.(Firefox)

Do they do the staged update cohorts thing even for security updates?

Wonder if you can make a script to setup these settings? I only care about Firefox but imagine all types would be wanted.

Will this allow me to disappear from Fortinet DNS network?

Yup, I always manually update Chrome.

But the ISP might still know what website you’re accessing if they do a reverse DNS lookup, right?

It's not a browser thing per-se, but always enable showing the file extension in Explorer.

Thumps up

Can someone pls tell how to enable encrypted sni/client hello in brave browser?

If you worry about a browser exploit being able to access your local files, another thing you can do is to set up an extra user account on your computer and use sudo or runas to run your browser (and maybe other programs) as that user, who won't have access to all your private user data in your primary user account. You probably want to have a common area that both user accounts can read/write to, like the 2nd account's Downloads folder.

Has Opera patched the latest Chrome exploit? Seems that the browser updated but the Chromium version is still 113.0.5672.127

Plz make a similar video on Brave browser

For me Firefox has always been more secure, I use it with security options enabled and extensions.

3:14 should I consider saving this as a bookmark?

Encrypted DNS doesn't really provide more privacy though. You're just switching your trust from your ISP to somebody else (usually Cloudflare). You could setup a Pihole and have it block scam-websites and Ads while also having a nice front-end to enforce DNSSEC. Pihole doesn't work with DoT or DoH out of the box though, but the security or privacy improvement is not that big to begin with.

Trying to set encrypted DNS, Chrome claims that "This setting is disabled on managed browsers". I've noticed that some other settings can't be changed for the same reason. Trouble is it's my home PC, I built it. I own it, I installed all the software, I'm not part of any "organisation" so how has this come about and how can I change it? Maybe something for a future video?

tried the --enable-features=EncryptedClientHello procedure in my Edge browser and cloudflare is showing secure SNI is not active. also got question mark for secure DNS

sni didnt work for me. enabled n relaunched. still fails the test (chrome)

Got any security tips for Opera GX?

Still disappointed that you haven’t mained Firefox for it’s built in privacy

the experimental services can save you { time and more } if you are having an issue you cant quite figure it out and need time to research subject

Nice, I already had enhanced protection and I also have where to save also so it asks me before saving.

I have everything hidden and locked. Even if you get through the lock. You have to do a 2FA to unlock. After that is a fingerprint. In every software, there is the most strict settings

SCCM and other stuff will stagger updates, you don't just want everyone downloading the update at once to avoid network bandwidth issues.

Chrome can auto-update itself, but if you see online that an update is available, you should go manually update your browser

How about MS Edge?

For the people in the comments mentioning Brave and Opera GX, remember that those both are Chromium-based, you're basically using a reskinned Chrome

I use Firefox 100% of the time my brother told me that Google Chrome is a RAM eater, and I'm not kidding he just told me about Chrome, but I always keep Firefox up to date Mozilla always releases new updates every month so I let Firefox check for updates automatically so I don't have to do it manually on my laptop but one security feature you didn't mention was passkeys on both Chrome and Firefox for some reason Chrome has passkey support but Firefox doesn't so I hope Mozilla will have passkey support in the newest Firefox update

I knew half of them, but never went in-depth into Chrome, I am good off with Brave, anyway, interesting video!

I just cannot accept that Chrome does not allow to clean cookies+cache+session on window close. That is something I really love from Firefox. It is even worse to see that Chromium-based browsers like new Edge do allow this feature so it is a problem of Google, not the browser

A more secure DNS is always ask the authoritative nameserver, but then depending on the nameserver, that's will be so slow lmao

Wait what about opera gx?

Edge is the Fastest atm for browser updates

All my browers are on the beta versions. And use them all for different reasons.

Guardio is shady hiding it pricing while pushing the free trial. You have to click on 3 pages to find monthly & annual prices. Its not cheap at $60 a year when my AVAM does the same for less than a 1/3 of the price.

If you are in a "Google Chrome web browser" critical environment, like many work places where ITs will install one, and only one, web-browser, it makes sens to delay updates to the masses. Not for weeks of course, but just enough to be sure the update does not break anything major. Of course, Google could let the user tweak this parameter and still not make it default tough I'm encline to think this is not a bad thing. It's just yet another "not well implemented" feature, as it often goes with google's lab/staff innovations.

👍👍👍

Another one (though more "extreme") is to disable Javascript. Type-confusion attacks seem to be popular nowadays, and JIT compilation makes JS more unsafe. The good news is that Chromium browsers have a per-domain JS permission, so we don't have to disable JS for all sites. For Firefox, there's NoScript

Is it useful to protecting us from fake websites that look legit?! and on that site the hackers will give you malware files! Does it mean if I follow these steps I will be protected by these fake websites?!

browsing is easy , its the forced push to re-route to an alternate site that causes the problem

Me with Opera GX: _Interesting._

The captions have a problem, sometimes i see " for no reason

Lol everyone remember to share this with your parents

There are plenty of browsers based on Chromium. Why not Brave or Vivaldi? They are safe and private.

For optimal security, you can shutdown all circuit breakers in your home and place your phone in the toilet.

"Seacuriatych, I remember this one this is uhhhhhhhhhh and amd" - Asian

I'm not using a VPN anymore, by the way, because I think it's a complete waste of money and free VPNs significantly reduce internet speeds, which, again, you're paying for so what's the point? For instance, I can't access my online banking services because my bank won't allow me to log in while a VPN is active. The whole point of a VPN is to provide added security, right?, so what's the point if you can't use a VPN to access the one thing on the internet you need to be the most secure?