|
I've been thinking of making a thread like this for a long time now, thanks for actually doing it! Here's my usual list of the best, easiest steps an average Internet user can take to improve their privacy. Starting with the easiest: 1. Install an ad blocker. uBlock Origin (Chrome, Firefox) is the usual choice -- just install it and leave everything at the defaults. You'll see a lot less ads, but more importantly, it'll stop a lot of ad tracking. 2. Install a cookie clearing extension. Once you've closed the last tab of a website, all the browser cookies it set will be cleared out. I suggest Cookie AutoDelete (Chrome, Firefox). This one requires a tiny bit of management, since there are probably sites where you want to stay logged in even when you don't have it open in any tabs. Fortunately, it's really easy to whitelist any site you like; just click the extension's icon and there'll be a big button to do exactly that. 3. Step up your password game. Stop using your dog's name as a password and start using long random strings kept in (and generated by) a password manager. KeePassXC is a good one. Using it is a lot easier than it may look at first. 4. Consider spending a few bucks a month on a decent VPN service. It's certainly not a magic bullet for privacy, but it can be a big help. It'll keep your ISP from seeing every site you go to, and keep every site you go to from seeing exactly where you're coming from. (And if you're torrenting movies or doing any kind of piracy, then a VPN is a must and you should've had one a long time ago.) My top recommendation is Mullvad, runner-up is ProtonVPN. For your smartphone, get rid of everything Facebook-owned if at all possible, and try to get your social circle to switch over to using Signal for texts calls. Signal is an app that can do text messaging and voice/video calls to other Signal users. It uses extremely paranoid encryption and security, but you'd never know it from the really straightforward interface. (Having it installed doesn't stop you from using normal SMS and phone calls anytime you want, of course.) Grab a friend, install it and try it out.
|
# ¿ Jan 22, 2021 21:43 |
|
|
# ¿ Apr 25, 2024 08:52 |
|
Nitrousoxide posted:Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively. Plain old Firefox is still very good, especially if you give it a few privacy-enhancing add-ons and about :config tweaks -- see privacytools.io's in-depth page of browser recommendations for more detail on those. As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.
|
# ¿ Feb 16, 2021 17:26 |
|
Ornery and Hornery posted:I'm new to this so I guess my first interest is just figuring out how much I'm being tracked. Like are all my e-mails, texts, or website visits automatically logged to the NSA? For how long? Will they eventually just have a record of everything I've ever done? And the ability to readily search that data for their relevant hits? Only the spooks know exactly what they have, and they aren't talking. But based on things like the Snowden documents, it's pretty clear they're hoovering up every drat thing they can and keeping it forever. And they have tools for parsing it all, so that in the event you (or I, or anyone else) should catch their attention, they can generate a pretty drat complete dossier with a few mouse clicks.
|
# ¿ May 12, 2022 00:52 |
|
tight aspirations posted:Where should I be looking for good blocklists for pihole? I've been using Dan Pollock's list for a zillion years now. It causes a crapload of ads and malware to simply cease to exist. Here it is in 0.0.0.0 hosts-file format, which seems to be the default pihole format: https://someonewhocares.org/hosts/zero/hosts
|
# ¿ Jun 16, 2022 16:45 |
|
Ornery and Hornery posted:What are blocklists and piholes A blocklist is just a list of domain names (Internet sites, essentially) that you'd rather your computer not even be able to talk to. (For example, sites that serve up ads on webpages.) You can make a list yourself from scratch, but there are already a lot of pre-made ones that will be a lot more complete than you could ever hope to put together on your own. Use an ad-blocking list that's big enough, and most of the ads on the Internet simply disappear. So how do you use one of these lists? A simple way do it on one computer at a time is to put them into the hosts file giving each one an incorrect IP address such as 0.0.0.0. So when your computer displays a webpage for you and sees that there's supposed to be an image file at the top that's hosted on scummy-marketing.com, then (assuming that site is in your blocklist) it won't be able to contact the real site and will simply leave that area blank. Practical upshot: ads are blocked on your computer. That's great for one computer at a time. But you can also set things up to provide that blocking to every device on your local network, including things like tablets or smart TVs (on which you probably can't even get to the hosts file anyway). Pi-hole is a good way to accomplish this. A Raspberry Pi is just a very small low-spec computer that's geared toward hobby use, and Pi-hole is an application you can run on it which turns it into a DNS server for your local network. Since its reason for existing is to block ads and such, it gives out an invalid address for any site you've told it to block. Practical upshot: ads are gone on all your devices. And many of these lists don't just block ads, they also block sites known to harbor malware, hijacks, spyware, etc. Having a good blocklist is a good security measure. e: Beaten but I went into more detail. Powered Descent fucked around with this message at 22:05 on Jun 16, 2022 |
# ¿ Jun 16, 2022 22:02 |
|
The Bananana posted:Oh, awesome. Well... what's a good VPN, for normal use... I don't run like a home business or do anything that needs extra security measures. Im just doing like home banking and making purchases, etc, and wanting to keep my data safe. I'm in the u.s. Mullvad, hands down. They do absolutely everything right. Based in Sweden, owned by ideological privacy advocates, technical competence coming out their ears, and even excellent customer service (they helped me find a workaround when one of their updates broke a very strange custom thing I was doing). If you're extra-paranoid, you don't even have to trust their client app; you can use any OpenVPN or Wireguard client you like (although their app is quite good). Runner-up: ProtonVPN. I have less experience with this one, but they're in Switzerland, they too seem to know what they're doing (it's the same team that runs the excellent ProtonMail encrypted mail service), and their main datacenter is even in an old Swiss Army bomb shelter a kilometer underground, because why the hell not. However, banking and purchases are precisely what I recommend not using a VPN for. Remember that banks and stores will see that you're connecting from a commercial VPN endpoint, and will (rightly) regard this as potentially suspicious -- people (asshats) DO use these services for shady poo poo. I once did a thing on my Paypal account -- nothing out of the ordinary, just sending a bit of money -- and since I had done it through Mullvad, it immediately got flagged as potentially fraudulent, and I spent the next ten minutes on the phone with them convincing them that yes, it was really me. Ever since that happened, I keep a separate browser that's configured to go straight out, and not through the VPN that the rest of the computer uses. The Mullvad app's "split tunneling" feature makes that easy -- I use Firefox for my regular VPN-protected browsing, and open Chrome in split-tunneling mode to do anything to do with money, or anything else where I want the server on the other end to see that I'm coming directly from my home IP.
|
# ¿ Jul 8, 2022 00:22 |
|
|
# ¿ Apr 25, 2024 08:52 |
|
Nitrousoxide posted:No scandal from Proton. That's not entirely true. A year ago it came out that they had handed over user IP addresses to the cops. Here's my writeup (and my hot take) when it happened, from the Infosec thread: Powered Descent posted:ProtonMail is in a bit of hot water for handing over the IP address of one of their users, a French climate activist. It seems they received an order from local Swiss law enforcement, which was working with the French authorities via Europol. The buried lede is that Proton is apparently now receiving thousands of these orders per year. To their credit, they're fighting many of them. Despite this, I do still trust Proton. They could have been more transparent about what was going on, but from a technical perspective, it's hard to see what else they could have done.
|
# ¿ Sep 2, 2022 19:53 |