The Core
Why We Are Here => Hardware & Technology => Topic started by: Brad on March 18, 2015, 01:20:50 PM
-
Nice little article keeps it simple.
http://nypost.com/2015/03/16/5-ways-to-thwart-nsa-spying/
Of course you really are not going to stop any government, intent on spying. It's like putting locks on your house, anyone determined enough will get in, but you make it such a pain in the butt that most thieves will just find something easier, like your neighbors house.
One of the real finds from that article was Privacy Badger, which sounds interesting.
https://www.eff.org/privacybadger
-
Thanks. That does have some good tips in a short space.
-
They mention DuckDuckGo. I see their traffic is building up nicely: https://duckduckgo.com/traffic.html
-
They mention DuckDuckGo. I see their traffic is building up nicely: https://duckduckgo.com/traffic.html
Wow, they got quite a boost just by being an alternative, not the default, in both Safari and FF. I use DDG and like it. Another good privacy alternative is http://startpage.com which is straight up Google without user customization or enhancement. No logging.
-
I sometimes use one of the proxy services, but mostly for research, not privacy
http://hideme.be
http://anonymouse.com
http://hidemyass.com (they might be defunct)
-
Privacy Badger is a good one.
You should use the following as well:
- NoScript (FF) - SafeScript (Cr)
- Disconnect (FF & Cr)
- µBlock (FF & Cr)
That may break some pages, but it will massively curtail your tracking footprint.
Then you may want to run your browser in a sandbox. You can use Sandboxie or stick things in a virtual machine.
-
although there are lots of 'only 5%' '0nly 10%' statements in there, I'm amazed it's that high a % of people are taking those actions. Do you 'mercans feel that's a representative sample?
-
although there are lots of 'only 5%' '0nly 10%' statements in there, I'm amazed it's that high a % of people are taking those actions. Do you 'mercans feel that's a representative sample?
It seems high to me. I think these surveys get skewed towards techies, not the great unwashed masses.
-
I feel like every time I've tested NoScript it breaks a ton of sites and I disable it.
-
>not the great unwashed masses
There was a headline floating around earlier this week that said over 30% of US users had taken some security/privacy precautions since the Snowden whistleblowing.
-
>>30%
Good to know the message is getting through.
-
I feel like every time I've tested NoScript it breaks a ton of sites and I disable it.
Yes it does. That means it's doing its job. ;D You can train NoScript on sites you don't want to break and then export/import those settings to other machines. After a while you get used to the pattern of permanently or temporarily giving permissions to new sites, but your regular sites work just fine. Instead of turning it off completely, open sites you don't want broken in Incognito mode or another browser.
Newer versions of FireFox and Chrome have a NoScript type function built in. You can deny JavaScript and other scripting on a site-by-site basis, but it's easier to use NoScript/ScriptSafe in my experience. That's the way to remain secure on the Interwebs, and even the browser manufacturers know it.
-
Somebody should have mentioned rss feeds as a security alternative, or at least reducing exposure. I'm only visiting about 10-15% of the sites I'm pulling (headlines & snippets in the rss, then go to the page if it interests me).
-
I know, I know.
I go out into the outside world and I'm the security nut that people roll their eyes at, then I come here and think "Crap, I'm totally at risk."
-
I'm a heavy RSS user, and you're right about the security aspect. It's good to be reminded about that. You can pull in a ton of information and read snippets without any tracking whatsoever. When you click through to the article that's when I'm a bit more careful. For certain topics I'll open the link in a Tor browser or virtual machine.
-
I'm pulling roughly 2000 headlines a day from about 70 sources. About 40% of those make it past my filters. I'd estimate my ctr at 25%. Many of the sources provide good headlines for the mile-high view but rarely draw the click (Reuters, for example). I end up going to a few dozen sites daily and they tend to be repeat providers.
>open the link in a Tor browser or virtual machine
I wrote the reader to use a feed source profile with both a 'pull' and a 'display' template. If they provide a full feed, I could set it up to read it off-site but I've found I don't like reading that way. Need some eye-candy, I guess. But I've been thinking more & more about pulling full text whether they had an rss feed or not. I could aggregate some twitter accounts, for instance, and just assimilate them into my reading sessions. It would be fairly easy to segregate feeds into a session that required a Tor browser or VM but I'm not that paranoid. Yet.
-
>RSS
I never thought of it in this context. I'm going to start firing up Feedly again.
There are so many bad actors out there I think it's better to be a little bit over paranoid now than sorry later.
Siloing can help on some levels: if you use free services split them up across many providers, Google for calendar sync, Hotmail for email, DDG for search, iOS or BB for smartphone. So if one service has a breach the bad guys don't get all your eggs in one basket.
-
Update: new privacy badger out. I have been running it on chrome for a day. Seems good. UI very good.
http://thenextweb.com/apps/2015/08/07/effs-privacy-badger-extension-is-finally-ready-to-block-super-cookies/
-
update:
Privacy Badger (Chrome) now lets you export/backup your user data.
-
> easier to use NoScript/ScriptSafe
Scriptsafe looks to be the way to go with Chrome. I like the backend, reminds me of Ublock.
https://www.andryou.com/scriptsafe/
(I was running http://webkay.robinlinus.com/ and script-blocking seemed to be the universal answer to up the browser secuirty game for more sophisticated tracking exploits.)
-
>ScriptSafe
Of the 3 privacy extensions I run (ScriptSafe, Privacy Badger, Ublock), ScriptSafe is the meanest AND the biggest pita --which makes it the most effective, I guess. Every domain and subdomain is blocked by default and you're forced to check off -often by guessing- all of the 3rd domain assets a site might use to build a page. Text usually displays even in the default mode but it can take a few trial-and-error reloads to get the pix & vids unblocked. Media sites, in particular, might have as many as 20-25 items blocked, ranging from ad networks to CDNs.
<added>
ScriptSafe does have the option of exporting/importing your custom user data.