My favorite browser trick actually requires a little advance preparation: You need to have a Linux server running on your home broadband connection with OpenSSH
installed. Once you've got the server set up, the trick itself works with all popular browsers and client OSes.
When you're on the road using public WiFi hotspots, start a SSH session to your server (PuTTY is the best free SSH client for Windows), and specify the option "-D 1080" when opening the session. Now go into your browser's network settings and tell it to use localhost as a SOCKS proxy.
What does this do? It secures even insecure (unencrypted HTTP) connections from anyone eavesdropping on the public WiFi signal. All web traffic to/from your laptop over the WiFi connection has strong encryption applied to it, and gets bounced through your home broadband connection (which is presumably less vulnerable to snooping than a public WiFi hotspot).
A very useful trick until the day comes where all web traffic is HTTPS by default.
This also has the effect of hiding your IP (and hence physical location) from any of the sites you connect to, since the connections will all appear to originate from your home broadband connection. (This aspect will be much less important to most people than the security angle though.)Edit
It is also worth noting that HTTPS isn't bulletproof either, so it makes sense to protect as much of your connection as possible, even *with* HTTPS.
Root CAs have been compromised
in the past, and it will happen again. Someone with leverage (blackmail, a government with influence over a root CA operating in that country, etc.) could also acquire forged SSL certs. Bogus certs (ones that don't even originate from a legitimate CA) can also be surreptitiously installed on client machines, either through social engineering or an unpatched exploit in the client OS. What does this mean? It means that someone with access to any point in the pipeline between you and the site you're accessing can theoretically spoof the SSL cert of the target site, and (via a Man-in-the-middle attack
) decrypt all of your HTTPS traffic without your browser (or you, or the site you're talking to) ever being aware. Sorry this has turned into a bit of a security rant, but IMO the current system of CAs and SSL certs has some serious weaknesses that are eventually going to bite us in the posterior -- in the form of ID theft and financial fraud on a massive scale, widespread invasion of privacy, or possibly even up to and including an existential threat to national security.
As the proverbial curse goes, "May you live in interesting times!"
The years just pass like trains. I wave, but they don't slow down.
-- Steven Wilson