Options
Tips for internet privacy, don't allow yourself to be a product!
- Tips for internet privacy, don't allow yourself to be a product!
-
RE: Tips for internet privacy
NeoMetallix > 01-24-2021, 09:01 PM
Very good insight @. I just went out and got a degoogled phone running GrapheneOS. I realize not everyone can afford this or has the knowhow to do so but it would be recommended if you can. GrapheneOS removes all Google software out of your phone(even the hidden ones) so there is no more constant scanning and tracking of your information. Using all FOSS apps as well. Most of them are great substitutes for the more popular apps. The only thing that isn't is there are no decent Google Maps alternatives but hey I can do without. -
RE: Tips for internet privacy, don't allow yourself to be a product!
NeoMetallix > 02-03-2021, 08:48 PM
-
RE: Tips for internet privacy, don't allow yourself to be a product!
NeoMetallix > 01-08-2022, 05:49 PM
Ok I updated the first post with browser extension recommendations and formatted it better. Let me know if you have any other advice! -
RE: Tips for internet privacy, don't allow yourself to be a product!
Seacat17 > 09-25-2022, 03:43 AM
So cool to know about all those things
-
RE: Tips for internet privacy, don't allow yourself to be a product!
hatefueled > 10-11-2023, 03:35 PM
Google Chrome - Level of Spyware - MONUMENTALLY HIGH
Brave Browser - Level of Spyware - High
Ungoogled Chromium - Level of Spyware - No Spyware
Mozilla Firefox - Level of Spyware - MONUMENTALLY HIGH
GNU IceCat - Level of Spyware - No Spyware
LibreWolf - Level of Spyware - Low
Tor Browser - Level of Spyware - Low
Pale Moon - Level of Spyware - Low
WebBrowser - Level of Spyware - No Spyware
There are a lot of VPNs available, and most of them are terrible. The "Gaming VPNs" don't deserve a mention. The likes of NordVPN should be avoided by far. The Mullvad VPN has pretty good security and doesn't require any personal data, but it's paid, just like IVPN.
ProtonVPN also has some good features, but for more security you may want to download an OpenVPN configuration file and place it in the "/etc/openvpn" folder. The other option [which I prefer] is to use it via WireGuard.
From the ProtonVPN site:
"Data we collect and why we collect it. Personal data (related to your account): Account creation: To create an account, in order to use our Service, we do not ask your name or surname. All you need to do is select your username, then provide the email address and choose your password. You can also register with your existing Proton account."
They don't ask for your personal details because you're using ProtonMail to access it, and they've already done it there, assuming you've had luck using VPN or Tor, and they don't ask for your email address or CAPTCHA, which isn't much more efficient but a notch better.
If you start it through WireGuard, you can check the DNS associated with it. The command "resolvconf -l" will list it and you will see the address. If you use WireGuard all the time, you might want to add a script to start it automatically at system level.
< 'if [[ -x /etc/wireguard/wg0.conf ]]; then
#Start WireGuard
sudo wg-quick up wg0
fi'
>
The "resolv.conf" file should also be made read-only, so that the value does not change on every boot. You can do this with "chattr +i /etc/resolv.conf" [This is for Slackware users], or if that doesn't work, with "chattr +i $(realpath /etc/resolv.conf)".
This will prevent DNS address changes.
Another free VPN is RiseupVPN, which uses secure, highly encrypted networks. You can use it with "Bridge", Tor, block Ipv6, use it with "Snowflake", even UDP. Do not use UDP because UDP is not as secure as TCP.
Their email provider is also by far the safest and most secure, plus it's free - but unfortunately it requires an invitation. Another decent email provider nowadays is Postman [I2P]. The likes of MailFence, ProtonMail - not known for total security, a lot of their talk is just hype.
The point of UDP is to get packets to their destination as quickly as possible, and in the process there is no guarantee that all packets will arrive. TCP is the opposite - it is more secure because it organises the packets and ensures that they all arrive.
RiseupVPN is available for most Linux distros [If you are using Slackware, you will probably need to look for a RiseupVPN OpenVPN generator script to run over OpenVPN], as is ProtonVPN. For Slackware users, ProtonVPN is available at 'https://slackbuilds.org/' and can be configured from the source.
Search Engines
Google Search - Spying Level - MONUMENTALLY HIGH
This search engine exists because Chrome, Microsoft Edge - collects information about you. It does nothing useful, it automatically connects to many Google addresses, it collects monumental statistics, it does many queries.
This search engine should be avoided at all costs. Its only advantage is that it indexes most pages, and you can find many pages with it, almost all of them on the Surface Web. But you pay for it with your data, which is concentrated in the hands of advertisers.
It disables Tor as much as it can, and uses reCAPTCHA to make tracking even more feasible, as does ProtonMail. Google services should be avoided far, far away if you want to have some sense of privacy.
Mojeek - Spying Level - None
Quite a good little search engine, does not collect IP addresses, only CSS need [Tested this in uMatrix]. It has its own index and provides security. The only downside is that the search results are not very rich, but it is by far the cleanest search engine available.
MetaGer - Spying Level - None
Same as above. It has an Onion domain, so can be used in conjunction with Tor. But its search results are much better than Mojeek's.
Brave Search - Spying Level - Medium
Well, given Brave's data collection, it's not out of the question that it does the same thing. It's backed by Amazon, which is not google, but these are things to watch out for. CSS alone is enough to use, but I can't trust this search engine. Avoid it, use MetaGer instead.
DuckDuckGo - Spying Level - Medium/High
A notch better than Google, but no more, but if you're torn between the two, go with DDG, or at least use it on Tor or I2P.
Emails
Gmail - Spying Level - MONUMENTALLY HIGH
Well, not worth mentioning. It's really designed to get advertisers to collect data on you, just like Chrome, Microcrosoft Edge and others. The only advantage is that it supports mail clients, but nothing else.
I won't even go into the "Privacy Policy", we all know that Gmail is unsafe. Avoid it by far.
ProtonMail - Spying Level - High
Well, this is probably considered the most famous "secure" Email provider, but that's not quite the case. ProtonMail [Like Mailfence] has a minor form of encryption that researchers say is quite flawed, not to mention that it doesn't encrypt everything. Doesn't works without JS. [Sadly]
The names, addresses, senders and subjects of messages are all visible, and Proton can unencrypt encrypted data at any time. The PGP keys are generated in advance when the account is registered, and are probably full of unsolicited requests.
From the Proton site:
"IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks).
The legal basis of this processing is our legitimate interest to protect our service against nefarious activities."
Of course, that's how everyone delivers - IP address storage and tracking, offered in a nice package. You don't know how long these are stored, because you can't trust Proton.
Another:
"If you enable authentication logging for your Account, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account."
Seriously, who wants to allow information to be stored about them? Okay, I don't mean the people who irresponsibly accept all the cookies and tracking "protections" [which is also a marketing term, in the background the opposite is happening] on every site. Seriously, think about what you do on the internet. You accept terms and conditions, cookies that are tied to you. If the phishing happens, it's not the company's fault, it's your fault because you didn't read the terms. Think about it, you can easily get into trouble.
They also have .onion domains that were so, so anonymous that if you weren't paying attention, the Tor domain would redirect you to their Clearnet address. How anonymous is that?
Let's look at the facts - "No personal data required", and later "We use SMS for this feature". Even if you just don't use a VPN or Tor, you may not need to provide personal details. If you use VPN or Tor, you'll suddenly have to enter some details.
Not to mention that Proton heavily discloses "sensitive" accounts to the authorities. If you confirm to them that a Proton user is exchanging "sensitive" messages, they can extradite you immediately. In the background they track your activity, collect your data.
IP addresses are collected by default, and stored for a limited time for "security" reasons [just like phone numbers]. It doesn't work without JavaScript, I somehow messed it up in uMatrix, it's full of crap that is unnecessary for an "encrypted/secure" email.
Proton had a case in the past where they leaked data about users. Well use it at your own risk and don't trust it, but if you can, avoid this email as much as possible, just like MailFence. Alternatively it's good, a notch better than Gmail.
If you have a paid option, use Posteo, and avoid Proton by far.
MailFence - Spying Level - High
From the MailFence website:
"We collect IP addresses, message-ID's, sender and recipient addresses, subjects, browser versions, countries and timestamps. When registering, you will be asked to enter an external email address. We send your activation code to this address and use it to communicate with you in case you are unable to access your account.
Incoming and outgoing messages are automatically analysed by our anti-spam, anti-virus and anti-abuse checking routines. When you pay by credit card we store some of its details. Team members have signed a confidentiality agreement to protect collected data."
Off to a good start, IP addresses are collected, stored, and additional data/metadata is collected about you. If you pay for this, they collect data on that too. When you register, you have to enter another Email address to which they send the code. Are you serious?
Another one:
"Yes. Our cookies are "authentication cookies" and not "tracking cookies": we don't track you after your session on our servers. You can find more information about the types of cookies here."
You don't know what cookies are, just as I don't understand why you need JS at all. You could easily run into a tracking JS without even knowing it. You are not notified that they are tracking your activity. Use uMatrix everywhere.
The "secure" MailFence will ask you for your real email account in advance and send you the code to proceed. I don't know about Mailing Client support, but you can guess.
Just read this:
"Should you close your account, all data will be permanently deleted 30 days after the legal expiration date (i.e. the Belgian law imposes 365 days after account closing). This means that your data will be PERMANENTLY deleted, as opposed to the practice of some major cloud companies which are unable to delete data.
We do not delete your account before the legal expiration date because users often ask to reopen their account after having closed it themselves."
Avoid it for the most part, just like Proton.
Postman (I2P) Spying Level - None
An encrypted and anonymous email service available via I2P, which allows you to send messages to both external addresses [Surface Web client, e.g. Proton, or any other] and internal, i.e. ".i2p" addresses. It is currently the cleanest choice.
There is no need to provide personal information when registering, and the registration itself is simple. The email looks a bit different, with different settings. The only Email that supports I2P and is accessible through it. At least that I know of.
Here you can create Postman account [Note: I2P needs] - http://hq.postman.i2p/?page_id=16
RiseupMail - Spying Level - None or Mild
Probably the most selective choice of services currently available, and free to boot. However, it does require an invitation, which unfortunately I don't have [If you're reading this and you have one, think of me
]. The "privacy policy" is relatively tolerable, and fair.
No IP address storage, no sensitive data collected about you [location, operating system, browser, screen resolution, etc.], and strong encryption. You can create multiple "Aliases" within your Email account, which is very useful.
Your data is stored in turn, but with strong encryption, and can only be decrypted by the Riseup team, but they don't do this because Riseup is a human rights organisation who REALLY have your safety as their number one priority. Good question, then why do they store certain data?
Well, in order to access your account, the data has to be stored somewhere. It's not personal data, it's other data. Riseup does not collect personal data about you, or only very minimal data. It is really nothing like what Proton or MailFence does.
From the Riseup site:
"All of your data is stored in an encrypted format, and only Riseup has the keys to decrypt the data. Additionally, as of March 2017, the storage for all new accounts is personally encrypted. Riseup is unable to read any of the stored content for these accounts. Any user with an account created prior to March 2017 may opt-in to personally encrypted storage."
If you delete your account, it won't slide for days or weeks, it will be deleted, instantly. Unlike Proton, who is only willing to delete your account after a period of time, and until then you can imagine what they do with your messages and activity there.
I can actually recommend this Email with confidence, but unfortunately you need an invitation to join. If not, use Postman.
Encryption
KeePassXC
A password store for all your encryption and security needs. You can use Keyfiles with it, just like VeraCrypt, and it's a pretty well built secure password store. It is available for many Linux Distros and is worth using for secure password storage.
VeraCrypt
A program for high-level encryption of files and folders. It is available almost everywhere and is not difficult to set up. You can choose from several encryption options [up to three for one storage] and set several security levels.
First create a "Standard" container, then a "Hidden" container. In the Standard you keep the not so "sensitive" files, and in the "Hidden" you keep the important stuff. Generate the passwords in KeePass and save them there.
For both, generate a password of at least 30 characters, including all punctuation. Save them in KeePass. For greater security, generate 'key files' [at least four] and then you can even set a PIN for them.
This has several advantages - firstly, your folders/files cannot be accessed on your Linux system without you, so an attacker cannot recover or copy the contents of your data, as they cannot be accessed without you.
Secondly, only the people you want to have access to your data. Because you store everything in a highly encrypted storage [two of them], this is the safest way to store data in today's world.
So, if you lose your password, you can no longer access your data. It's worth storing them in a text file other than KeePass, encrypted with "gpg". One looks like "gpg -c <filename>". Here you enter a password [prompted twice] and you're done.
The program will automatically create a file called ".gpg" and delete the other unencrypted file. You can open the ".gpg" file by typing "gpg -d <filename>". Then enter your password and Terminal will print the contents of the file.
GPG File Encryption
You can use gpg to encrypt files locally. Once this is done, the file containing the data can now be accessed with your password. Let's assume that the file containing the super-secret data is called "safe-file". We want to encrypt the data in the "safe-file" file.
Type the following into Terminal: "gpg -c safe-file" [Replace "safe-file" with the name of your own file]. The program will prompt you for the password, then type it twice. Be sure to write down this password so you don't forget it. Then type "gpg -d safe-file" to remove the Symmetric encryption.
Here it will ask you for the password you entered, and once you have entered it, you will be able to see the contents of the file. This is an easy way to store files locally.
Summary
Briefly about Email - Use Posteo if you want to pay for something, or use Postman if you want something free. Use RiseupMail if you have an invitation [if you do, think of me].
Briefly about Browsers - Use LibreWolf for common browsing, or Ungoogled Chromium. For the Forums, use Tor, or Pale Moon, or IceCat, with Tor enforcement of course.
Briefly about VPNs - Use ProtonVPN under WireGuard or OpenVPN, but preferably use RiseupVPN, or both at the same time. Or if you pay for them, use Mullvad VPN. It's worth running multiple VPNs at the same time, at least two.
Briefly about Search engines - Use Mojeek, or if you want good search results, use MetaGer, or worst case DuckDuckGo on I2P or Tor. [Not ethical to recommend this, but a notch better than Google Search Engine]
Briefly about Hidden Networks - Use I2P or Tor, but if you want my opinion I would go with I2P.
Briefly about Linux Distributions - If you are a real security fanatic, use Linux distributions without Systemd. If you don't, use Whonix or a security-oriented Distro. The choice is huge. Don't think of Linux Distros with Systemd as "all data is compromised or something", no, just a Systemd-free Distro will provide more security.
Briefly about GPG - Use GPG Encryption for files where you store some of passwords. It is not the best option if you encrypt a monumental large file, for this, use VeraCrypt.
Briefly about KeePass and VeraCrypt - Use these if you need a monumental security for your files/passwords. -
RE: Tips for internet privacy, don't allow yourself to be a product!
RedFox99 > 11-21-2023, 04:23 PM
Cool beans, this is good to know. I'm not down for being tracked all over the place, I wouldn't want a car to follow me so why have companies come in and follow me.
