If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Wed, 25 Jan 2017 11:11:41 +0000 (UTC), Ann Dunham
wrote: Ann Dunham replied: To help others who follow this hint, the first thing I had to change in the user.js file was that the Firefox Address Bar search was turned off. The next problem I had with the GHacks user.js was that Google Gmail doesn't like it one bit. Logging into Google Gmail brings me to this page: https://support.google.com/accounts/answer/61416?hl=en It looks like the GHacks user.js turns off cookies, so, searching for that option in the user.js file, I find this: // 0=allow all // 1=allow same host // 2=disallow all // 3=allow 3rd party if it already set a cookie user_pref("network.cookie.cookieBehavior", 2) So I change that to: //WIP user_pref("network.cookie.cookieBehavior", 2) user_pref("network.cookie.cookieBehavior", 1) Then Google Gmail worked! In private browsing mode you can allow cookies, but they are deleted when you close Firefox. Which is probably the safest thing to do. OTOH, why not use an email client like Sylpheed (portable version available) ? It will keep vulnerable traffic/online time to a minimum. And by default it will not load remote links/images. https://en.wikipedia.org/wiki/Sylpheed []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Ads |
#17
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann Dunham replied:
Seems that ZoneAlarm is more often mentioned as the number one. Is that correct? I went ahead with ZoneAlarm, which had a typically crummy installer. For one, it wouldn't go where I wanted it to go, where it always added additional sub directories that were needless. C:\where_I_want_it_to_go\but_then_it_added\Checkpo int\ZoneAlarm For another, what I downloaded was merely a useless stub (which makes my software archive for ZoneAlarm useless), which also requires me to be on the net when I install which also reduces my privacy right from the start. So I don't have a good feeling about ZoneAlarm from the start. During install, as always, I NEVER take the default settings, so I set it to the maximum security instead of the automatic security. Apparently ZoneAlarm is a .NET application, and even though I must have something like a half dozen .NET installations already, yet again, the abomination that is .NET was installed by ZoneAlarm. True to my bad vibes about ZoneAlarm, it phoned home the instant the installation completed, which means this is NOT nice software with respect to privacy. To make matters even worse, ZoneAlarm requires your email address just to receive updates! What? Really? They need my email just so the privacy software can be updated? Are they crazy? Do they even know what business they're in? Anyway, since it was already installed, I clicked "Finish" (without giving it my email address, of course). Then it wanted to restart the computer. I guess a restart makes sense for a firewall, which has to have some TSR stuff going on. After rebooting, it asked me to name the network and then to select "public" or "trusted" so I set it to public. This is a problem in that I don't know what I'm doing, but I figured I'd use the stricter settings at first. Looking around at the settings, it has three sections: 1. Antivirus = not installed 2. Firewall = on 3. Identity & data = needs to be set up I don't mind a program trying to upsell (as long as it's not obnoxious), so I simply leave all those buttons alone because all I want is the firewall. Looking at Tools Preferences, I see that it has a section for loading ZoneAlarm at startup (which is ok for a firewall) and it has a proxy server setting (but I'd have to have a proxy server to give it, which I don't). Then it has a 'registration' button, but who would register a privacy suite? Not me. The whole point is to NOT need to register. They don't get it. Anyway, that's it for the settings. Each time I run something, it seems to a. Create a new network name (which gets tedious pretty quickly) b. Ask for the security settings (which makes sense) |
#18
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Wed, 25 Jan 2017 11:59:01 +0000 (UTC), Ann Dunham
wrote: Ann Dunham replied: So that leaves us with fleshing out: 1. Firewall 5. Router passwords Taking Router Passwords first (because I know nothing about firewalls), I would recommend actionable things such as: BASIC ACTIONABLE ROUTER SECURITY SUGGESTIONS: (please suggest better ones!) 1. Change the router admin username & password Note most routers seem to limit the password to 8 characters. They'll take more than 8 characters, but anything after 8 doesn't matter. 2. Change the router MAC address (aka MAC cloning) This doesn't change the MAC address that Google sees from all your neighbor's Android phones spying for Google on you, but it at least changes the MAC address that your Windows software sees. 3. Consider turning off any extraneous SSIDs (e.g., guest SSIDs) for the obvious reason that the more SSIDs you have, the more "doors" you have into your router. 4. Always add _nomap (lower case?) to the end of all your active SSIDs This does not prevent all your neighbor's Android phones from spying on you and reporting your GPS coordinates and router MAC address (the one you can't change) and signal strength to Google, but Google "says" they will delete this data which is reported to them a few times a day by your neighbor's badly configured Android devices. 5. Add Microsoft-required _optout_ (lower case!) to all your active SSIDs in order to eliminate sharing of your router with your neighbor's WiFi (I'm not exactly sure how this works though, since I don't have Windows 10 yet). (I guess you have to change your SSIDs to "whatever_optout_nomap".) 6. The rest of the SSID (and the passphrase) should be as unique as you can make them, without giving away any privacy (e.g., the SSID shouldn't be a phone number or an address or a name). You need both the SSID and passphrase to be unique because of rainbow tables which allow anyone to easily access your network if you use a non-unique combination of SSID and passphrase. https://en.wikipedia.org/wiki/Rainbow_table 7. I'm not sure what default settings to turn off, but almost everyone recommends turning off UPNP so turn that off, at the very least. 8. Of course, use WPA2/PSK (aka pre-shred key) or better and turn off WPS and update the firmware and make a backup of your configuration and, ... but don't bother with hiding your broadcast SSID or disabling the DHCP server or filtering on MAC addresses since anyone with netstumbler can see all that stuff anyway and spoofing a MAC address is trivial on laptops. I'm sure there is other actionable stuff, so please feel free to add it to this subthread on setting up the router for privacy. That's quite a nice summary. Remember, if they p4wN your router, they have access to ALL your traffic.... []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#19
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Shadow replied:
OTOH, why not use an email client like Sylpheed (portable version available) ? It will keep vulnerable traffic/online time to a minimum. And by default it will not load remote links/images. https://en.wikipedia.org/wiki/Sylpheed That's a very good point in that using a web browser for email is just plain stupid. I agree. I hand't thought about it before. But I instantly agree. Anyone who uses a web browser for email can't say they care about privacy. So, that brings up the question of which mail user agent (client) to use? My first thought is Thunderbird. But since you suggested Sylpheed, let me read up on it a bit: https://en.wikipedia.org/wiki/Sylpheed That's a short reference page, but it does say that Sylpheed seems to be a small, fast, light, privacy-aware MUA worth looking into. It's apparently available he http://sylpheed.sraoss.jp/ja/download.html So, I will download and install it and test it out. If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a privacy standpoint. |
#20
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Wed, 25 Jan 2017 12:44:20 +0000 (UTC), Ann Dunham
wrote: Ann Dunham replied: So that leaves us with fleshing out: 1. Firewall 5. Router passwords I really know almost nothing about firewalls, so I will let others flesh this one out. I will ask a few questions though, since WinXP doesn't come with a firewall (and since routers always come with a firewall). 1. The first question is why we'd need a software firewall if the router has a hardware firewall. Software firewalls filter by which program makes the request. Hardware firewalls are just a dumb "no you can't have access to this PC, UNLESS a trojan has asked for that access" 2. The second question will be WHICH free software firewall is the best one for Windows XP. Probably Kerio 2.1.5 http://www.emule-security.org/download.php?list.2 kerio-pf-2.1.5-en-win.exe MD5: 0DA51E1414EB4622860795278AC756BE SHA-1: 7F136BC317901E32DEDEA1EBA00AF5336B50B43C (I checked against one I have archived for 12 years on a CD) It's very simple to use, it's annoying at first, but after a week or so it settles down. You might need a couple of registry tweaks , it was designed back when RAM was measured in MB. Once it's properly set up, it will stop even malware. Most malware does not even search for it as it's not used much anymore. They tend to search for (and deactivate) ZoneAlarm, Privatefirewall, Online Armor and other more popular firewalls. It caught the only malware to ever infect my machine when it tried to phone home for the payload. (the only malware in 20 years) The Windows Firewall is hopeless, and SHOULD BE DISABLED. I don't know software firewalls, but I know how to google: https://www.google.com/search?q=best...tware+firewall Trouble with Google results are that they are $$$$$ orientated. They rarely point to true freeware. []'s The problem, as always with noobs doing Google searches, is that it finds too much. http://www.techsupportalert.com/best...protection.htm http://www.techradar.com/news/the-best-free-firewall http://www.pcmag.com/article/313986/...free-firewalls http://www.makeuseof.com/tag/free-fi...dows-compared/ http://www.askvg.com/top-5-best-free...e-for-windows/ https://www.geckoandfly.com/12087/5-...osoft-windows/ etc. Skimming them for the venn diagram overlap, the following free firewalls seem to be repeated the most in the articles. ZoneAlarm http://www.zonealarm.com/xp/ http://download.zonealarm.com/bin/fr...43_119_000.exe Comodo http://download.comodo.com/cis/downl...er_6113_c7.exe My question is which one of those two to invest my efforts in? Seems that ZoneAlarm is more often mentioned as the number one. Is that correct? -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#21
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann Dunham replied:
It's apparently available he http://sylpheed.sraoss.jp/ja/download.html So, I will download and install it and test it out. If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a privacy standpoint. The Sylpheed installer seems well behaved in that it didn't seen to need to phone home and it went where I told it to go and it even asked me where I want to store my mail (which will never be in a Windows pre-defined location for reasons already stated). It had a setting for pop and imap and then another setting for pop(gmail) and imap(gmail), so I took the gmail option, which was easy enough. It then tried to import Outlook mailboxes, which I told it not to. And then it tried to import a Windows address book, which I declined. Then it set itself up with Gmail by running curl (of all things), which ZoneAlarm told me about (otherwise I wouldn't have known that Sylpheed uses curl). As always, the work is in the learning curve. The last time I used a MUA was when Eudora was free and usable, so it will take a bit to get used to this Sylpheed, but all initial indications seem good to go forward. |
#22
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Shadow replied:
1. The first question is why we'd need a software firewall if the router has a hardware firewall. Software firewalls filter by which program makes the request. Hardware firewalls are just a dumb "no you can't have access to this PC, UNLESS a trojan has asked for that access" Thanks for explaining the main difference between software firewalls and hardware firewalls. Since I installed ZoneAlarm, I have seen a bit of what you speak of. For example, when Sylpheed set itself up for Gmail, it used curl, which I only knew because ZoneAlarm asked me to allow Curl to run. It also accessed the file system when I set up a mailbox, which, again, ZoneAlarm asked me if Sylpheed could access explorer.exe . When my NNTP user agent ran, ZoneAlarm asked for permission for my news reader to access the Internet. So, I graphically see what you're explaining. Thanks. 2. The second question will be WHICH free software firewall is the best one for Windows XP. Probably Kerio 2.1.5 Ooops. I already installed ZoneAlarm, but I wasn't happy with the vibes from ZoneAlarm. I never mind a free tool trying to upsell if it does it discreetly, but ZoneAlarm blatantly asked for my email before I even installed it, saying I couldn't update it without email (and yet, I hit the update button and it was already the latest version so I don't know if it would have worked without my email, which they are never gonna get). Kerio is very simple to use, it's annoying at first, but after a week or so it settles down. I suspect all the free software firewalls are annoying at first, simply because they have to learn what you wish to allow. You might need a couple of registry tweaks , it was designed back when RAM was measured in MB. That's a good thing! Once it's properly set up, it will stop even malware. Most malware does not even search for it as it's not used much anymore. They tend to search for (and deactivate) ZoneAlarm, Privatefirewall, Online Armor and other more popular firewalls. Interesting that the malware attacks just the firewalls that I was searching for, which are the most recommended ones. It caught the only malware to ever infect my machine when it tried to phone home for the payload. (the only malware in 20 years) That you know of... The Windows Firewall is hopeless, and SHOULD BE DISABLED. Does the Windows Firewall even exist for WinXP? Trouble with Google results are that they are $$$$$ orientated. They rarely point to true freeware. Yup. I know. I can generally smell a bad "freeware" from the web page being too slick, or from the upsells, or from registration information required, etc. So I'll check out Kerio separately. Thanks for the advice to use Kerio free firewall on Windows XP. |
#23
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Wed, 25 Jan 2017 14:09:58 +0000 (UTC), Ann Dunham
wrote: Ann Dunham replied: It's apparently available he http://sylpheed.sraoss.jp/ja/download.html So, I will download and install it and test it out. If it fails. I'll move to Thunderbird, which is acceptable (AFAIK) from a privacy standpoint. The Sylpheed installer seems well behaved in that it didn't seen to need to phone home and it went where I told it to go and it even asked me where I want to store my mail (which will never be in a Windows pre-defined location for reasons already stated). It had a setting for pop and imap and then another setting for pop(gmail) and imap(gmail), so I took the gmail option, which was easy enough. It then tried to import Outlook mailboxes, which I told it not to. And then it tried to import a Windows address book, which I declined. Then it set itself up with Gmail by running curl (of all things), which ZoneAlarm told me about (otherwise I wouldn't have known that Sylpheed uses curl). As always, the work is in the learning curve. The last time I used a MUA was when Eudora was free and usable, so it will take a bit to get used to this Sylpheed, but all initial indications seem good to go forward. I always prefer "portable" if it's available. ; Rename this file to sylpheed.ini ; "configdir" is the relative path from where sylpheed.exe is located [Sylpheed] configdir=config (will keep settings in Sylpheed\config\sylpheedrc and a few others) []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#24
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Wed, 25 Jan 2017 14:20:25 +0000 (UTC), Ann Dunham
wrote: Shadow replied: 1. The first question is why we'd need a software firewall if the router has a hardware firewall. Software firewalls filter by which program makes the request. Hardware firewalls are just a dumb "no you can't have access to this PC, UNLESS a trojan has asked for that access" Thanks for explaining the main difference between software firewalls and hardware firewalls. Since I installed ZoneAlarm, I have seen a bit of what you speak of. For example, when Sylpheed set itself up for Gmail, it used curl, which I only knew because ZoneAlarm asked me to allow Curl to run. It also accessed the file system when I set up a mailbox, which, again, ZoneAlarm asked me if Sylpheed could access explorer.exe . When my NNTP user agent ran, ZoneAlarm asked for permission for my news reader to access the Internet. So, I graphically see what you're explaining. Thanks. 2. The second question will be WHICH free software firewall is the best one for Windows XP. Probably Kerio 2.1.5 Ooops. I already installed ZoneAlarm, but I wasn't happy with the vibes from ZoneAlarm. I never mind a free tool trying to upsell if it does it discreetly, but ZoneAlarm blatantly asked for my email before I even installed it, saying I couldn't update it without email (and yet, I hit the update button and it was already the latest version so I don't know if it would have worked without my email, which they are never gonna get). Kerio is very simple to use, it's annoying at first, but after a week or so it settles down. I suspect all the free software firewalls are annoying at first, simply because they have to learn what you wish to allow. You might need a couple of registry tweaks , it was designed back when RAM was measured in MB. That's a good thing! Mine is using 2MB RAM ATM, but Process Lasso shows it peaked at 4MB. I'm running uTorrent. Once it's properly set up, it will stop even malware. Most malware does not even search for it as it's not used much anymore. They tend to search for (and deactivate) ZoneAlarm, Privatefirewall, Online Armor and other more popular firewalls. Interesting that the malware attacks just the firewalls that I was searching for, which are the most recommended ones. It caught the only malware to ever infect my machine when it tried to phone home for the payload. (the only malware in 20 years) That you know of... Other than the standard government hardware stuff I mean. I have not used a resident AV in years. I do remote scans from Linux. The Windows Firewall is hopeless, and SHOULD BE DISABLED. Does the Windows Firewall even exist for WinXP? Yes.... Trouble with Google results are that they are $$$$$ orientated. They rarely point to true freeware. Yup. I know. I can generally smell a bad "freeware" from the web page being too slick, or from the upsells, or from registration information required, etc. So I'll check out Kerio separately. Thanks for the advice to use Kerio free firewall on Windows XP. There was some talk about ZoneAlarm datamining and profiling users, but that was years ago. So I never tried it. Looks like they have not mended their ways. I did try PrivateFirewall, Online Armour, Outpost Free and Sygate, but finally settled for Kerio. Kerio will not phone home, you can use it to block itself, and it honors the rule. Unlike other firewalls that whitelist themselves. Even if it did phone home looking for updates, the remote IP is dead. It was bought by Sunbelt, who messed it up with too much bloat and "features", and went bankrupt. Why v 2.1.5 is still best (for XP). It will NOT run on Win 7 or worse. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#25
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann Dunham wrote:
Paul in Houston TX replied: Use a proxy. Thanks for that Firefox privacy suggestion for WinXP users. I'm not sure what a "proxy" is, other than I guess it's sort of like a VPN but just for port 80 (aka web browsing) and maybe encrypted web browsing (port 443). Is that right? If that's right, then it's probably a good thing in that it's a lightweight free VPN, so now we have to look at how does one install a proxy? Tor is what many people use: https://www.torproject.org/ The government can likely read Tor since they created it. |
#26
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Paul in Houston TX replied:
The government can likely read Tor since they created it. It would be shocking to me if any major government (Russia, China, N. Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially everything out there (including that on Tor), given that they expend billions of dollars every year in that endeavor. However, if by "proxy" you mean "tor", I don't think you are correct in that Tor is far more than just proxy, and where Tor exit notes are all well known, and hence, rather useless in everyday practice (since they're blocked on contact by most sites such as Google, Facebook, Craigslist, etc.). Tor aside, my unanswered question with respect to the suggestion of using a "proxy" is which proxy do people use? When I google, I find a billion ways to "proxy", so, what I need is someone who actually knows something about proxy to lead me in a better direction than what a shotgun approach of googling takes me. Which free proxy setting is best to set up Firefox for privacy? |
#27
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann,
"Proxy" is, as you remarked, an over-broad term. And I even dare to state that its not even correct (its not at all aimed at privacy). The "proxy" thats probably ment here is a piece of filtering software, often, but not always, placed on a seperate computer. It plays a Man-In-The-Middle (MITM) role. In your case you could let the filtering be done by configuring FireFox for private browsing, and maybe with a few plugins if you want to have a more fine-grained control over which websites are allowed to do one-or-the-other something. You see, these days a proxy will often cause problems when you want to use HTTPS: your browser will notice its not connecting to the website it asked for (the proxy needs to decrypt the connection both ways to be able to do any filtering), and will throw warning message after warning message (if you're lucky, and not just downright closes the connection). In short: "Proxy" is both a meaningless term in this regard, as well as, IMHO, not the direction you should be looking in. My two cents. Regards, Rudy Wieser -- Origional message: Ann Dunham schreef in berichtnieuws ... Paul in Houston TX replied: The government can likely read Tor since they created it. It would be shocking to me if any major government (Russia, China, N. Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially everything out there (including that on Tor), given that they expend billions of dollars every year in that endeavor. However, if by "proxy" you mean "tor", I don't think you are correct in that Tor is far more than just proxy, and where Tor exit notes are all well known, and hence, rather useless in everyday practice (since they're blocked on contact by most sites such as Google, Facebook, Craigslist, etc.). Tor aside, my unanswered question with respect to the suggestion of using a "proxy" is which proxy do people use? When I google, I find a billion ways to "proxy", so, what I need is someone who actually knows something about proxy to lead me in a better direction than what a shotgun approach of googling takes me. Which free proxy setting is best to set up Firefox for privacy? |
#28
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Ann Dunham wrote:
Paul in Houston TX replied: However, if by "proxy" you mean "tor", I don't think you are correct in that Tor is far more than just proxy, and where Tor exit notes are all well known, and hence, rather useless in everyday practice (since they're blocked on contact by most sites such as Google, Facebook, Craigslist, etc.). Tor aside, my unanswered question with respect to the suggestion of using a "proxy" is which proxy do people use? I did not mean that Tor is a proxy. I cannot help with finding a proxy. Sorry. You are on your own on that. |
#29
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
On Thu, 26 Jan 2017 17:18:12 +0000 (UTC), Ann Dunham
wrote: Paul in Houston TX replied: The government can likely read Tor since they created it. It would be shocking to me if any major government (Russia, China, N. Korea, Iran, US, GB, France, Germany, etc.) couldn't read essentially everything out there (including that on Tor), given that they expend billions of dollars every year in that endeavor. However, if by "proxy" you mean "tor", I don't think you are correct in that Tor is far more than just proxy, and where Tor exit notes are all well known, and hence, rather useless in everyday practice (since they're blocked on contact by most sites such as Google, Facebook, Craigslist, etc.). Tor aside, my unanswered question with respect to the suggestion of using a "proxy" is which proxy do people use? When I google, I find a billion ways to "proxy", so, what I need is someone who actually knows something about proxy to lead me in a better direction than what a shotgun approach of googling takes me. Which free proxy setting is best to set up Firefox for privacy? A proxy is a remote computer you trust as much as your own. People in repressive regimes often use proxies to access sites blocked by their governments. So the client would request a site from the proxy using an encrypted connection, which would connect, download the content and pass it on to the client. As you can probably guess, the great majority are run by governments and used for blackmail and /or worse. Tip: don't use a proxy. The only situation they are useful is for downloading stuff not available in your country. A lot of Youtube videos are blocked in Brazil (This video is not available in your country), so I use a proxy in Europe or the US to see the content. It brings down the cultural "walls" repressive governments try to impose on other nations. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#30
|
|||
|
|||
OMG. It's a LOT of work to set up Firefox for privacy on WinXP!
Shadow replied:
A proxy is a remote computer you trust as much as your own. People in repressive regimes often use proxies to access sites blocked by their governments. These two statements make complete theoretical sense. I don't disagree with either statement. So the client would request a site from the proxy using an encrypted connection, which would connect, download the content and pass it on to the client. The only part I "might" ask about clarification is whether or not encryption is required for proxy, but, with or without encryption, I get the point that a proxy theoretically hides your activity by putting a man in the middle. However, if encryption is involved, how does a proxy differ from VPN, which does the same thing? As you can probably guess, the great majority are run by governments and used for blackmail and /or worse. Tip: don't use a proxy. Would you give the same tip not to use a VPN? The only situation they are useful is for downloading stuff not available in your country. A lot of Youtube videos are blocked in Brazil (This video is not available in your country), so I use a proxy in Europe or the US to see the content. It brings down the cultural "walls" repressive governments try to impose on other nations. Couldn't you accomplish the same country-morphing ability with a VPN? How does a proxy differ from a VPN? |
Thread Tools | |
Display Modes | |
|
|