Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Mercer

How to browse the internet without being spied on.

Recommended Posts

You can also edit /etc/hosts to include entries for sites that don't like being blocked. 
Or,  add ones you do like to prevent DNS lookup from happening so any tracking at the DNS lookup level doesn't occur and you route directly to the site you want (and are then only tracked by all the routers in between.  😛   ).    This requires that the site has a stable IP address that can be used for access or you being willing to keep it updated if it doesn't.   It speeds initial connections up a tiny amount since no lookup occurs if used this way.   

 

Pop open a shell and

# sudo nano /etc/hosts

 

Basically you add entries like:

 

127.0.0.1		www.facebook.com
::1			www.facebook.com

66.228.55.176		forum.12ozprophet.com

 

The first is an IPv4, second is IPv6.  The first two lines redirect www.facebook.com requests to your local machine which just causes them to timeout if you don't have a webserver running;  downside is you have to add all subdomains manually.   If you set up a local server that doesn't accept connections from outside hosts and just replies with 404 or similar you can speed up that kind of blocking. 

 

The last line resolves the forum address locally, assuming the address remains constant.  These types are more of a pain to use since things aren't necessarily constant with target IP.

 

The 127.0.0.1 blocking relies on the TCP/IP stack on the OS not being messed up.  I've read vague reports of both mac & windows 10 ignoring blocks of apple.com & microsoft.com respectively, so setting up blocking in a firewall is preferable.   An older machine that can run some minimal linux or BSD and a spare network card can handle filtering things for you at a much more configurable level than a consumer router, which is a good reason to keep an old computer around.   There are lots of tutorials on setting this kind of thing up on the web and it has become much easier in more recent *nix.  

 

  • Props 1

Share this post


Link to post
Share on other sites

To block subdomains, you need to setup a local DNS server like https://www.linux.com/learn/intro-to-linux/2018/2/dns-and-dhcp-dnsmasq

 

Thought you could add wildcards to the hosts file to cover subdomains, but apparently not. That said, its apparently not too tough to run Dnsmasq and with that you could add wildcards. I think it would be near impossible to cover all sudomains manually for a lot of these types of sites. Probably easier to reroute whatever IP block they have. 

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Yeah the wildcard thing makes it a bitch.   There are a couple of giant hosts files compiled over the years since I wrote the article about abusing it that way that can be helpful.

 

For windows I've got a small batch file that I run on any software that might be wanting to phone out to servers that I don't care to be sending god knows what to.  It unfortunately doesn't work on Windows "modern UI" apps because any updates create a new directory with new GUID appended, but it could be set up to do a wildcard  run in task scheduler if needed. 

 

@echo off 
echo Outbound Firewall Block Rule Adder v0.2
echo ---------------------------------------
echo 

echo Specified directory %1
echo Scanning directory... 
echo.

@echo on
FOR /R %1 %%X IN ("*.exe") DO ( 
	IF EXIST %%~fX (
		netsh advfirewall firewall add rule name="Scripted: Block Software: %%~X" dir=out program=%%~fX profile=any localip=any remoteip=any interfacetype=any action=block description="Automatically created outbound firewall rules by batch"
		netsh advfirewall firewall add rule name="Scripted: Block Software: %%~X" dir=in program=%%~fX profile=any localip=any remoteip=any interfacetype=any action=block description="Automatically created inbound firewall rules by batch"
	)
)

@echo off
	
echo.
echo Completed. 

Just copy to firewallAllTheThings.bat or whatever, run it with a directory as input, and it recursively adds all executables to windows advanced firewall. 

 

I do this for practically any non open source freeware I have to download for whatever reason these days on general principle. 

 

Share this post


Link to post
Share on other sites

Note:  Do not accidentally run that on something like C:\, for obvious reasons.    Blocking loopback shouldn't happen, but if it does windows will become unbootable. 

 

This script doesn't catch errors in command line entry:    usage is

whatever.bat [folder]

 

It should just quit if you don't pass it any arguments but I wrote it quickly to do one thing and didn't bother with error checking there. 

 

No guarantees are made, I am not responsible for any damage caused by this file, by reading this agreement you agree to disagree with this EULA which clearly states in an obfuscated fashion that it is being intentionally unclear about everything.  Reverse engineering this batch file is a violation of international copyright law, so do it.  It may be reverse engineered by reading it, like everything else.  Reading is a violation of international copyright law.  Void where prohibited. 

Share this post


Link to post
Share on other sites

Big data meets Big Brother as China moves to rate its citizens

The Chinese government plans to launch its Social Credit System in 2020. The aim? To judge the trustworthiness – or otherwise – of its 1.3 billion residents.

 

https://www.wired.co.uk/article/chinese-government-social-credit-score-privacy-invasion

 

--------------------------

 

Inside Cuomo’s plan to have your face scanned at NYC toll plazas

Facial-recognition cameras at bridge and tunnel toll plazas across the city are already scanning drivers’ visages and feeding them into databases to catch suspected criminals, Gov. Andrew Cuomo revealed Friday.

 

https://nypost.com/2018/07/20/inside-cuomos-plan-to-have-your-face-scanned-at-nyc-toll-plazas/

Share this post


Link to post
Share on other sites

Kinda what we were already talking about... You can browse the web privately, use crypto and take a bunch of other precautions, but soon enough it won't really matter. In much the same way Facebook and Google use a pixel to trace all upstream / downstream traffic and see enough of your online movement and footprint to fill in the gaps, soon enough they'll be able to do the same in the real world. You can still *hide* but reality is that the algorithms will quickly evolve to a level of sophistication to no doubt flag people that aren't following the expected thresh hold for participation.

 

George Orwell couldn't have even imagined how far and fucked up reality would become when he was drafting 1984.

Share this post


Link to post
Share on other sites

Pretty much that.  I look at 1984 as a warning nobody took seriously, because it wasn't quite 1984 yet in 1984... 

There was also always the implication / thought that went along with references to that book that if that shit happened,  people wouldn't stand for it, or it would involve some fundamental takeover of the government and there would be a revolution, etc...

 

Unfortunately for everyone they just did it to themselves and paid for the privilege instead...  😛

 

It worked on me, too, because here I am typing on it.  👁️

 

 

 

 

 

  • Truth 1

Share this post


Link to post
Share on other sites

This is random, but has anyone noticed an upswing in computer security related news (exploits / malware) basically telling people to not go to websites they haven't heard of, while in the same general segment (on broadcast TV) mentioning some dumb new feature of a social media website?  I feel like there's a push to keep people from taking advantage of the internet fully in terms of the useful side and use the parts that are idiotic as much as possible.

 

 

 

  • Truth 1

Share this post


Link to post
Share on other sites

Well, looks like we're not the only ones officially sick of this shit.   The originators of the Internet bring you...

 

The Brandeis program

https://www.darpa.mil/program/brandeis

Quote

The collection and analysis of information on massive scales has clear benefits for society: it can help businesses optimize online commerce, medical workers address public health issues and governments interrupt terrorist activities. Yet at the same time, respect for privacy is a cornerstone principle of our democracy. The right to privacy, as Louis Brandeis first expounded in 1890, is a consequence of modernity because we better understand that harm comes in more ways than just the physical.

 

Quote

The vision of the Brandeis program is to break the tension between: (a) maintaining privacy and (b) being able to tap into the huge value of data. Rather than having to balance between them, Brandeis aims to build a third option – enabling safe and predictable sharing of data in which privacy is preserved.

 

It's not perfect, but something that could be standardized on would be better than nothing. 

Edited by GnomeToys

Share this post


Link to post
Share on other sites

On a similar tip, recently had a conversation with @diggityoff social and web, the subject of which quickly turned into a slew of targeted ads which further proves that there is certainly a creepy sharing of data that crosses between services and functions. Our conversation did not occur via a browser or social media and the subject (screen printing) is obscure and specific. Somehow our conversation (again, wasn't googled or done via a social media platform) was somehow intercepted and led to a bunch of screen printing ads clogging his social media feed.

 

100%, text and voice communication is being intercepted without your knowledge or permission.

  • Truth 1

Share this post


Link to post
Share on other sites

Was talking t my wife tonight about these furniture mover things that are like Whoopi’s cushions. Came to bed. Got amazon ads for them. Never looked them up. No idea what they are really called. Have an ad. Back offf Hal. 

 

Quick edit. We were talking irl. Not on the phone. Our phones were locked and not in use at the time. 

Edited by diggity

Share this post


Link to post
Share on other sites
12 hours ago, diggity said:

Was talking t my wife tonight about these furniture mover things that are like Whoopi’s cushions. Came to bed. Got amazon ads for them. Never looked them up. No idea what they are really called. Have an ad. Back offf Hal. 

 

Quick edit. We were talking irl. Not on the phone. Our phones were locked and not in use at the time. 

scary shit.

Share this post


Link to post
Share on other sites

One of the funniest targeted ads I got was after I kept chain-posting a bunch of deep dream'd pictures of Tubgirl until I found one that would get through the image recognition neural net of some website...  at that point the neural net they were using for targeted ads either exploded, got weird data from the analysis of "objects in image" on deep dreamed tubgirl, or was way the hell too accurate...  the next page refresh gave me an ad that was a link to apply for a job as a forensics agent at the FBI.   I nearly shit myself laughing. 

 

On the minimal hardware thing, lots of people do that I think...  or in the case of lots of people I know they just hack the fuck out of anything they're concerned about.   It seems like most fall into the "totally embrace" or "get the hell off my lawn" categories depending on how jaded they are from dealing with the whole mess, and I can imagine Bill Gates is pretty fucking jaded about now.  IMHO a lot of the attitude change towards technology is more a function of the fact that most people using it don't understand the implications of it. 

 

For example, one thing Apple probably got right in the long run was never adding support for BluRay to their machines...   the standard effectively requires a black-box rootkit to be loaded with the operating system if you want to play movies.  It isn't a rootkit in the sense of somebody being able to remote control the machine with it, but the standard itself requires that it be so heavily obfuscated / encrypted that there's no real way of auditing that without an enormous amount of effort. 

One of my projects at work was to spend about 6 weeks trying to reverse engineer commercial bluray player software for both the bluray people and the company involved to determine what kind of effort it would take.   Ironically the movies that they bought me for that task were the first non-pirated movies I'd owned in years, and part of the reason I had to sign an NDA for the whole thing was that they gave me the keys required to pirate them (let's pretend the internet didn't exist and I couldn't look that up in 5 seconds).  It didn't really matter whether I knew exactly what I was looking for or not, I was seeing how much of a clusterfuck it would be to get to them using just that piece of software and whatever crazy shit I could come up with.  I failed to find anything, which probably kept that company in business. 

 

Anyway, the sheer amount of software functioning against anything you try to do to it on the machine you paid for is fucking amazing in the case of something like that.  I'd think of one way in, oops, too obvious, their driver is blocking me.  Ok, how about...   now the operating system itself is blocking me.   Etc, etc...  Obviously someone broke it, or this wouldn't have been an issue.  I just think they used a huge shortcut that didn't involve any of that mess.  😄    The point is all of that crap basically tossed in at the insistence of a single industry...   I don't really think any of this is being used for monitoring or anything dodgy other than the usual copy protection that you can circumvent by spending 10 seconds on google, but it's interesting how pervasive it is. 

 

Another fun fact:  Pirated BluRay disks in exactly the same video format with the encryption stripped off play faster.  This isn't anything to do with the encryption itself, which is pretty much transparent, it's the crazy-ass Java virtual machine the player has to run in order to initialize the decryption process and run the menuing system.  Just like in Windows 95 days, Java manages to make everything it touches slow.  😄 😄  

 

Anyway, I'm relating that fun bit of experience because it's just an example of a high end consumer level variant of invasive software / hardware.   It's absolutely nothing compared to stuff like:  

https://en.wikipedia.org/wiki/Intel_Management_Engine

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

 

ARM has a similar set of layered crap running under the OS and I wouldn't be surprised to find nasty crap in it either.  I haven't looked at it much so I'm not sure. 

 

https://developer.arm.com/technologies/trustzone

 

It isn't just processors, either;  anything that has a boot ROM can be made into a weapon of sorts.  This comes to mind immediately:

 

https://www.wired.com/2015/02/nsa-firmware-hacking/

 

So the biggest problem (and the reason I tend to just bitch about targeted ads / corporate / marketing) is that nearly all of the hardware that could be called a computer is designed to be spied on and breaking it free of that state varies from extremely difficult to impossible depending on the design of the hardware itself.  Because of that I'll bitch about the lower level stuff, but at this point in time I can't see any way around it without spending a year auditing the relatively simple (1990s) level of hardware I'd be capable of auditing myself for firmware crap like this, another year learning enough about circuit layout in processors and ROM to de-cap and analyze a bunch of identical models of those, etc...   anything on that level quickly becomes silly. 

 

 

 

 

Share this post


Link to post
Share on other sites
On 8/27/2018 at 11:08 PM, diggity said:

Was talking t my wife tonight about these furniture mover things that are like Whoopi’s cushions. Came to bed. Got amazon ads for them. Never looked them up. No idea what they are really called. Have an ad. Back offf Hal. 

 

Quick edit. We were talking irl. Not on the phone. Our phones were locked and not in use at the time. 

Locked doesn't mean much on modern phones.  Hardwired switches on the mic and camera might be the best option for that if you're good with a soldering iron.  Flip the mic on when you need to use it, flip it off after, problem solved.

Share this post


Link to post
Share on other sites

ProTip:

 

I was just doing a regular un-fucking of group policy settings (Cortana came back, but bitch is gone again) in windows 10 when I noticed some blurb under the Windows update for business settings about "Note:  If the allow telemetry policy is set to '0' these settings will have no effect."

 

So of course I remember to check that too and telemetry had flipped itself back on in regular settings at some point, so it got globally locked out in group policy as well (set to 0), but I wondered about that message. 

 

It turns out if you kill telemetry entirely like that, MS also stops force-downloading any sort of update whatsoever...   I've been using Windows since 3.1 so I don't mind checking up on security updates -- aka shit I care about -- and skipping the new version with revolutionary technology that can measure the tensile strength of my cock if I lay it across the keyboard (at the expense of no longer being able to use any of the vowel keys). 

 

This is like an early christmas present for me.  😄  😄

 

Next up, try to figure out what bastard Adobe software keeps leaving Node.js running and set up something to auto-kill that... 

 

Share this post


Link to post
Share on other sites

A bit of good news, to anyone who isn't using Brave because they need a particular chrome plugin for whatever reason, now Brave browser supports all chrome extensions.

 

Keep in mind that if your browser isn't spyware anymore, you might loose that important feature if you're not careful which plugins you're using.

 

https://www.cnet.com/news/brave-ad-blocking-browser-gets-chrome-extensions-with-major-new-version/

 

 

Share this post


Link to post
Share on other sites

If you are serious about then read below. Take what you like from it. Not my content but I used a lot of the techniques.

 

Table of Contents
1. Secure Operating Systems
2. Virtual Private Networks
3. TOR Related
4. Encryption
5. File/Download Security
6. Social Related
7. General Computer Security
8. Useful Guides/Threads

Preface *NOTE* Nothing will 100% secure you online, this is only meant to help.
This guide is here to help the general user better understand some aspects of anonymity. I understand there are more advanced methods but I thought this content would be most suitable for the users of HackForums as a whole. I also plan on updating this thread when newer methods and content become available or more widely used.

Disclaimer
I take no responsibility if this information or these methods do not prevent you from getting caught doing something you shouldn't have been doing to begin with.

Secure Operating Systems
Aside from the normal, everyday Windows, Macintosh, or Linux distros, these are operating systems that are renowned for the security pre-built within them.

Tails
Tails, also known as The Amnesic Incognito Live System, is an open-source OS designed to predominantly be ran via live disc like a CD/DVD, USB, or SD card. The main operation of Tails is aimed at keeping your privacy and anonymity safe while leaving as little trace of use as possible. Since it is an amnesiac OS, nothing is left behind every time you reboot such as save files, new software, and realistically leaves a clean slate when you need to power down. Tails default networking application is TOR (TheOnionRouter) which allows the user to stay encrypted through whatever network they are currently connected to. Many of Tails pre-installed software come pre-configured with security in mind such as the Pidgin IM client which is setup up with OTR for Off-the-Record Messaging or the TOR Browser with all the necessary plugins already added into it. There are many more features to this amazing OS found on their website.
Tails Link: https://tails.boum.org/

Whonix
Whonix is another operating system which is aimed on your privacy, security, and anonymity. It is based on three things: The TOR network, Debian Linux, and security by isolation. The creator's of Whonix stand by the fact that DNS leaks are not possible and malware with root privileges can not find out the user's real IP according to their website. There are two different parts to Whonix itself: Whonix-Gateway & Whonix-Workstation which is on a completely isolated network with TOR as its only connection possibilities. The Whonix-Gateway is exactly as it sounds, the gateway to the internet and all TOR connections. The Whonix-Workstation is the actual desktop environment you as a user will interact with during daily usage. The two parts of Whonix sync with each other to make sure the connection is secure as possible while also making sure the two are coinciding correctly. This OS is mainly used within Virtual Machines but can be applied in many different ways. ADD-IN WHONIX PIC SPOILER.
Whonix Link: https://www.whonix.org/
 
[Image: Dmieq03.png]

Virtual Machine Software
VMware Link: https://my.vmware.com/web/vmware/downloads
VirtualBox Link: https://www.virtualbox.org/wiki/Downloads

USB Live Disc Software
Win32 Disk Imager: http://sourceforge.net/projects/win32diskimager/

Will add more Live Disc Software.

Virtual Private Networks (VPNs)
Virtual Private Networks intertwine a private network into a public network. This enables the user's computer or personal device to send and receive encrypted data as if it were connected directly to the private network. VPNs are created by making a virtual point-to-point connection through the use of dedicated connections and traffic encryption. Here is my list of the VPNs I believe to be good enough for the average user.

*Note* All VPN's listed advertise that they keep ZERO logs of what users do while accessing the VPN.

Proxy.sh
Proxy.sh is a well known and reputable Seychelles-based VPN with a very friendly graphical user interface. This VPN comes with truly offshore locations with the option to have discrete onshore tunneling if wanted. Besides being compatible with just about every OS and device platform out there, Proxy.sh comes alongside Safejumper, a custom OpenVPN client with many benefits. Proxy.sh is also know for having a huge array of payment options available, 80+ different options, and only requiring an email along with the payment. They offer a few varying packages to choose from but from personal experience, I'd suggest going with at least their Basic package because it starts giving you more node (location) options to choose from. Proxy.sh has 24/7 customer service and ticketing system which you may access from their control panel on the website.
Proxy.sh Link: https://proxy.sh
 
[Image: LNsbtom.png]

Private Internet Access
Private Internet Access, also known as PIA, is a very common VPN used by many due to how easy it is to use and select features and options. PIA boasts about its many layers of security including IP cloaking, strong encryption, firewall, identity protection, and uncensored access anywhere. In addition to this, PIA uses PPTP, OpenVPN, IPSEC/L2TP, and SOCKS5 (proxy). One of the reasons I like this VPN is due to the options you can choose from simply through the GUI located in your active task-bar. By right clicking the GUI, you can choose your data encryption, data authentication, handshake, DNS leak protection, VPN kill switch, node locations, and many more options. PIA is another VPN that is compatible with most OS's and devices. Even with all the features this VPN comes with, it is on the cheaper side only being $6.95 a month if you pay month by month and accepts all major payment options.
PIA Link: https://www.privateinternetaccess.com

ZorroVPN
ZorroVPN is the lesser known of these VPNs but is just as secure if not more secure than others. Zorro's main features include AES-256 encryption, 4096-bit authentication keys, switching IP on-the-fly, VPN chains (DoubleVPN, TripleVPN, QuadroVPN), and the ability to set the VPN to "Tor" which allows you to transparently connect to the TOR network. The main downside to ZorroVPN is the limited payment options which used to only accept Bitcoin but now expanded to other options including PayPal & Credit Card with only an email being needed alongside the payment. One thing ZorroVPN states specifically is "ZorroVPN is independent service and it's out of jurisdiction of any government" which may show the thought into how much they care for your privacy and security. ZorroVPN is compatible with most common Windows, Linux, and mobile devices.
ZorroVPN Link: https://zorrovpn.com/

Other Notable VPNs (for additional levels of security)
CryptoStorm Link: https://cryptostorm.is/

DNS Leaking
While you are on a VPN, you want all traffic coming from your computer to go through the encrypted network. If any of your traffic leaks outside this encrypted network, people can then log that information which is not good at all. The Domain Name System (DNS) translates domain names such as HackForums.net into IP addresses such as 190.93.250.145 which is required to send packets of data on the Internet. When you try to access a specific website, before you go there you computer must interact with the DNS server to request the IP address. Internet service providers (ISPs) usually use specific DNS servers which log and record specific activities you do while on the Internet. The main issue here is when you use a VPN, sometimes the OS will default to the normal DNS servers instead of the DNS servers your VPN provides. DNS leaks while using a VPN can make you feel safe while you are truly leaking data that you don't want leaked. This is a major issue which is why all VPNs I listed above have some sort of DNS Leak protection, a must have when stay anonymous. You can test to see if you are DNS leaking at the links below.
IPLeak Link: https://ipleak.net/
LeakTest Link: https://www.dnsleaktest.com/
 
[Image: EpdQV7F.png]

For anyone not using a VPN with DNS Leak Protection, try using one of these DNS servers:
OpenDNS: 208.67.222.222 and 208.67.220.220
ComodoDNS: 156.154.70.22 and 156.154.71.22
UltraDNS: 156.154.70.1 and 156.154.71.1
NortonDNS: 198.153.192.1 and 198.153.194.1

SOCKS4/SOCKS5 Servers
SOCKS, which stands for Socket Secure, is an Internet Protocol that routes network packets between a client and server through a proxy server and allows you for sessions to traverse securely across firewall security. SOCKS4 & 5 are different types that do slightly different things. The main difference between the two is SOCKS4 only supports TCP application while SOCKS5 supports both TCP and UDP. With added supports, authentication methods, and domain name resolution, the main outgoing SOCKS proxy are SOCKS4 proxy. You won't be able to use UDP applications but it will be to your benefit overall. So if you are in need of a proxy instead of a VPN for a specific application, try to keep this in mind.

Tor Related
What is Tor?
Tor, which stands for 'The Onion Router', is a non-profit group of volunteer-operated servers that allows people to improve their privacy, privacy tools, and security on the Internet. The Tor network works by moving your traffic across various nodes through a series of virtual tunnels rather than making a direct connection, allowing anyone to share vital information without compromising one's identity. Anyone trying to trace you would see the traffic going through various Tor nodes on the network rather than directly from your computer. All that is needed to access the Tor network and .onion links (hidden service sites only accessible on Tor network) is the Tor Browser. The Tor Browser comes ready to use and routes everything you do through the Tor network without any configuration needed although I'd recommend a few steps to take which you will see later in this thread.
 
[Image: srSvdtT.png]

Tor Benefits
Tor has many benefits for all kinds of privacy issues people face in the world we live in. Many journalists, hackers, or people living in a dictatorship with a lot of censorship can use the Tor network to anonymize your traffic and access sites you may not have been able to before all while being absolutely FREE. Tor is also very useful for anyone looking to keep their online activity hidden from other people or your ISP. Tor can also be used to host sites which contain hidden services only accessible by other Tor users and sometimes needing an invitation to access for added security.

Browser Configuration
Although the Tor Browser comes pre-configured and can be used right away, there are a few more steps that people should take to secure it even more. Here is a list of addons which should be used within the Tor browser:

NoScript - an open source FireFox extension which allows you to restrict JavaScript, Java, Flash, and other plugins from only being executed by trusted web sites of your choice. Tor already has this installed in its browser by default but there are a few settings which you will need to enable/change. Firstly, open up the NoScript options and go to the Embeddings tab. From here you want to make sure everything on that page is checked on. Then, we are going to go to the Advanced tab. When there, go to the Untrusted sub-tab and make sure everything is checked on. Your NoScript is now more secure than the default configuration.

Ghostery - Ghostery is a privacy based browser extension used to block specific tracking cookies along various sites. Ghostery does not come pre-installed on the Tor browser so download it from the addon page in the browser by searching it. Once installed, we have to change some things. Once installed, clicked the Ghost icon located on the browser toolbar and once the Ghostery mini-page pops up, click the gear wheel in the upper-right hand corner and go to options. Under sharing options, make sure Ghostrank is disabled. Scroll down to the bottom where you see three tabs: Trackers, Cookies, & Whitelisted Sites. Make sure your on the Trackers tab and check everything on (should be 5). After doing that, make sure to click SAVE at the bottom of the page or this will not stay configured correctly.

RefControl - RefControl is an extention for FireFox that lets you control what things gets sent as the HTTP Referer on a per-site basis. Basically, when you access a site, you may not want a webmaster to know where exactly you found the link to access their site. This mitigates that completely.

HTTPS Everywhere - HTTPS Everywhere is an open-source extension created in collaboration by the Tor Project and the Electronic Frontier Foundation. It allows you to automatically make any website which supports HTTPS, use the secure HTTPS connection instead of the normal HTTP.

Disconnect - Disconnect is an open source addon which allows you to visualize and block invisible websites that track both your search and browsing history. On top of that, this also allows your page to load faster. Just make sure all sites are blacklisted at all times.

Search Engine - Although many people use Google as their main search engine for normal web browsing, Google shows a lack of care for users privacy in general. Also, Google is notorious for tracking clicks on result pages that you search with alongside sometimes having you log into GMail to access certain things. To prevent that here are a few search engines you can set to default instead. WebRTC Fix - This fixes a big security hole that can reveal you IP address to websites through WebRTC. Regardless if you're on Tor or on a VPN, if your browser doesn't prevent this, someone can still grab your real IP behind all that security. To fix this issue, open up your Tor Browser and type "about:config" into the URL bar. After doing that, in the search bar, search for "media.peerconnection.enabled" and make sure it is set to FALSE. You will then be set.

Another suggested extension but not needed is AdblockPlus.

Exit Node Security Warning
One thing I need to talk about is how other entities may be able to see your traffic over the Tor network. On Tor, instead of taking a direct route from your computer to the destination, the Tor network routes a random path through many Tor relays to encrypt and hide your data. Once your at the last relay of the path, this is called the exit node. The exit node is the one that actually makes the connection to the destination server. Tor, by design, cannot encrypt data between the exit node and destination server so whoever may be in control of the exit node has the ability to capture the traffic passing through it. The best way to combat this is to use End-to-End encryption which I will explain more about in the Encryption section later on in this thread.

Invisible Internet Project (I2P)
I wasn't sure about adding this in but I think it needs to be explained and talked about a little bit. I2P is a decentralized anonymizing network built on similar principles to Tor except was designed to be a self-contained darknet. Users still connect using P2P encrypted tunnels but there are still many differences.
  • Distributed peer-to-peer model.
  • Garlic routing (encrypts multiple messages together, harder traffic analysis).
  • Uni-directional tunnels so incoming and outgoing traffic are seperate.
  • Uses packet switching instead of circuit switching.
  • Uses its own API rather than SOCKS like Tor. This makes it technically more secure than Tor.
Aside from being very secure, it will also be much faster than Tor overall. The best way to explain I2P is as a internet within an internet. One thing to mention is I2P does not hide the fact you are using the service at all. If you don't like Tor for some reason, this is another option to check out.
I2P Link: https://geti2p.net/en/
 

ᴎᴀᴎᴏ
ᴎᴀᴎᴏ Offline
[closed@HF:]
 
Posts:
1,076
Threads:
87
Popularity:
0
Bytes:
0
#2
07-01-2015, 02:11 AM (This post was last modified: 07-17-2015, 07:45 PM by ᴎᴀᴎᴏ.)
Tor through VPN vs. VPN through Tor
Many people aren't aware that by using these in different orders really alters your privacy/anonymity quite a bit. Here I'll talk about the pros and cons of each side along with my final thought on the matter.

Tor through VPN - This is the method most people use because of it's convenience. The connection for this way of doing things is: Your Computer -> VPN -> Tor -> Internet. This is what it looks like when you connect to Tor while already on a VPN, since most people always have a VPN turned on already. One of the main advantages to this is that you can keep Tor hidden from your ISP, but your ISP will instead see you using a VPN which in most cases is much better. Also, if you're going through a bad Tor exit node, if you're using a good VPN, they will not keep logs yet still keep your data encrypted as well. The main disadvantage to this method is that a malicious Tor exit node can still monitor your traffic and trace it back to the VPN provider. This will be okay so long as your VPN provider keeps no logs or IP addresses of clients. The only other downside is that a lot of exit nodes on Tor will be blocked while using a VPN in this manner. This method mainly rides on how much you trust your VPN provider, otherwise is a very safe option.

VPN through Tor - This is a less used method but still used by many. The connection using this method looks like this: Your Computer -> encrypt with VPN -> Tor -> VPN -> Internet. The only way for this method is to use a VPN client which works directly with Tor and only two known VPNs work with Tor in this way: AirVPN and BolehVPN. This method really doesn't have any cons to it, only pros. The first pro being that because you are connecting to the VPN server through Tor, even the VPN provider will have no idea what your real IP address is. If you were to pay with BTC and use this method, there would be absolutely no way for the VPN provider to identify you in anyway. This method bypasses all blocks on Tor exit nodes as well as making all traffic through the Tor exit nodes completely encrypted. Finally, this method allows for geo-spoofing (Geo-Location) since you can choose the server location.

Overall, both methods of connection are going to be more secure then only using one. My suggesting would be to use the first method since it is convenient but only if you really trust your VPN provider. If you don't and want added security, use the second method which ensures that none of your privacy or anonymity will be compromised.

Tor Bridges
Tor Bridges (Bridge Relays) are Tor Relays that aren't listed on the main Tor directory. The main reason to use Tor Bridges is if you think your Tor connection is being blocked by something such as your ISP because even if they were to filter all the connections of known Tor relays, all bridges will not be blocked. I'm not going to go in-depth into this but I will leave a few links to find out where to get Bridge Relay IPs and how to install/configure them correctly.
Configuration Link: https://www.torproject.org/docs/bridges.html.en
Bridge Relays: https://bridges.torproject.org/

Proxychains with Tor
Proxychains is a tool that takes all TCP connections made by an application and pulls them through a proxy like Tor or SOCKS4/5 proxies. The cool thing about proxychains is you can have a random order and as many proxies as you want. It works with all applications but in this case, we'll be talking about it directly interacting with Tor. Most people use Proxychains on Linux OS's but you can use a program like Proxifier to do the same on Windows. By using Proxychains alongside Tor, it allows you to have an extra hop after the exit node before getting to the destination. This way, it doesn't look sketchy if you are leaving a French exit node and going to a US destination because with Proxychains, you can come from the French exit node, to a US proxy, then to the US destination making it much smoother overall. Here is are a few links to install/configure Proxychains, proxy lists, and how to check blacklists.
Proxychains Guide: http://null-byte.wonderhowto.com/how-to/...s-0154619/
Socks Providers: Vip72 & WinSocks
Blacklists: IP-Score & Whoer

Tortilla
Tortilla is an open source tool which users can use to transparently and securely route all TCP/IP and DNS traffic through Tor, regardless of client software, and without relying on VPNs or additional hardware or virtual machines. When this first came out, the creator pointed out two very undeniable facts about this tool. One, that it fixes "the Firefox problem" which is that FireFox has a ton of new vulnerabilities being discovered throughout each year which is a big security flaw. Two, being able to untangle the SOCKS server issue which wasn't allowing users to use TCP proxying via SOCKS. Tortilla solves these issues and allows Tor to be used with virtual machines which is why this tool works so well with TailsOS and can allow you to connect to Tor over top of Tor. This is software I haven't fully tested yet and will update with more if needed.
Tortilla Link: http://www.crowdstrike.com/community-tools/
Tortilla Github: https://github.com/CrowdStrike/Tortilla
Tor over the top of Tor: https://www.deepdotweb.com/jolly-rogers-...op-of-tor/

Encryption
Encryption is a vital part of computer security when it comes to important documents, personal data, or internet traffic. It allows you to securely protect data that you don't want anyone else to see or have access to. When it comes to privacy and anonymity, encryption plays one of the most important roles possible for securing data being transferred over the internet. Here are just a few types of encryption which everyone should be using.

PGP Encryption
PGP, Pretty Good Privacy, is a program used for the encryption/decryption of email over the Internet but also serves as a way to authenticate messages with digital signatures and encrypted stored files. PGP uses a variant on the public key system. It starts with each user having an encryption key that is publicly known and a private key only that user has. Each person sends a message, encrypting it with their public key. Then when the message is received, the message is decrypted using the user's private key. To make this the encryption process much faster, PGP uses an algorithm which encrypts the message, then uses the public key to encrypt the shorter key. There are two versions of PGP available: RSA & Diffie-Hellman. Both of these have different algorithms for encryption but as just as secure as the other. Sending digital signatures is a similar process but creates a hash using the user's name and other signature information. The hash is encrypted with the user's private key. They recipient uses the sender's public key to decrypt the hash code. If it matches, the recipient knows that this is an authentic file.
 
[Image: 7lJ98Yh.png]

Here are some links to PGP software and guides.
Guide on PGP: http://www.bitcoinnotbombs.com/beginners-guide-to-pgp/
Guide on File Encryption with GPG: https://hackforums.net/showthread.php?tid=4600720 - .Web
GNU Privacy Guard (alternative): https://www.gnupg.org/
GPG for Windows: http://www.gpg4win.org/
GPG for USB: http://www.gpg4usb.org/

Another good site but is currently invite only is Keybase.io which allows you to confirm someone else's PGP key, fingerprint, BTC address, social media accounts, etc.
Keybase: https://keybase.io/

Whole Disk Encryption
Disk encryption is software which protects your information by turning it into unreadable code which can't be cracked easily by unwanted users. Disk encryption uses specific software or hardware to encrypt all data that goes on a disk or a disk volume. Whole disk encryption is when everything on the disk is encrypted as well as all the programs that can encrypt bootable OS partitions. One thing to note is computers using Master Boot Record (MBR) will NOT have that part of the disk encrypted. Whole disk encryption has many benefits to it. Number one is ALL parts of the disk are encrypted, even the swap space and temporary files which may contain sensitive information. By using full disk encryption, you don't have the chance of accidentally not encrypting a file since everything is indeed encrypted regardless. Lastly, by destroying the cryptography keys, it will render the data completely useless. It's not needed on everybody's computers since everyone has different need, but definitely recommended. Most people have used software called TrueCrypt in the past but that software is no longer being developed. Instead, new software called VeraCrypt has taken is placed and is a very useful encryption tool.
VeraCrypt Link: https://veracrypt.codeplex.com/

Another good piece of encryption software is DiskCryptor which has similiar functions to VeraCrypt.
Diskcryptor Link: https://diskcryptor.net/wiki/Downloads

Disk Encryption Wiki Info: https://wiki.archlinux.org/index.php/Disk_encryption

*Warning* Please make sure to backup your entire system before attempting to do whole disk encryption in the case of a failure during the process.

File Encryption
File encryption follows the same procedure as whole disk encryption but instead of the whole disk, you are specifically encrypted an individual file or a whole folder. File encryption is a much simpler process that whole disk encryption and can be done with the same software, VeraCrypt. One thing to note is that with VeraCrypt, you can make a much larger encrypted volume (basically extra storage) to put files in and encrypt it as a whole. For instance, I have an external hard-drive which I made a 200GB encrypted volume for so once I type the password for that volume, I can drop anything in and close it. It will now be encrypted until I unlock that volume at another point in time. Here is a guide on how to use it with another VeraCrypt download link.
VeraCrypt Link: https://veracrypt.codeplex.com/
VeraCrypt Guide: https://veracrypt.codeplex.com/wikipage?...20Tutorial

Encrypted Backups
I won't be saying much about backups but I suggest everyone to keep backs and then encrypt them with this software for added security and to have that safety of being able to restore your system if something were to go wrong.

File/Download Security
File and download security is not something the average user thinks about which is why I wanted to write this section to explain a little bit about it. Hopefully after reading this section you'll understand more about why file and download security should be a higher priority than most since it's something the average user will use most.

Metadata
Metadata is data that describes other data. Now that may sound confusing but think about it from a files perspective. Author, date created, date modified, and file size are simple examples of metadata that almost all documents carry. On top of that, images, videos, Excel sheets, and web pages all carry their own personalized metadata. Metadata is something which could easily give away personal information that you wouldn't even realize is there. The biggest one that people don't realize is simple pictures taken on your cellphone camera. Here is an example of EXIF (exchangeable image file format) data which shows exactly some of the metadata you'd find within a picture taken on a cellphone:

[Image: ViU6Ypw.jpg]

There is a lot more information where that came from. Depending on if you have location on or not, metadata can even give GPS coordinates of where the picture was taken. All files contains this sensitive information within them and most people don't even realize it exists. Thankfully, there are tools out there which can be used to find and delete that information from files. This software is called MAT: Metadata Anonymization Toolkit and will help aid in the removal of metadata from the files that you want to clean.
MAT Link: https://mat.boum.org/

Deleting Files/Information Correctly
I feel like there are many users currently out there who think that by simply deleting a file, it's magically gone from your computer. This is NOT true! When you delete something from your computer, the only thing you are doing is deleting where it was located on the drive. It's still within the drive but the location data is no longer there. This is the reason why file recovery software exists, to grab those files you "deleted" and get them back. The correct way to delete something (file shredding) is by overwriting the data. One thing you must understand is that by overwriting previous data/files, this doesn't remove a files location but instead makes it unrecoverable. For the average user, overwriting a file once should be enough although the NSA recommends 3 times, while the DoD recommends 7 times. It all comes down to preference but some people believe that when you only go over a file once, you miss some of the data so by going over it many times, you get rid of the data that is left over. Here are some of the tools many people use for correct file cleaning and deletion.
Darik's Boot and Nuke: http://www.dban.org/
File Shredder: http://www.fileshredder.org/
CCleaner: https://www.piriform.com/ccleaner

For people who want an extra step to stay safe, every time you empty your recycling bin, you should shred all files within it.

MD5/SHA-1 Checksums
Before learning what a checksum is, you first need to know what MD5 & SHA-1 are first. MD5 & SHA-1 are common cryptographic hash functions with MD5 being a 128-bit (16-byte) hash value while SHA-1 is a 160-bit (20-byte) hash value. With these two hash type, we can use them to verify data integrity of a file/download. After downloading a file or software is when you are able to check the checksum of the file. The checksum is where the contents of the file get thrown into a mathematical algorithm and output a specific MD5/SHA-1 string. This method of verifying downloads/files is not as good as PGP + signature file but if you cannot use that method, this is a good second. Almost all Linux distros have the commands sha1sum and md5sum built into it. All you do is run these commands against the file in question and it will output the checksum string for you. Once you do this, all you do is compare that to what the download should of been and you should be able to verify if the download was authentic or not. For most users who use Windows, I will leave a link for you to Microsoft's own checksum integrity verifier.
Windows Checksum Link: https://www.microsoft.com/en-ca/download...x?id=11533
MD5/SHA-1 Hash Verification Software: https://www.raymond.cc/blog/7-tools-veri...a1-hashes/

One thing to note is that MD5 has known collisions. With enough force, this allows MD5 to be broken into.
 

ᴎᴀᴎᴏ
ᴎᴀᴎᴏ Offline
[closed@HF:]
 
Posts:
1,076
Threads:
87
Popularity:
0
Bytes:
0
#3
07-01-2015, 02:12 AM (This post was last modified: 08-18-2015, 01:59 AM by ᴎᴀᴎᴏ.)
Social Related
Within this section I will be talking about everything related to interacting with people socially via messaging of some sorts. This section is my opinion on what should be used and may differ from person to person. This will give you a general idea of what you want to be doing while using social related messaging services.

XMPP
XMPP stands for Extensible Messaging and Presence Protocol and is used for communications for message-oriented middleware based on the Extensible Markup Language (XML). Many more people are starting to use this as a main way of communication using programs such as Pidgin to accomplish this. Pidgin is an open-source multi-platform IM client which most people will recommend for XMPP. The main reason is because Pidgin has a simple plugin which you can download that allows you to incorporate Off-the-Record (OTR) messaging into it. OTR allows you to have private conversations over XMPP by using encryption, authentication, and the fact that messages you send do not have digital signatures that a third party can check for. This is a must use plugin/step you need when using any type of XMPP client.
Pidgin Link: https://pidgin.im/
Pidgin Secure Messaging Guide: https://securityinabox.org/en/guide/pidgin/windows

Good XMPP Servers
  • riseup.net
  • xmpp.ninja
  • darkness.su
  • captio.ch
  • thedark.army

IRC
IRC, which stands for Internet Relay Chat, is an application layer protocol that facilitates the transfer of messages in the form of text. IRC has been around for a very long time but is still widely used by people all over. Most IRCs consist of a community or group of people with a specific goal/topic in mind. To connect to a specific IRC, you need two main things: the IP to the server and the channel (which has a # infront of it like #channel). There are plenty of public IRCs but most will be private depending on the topic of conversation. When it comes to security and IRC, there are more steps that need to be taken that with XMPP, so I will link a good guide to follow when setting up IRC and explain some good IRC clients to use.

IRC Clients
  • X-chat
  • mIRC
  • HexChat
  • irssi (Linux cli)

IRC Anonymity Guide: https://encrypteverything.ca/IRC_Anonymity_Guide

Skype
Skype is an application that specializes in video chat and voice calls from pretty much any device out there and also allows for text IM as well. Skype is by far the most insecure IM method but since people tend to use this a majority of time, I figured I'd give you a few examples of what you should do. The main issue I see people having is having there skype resolved giving someone your IP. The first thing that should be done is changing a single setting on the Skype client itself. Once in the client, go to Tools -> Options -> Advanced Tab -> Connection, then within the Connection section, make sure to check mark the box that says, "Allow direct connections to your contacts only." This will help against most online resolvers but not ones which have a DB of old IP entries. To make sure you even more safe with Skype, one thing I recommend is blacklisting your Skype account on the main Skype resolvers people use. Yes it will cost a little bit of money but in the end will benefit you completely. Another thing to note you should never go on Skype unless you are currently on a VPN or have Skype setup with SOCKS5 proxies.

Sites to Blacklist Skype From
  • Skypegrab
  • ResolveItPLZ
  • GoResolver

Secure Email Providers
There is no such thing as a 100% secure email although there are email providers out there that take security much more seriously than others. Many of which have much more encryption, multiple authentication types, secure servers, etc. Here is the list of email providers which I believe are more secure than the average email provider such as Gmail or Hotmail. Also, if you need to send an email but don't want to create a new one, there are such things as throw away emails which you can use that automatically are destroyed after sending a message or a certain amount of time.

Email Providers
  • protonmail.ch
  • mail.riseup.net
  • cryptoheaven.com
  • GnuPG - for any email service

General Computer Security
This is a section I just wanted to throw in to have my opinion on security related applications for both Windows and Linux. This doesn't have to do with anonymity but will help users who aren't sure what type of applications they should use when browsing the web and making sure they don't get infected as much as they may have using crappy software.

Anti-Virus
  • Comodo Internet Security Pro (recommended)
  • Bitdefender Total Security
  • ESET Nod32 Smart Security

Active Applications
  • Hitman.Pro Alert (a must have)
  • KeyScrambler Pro
  • Malwarebytes Anti-Exploit

Other Applications to Have
  • CCleaner
  • Malwarebytes Anti-Malware
  • RogueKillerX64
  • Spybot-S&D

Linux Applications
  • Lynis
  • ClamAV
  • rkhunter

Useful Guides/Threads
For the last section I just wanted to add links to guides, threads, and sites I thought users would find useful or things I may not have had enough space in this thread to write about and this.

 



Encryption of data
I use VeraCrypt full disk encryption for all of my drives and partitions, not just my OS. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in attacks.
VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt, the old industry standard for full disk encryption.

Key disclosure law - Who is required to hand over the encryption keys to authorities?
Mandatory key disclosure laws require individuals to turn over encryption keys to law enforcement conducting a criminal investigation. How these laws are implemented (who may be legally compelled to assist) vary from nation to nation, but a warrant is generally required. Defenses against key disclosure laws include steganography and encrypting data in a way that provides plausible deniability.

Steganography involves hiding sensitive information (which may be encrypted) inside of ordinary data (for example, encrypting an image file and then hiding it in an audio file). With plausible deniability, data is encrypted in a way that prevents an adversary from being able to prove that the information they are after exists (for example, one password may decrypt benign data and another password, used on the same file, could decrypt sensitive data).
 



Virtual Private Networks
I always recommend using a good VPN, even for normal every day browsing. View more information on how VPNs work and why using one is important here.
View my other thread for my personal VPN suggestions. Or view this large spreadsheet that I put up on Google Docs (note that I did not compile this data, source is at the bottom of the spreadsheet).
And here is a good guide on making VPNs more secure.

Random Note: I strongly recommend using wired connections for your internet connection at home as opposed to wireless. There have been many cases of government snooping by them breaking into networks and collecting wireless data. A classic example is the arrest of Iserdo, the creator of the Butterfly Botnet (Mariposa). Ultimately his arrest and conviction was solidified when Law Enforcement broke into his Wireless Network and monitored him, gathering all the evidence necessary.
 



Browser Choice and Security
First things first, I will never recommend using Google Chrome and nothing any of you can say will change my mind on this.

Firefox is fast, reliable, open source and respects your privacy.
Tor Browser is your choice if you need an extra layer of anonymity. It's a modified version of Firefox, it comes with pre-installed privacy add-ons, encryption and an advanced proxy.

Browser Fingerprint - Is your browser configuration unique?
When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using cookies. EFF created a Tool called Panopticlick to test your browser to see how unique it is.

WebRTC IP Leak Test - Is your IP address leaking?
WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe.
For Google Chrome users: There is no known working solution, only a plugin that is easily circumvented. Please use Firefox instead.

For Firefox users: (Click to View)

Test for WebRTC leaks here.

Improve your security with these Firefox add ons
Stop tracking with "Disconnect"
Founded in 2011 by former Google engineers and a consumer-and privacy-rights attorney. The addon is open source and loads the pages you go to 27% faster and stops tracking by 2,000+ third-party sites. It also keeps your searches private.

Block Ads with "uBlock Origin"
An efficient wide-spectrum-blocker that's easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source. We recommend FireFox but uBlock Origin also works in other browsers such as Safari, Opera, and Chromium. Unlike AdBlock Plus, uBlock does not allow so-called "acceptable ads".

Hinder Browser Fingerprinting with "Random Agent Spoofer"
A privacy enhancing firefox addon which aims to hinder browser fingerprinting. It does this by changing the browser/device profile on a timer.

Automatically Delete Cookies with "Self-Destructing Cookies"
Automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged.

Encryption with "HTTPS Everywhere"
A Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation.

Block Content Delivery Networks with "Decentraleyes"
Emulates Content Delivery Networks locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required. Source code: GitHub.

Stop cross-site requests with uMatrix
Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics. uMatrix gives you control over the requests that websites make to other websites. This gives you greater and more fine grained control over the information that you leak online.

Be in total control with "NoScript Security Suite"
Highly customizable plugin to selectively allow Javascript, Java, and Flash to run only on websites you trust. Not for casual users, it requires technical knowledge to configure.

Content control with "Policeman"
This addon has purpose similar to RequestPolicy and NoScript. It's different from the former in that it supports rules based on content type. For example, you can allow images and styles, but not scripts and frames for some sites. It can also be set up to act as a blacklist.

This is a collection of privacy related about:config tweaks. We'll show you how to enhance the privacy of your Firefox browser.

Code:
Preparation:

    Enter "about:config" in the firefox address bar and press enter.
    Press the button "I'll be careful, I promise!"
    Follow the instructions below...

Getting started:

    privacy.trackingprotection.enabled = true
        This is Mozilla’s new built in tracking protection.
    geo.enabled = false
        Disables geolocation.
    browser.safebrowsing.enabled = false
        Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
    browser.safebrowsing.malware.enabled = false
        Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
    dom.event.clipboardevents.enabled = false
        Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
    network.cookie.cookieBehavior = 1
        Disable cookies
        0 = Accept all cookies by default
        1 = Only accept from the originating site (block third party cookies)
        2 = Block all cookies by default
    network.cookie.lifetimePolicy = 2
        cookies are deleted at the end of the session
        0 = Accept cookies normally
        1 = Prompt for each cookie
        2 = Accept for current session only
        3 = Accept for N days
    browser.cache.offline.enable = false
        Disables offline cache.
    browser.send_pings = false
        The attribute would be useful for letting websites track visitors’ clicks.
    webgl.disabled = true
        WebGL is a potential security risk. Source
    dom.battery.enabled = false
        Website owners can track the battery status of your device. Source
    browser.sessionstore.max_tabs_undo = 0
        Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.

Read these sources for more information on hardening FireFox:
https://github.com/pyllyukko/user.js
http://kb.mozillazine.org/Category:Secur...references
 



Email
Privacy Conscious Email Providers
ProtonMail
CounterMail
NeoMailbox

Email Clients:
Mozilla Thunderbird - Mozilla Thunderbird is a free, open source, cross-platform email, news, and chat client developed by the Mozilla Foundation. Thunderbird is an email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client.
MailPile.is (BETA) - A modern, fast web-mail client with user-friendly encryption and privacy features.

Privacy Email Tools
gpg4usb - A very easy to use and small portable editor to encrypt and decrypt any text-message or -file. For Windows and Linux.
Mailvelope - A browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
Enigmail - A security extension to Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
TorBirdy - This extension configures Thunderbird to make connections over the Tor anonymity network.
Email Privacy Tester - This tool will send an Email to your address and perform privacy related tests.

Email Alternatives
Bitmessage
Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data.

I2P-Bote
I2P-Bote is a fully decentralized and distributed email system. It supports different identities and does not expose email headers. Currently (2015), it is still in beta version and can be accessed via its web application interface or IMAP and SMTP. All bote-mails are transparently end-to-end encrypted and, optionally, signed by the sender's private key.

RetroShare
Retroshare creates encrypted connections to your friends. Nobody can spy on you. Retroshare is completely decentralized. This means there are no central servers. It is entirely Open-Source and free. There are no costs, no ads and no Terms of Service.
 



Privacy Respecting Search Engines
If you are currently using a search engines like Google, Bing or Yahoo you should pick an alternative here.

DuckDuckGo [Tor Link]
The search engine that doesn't track you. Some of DuckDuckGo's code is free software hosted at GitHub, but the core is proprietary. The company is based in the USA.

Disconnect Search
Search privately using your favorite search engine: Google, Yahoo, Bing and DuckDuckGo are available for selection. It masks your IP address, cookies, and other personal info.

MetaGer
A metasearch engine, which is based in Germany. It focuses on protecting the user's privacy. Supported by 24 own crawlers of small scale web search engines.

ixquick.com
Returns the top ten results from multiple search engines. It uses a "Star System" to rank its results by awarding one star for every result that has been returned from a search engine. Based in the USA and the Netherlands.
 



Password Managers
If you are currently using a password manager software like 1Password, LastPass, Roboform or iCloud Keychain you should pick an alternative here.

Master Password - Cross-platform
Master Password is based on an ingenious password generation algorithm that guarantees your passwords can never be lost. Its passwords aren't stored: they are generated on-demand from your name, the site and your master password. No syncing, backups or internet access needed.

KeePass / KeePassX - Local
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. All passwords in one database, which is locked with one master key or a key file. The databases are encrypted using the best and most secure encryption algorithms currently known: AES and Twofish. See also: KeePassX.

Encryptr - Cloud Based - (SpiderOak)
Encryptr is simple and easy to use. It stores your sensitive data like passwords, credit card data, PINs, or access codes, in the cloud. However, because it was built on the zero knowledge Crypton framework, Encryptr ensures that only the user has the ability to access or read the confidential information.
 



Self Contained Networks
I2P Anonymous Network
The Invisible Internet Project (I2P) is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node. The software is free and open source and is published under multiple licenses.

GNUnet Framework
GNUnet is a free software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports (such as tcp, udp, http, https, wlan and bluetooth) and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

The Freenet Project
Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.

Tor Project
Provides anonymity to websites and other servers. Servers configured to receive connections only through Tor are called hidden services.

RetroShare
Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
 



Domain Name System (DNS)
CloudNS - Service
An Australian based security focused DNS provider. Features: DNSCrypt Support to provide confidentially and message integrity, complete trust validation of DNSSEC enabled names, namecoin resolution of .bit domain names and no domain manipulation or logging.

DNSCrypt - Tool
DNSCrypt is a protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.

OpenNIC - Service
OpenNIC is an alternate network information center/alternative DNS root which lists itself as an alternative to ICANN and its registries. Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of the Internet. Only specific configuration in one's DNS resolver makes these reachable, and very few Internet service providers have this configuration.

NoTrack
A network-wide DNS server which blocks Tracking sites. Currently works in Debian and Ubuntu.

Namecoin
A decentralized DNS open source information registration and transfer system based on the Bitcoin cryptocurrency.
 



Encrypted Cloud Storage Services
If you are currently using a Cloud Storage Services like Dropbox, Google Drive, Microsoft OneDrive or Apple iCloud you should pick an alternative here.
Remember to manually encrypt your files before uploading them to the cloud!

Hosted
Seafile - 100 GB Storage for $10/month
Seafile offers 100 GB Storage for $10/month but also gives you the opportunity to host on your own server. Your data is stored in Germany or with Amazon Web Service in the US for the cloud version. Encrypt files with your own password.

ownCloud - Choose your hoster
Similar functionally to the widely used Dropbox, with the difference being that ownCloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server, with no limits on storage space or the number of connected clients.

Least Authority S4 - For Experts
S4S4 (Simple Secure Storage Service) is Least Authority's verifiably secure off-site backup system for individuals and businesses. 100% client-side encryption and open source transparency. $25/month for unlimited storage. Servers are hosted with Amazon S3 in the US.

Self Hosted
Seafile
Seafile is a file hosting software system. Files are stored on a central server and can by synchronized with personal computers and mobile devices via the Seafile client. Files can also be accessed via the server's web interface.

Pydio
Pydio is open source software that turns instantly any server (on premise, NAS, cloud IaaS or PaaS) into a file sharing platform for your company. It is an alternative to SaaS Boxes and Drives, with more control, safety and privacy, and favorable TCOs.

Tahoe-LAFS
Tahoe-LAFS is a Free and Open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security.

ownCloud - Host your own
Similar functionally to the widely used Dropbox, with the difference being that ownCloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server, with no limits on storage space or the number of connected clients.

Related Information
Cryptomator - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
 



Text and Video Messaging
Secure your text messages, Instant Messaging and Chat

Pidgin + OTR (Windows)
Pidgin is a popular free and open source IM client that lets you chat to users on AIM, Google Talk, MSN, Yahoo and many more. OTR (Off-the-road) is a plugin that combines AES encryption, perfect forward secrecy, and the SHA-1 hash function to ensure strong encryption for IM sessions. As with GnuPG for emails, initial setup is a bit of a pain, but once done operation is seamless (we now have a detailed guide for this).

Tox.im / Tox.chat is not a secure solution any longer. There is internal conflict between the devs, a break off with IP being stolen, and some devs claiming the NSA have been pushing bug fixes (open source) with exploits that allow them to monitor things. If anyone knows more about this, let me know. Information isn't very clear, but due to everything that has been happening, I would not trust my privacy with them.

Adium (OSX)
Adium is a free and open source messaging client for Mac that also lets you talk to friends on lots of different networks. Even better, Addium comes with OTR support built-in!

TorChat
ChatSecure
SilentCircle
Surespot
Jitsi
Textsecure
Cryptocat


Most info here is directly taken from PrivacyTools at this point.

 

 

Best VPNs 2017 Premium Accounts.rar

  • Props 1

Share this post


Link to post
Share on other sites

Wrapping the laptop and phone in tinfoil with just enough space to barely see works, if I have enough pepperoni pizza hot pockets 

Share this post


Link to post
Share on other sites

Saw an interested post about a movement to try and create legislation to treat data in a similar manner of ownership as something physical. Basically saying that the selling of private data is a 200 billion dollar industry in which the person has no say and often no knowledge of their data and how its used, let alone see any type of compensation from the use and sale of their data.

 

Personally I think its wishful thinking that this will be changed in any meaningful way anytime soon (just way too much money and politics involved), but the idea is to make it a requirement that public and private personal records be stored in a block chain and then allowing the *owner* to toggle categories of data and filter the way its used in exchange for a licensing type fee for usage. As such, it makes it very easy to audit when data was used with permission and that it was used according to the agreement, while also keeping personal data accessible across systems, yet still private.

 

Anyhow, thought this was a no brainer idea, which is why I basically see it not happening. Technology is definitely there and I have zero doubt that the private sector would jump at the chance to build this system out. Unfortunately, a handful of companies with very powerful influence are making way too much money off that very same data to allow this type of disruption. 

 

Share this post


Link to post
Share on other sites

For those tech savvy amongst us...

 

wondering your our thoughts on the new Safari? There’s a lot of focus, claimed at least, on its robust privacy features including a method to block user tracking. 

 

Now I do get that unless using a VPN, your ISP at least can track you via upstream / downstream traffic, but just wondering if perhaps the new Safari comes close to other options such as Aloha?

 

Side note: Basically been using Aloha browser for iOS since @Mercerstarted this thread. I did pay the upgrade to remove ads and as a whole, it’s pretty solid. Maybe 90 - 95% there IMO when compared to Safari, which is what I’m used to. Still not really happy with desktop options but am considering moving back to Safari from Chrome. (Yeah I know Chrome is the worst of the bunch in regards to privacy / tracking, but I also use my browser for work and development and just want a quality experience as a whole). 

 

Anyhow, I know this sort of tech moves fast, so figured I’d pop back in and see if anyone has looked into the progress (or lack there of) since Apple recently dropped a major desktop OS and mobile update. 

Share this post


Link to post
Share on other sites

Maybe this is already known or a no brainer, but after getting a new phone I didn’t bother I stalking Facebook. 

 

Seems since then I haven’t been getting those ads served up based upon IRL conversations like I was before. Maybe a coincidence, but I’d encourage you guys to delete Facebook and see if you notice any difference. 

Share this post


Link to post
Share on other sites

Register for a 12ozProphet forum account or sign in to comment

You need to be a forum member in order to comment. Forum accounts are separate from shop accounts.

Create an account

Register to become a 12ozProphet forum member.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×