Thread: OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
View Single Post
  #13  
Old January 25th 17, 11:59 AM posted to microsoft.public.windowsxp.general
Ann Dunham
external usenet poster
  
Posts: 66
Default OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann Dunham replied:

So that leaves us with fleshing out:
1. Firewall
5. Router passwords

Taking Router Passwords first (because I know nothing about firewalls), I
would recommend actionable things such as:

BASIC ACTIONABLE ROUTER SECURITY SUGGESTIONS: (please suggest better ones!)

1. Change the router admin username & password
Note most routers seem to limit the password to 8 characters.
They'll take more than 8 characters, but anything after 8 doesn't matter.

2. Change the router MAC address (aka MAC cloning)
This doesn't change the MAC address that Google sees from all your
neighbor's Android phones spying for Google on you, but it at least changes
the MAC address that your Windows software sees.

3. Consider turning off any extraneous SSIDs (e.g., guest SSIDs) for the
obvious reason that the more SSIDs you have, the more "doors" you have into
your router.

4. Always add _nomap (lower case?) to the end of all your active SSIDs
This does not prevent all your neighbor's Android phones from spying on you
and reporting your GPS coordinates and router MAC address (the one you
can't change) and signal strength to Google, but Google "says" they will
delete this data which is reported to them a few times a day by your
neighbor's badly configured Android devices.

5. Add Microsoft-required _optout_ (lower case!) to all your active SSIDs
in order to eliminate sharing of your router with your neighbor's WiFi (I'm
not exactly sure how this works though, since I don't have Windows 10 yet).
(I guess you have to change your SSIDs to "whatever_optout_nomap".)

6. The rest of the SSID (and the passphrase) should be as unique as you can
make them, without giving away any privacy (e.g., the SSID shouldn't be a
phone number or an address or a name). You need both the SSID and
passphrase to be unique because of rainbow tables which allow anyone to
easily access your network if you use a non-unique combination of SSID and
passphrase.
https://en.wikipedia.org/wiki/Rainbow_table

7. I'm not sure what default settings to turn off, but almost everyone
recommends turning off UPNP so turn that off, at the very least.

8. Of course, use WPA2/PSK (aka pre-shred key) or better and turn off WPS
and update the firmware and make a backup of your configuration and, ...
but don't bother with hiding your broadcast SSID or disabling the DHCP
server or filtering on MAC addresses since anyone with netstumbler can see
all that stuff anyway and spoofing a MAC address is trivial on laptops.

I'm sure there is other actionable stuff, so please feel free to add it to
this subthread on setting up the router for privacy.
Ads