OMG. It's a LOT of work to set up Firefox for privacy on WinXP!

On Wed, 25 Jan 2017 11:11:41 +0000 (UTC), Ann Dunham
wrote:

Ann Dunham replied:

To help others who follow this hint, the first thing I had to change in the
user.js file was that the Firefox Address Bar search was turned off.

The next problem I had with the GHacks user.js was that Google Gmail
doesn't like it one bit.

Logging into Google Gmail brings me to this page:
https://support.google.com/accounts/answer/61416?hl=en

It looks like the GHacks user.js turns off cookies, so, searching for that
option in the user.js file, I find this:
// 0=allow all
// 1=allow same host
// 2=disallow all
// 3=allow 3rd party if it already set a cookie
user_pref("network.cookie.cookieBehavior", 2)

So I change that to:
//WIP user_pref("network.cookie.cookieBehavior", 2)
user_pref("network.cookie.cookieBehavior", 1)

Then Google Gmail worked!

In private browsing mode you can allow cookies, but they are
deleted when you close Firefox. Which is probably the safest thing to
do.
OTOH, why not use an email client like Sylpheed (portable
version available) ? It will keep vulnerable traffic/online time to a
minimum. And by default it will not load remote links/images.

https://en.wikipedia.org/wiki/Sylpheed
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Ann Dunham replied:

Seems that ZoneAlarm is more often mentioned as the number one.
Is that correct?

I went ahead with ZoneAlarm, which had a typically crummy installer.
For one, it wouldn't go where I wanted it to go, where it always added
additional sub directories that were needless.

C:\where_I_want_it_to_go\but_then_it_added\Checkpo int\ZoneAlarm

For another, what I downloaded was merely a useless stub (which makes my
software archive for ZoneAlarm useless), which also requires me to be on
the net when I install which also reduces my privacy right from the start.

So I don't have a good feeling about ZoneAlarm from the start.

During install, as always, I NEVER take the default settings, so I set it
to the maximum security instead of the automatic security.

Apparently ZoneAlarm is a .NET application, and even though I must have
something like a half dozen .NET installations already, yet again, the
abomination that is .NET was installed by ZoneAlarm.

True to my bad vibes about ZoneAlarm, it phoned home the instant the
installation completed, which means this is NOT nice software with respect
to privacy.

To make matters even worse, ZoneAlarm requires your email address just to
receive updates! What? Really? They need my email just so the privacy
software can be updated? Are they crazy?

Do they even know what business they're in?
Anyway, since it was already installed, I clicked "Finish" (without giving
it my email address, of course).

Then it wanted to restart the computer. I guess a restart makes sense for a
firewall, which has to have some TSR stuff going on.

After rebooting, it asked me to name the network and then to select
"public" or "trusted" so I set it to public. This is a problem in that I
don't know what I'm doing, but I figured I'd use the stricter settings at
first.

Looking around at the settings, it has three sections:
1. Antivirus = not installed
2. Firewall = on
3. Identity & data = needs to be set up

I don't mind a program trying to upsell (as long as it's not obnoxious), so
I simply leave all those buttons alone because all I want is the firewall.

Looking at Tools Preferences, I see that it has a section for loading
ZoneAlarm at startup (which is ok for a firewall) and it has a proxy server
setting (but I'd have to have a proxy server to give it, which I don't).

Then it has a 'registration' button, but who would register a privacy
suite? Not me. The whole point is to NOT need to register. They don't get
it.

Anyway, that's it for the settings.
Each time I run something, it seems to
a. Create a new network name (which gets tedious pretty quickly)
b. Ask for the security settings (which makes sense)

On Wed, 25 Jan 2017 11:59:01 +0000 (UTC), Ann Dunham
wrote:

Ann Dunham replied:

So that leaves us with fleshing out:
1. Firewall
5. Router passwords

Taking Router Passwords first (because I know nothing about firewalls), I
would recommend actionable things such as:

BASIC ACTIONABLE ROUTER SECURITY SUGGESTIONS: (please suggest better ones!)

1. Change the router admin username & password
Note most routers seem to limit the password to 8 characters.
They'll take more than 8 characters, but anything after 8 doesn't matter.

2. Change the router MAC address (aka MAC cloning)
This doesn't change the MAC address that Google sees from all your
neighbor's Android phones spying for Google on you, but it at least changes
the MAC address that your Windows software sees.

3. Consider turning off any extraneous SSIDs (e.g., guest SSIDs) for the
obvious reason that the more SSIDs you have, the more "doors" you have into
your router.

4. Always add _nomap (lower case?) to the end of all your active SSIDs
This does not prevent all your neighbor's Android phones from spying on you
and reporting your GPS coordinates and router MAC address (the one you
can't change) and signal strength to Google, but Google "says" they will
delete this data which is reported to them a few times a day by your
neighbor's badly configured Android devices.

5. Add Microsoft-required _optout_ (lower case!) to all your active SSIDs
in order to eliminate sharing of your router with your neighbor's WiFi (I'm
not exactly sure how this works though, since I don't have Windows 10 yet).
(I guess you have to change your SSIDs to "whatever_optout_nomap".)

6. The rest of the SSID (and the passphrase) should be as unique as you can
make them, without giving away any privacy (e.g., the SSID shouldn't be a
phone number or an address or a name). You need both the SSID and
passphrase to be unique because of rainbow tables which allow anyone to
easily access your network if you use a non-unique combination of SSID and
passphrase.
https://en.wikipedia.org/wiki/Rainbow_table

7. I'm not sure what default settings to turn off, but almost everyone
recommends turning off UPNP so turn that off, at the very least.

8. Of course, use WPA2/PSK (aka pre-shred key) or better and turn off WPS
and update the firmware and make a backup of your configuration and, ...
but don't bother with hiding your broadcast SSID or disabling the DHCP
server or filtering on MAC addresses since anyone with netstumbler can see
all that stuff anyway and spoofing a MAC address is trivial on laptops.

I'm sure there is other actionable stuff, so please feel free to add it to
this subthread on setting up the router for privacy.

That's quite a nice summary.
Remember, if they p4wN your router, they have access to ALL
your traffic....

[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Shadow replied:

OTOH, why not use an email client like Sylpheed (portable
version available) ? It will keep vulnerable traffic/online time to a
minimum. And by default it will not load remote links/images.

https://en.wikipedia.org/wiki/Sylpheed

That's a very good point in that using a web browser for email is just
plain stupid.

I agree.
I hand't thought about it before.
But I instantly agree.

Anyone who uses a web browser for email can't say they care about privacy.
So, that brings up the question of which mail user agent (client) to use?

My first thought is Thunderbird.
But since you suggested Sylpheed, let me read up on it a bit:
https://en.wikipedia.org/wiki/Sylpheed

That's a short reference page, but it does say that Sylpheed seems to be a
small, fast, light, privacy-aware MUA worth looking into.

It's apparently available he
http://sylpheed.sraoss.jp/ja/download.html

So, I will download and install it and test it out.
If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a
privacy standpoint.

On Wed, 25 Jan 2017 12:44:20 +0000 (UTC), Ann Dunham
wrote:

Ann Dunham replied:

So that leaves us with fleshing out:
1. Firewall
5. Router passwords

I really know almost nothing about firewalls, so I will let others flesh
this one out.

I will ask a few questions though, since WinXP doesn't come with a firewall
(and since routers always come with a firewall).

1. The first question is why we'd need a software firewall if the router
has a hardware firewall.

Software firewalls filter by which program makes the request.
Hardware firewalls are just a dumb "no you can't have access to this
PC, UNLESS a trojan has asked for that access"

2. The second question will be WHICH free software firewall is the best one
for Windows XP.

Probably Kerio 2.1.5

http://www.emule-security.org/download.php?list.2

kerio-pf-2.1.5-en-win.exe
MD5: 0DA51E1414EB4622860795278AC756BE
SHA-1: 7F136BC317901E32DEDEA1EBA00AF5336B50B43C
(I checked against one I have archived for 12 years on a CD)

It's very simple to use, it's annoying at first, but after a
week or so it settles down.
You might need a couple of registry tweaks , it was designed
back when RAM was measured in MB.
Once it's properly set up, it will stop even malware. Most
malware does not even search for it as it's not used much anymore.
They tend to search for (and deactivate) ZoneAlarm, Privatefirewall,
Online Armor and other more popular firewalls.
It caught the only malware to ever infect my machine when it
tried to phone home for the payload. (the only malware in 20 years)

The Windows Firewall is hopeless, and SHOULD BE DISABLED.


I don't know software firewalls, but I know how to google:
https://www.google.com/search?q=best...tware+firewall

Trouble with Google results are that they are $$$$$
orientated. They rarely point to true freeware.
[]'s

The problem, as always with noobs doing Google searches, is that it finds
too much.
http://www.techsupportalert.com/best...protection.htm
http://www.techradar.com/news/the-best-free-firewall
http://www.pcmag.com/article/313986/...free-firewalls
http://www.makeuseof.com/tag/free-fi...dows-compared/
http://www.askvg.com/top-5-best-free...e-for-windows/
https://www.geckoandfly.com/12087/5-...osoft-windows/
etc.

Skimming them for the venn diagram overlap, the following free firewalls
seem to be repeated the most in the articles.

ZoneAlarm
http://www.zonealarm.com/xp/
http://download.zonealarm.com/bin/fr...43_119_000.exe

Comodo
http://download.comodo.com/cis/downl...er_6113_c7.exe

My question is which one of those two to invest my efforts in?
Seems that ZoneAlarm is more often mentioned as the number one.
Is that correct?
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Ann Dunham replied:

It's apparently available he
http://sylpheed.sraoss.jp/ja/download.html

So, I will download and install it and test it out.
If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a
privacy standpoint.

The Sylpheed installer seems well behaved in that it didn't seen to need to
phone home and it went where I told it to go and it even asked me where I
want to store my mail (which will never be in a Windows pre-defined
location for reasons already stated).

It had a setting for pop and imap and then another setting for pop(gmail)
and imap(gmail), so I took the gmail option, which was easy enough.

It then tried to import Outlook mailboxes, which I told it not to.
And then it tried to import a Windows address book, which I declined.

Then it set itself up with Gmail by running curl (of all things), which
ZoneAlarm told me about (otherwise I wouldn't have known that Sylpheed uses
curl).

As always, the work is in the learning curve.

The last time I used a MUA was when Eudora was free and usable, so it will
take a bit to get used to this Sylpheed, but all initial indications seem
good to go forward.

Shadow replied:

1. The first question is why we'd need a software firewall if the router
has a hardware firewall.

Software firewalls filter by which program makes the request.
Hardware firewalls are just a dumb "no you can't have access to this
PC, UNLESS a trojan has asked for that access"

Thanks for explaining the main difference between software firewalls and
hardware firewalls.

Since I installed ZoneAlarm, I have seen a bit of what you speak of.
For example, when Sylpheed set itself up for Gmail, it used curl, which I
only knew because ZoneAlarm asked me to allow Curl to run.

It also accessed the file system when I set up a mailbox, which, again,
ZoneAlarm asked me if Sylpheed could access explorer.exe .

When my NNTP user agent ran, ZoneAlarm asked for permission for my news
reader to access the Internet.

So, I graphically see what you're explaining.
Thanks.


2. The second question will be WHICH free software firewall is the best one
for Windows XP.

Probably Kerio 2.1.5

Ooops. I already installed ZoneAlarm, but I wasn't happy with the vibes
from ZoneAlarm. I never mind a free tool trying to upsell if it does it
discreetly, but ZoneAlarm blatantly asked for my email before I even
installed it, saying I couldn't update it without email (and yet, I hit the
update button and it was already the latest version so I don't know if it
would have worked without my email, which they are never gonna get).

Kerio is very simple to use, it's annoying at first, but after a
week or so it settles down.

I suspect all the free software firewalls are annoying at first, simply
because they have to learn what you wish to allow.

You might need a couple of registry tweaks , it was designed
back when RAM was measured in MB.

That's a good thing!

Once it's properly set up, it will stop even malware. Most
malware does not even search for it as it's not used much anymore.
They tend to search for (and deactivate) ZoneAlarm, Privatefirewall,
Online Armor and other more popular firewalls.

Interesting that the malware attacks just the firewalls that I was
searching for, which are the most recommended ones.

It caught the only malware to ever infect my machine when it
tried to phone home for the payload. (the only malware in 20 years)

That you know of...

The Windows Firewall is hopeless, and SHOULD BE DISABLED.

Does the Windows Firewall even exist for WinXP?

Trouble with Google results are that they are $$$$$
orientated. They rarely point to true freeware.

Yup. I know. I can generally smell a bad "freeware" from the web page being
too slick, or from the upsells, or from registration information required,
etc.

So I'll check out Kerio separately.
Thanks for the advice to use Kerio free firewall on Windows XP.

On Wed, 25 Jan 2017 14:09:58 +0000 (UTC), Ann Dunham
wrote:

Ann Dunham replied:

It's apparently available he
http://sylpheed.sraoss.jp/ja/download.html

So, I will download and install it and test it out.
If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a
privacy standpoint.

The Sylpheed installer seems well behaved in that it didn't seen to need to
phone home and it went where I told it to go and it even asked me where I
want to store my mail (which will never be in a Windows pre-defined
location for reasons already stated).

It had a setting for pop and imap and then another setting for pop(gmail)
and imap(gmail), so I took the gmail option, which was easy enough.

It then tried to import Outlook mailboxes, which I told it not to.
And then it tried to import a Windows address book, which I declined.

Then it set itself up with Gmail by running curl (of all things), which
ZoneAlarm told me about (otherwise I wouldn't have known that Sylpheed uses
curl).

As always, the work is in the learning curve.

The last time I used a MUA was when Eudora was free and usable, so it will
take a bit to get used to this Sylpheed, but all initial indications seem
good to go forward.

I always prefer "portable" if it's available.

; Rename this file to sylpheed.ini
; "configdir" is the relative path from where sylpheed.exe is located

[Sylpheed]
configdir=config

(will keep settings in Sylpheed\config\sylpheedrc and a few
others)
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Wed, 25 Jan 2017 14:20:25 +0000 (UTC), Ann Dunham
wrote:

Shadow replied:

1. The first question is why we'd need a software firewall if the router
has a hardware firewall.

Software firewalls filter by which program makes the request.
Hardware firewalls are just a dumb "no you can't have access to this
PC, UNLESS a trojan has asked for that access"

Thanks for explaining the main difference between software firewalls and
hardware firewalls.

Since I installed ZoneAlarm, I have seen a bit of what you speak of.
For example, when Sylpheed set itself up for Gmail, it used curl, which I
only knew because ZoneAlarm asked me to allow Curl to run.

It also accessed the file system when I set up a mailbox, which, again,
ZoneAlarm asked me if Sylpheed could access explorer.exe .

When my NNTP user agent ran, ZoneAlarm asked for permission for my news
reader to access the Internet.

So, I graphically see what you're explaining.
Thanks.


2. The second question will be WHICH free software firewall is the best one
for Windows XP.

Probably Kerio 2.1.5

Ooops. I already installed ZoneAlarm, but I wasn't happy with the vibes
from ZoneAlarm. I never mind a free tool trying to upsell if it does it
discreetly, but ZoneAlarm blatantly asked for my email before I even
installed it, saying I couldn't update it without email (and yet, I hit the
update button and it was already the latest version so I don't know if it
would have worked without my email, which they are never gonna get).

Kerio is very simple to use, it's annoying at first, but after a
week or so it settles down.

I suspect all the free software firewalls are annoying at first, simply
because they have to learn what you wish to allow.

You might need a couple of registry tweaks , it was designed
back when RAM was measured in MB.

That's a good thing!

Mine is using 2MB RAM ATM, but Process Lasso shows it peaked
at 4MB. I'm running uTorrent.

Once it's properly set up, it will stop even malware. Most
malware does not even search for it as it's not used much anymore.
They tend to search for (and deactivate) ZoneAlarm, Privatefirewall,
Online Armor and other more popular firewalls.

Interesting that the malware attacks just the firewalls that I was
searching for, which are the most recommended ones.

It caught the only malware to ever infect my machine when it
tried to phone home for the payload. (the only malware in 20 years)

That you know of...

Other than the standard government hardware stuff I mean. I
have not used a resident AV in years. I do remote scans from Linux.

The Windows Firewall is hopeless, and SHOULD BE DISABLED.

Does the Windows Firewall even exist for WinXP?

Yes....

Trouble with Google results are that they are $$$$$
orientated. They rarely point to true freeware.

Yup. I know. I can generally smell a bad "freeware" from the web page being
too slick, or from the upsells, or from registration information required,
etc.

So I'll check out Kerio separately.
Thanks for the advice to use Kerio free firewall on Windows XP.

There was some talk about ZoneAlarm datamining and profiling
users, but that was years ago. So I never tried it. Looks like they
have not mended their ways.
I did try PrivateFirewall, Online Armour, Outpost Free and
Sygate, but finally settled for Kerio.
Kerio will not phone home, you can use it to block itself, and
it honors the rule. Unlike other firewalls that whitelist themselves.
Even if it did phone home looking for updates, the remote IP is dead.
It was bought by Sunbelt, who messed it up with too much bloat
and "features", and went bankrupt. Why v 2.1.5 is still best (for XP).
It will NOT run on Win 7 or worse.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Ann Dunham wrote:
Paul in Houston TX replied:

Use a proxy.

Thanks for that Firefox privacy suggestion for WinXP users.
I'm not sure what a "proxy" is, other than I guess it's sort of like a VPN
but just for port 80 (aka web browsing) and maybe encrypted web browsing
(port 443).

Is that right?

If that's right, then it's probably a good thing in that it's a lightweight
free VPN, so now we have to look at how does one install a proxy?

Tor is what many people use:
https://www.torproject.org/

The government can likely read Tor since they created it.

Paul in Houston TX replied:

The government can likely read Tor since they created it.

It would be shocking to me if any major government (Russia, China, N.
Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially
everything out there (including that on Tor), given that they expend
billions of dollars every year in that endeavor.

However, if by "proxy" you mean "tor", I don't think you are correct in
that Tor is far more than just proxy, and where Tor exit notes are all well
known, and hence, rather useless in everyday practice (since they're
blocked on contact by most sites such as Google, Facebook, Craigslist,
etc.).

Tor aside, my unanswered question with respect to the suggestion of using a
"proxy" is which proxy do people use?

When I google, I find a billion ways to "proxy", so, what I need is someone
who actually knows something about proxy to lead me in a better direction
than what a shotgun approach of googling takes me.

Which free proxy setting is best to set up Firefox for privacy?

Ann,

"Proxy" is, as you remarked, an over-broad term. And I even dare to state
that its not even correct (its not at all aimed at privacy).

The "proxy" thats probably ment here is a piece of filtering software,
often, but not always, placed on a seperate computer. It plays a
Man-In-The-Middle (MITM) role.

In your case you could let the filtering be done by configuring FireFox for
private browsing, and maybe with a few plugins if you want to have a more
fine-grained control over which websites are allowed to do one-or-the-other
something.

You see, these days a proxy will often cause problems when you want to use
HTTPS: your browser will notice its not connecting to the website it asked
for (the proxy needs to decrypt the connection both ways to be able to do
any filtering), and will throw warning message after warning message (if
you're lucky, and not just downright closes the connection).

In short: "Proxy" is both a meaningless term in this regard, as well as,
IMHO, not the direction you should be looking in.

My two cents.

Regards,
Rudy Wieser


-- Origional message:
Ann Dunham schreef in berichtnieuws
...
Paul in Houston TX replied:

The government can likely read Tor since they created it.

It would be shocking to me if any major government (Russia, China, N.
Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially
everything out there (including that on Tor), given that they expend
billions of dollars every year in that endeavor.

However, if by "proxy" you mean "tor", I don't think you are correct in
that Tor is far more than just proxy, and where Tor exit notes are all
well
known, and hence, rather useless in everyday practice (since they're
blocked on contact by most sites such as Google, Facebook, Craigslist,
etc.).

Tor aside, my unanswered question with respect to the suggestion of using
a
"proxy" is which proxy do people use?

When I google, I find a billion ways to "proxy", so, what I need is
someone
who actually knows something about proxy to lead me in a better direction
than what a shotgun approach of googling takes me.

Which free proxy setting is best to set up Firefox for privacy?

Ann Dunham wrote:

Paul in Houston TX replied:
However, if by "proxy" you mean "tor", I don't think you are correct in
that Tor is far more than just proxy, and where Tor exit notes are all well
known, and hence, rather useless in everyday practice (since they're
blocked on contact by most sites such as Google, Facebook, Craigslist,
etc.).

Tor aside, my unanswered question with respect to the suggestion of using a
"proxy" is which proxy do people use?

I did not mean that Tor is a proxy.
I cannot help with finding a proxy.
Sorry. You are on your own on that.

On Thu, 26 Jan 2017 17:18:12 +0000 (UTC), Ann Dunham
wrote:

Paul in Houston TX replied:

The government can likely read Tor since they created it.

It would be shocking to me if any major government (Russia, China, N.
Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially
everything out there (including that on Tor), given that they expend
billions of dollars every year in that endeavor.

However, if by "proxy" you mean "tor", I don't think you are correct in
that Tor is far more than just proxy, and where Tor exit notes are all well
known, and hence, rather useless in everyday practice (since they're
blocked on contact by most sites such as Google, Facebook, Craigslist,
etc.).

Tor aside, my unanswered question with respect to the suggestion of using a
"proxy" is which proxy do people use?

When I google, I find a billion ways to "proxy", so, what I need is someone
who actually knows something about proxy to lead me in a better direction
than what a shotgun approach of googling takes me.

Which free proxy setting is best to set up Firefox for privacy?

A proxy is a remote computer you trust as much as your own.
People in repressive regimes often use proxies to access sites blocked
by their governments.

So the client would request a site from the proxy using an
encrypted connection, which would connect, download the content and
pass it on to the client.

As you can probably guess, the great majority are run by
governments and used for blackmail and /or worse.

Tip: don't use a proxy.

The only situation they are useful is for downloading stuff
not available in your country. A lot of Youtube videos are blocked in
Brazil (This video is not available in your country), so I use a proxy
in Europe or the US to see the content. It brings down the cultural
"walls" repressive governments try to impose on other nations.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Shadow replied:

A proxy is a remote computer you trust as much as your own.
People in repressive regimes often use proxies to access sites blocked
by their governments.

These two statements make complete theoretical sense.
I don't disagree with either statement.


So the client would request a site from the proxy using an
encrypted connection, which would connect, download the content and
pass it on to the client.

The only part I "might" ask about clarification is whether or not
encryption is required for proxy, but, with or without encryption, I get
the point that a proxy theoretically hides your activity by putting a man
in the middle.

However, if encryption is involved, how does a proxy differ from VPN, which
does the same thing?

As you can probably guess, the great majority are run by
governments and used for blackmail and /or worse.
Tip: don't use a proxy.

Would you give the same tip not to use a VPN?


The only situation they are useful is for downloading stuff
not available in your country. A lot of Youtube videos are blocked in
Brazil (This video is not available in your country), so I use a proxy
in Europe or the US to see the content. It brings down the cultural
"walls" repressive governments try to impose on other nations.

Couldn't you accomplish the same country-morphing ability with a VPN?

How does a proxy differ from a VPN?