22
JoshBent
24d

On my personal journey to better privacy!

Wanted to change to Qubes, but since I wind down with games, that won't happen sadly and it seems windows still doesn't support proper gpu passthrough either, so might eventually change to linux host and windows guest or create a VM I use for everything else that isn't gaming, since I still really love the idea of having a snapshot backup system.

So since that isn't quite in my timeframe right now though: first move was to move to firefox, already done the change on mobile (love having dark reader and ublock on mobile!), now setting it all up on desktop, pleasant surprise was for sure that firefox finally seems to have chromes devtools pretty much mirrored, even the mobile suite of tools.

Loading of pages is also finally fast and much snappier than chrome from the first testing I could do (on desktop, on mobile it still kind of sucks in comparison, but I can deal with that).

Please suggest me all sort of privacy tools you got, especially with firefox in mind, but also host tools, be it windows or linux (e.g. some sort of traffic obfuscator that visits random pages that are SFW but make automatic traffic filtering hard, could probably make my own, but if there's something like that already, why not), I'll save all I can use.

Comments
  • 4
    @Linuxxx @PerfectAsshole @FrodoSwaggins just to tag a few that might be already deep into the topic.
  • 6
    Firefox addons: privacy badger, privacy possum, ublock origin, canvas defender (or something it was...), webrtc disable, some user agent spoofer. (and soon one I've written myself 😁)

    Are you using Linux now? If no, no clue about 'regular' software :)
  • 6
    Search engine: ddg or searx.me. (feel free to use https://search.privacy-cloud.me, hosted by me with no logging)

    What phone are you using and do you also want to make that one more privacy-okay?
  • 6
    As for firefox it's already really good in itself. Only plugin i have on my phone and laptop is ghostery which blocks extra ads/trackers that firefox doesn't catch. If you switch to linux you should just search "linux hardening" the bare minimal should be blocking incoming connections on all ports unless they are already established(you started them).

    Other than that it depends on how paranoid you want to be. If you want to go off the deep end you can force all connections through a vpn and block other outgoing with iptables along with using dnscrypt-proxy/dnsmasq to use dns over https and cache the response which would be the blackhole of privacy
  • 1
    @linuxxx not using linux on my main desktop just yet, though you can tell me anything - I'll save it for once I do the switch, it's just I need to have atleast like a week of available time to fully switch, so for now I do what I can with what I have.

    Installed everything, thanks, though which of the canvas blockers do you use or is e.g. approved?
  • 1
    @linuxxx already using ddg for near a year now I think, might use searx too though, maybe even in changing combo of your instance and from @Linux instance (tag because actually he might also have something to say on topic, being the linux guru)

    Tell me everything you know about making a phone more privacy friendly, I am thinking of possibly flashing my oneplus that is laying around with lineage 15.1 and then bare minimum zip flash (MindTheGApps or microG?) to get e.g. notifications working and other things as basically every app out there uses at the very least GCM/FCM and I am dependent on many of the notifications working for my freelancing work.
  • 2
    @PerfectAsshole oh, right, ghostery! forgot about that one, thanks! hope it won't interfer with the rest of the plugins above, regarding hardening I have some things down in muscle memory, due to maintaining a lot of servers, though definitely saved dnscrypt to my todo list, if you got any resources on that setup I would highly appreciate too, as a quick search gives some odd results.
  • 5
    @JoshBent
    Rotating between searx instances is a good idea :)

    I can suggest to looking at alternatives to twitter or Facebook (if you use or want to use) such as Mastodon ( https://social.linux.pizza is a great instance from what I have heard ) or diaspora.

    Also, check out the librem 5 coming this spring
  • 3
    @Linux your mastodon instance was actually what kicked the ball further :) trying to find alternatives to everything as I go haha

    did you (and @Linuxxx ?) implement the searx recommended image proxy - mogy or whatever it was called? it was supposed to prevent some sort of google image embedding iirc
  • 4
    @JoshBent As for the picture, I usually go for the top one.

    As for the phone, that sounds good! Do take a look at XPosed and a few of its privacy modules :)
  • 3
    @JoshBent
    The problem with searx and Google is that Google now thinks that the server is a bot and publish captchas :/

    But, the other engines does a good job too
  • 2
    @linuxxx oh right xposed, how well does that work with invisi-root though, e.g. magisk - since usually if you "raw" root that breaks thousands of apps, especially banking apps iirc?

    also do you know more about MindTheGApps? I've used and seen microG much more in the past, but can't find any comparison of microG to MindTheGApps, was microG discontinued or something or why did people stop taking it into consideration?
  • 1
    @Linux oh so it essentially blocks searx being able to query google then? or does the user get prompted for the captcha
  • 4
    @JoshBent It works well with magisk! (source: me running magisk and Xposed :P)

    I know it by name but that's it. I don't have a single interest in connecting to Google at all (got a work phone anyways) so no need for me to use it :)
    @haxk20 do you know more about this?
  • 4
    @JoshBent went ahead and looked up both ways.

    --Basic Iptables Lockdown

    https://dvikan.no/paranoid-security... (Simple stateful firewall)

    --Privacy Paranoid

    Blocking outgoing besides specific vpn

    https://unix.stackexchange.com/ques...

    DnsCrypt with dnsmasq cache (leave out public dns from resolv.conf)

    https://nurdletech.com/linux-notes/...

    maybe @linuxxx will want to write a blog post on how to do a full paranoid setup in one place where it would be easier on people newer than me at this game
  • 5
  • 2
    @PerfectAsshole awesome, thanks!
  • 2
    Onion router for all tcp ip traffic!!
  • 1
    @FrodoSwaggins reminded me to check the method for vpn, that allowed to chain onion routing, thanks!
  • 2
    Privacy
    Privacy badger. ublock origin. DDG.

    Useful
    OneTab. Firefox multi-account container. Auto Tab discard. Tabby.
  • 2
    @cursee got all the privacy ones already, onetab I carried over from chrome, thanks for reminding of multi container, came across it before, but didn't save it - the "auto tab discard" implies automatic tab hibernating, but the description doesn't seem to ever mention it, is it actually just install and let it be or do I have to trigger it manually? tabby sadly isn't available but might look for an alternative, thanks!
  • 2
    @JoshBent auto Tab discard is just install and go on kind of add on. It has default settings. What's your Firefox version? 🤔 I'm on latest stable release and using Tabby (Window and Tab Manager).
  • 1
    @cursee firefox quantum 63
  • 2
    @JoshBent same version
  • 1
    @cursee maybe I am looking at the wrong tabby, can you link it?
  • 2
    @JoshBent here https://addons.mozilla.org/en-US/...

    useful if you use lots of tabs or multiple windows
  • 2
    @cursee yeah I was looking at the wrong thing haha, thanks! though I wonder what is better, tabby or the tree view plugin, will try both for sure.
  • 3
    @linuxxx microG should be still up and running. Take a look at github. And mindthegapps are from lineage people that got bored of openGapps
  • 2
    @Haxk20 what does getting bored mean though, what was so bad and what have they improved?
  • 3
    @JoshBent they try to keep it clean and stable. Opengapps was causing lot of issues with new android always. Mindthegapps not as far as i know. I dont use gapps. I download google apps manually if i need them
  • 2
    I use pia on my mobile works great. Also orbot works great too. I select which countries I want my exit proxied through. It's a little slower but keeps my IP hidden. Just have to ensure all your traffic on your mobile use Tor and vpn
  • 0
    @linuxxx why user agent spoofing?
    It helps find better results (even in ddg)
  • 1
    @gitlog why would the user agent have an influence on search results?
  • 3
    @gitlog Because it's harder to track someone if they're spoofing their user agent all the time.
  • 1
    @linuxxx oh that reminds me to find the plugin that was spoofing random fake proxies to all websites, hopefully it got updated too.
  • 1
    @linuxxx it was similar to this, sadly can't find any working one: https://addons.mozilla.org/en-US/...

    edit: found the one, sadly not compatible anymore: https://addons.mozilla.org/en-US/...
  • 0
    @JoshBent if you are on linux distro and search, your results will be of that particular distro or maybe just more away from windows and mac results
  • 0
    @linuxxx arguable point.
    All your user agent has is your distro's and browser's name and version
  • 3
    @gitlog Yeah but it can genuinely be used to track someone along with the up address.
  • 0
    @linuxxx sorry for noob-ness
    But how could user agent affect IP?

    Also, a proxy would be enough to hide IP
  • 3
    @gitlog Not, but those two together can form a unique combination: easy to track.
  • 1
    @linuxxx to be fair I am more afraid of fingerprinting, which is hard to beat, did you find something to protect yourself with?

    @gitlog I highly doubt ddg adjusts search results based on user agent, what if I use Linux and search for Windows related stuff? sorry but that sounds like a load of shit.
  • 0
    @JoshBent it does have an impact.
    Also, for security in our project, apart from auth token I'm also saving user agent so that just stealing auth token and somehow getting it activated "somehow" won't also assure success.

    Also @linuxxx @JoshBent said a great thing about fingerprinting via HTML5 canvas which isn't generally blocked by browsers. Is there any pre existing app for that too?
  • 2
    @gitlog What do you mean with an app for that?
  • 0
    @linuxxx add on for browsers
  • 3
    @gitlog Oh yeah, I mentioned them somewhere on this rant 😅

    Search for canavas fingerprint or something :)
  • 1
    @gitlog there's way more than just canvas, look up panopticlick.
  • 1
Your Job Suck?
Get a Better Job
Add Comment