Noscript + ABE
Adblock plus (ALL subscription filters)
Useragent switcher (spoofed OS and browser signature)
Meta redirects off (web dev extension)
Referrals off (web dev extension)
. Wouldn't browse without it. Dovetails with NS beautifully.RefControl
More privacy enhancement; simple GUI and defaults. Certificate PatrolJSView
, if you want to peek under the hood, even at the names of the dozens or hundreds of scripts that can load under a single Allowed (or Temp-) site or source.
You do know that NoScript also offers Meta redirect control? NS Options > Advanced > Untrusted > check Forbid META etc.
Also Options> Notifications: Show message about blocked META....
Don't you need cookies enabled at some sites for them to work? Your online bank, say?
What adjustments are recommended to the most popular HOSTS services
Router = DD-WRT
TOR + Vidalia
Hostfiles blacklist (winhelp2002.mvps.org/hosts.htm)
Sandboxed/VM/jailed executables (Sandboxie + VMware)
No administrator/root privileges
Spoofed MAC address (immunity for fingerprints)
ALL ports blocks except 80:443:53
, including that one (which I too use).
Disable Universal Plug and Play in the router admin interface.
Disable remote administration (from the Web), unless you really need to access your router's admin GUI from a hotel room somewhere.
Require an HTTPS connection to the router interface, especially if it has wireless capability.
If there is a "Firewall" or similar page in the router GUI, check all there: Block anonymous Net requests, filter IDENT, filter Multicast -- unless you somehow need these.
Disable passthoughs of IPSEC, PPTP, and L2TP -- again, unless you use one of these.
Disable SSID broadcast, although some cast (ha!) doubt on how much that really accomplishes.
Of course, crypto-strength password *to access router*, and, if a wireless connection, crypto-strength key. (AT LEAST 15-20 characters, u/l case, digits, keyboard chars @#$%^&**( etc, NO words found in a dictionary, or close variants thereof.
Be aware that sometimes, alternate ports are used
But add the ABE rule given by Giorgio there.
Wouldn't be without it:
Faraday caged office
All cables wrapped in aluminum foil (anti van eek)[/list]
If a three-letter agency wants you badly enough, they'll get you -- via your ISP, implanting a key-logger while you're not there, etc.
May come back and edit/add things at other times, as they occur to me. Enough for now.