If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
What "pointers" would you provide to someone who asks what they should
consider learning about to improve their desktop/mobile privacy/security? The topic is huge, so all I would do, for an adult, is provide a bunch of head-start keyword/URL pointers to any adult who asks that question. But which keyword pointers would you provide to start with? o Can you help flesh out this list I just created for them? In no particular order (yet)... o Browser fingerprinting (https://panopticlick.eff.org) o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) o IP address privacy (vpn(*), killswitches) o IP address check (curl icanhazip.com, http://whatismyipaddress.com) o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) o Domain blocking (http://winhelp2002.mvps.org & acrylic DNS) o DNS leaks & encryption (dnscrypt, https://www.dnsleaktest.com) o OS (copperOS, tails) o WiFi (wireshark, tcpdump, _nomap, _optout) o ??? *What other keywords would point to basic privacy/security concepts?* (*) Just mentioning the three letters V-P-N will normally induce a hail of vpn trolls, so let's keep this high level please, where we're just looking for keywords as we all know the zillions of caveats surrounding VPNs. -- Usenet is a public potluck where purposefully hellpful people help each other learn more about the technical topics that they discuss on this ng. |
Ads |
#2
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/2019 05:56, Arlen Holder wrote:
What "pointers" would you provide to someone who asks what they should consider learning about to improve their desktop/mobile privacy/security? o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) There is always the risk of your data will be used for tracking you or profiling you, never trust a free service. o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) o Domain blocking (http://winhelp2002.mvps.org & acrylic DNS) I would recommend pihole with dnsproxy, also router iptables to redirect all outgoing traffic over port 53 to the pihole. o WiFi (wireshark, tcpdump, _nomap, _optout) Avoid wifi, it's insecure and slow compared to a cable. -- //Aho |
#3
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
In article , J.O. Aho
wrote: o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) it's very easy to know if they have the keys or not. o WiFi (wireshark, tcpdump, _nomap, _optout) Avoid wifi, it's insecure and slow compared to a cable. no to both and a cable is not an option most of the time. |
#4
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
"J.O. Aho" wrote
| | o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) | | There is always the risk of your data will be used for tracking you or | profiling you, never trust a free service. | Good tips for general security online, but for anything resembling privacy you need to: * Turn off cellphones whenever possible and avoid apps. * Use a HOSTS file and block numerous domains from the likes of Google and Facebook. * Avoid enabling javascript except where absolutely necessary. That's just for starters. Those are just the most obvious issues involving constant tracking both online and in terms of physical location. The third is absolutely necessary for anyone who hopes to have protection from online attacks. Nearly every online security risk requires javascript. The rest generally require other executable code, such as Flash, Java, Silverlight, etc. If those steps seem unreasonable then the next best thing would be to admit to yourself that you value convenience and Instagram so much that you've decided to accept wearing a tracking collar at all times and risking malware. If you're going to be a sucker you can at least not fool yourself about it. |
#5
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/19 10:42, J.O. Aho wrote:
On 27/12/2019 05:56, Arlen Holder wrote: What "pointers" would you provide to someone who asks what they should consider learning about to improve their desktop/mobile privacy/security? o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) There is always the risk of your data will be used for tracking you or profiling you, never trust a free service. I have no objection with this, but ... why does this not hold for paid services too ? As long as they are able enough to get away with it and have you not even know, even them might profile you. Or not ? And if not, why not ? Explain pls o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) totally agree, even if ones with self-discipline strong enough to cript stuff manually before uploading could be sufficiente to workaround the trust o Domain blocking (http://winhelp2002.mvps.org & acrylic DNS) I would recommend pihole with dnsproxy, also router iptables to redirect all outgoing traffic over port 53 to the pihole. o WiFi (wireshark, tcpdump, _nomap, _optout) Avoid wifi, it's insecure and slow compared to a cable. -- 1) Resistere, resistere, resistere. 2) Se tutti pagano le tasse, le tasse le pagano tutti Soviet_Mario - (aka Gatto_Vizzato) |
#6
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/19 05:56, Arlen Holder wrote:
What "pointers" would you provide to someone who asks what they should consider learning about to improve their desktop/mobile privacy/security? The topic is huge, so all I would do, for an adult, is provide a bunch of head-start keyword/URL pointers to any adult who asks that question. But which keyword pointers would you provide to start with? o Can you help flesh out this list I just created for them? In no particular order (yet)... o Browser fingerprinting (https://panopticlick.eff.org) o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) o IP address privacy (vpn(*), killswitches) o IP address check (curl icanhazip.com, http://whatismyipaddress.com) o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) o Domain blocking (http://winhelp2002.mvps.org & acrylic DNS) o DNS leaks & encryption (dnscrypt, https://www.dnsleaktest.com) o OS (copperOS, tails) o WiFi (wireshark, tcpdump, _nomap, _optout) o ??? *What other keywords would point to basic privacy/security concepts?* (*) Just mentioning the three letters V-P-N will normally induce a hail of vpn trolls, so let's keep this high level please, where we're just looking for keywords as we all know the zillions of caveats surrounding VPNs. you're one of the few that raises general topics, and intresting ones. Tnx -- 1) Resistere, resistere, resistere. 2) Se tutti pagano le tasse, le tasse le pagano tutti Soviet_Mario - (aka Gatto_Vizzato) |
#7
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/2019 16.41, Soviet_Mario wrote:
On 27/12/19 10:42, J.O. Aho wrote: On 27/12/2019 05:56, Arlen Holder wrote: What "pointers" would you provide to someone who asks what they should consider learning about to improve their desktop/mobile privacy/security? o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) There is always the risk of your data will be used for tracking you or profiling you, never trust a free service. I have no objection with this, but ... why does this not hold for paid services too ? A paid service don't automatically mean they won't profit from your data too, so you have still be careful when picking which service to use. -- //Aho |
#8
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/2019 12.48, nospam wrote:
In article , J.O. Aho wrote: o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) it's very easy to know if they have the keys or not. Not that easy, specially on a mobile phone where you have less control of things, it make is more difficult to for you to know if your private key has been shared. -- //Aho |
#9
|
|||
|
|||
What "pointers" would you provide to someone who asks what theyshould consider doing for privacy/security?
On 27/12/2019 14.21, Mayayana wrote:
"J.O. Aho" wrote | | o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) | | There is always the risk of your data will be used for tracking you or | profiling you, never trust a free service. | * Use a HOSTS file and block numerous domains from the likes of Google and Facebook. That's what you have pihole to, no point in editing things on each device you have on your network, do it on one instance. -- //Aho |
#10
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
On Fri, 27 Dec 2019 10:42:31 +0100, J.O. Aho wrote:
o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers) There is always the risk of your data will be used for tracking you or profiling you, never trust a free service. Hi J.O. Aho, I realize instantly that you're trying to be helpful, which I appreciate, but it's too easy on Usenet to say why something "can't work" where the point of this thread is simply to come up with "ideas" via keywords, that can be made to work. For example, you can make proxies work simply by adding a VPN (for example) to the front end of the proxy, where my intent of this thread wasn't to discuss what "will work", but what "can work". Nonetheless, we all know the flaws of _every_ keyworded topic I listed, all of which we can ameliorate to some extent (which isn't the point of this thread, since the ameliortion discussion can go on, easily, forever). As an example of amelioration of your objection, it's easy to "add another proxy" to the existing proxy, where, of course, there's always a "first proxy", which even itself can be ameliorated by using someone elses' WiFi connection (for example). Since I like to make my threads "actionable" (i.e., real, & not bull****) as a _simple_ example, you can do this quite easily by way of amelioration: a. Sit away from Starbuck's cameras with a WiFi enabled iPad on your lap b. Start any public VPN service on that iPad, so now you're "on VPN". e.g., https://apps.apple.com/us/app/hide-me-vpn/id953040671 c. Start any "proxy browser" on that iPad, so now you're on a proxy. e.g., https://alohabrowser.com/ etc. Sure, there is browser fingerprinting, and dns leaks, and hidden cameras galore, along with government-sponsored license-plate readers and FBI Cessnas flying overhead capturing your IMEI that can nab you as you travel to the Starbucks or sit at home alone... but we have to keep in mind the basic "threat model" in the situation above, where I was advising a group of college-age boys on how to better be "private" while on the university computer system. Likewise, for example, torrenting amelioration steps could be: a. Obtain a magnet URL via vpn/proxy/tor & sit on it for increased latency b. Utilize a killswitch when the torrent begins & set the seed to 2.0 c. Ensure a reliable public VPN service to keep the DCMA notification away etc. In summary, we all already know of all these reasons why you "can't have privacy" on the Internet - but - for a group of college aged kids - there is still merit in giving them a select set of about a dozen to a score of privacy/security based "keywords", that they can look up. Hence, the question here is simply one of privacy-based keywords... *What other keywords would point to basic privacy/security concepts?* o Password privacy (keepass & mobile phone equivalents) o Data privacy (veracrypt & mobile phone equivalents) Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) Again, for _every_ topic above, there are reasons why someone will say it "can't work"; when the truth of the matter is that you "can make it work" by putting in place amelioration steps. For example, I already told these boys to try as much as possible when they're at the university to only use their USB cable, where you'll note that the password solution of using "keypass" works on their desktop (there's never a need to put a password database on the Internet or even on the university LAN). In addition, the same USB-cable amelioration applies to their truecrypt database, and to their calendar ics file, where I showed them my Android phone doesn't even have a Google Account, where I can easily maintain my calendar & passwords & encrypted data over a USB cable from PC to phone. But the point of this thread is NOT why you "can't have privacy", but why you "can have privacy", if you know a few keywords to look up for details. *What other keywords would point to basic privacy/security concepts?* o WiFi (wireshark, tcpdump, _nomap, _optout) Avoid wifi, it's insecure and slow compared to a cable. I told the freshman boys to keep their passwords, calendars, and truecrypt databases only on their computers & phones (merging via USB cable). Nonetheless, Wi-Fi is a reality, where I showed them, for example, how to torrent a bit more safely by simply taking amelioration steps into account. For example, WiFi amelioration steps could be: a. Be aware of butterfly hash tables by using unique SSID & passphrases b. Be aware of Wi-Fi Sense (e.g., _optout) & SSID naming (e.g., _nomap) c. Be aware of WiGle & Google SSID databases (i.e., SSIDs are geolocated) etc. NOTE: Even Android tells people nowadays (at least Android 9 does on my new $100 Moto G7 for example) that your SSID/BSSID _is_ your geolocation (in essence) given there are WiGle WiFi wardriving databases which list your geolocation and that there are freely available Google databases too. o WiGle SSID/BSSID geolocator https://wigle.net/ o Google SSID/BSSID geolocator https://www.mylnikov.org/archives/1170 o *Any other sites do people know of that geolocate your BSSID/SSID?* o Domain blocking (http://winhelp2002.mvps.org & acrylic DNS) I would recommend pihole with dnsproxy, also router iptables to redirect all outgoing traffic over port 53 to the pihole. Ah, _this_ suggestion is in keeping with the spirit of this thread! Thank you for adding those "domain blocking" keywords, where I'm wholly unfamiliar with the keyword "pihole" for example (which I've added to the list above based on your helpful suggestion). Googling, it seems all three go together (piholes, iptables, firewalls) https://docs.pi-hole.net/guides/vpn/firewall/ My goal, much later, for each keyword, is to have a canonical site, e.g., o DNSCRYPT https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0 o IPTABLES https://www.leaseweb.com/labs/2013/12/setup-linux-gateway-using-iptables/ o FIREWALL https://opensourceforu.com/2015/04/iptables-the-default-linux-firewall/ o SSID/BSSID https://www.maketecheasier.com/google-know-where-wifi-router/ etc. Hence, I repeat the question, in that tack, where I ask for more keywords! o WiFi setup (e.g., WPA2/PSK butterfly hash tables, & wifi sense _optout) o Wardriving amelioration (e.g., hidden broadcast, _nomap, & BSSID cloning) o Network firewalls (e.g., router iptables firewalls, wireshark, & tcpdump) o Privacy smtp/imap servers (e.g., mailinator, & protonmail) o Browser fingerprinting (e.g., panopticlick.eff.org) o Browser proxies (e.g., Epic, Opera, TBB, Aloha, & Brave web browsers) o IP address privacy (e.g., VPNs, web proxy servers, & cmd-line killswitches) o IP address checks (e.g., curl icanhazip.com, & whatismyipaddress.com) o Password privacy (e.g., keepass & mobile device equivalents) o Data privacy (e.g., truecrypt/veracrypt & mobile device equivalents) o Domain blocking (e.g., HOSTS, pihole, router iptables, MVPhosts & acrylic DNS) o DNS leaks & encryption (e.g., dnscrypt, dnsproxy, & dnsleaktest.com) o Privacy-based OS's (e.g., tails, & copperOS) o ??? *What other keywords would point to basic privacy/security concepts?* -- Usenet is a wonderful public potluck where ideas can be fleshed out better. |
#11
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
On Fri, 27 Dec 2019 16:42:48 +0100, Soviet_Mario wrote:
you're one of the few that raises general topics, and intresting ones. Hi Soviet_Mario, Thanks for that accolade where I'm always trying to find "actionable" advice, e.g., the advice of "don't use Wi-Fi" isn't really actionable in today's world, but the advice of "use USB cable for passwords" is actionable (as previously explained in my prior post to A. J. Aho. What most people posted is why we "can't have privacy", but I'm trying to help a group of college freshman in "improving their privacy" while on the university network. *The goal of this thread is to come up with meaningfully "actionable" keywords.* Hence, the intent is to have a canonical site attached to every keyword, such that they can look up the details on their own; but that's for later. *Right now I need the score of keywords*, where this is what I've gleaned from the posts to date by way of basic privacy/security keywords so far: 1. WiFi setup (e.g., WPA2/PSK butterfly hash tables, & wifi sense _optout) 2. Wardriving amelioration (e.g., hidden broadcast, _nomap, & BSSID cloning) 3. Network firewalls (e.g., router iptables firewalls, wireshark, & tcpdump) 4. Privacy smtp/imap servers (e.g., mailinator, & protonmail) 5. Browser fingerprinting (e.g., panopticlick.eff.org) 6. Browser proxies (e.g., Epic, Opera, TBB, Aloha, & Brave web browsers) 7. IP address privacy (e.g., VPNs, web proxy servers, & cmd-line killswitches) 8. IP address checks (e.g., curl icanhazip.com, & whatismyipaddress.com) 9. Password privacy (e.g., keepass & mobile device equivalents) 10. Data privacy (e.g., truecrypt/veracrypt & mobile device equivalents) 11. Domain blocking (e.g., HOSTS, pihole, router iptables, MVPhosts & acrylic DNS) 12. DNS leaks & encryption (e.g., dnscrypt, dnsproxy, & dnsleaktest.com) 13. Privacy-based OS's (e.g., tails, & copperOS) 14-20. ??? *What other keywords would point to basic privacy/security concepts?* -- Usenet is a wonderful public potluck where ideas can be fleshed out better. |
#12
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
In article , J.O. Aho
wrote: There is always the risk of your data will be used for tracking you or profiling you, never trust a free service. I have no objection with this, but ... why does this not hold for paid services too ? A paid service don't automatically mean they won't profit from your data too, so you have still be careful when picking which service to use. a free service doesn't automatically mean they will datamine. many times, there's a free tier with limited functionality, with the hopes that the user will upgrade to a paid tier and additional features. |
#13
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
In article , J.O. Aho
wrote: * Use a HOSTS file and block numerous domains from the likes of Google and Facebook. That's what you have pihole to, no point in editing things on each device you have on your network, do it on one instance. carrying a pihole around everywhere is incredibly impractical. |
#14
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
In article , J.O. Aho
wrote: Always avoid applications that lets you store your data online, as you never know if they will have the key to decrypt your data (stored or in transit) it's very easy to know if they have the keys or not. Not that easy, specially on a mobile phone where you have less control of things, it make is more difficult to for you to know if your private key has been shared. not true. |
#15
|
|||
|
|||
What "pointers" would you provide to someone who asks what they should consider doing for privacy/security?
On Fri, 27 Dec 2019 17:48:56 +0100, J.O. Aho wrote:
Not that easy, specially on a mobile phone where you have less control of things, it make is more difficult to for you to know if your private key has been shared. Hi J.O. Aho, You bring up a good point about "private keys", which hasn't been covered. (And which is useful because this thread is intended to be "actionable".) Bear in mind the ultimate goal is a canonical URL for each keyword, e.g., o PRIVATE KEY https://www.namecheap.com/support/knowledgebase/article.aspx/9834/69/how-can-i-find-the-private-key-for-my-ssl-certificate But we still don't yet have the full score of privacy-based keywords yet. I understand (and appreciate) you're being helpful where this thread wasn't supposed to be about 'amelioration', as that would extend the thread out to an infinite number of posts, but partially to your point, I did address 'amelioration' with this gang of college-age freshman boys with respect to "keyboard privacy". For example, while it's not about "private keys", this recent thread goes into gory detail on how to easily switch to privacy-based keyboards on a mobile device for the purpose of opening the master keepass kdbx passwd database, which is to be maintained over USB cable wholly outside the university LAN or the Internet. o If not the default, what free Android keyboard are you using & why do you like it? https://groups.google.com/forum/#!topic/comp.mobile.android/CmZAI0OsXDs Notice that passwords on mobile devices 'can' be somewhat protected simply by switching, ad hoc, when typing passwords, to a "protective keyboard": https://i.postimg.cc/NMjf6fGd/keyboard00.jpg As long as the students use a database _designed_ to be used offline: https://i.postimg.cc/wvD8RCLw/keypass01.jpg And which works on all mobile devices, even these budget devices I own: https://i.postimg.cc/136096sR/motog700.jpg To the point you and nospam bring up about a "private key", other than PGP and GnuPGP, I haven't any experience with "private keys". Should we add PGP private keys to the existing keyword listing to help flesh it out to the approximately score of keywords all kids should know? o Private keys (e.g., pgp/gnupgp, & SSL Certificates) o Privacy keyboards (e.g., non-Google keyboards such as keepass2android keyboard) o Wi-Fi setup (e.g., WPA2/PSK butterfly hash tables, & wifi sense _optout) o Wardriving amelioration (e.g., hidden broadcast, _nomap, & BSSID cloning) o Network firewalls (e.g., router iptables firewalls, wireshark, & tcpdump) o Privacy smtp/imap servers (e.g., mailinator, & protonmail) o Browser fingerprinting (e.g., panopticlick.eff.org) o Browser proxies (e.g., Epic, Opera, TBB, Aloha, & Brave web browsers) o IP address privacy (e.g., VPNs, web proxy servers, & cmd-line killswitches) o IP address checks (e.g., curl icanhazip.com, & whatismyipaddress.com) o Password privacy (e.g., keepass & mobile device equivalents) o Data privacy (e.g., truecrypt/veracrypt & mobile device equivalents) o Domain blocking (e.g., HOSTS, pihole, router iptables, MVPhosts & acrylic DNS) o DNS leaks & encryption (e.g., dnscrypt, dnsproxy, & dnsleaktest.com) o Privacy-based OS's (e.g., tails, & copperOS) o ??? *What other keywords would point to basic privacy/security concepts?* -- Usenet is a potluck where people from all backgrounds mix & share ideas. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|