|
thinking about privacy, security, and keeping myself from being the product. got a nice book on the to-do list but there's a bunch of other books ahead of it plus some real world stuff I need to do deal with.
|
# ? Jun 13, 2022 05:46 |
|
|
# ? May 4, 2024 09:16 |
|
Ornery and Hornery posted:thinking about privacy, security, and keeping myself from being the product. What's the book?
|
# ? Jun 13, 2022 14:20 |
|
Zapf Dingbat posted:What's the book? https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism Excited!
|
# ? Jun 13, 2022 18:17 |
|
Where should I be looking for good blocklists for pihole?
|
# ? Jun 16, 2022 15:35 |
|
tight aspirations posted:Where should I be looking for good blocklists for pihole? I've been using Dan Pollock's list for a zillion years now. It causes a crapload of ads and malware to simply cease to exist. Here it is in 0.0.0.0 hosts-file format, which seems to be the default pihole format: https://someonewhocares.org/hosts/zero/hosts
|
# ? Jun 16, 2022 16:45 |
I love that the very first site on that list is goatse
|
|
# ? Jun 16, 2022 17:13 |
|
Powered Descent posted:I've been using Dan Pollock's list for a zillion years now. It causes a crapload of ads and malware to simply cease to exist. What are blocklists and piholes
|
# ? Jun 16, 2022 19:54 |
|
Ornery and Hornery posted:What are blocklists and piholes Pi-hole is a piece of software that you can install on a Raspberry Pi to block all ads on your home network. A Raspberry P i is a simple credit card sized computer (costing around £100) that people use for Pi-hole, or to run Linux or retro gaming emulators.
|
# ? Jun 16, 2022 21:48 |
|
Ornery and Hornery posted:What are blocklists and piholes A blocklist is just a list of domain names (Internet sites, essentially) that you'd rather your computer not even be able to talk to. (For example, sites that serve up ads on webpages.) You can make a list yourself from scratch, but there are already a lot of pre-made ones that will be a lot more complete than you could ever hope to put together on your own. Use an ad-blocking list that's big enough, and most of the ads on the Internet simply disappear. So how do you use one of these lists? A simple way do it on one computer at a time is to put them into the hosts file giving each one an incorrect IP address such as 0.0.0.0. So when your computer displays a webpage for you and sees that there's supposed to be an image file at the top that's hosted on scummy-marketing.com, then (assuming that site is in your blocklist) it won't be able to contact the real site and will simply leave that area blank. Practical upshot: ads are blocked on your computer. That's great for one computer at a time. But you can also set things up to provide that blocking to every device on your local network, including things like tablets or smart TVs (on which you probably can't even get to the hosts file anyway). Pi-hole is a good way to accomplish this. A Raspberry Pi is just a very small low-spec computer that's geared toward hobby use, and Pi-hole is an application you can run on it which turns it into a DNS server for your local network. Since its reason for existing is to block ads and such, it gives out an invalid address for any site you've told it to block. Practical upshot: ads are gone on all your devices. And many of these lists don't just block ads, they also block sites known to harbor malware, hijacks, spyware, etc. Having a good blocklist is a good security measure. e: Beaten but I went into more detail. Powered Descent fucked around with this message at 22:05 on Jun 16, 2022 |
# ? Jun 16, 2022 22:02 |
|
Those are delightful, easy to understand, and comprehensive answers. Thank you.
|
# ? Jun 16, 2022 23:56 |
|
I'll have to try that list out on my pihole. I also use an on sale lifetime family plan of https://adguard.com/en/welcome.html For mobile.
|
# ? Jun 17, 2022 02:02 |
According to the specifications and various implementations, getting an NXDOMAIN on a query means that query won't be attempted again (until a timeout has passed, at any rate). This has pretty profound implications when doing blocklists, and is what makes it advantageous to use unbound/nsd/bind instead of simply modifying a hosts file to resolve addresses to 0.0.0.0. Another advantage of unbound/nsd/bind is that if you're tunneling your traffic from your mobile device to your home network, it also gets to avoid all of the ads without paying for it. I'm pretty sure this isn't exclusive to FreeBSD, if you avoid following the FreeBSD-exclusive steps.
|
|
# ? Jun 17, 2022 10:48 |
|
deletebeepbeepbeep posted:Pi-hole is a piece of software that you can install on a Raspberry Pi to block all ads on your home network. A Raspberry P i is a simple credit card sized computer (costing around £100) that people use for Pi-hole, or to run Linux or retro gaming emulators. £100? Even the 8gb model pi4 only costs £75. For a Pi-hole the basic £35 model is more than enough, hell pick up an older second hand pi2/3 off ebay for £10 and it will work just as well.
|
# ? Jul 4, 2022 08:33 |
|
I'm starting to get a little paranoid about the whole privacy thing. Sometimes I feel like a doomsday prepper but with the world getting worse, corporations getting more and more powerful, and their cooperation with the state pretty drat complete, should you just completely trust all this surveillance? I live in a southern state. Who knows what will be illegal next? I'm having trouble keeping my Mikrotik router connected to my VPN service either through OpenVPN or Wireguard, but I know that that brand wasn't necessarily designed for this kind of thing. I like Mikrotik but I've always had trouble with tunnels and encryption. I have a PFSense firewall on the way, so maybe that'll be better. I'd at least get some peace of mind with edge of ISP security anyway. I've also been slowly de-Googling, at least as much as you can when you have an Android. Otherwise, cookie cleaners, as little social media as I can, a self-hosted password manager... I guess I'll figure out when enough is enough.
|
# ? Jul 5, 2022 00:14 |
|
Mega Comrade posted:£100? Even the 8gb model pi4 only costs £75. For a Pi-hole the basic £35 model is more than enough, hell pick up an older second hand pi2/3 off ebay for £10 and it will work just as well. The Pi foundation is suffering from supply chain issues and scalpers buying a lot of the output so they're no longer what they should be pricewise. That said, Pi-hole can be run on other hardware.
|
# ? Jul 5, 2022 00:18 |
|
Rexxed posted:The Pi foundation is suffering from supply chain issues and scalpers buying a lot of the output so they're no longer what they should be pricewise. That said, Pi-hole can be run on other hardware. Yeah, I have it running in a VM on my home server. It really is pretty turnkey.
|
# ? Jul 5, 2022 02:41 |
|
I use https://nextdns.io/ and pay them $20/year. One less device for me to manage, and I can easily benefit on my cell phone outside of the house with their app.
|
# ? Jul 6, 2022 21:06 |
|
Is this a good thread for discussing and getting more info on selecting and using a VPN provider?
|
# ? Jul 7, 2022 22:51 |
The Bananana posted:Is this a good thread for discussing and getting more info on selecting and using a VPN provider? For sure! It gets brought up a little bit on various parts of the forums but it’s usually for region locked type of stuff and not privacy and security.
|
|
# ? Jul 7, 2022 23:14 |
|
Oh, awesome. Well... what's a good VPN, for normal use... I don't run like a home business or do anything that needs extra security measures. Im just doing like home banking and making purchases, etc, and wanting to keep my data safe. I'm in the u.s. I don't care about "region locked" content.
|
# ? Jul 7, 2022 23:59 |
The Bananana posted:Oh, awesome. Well... what's a good VPN, for normal use... I don't run like a home business or do anything that needs extra security measures. Im just doing like home banking and making purchases, etc, and wanting to keep my data safe. I'm in the u.s. The nice thing about modern browsing is that any site that uses HTTPS means that that traffic is encrypted. Your ISP and certain network sniffers (like your router) will only see that you visited for instance US Bank’s site but none of the specifics. Most browsers indicate this through a lock icon in your address bar and clicking on that can show more detailed information regarding the security certificate that helps prove they are who they say they are. Obviously more info than what most people need but your biggest threats in that vector are going to be sites that pose as legit ones. Most browsers will prevent you from accessing non HTTPS websites and some will even explicitly say that the site is trying to pose as a real one. In your case a VPN isn’t going to give you any more protection than what you’ve already got. All it would do is pass the receipt of your traffic to the VPN provider and your ISP now just sees you’re connected to the VPN. Not only that but many services will flag some IP addresses from VPN providers (because they get shared with other users using that provider as well) for additional security checks and or flat out block you from accessing the site. My best recommendation for your use case is to make sure you’re using a reputable browser that’s up to date, an adblocker extension called Ublock Origin, and keeping an eye on links in emails or redirects from other pages. I.e. just go to usbank.com instead of clicking the convenient link from your email when they send you something.
|
|
# ? Jul 8, 2022 00:21 |
|
The Bananana posted:Oh, awesome. Well... what's a good VPN, for normal use... I don't run like a home business or do anything that needs extra security measures. Im just doing like home banking and making purchases, etc, and wanting to keep my data safe. I'm in the u.s. Mullvad, hands down. They do absolutely everything right. Based in Sweden, owned by ideological privacy advocates, technical competence coming out their ears, and even excellent customer service (they helped me find a workaround when one of their updates broke a very strange custom thing I was doing). If you're extra-paranoid, you don't even have to trust their client app; you can use any OpenVPN or Wireguard client you like (although their app is quite good). Runner-up: ProtonVPN. I have less experience with this one, but they're in Switzerland, they too seem to know what they're doing (it's the same team that runs the excellent ProtonMail encrypted mail service), and their main datacenter is even in an old Swiss Army bomb shelter a kilometer underground, because why the hell not. However, banking and purchases are precisely what I recommend not using a VPN for. Remember that banks and stores will see that you're connecting from a commercial VPN endpoint, and will (rightly) regard this as potentially suspicious -- people (asshats) DO use these services for shady poo poo. I once did a thing on my Paypal account -- nothing out of the ordinary, just sending a bit of money -- and since I had done it through Mullvad, it immediately got flagged as potentially fraudulent, and I spent the next ten minutes on the phone with them convincing them that yes, it was really me. Ever since that happened, I keep a separate browser that's configured to go straight out, and not through the VPN that the rest of the computer uses. The Mullvad app's "split tunneling" feature makes that easy -- I use Firefox for my regular VPN-protected browsing, and open Chrome in split-tunneling mode to do anything to do with money, or anything else where I want the server on the other end to see that I'm coming directly from my home IP.
|
# ? Jul 8, 2022 00:22 |
|
Very very very good info. Yeah, my biggest worry is that.. like... chrome has SOOOO many of my passwords/usernames and personal info in it, from cookies I guess, that if someone were to be able to get into that, I'd be rightly hecked.
|
# ? Jul 8, 2022 00:26 |
The Bananana posted:Yeah, my biggest worry is that.. like... chrome has SOOOO many of my passwords/usernames and personal info in it, from cookies I guess, that if someone were to be able to get into that, I'd be rightly hecked. Definitely recommend using a password manager like Bitwarden, Keypass, or even Lastpass just to have additional safeguards in place. It is incredibly easy to export passwords from browsers if someone has access to your PC. They'd have a harder time if they had to get it through a password manager that has a password plus 2-factor authentication.
|
|
# ? Jul 8, 2022 00:56 |
|
The Bananana posted:Very very very good info. Yeah a password manager is what you want. Ive tried quite a few and have settled on bitwarden. Its open source and you can even host it yourself if you're super paranoid. VPNs are useful outside of business but mostly for getting around geo-blocking or hiding stuff from your ISP (like ). They don't make your browsing all that much more 'private' regardless of what they claim in their adverts. With maybe the exception of using public wifi in a cafe or hotel etc. If you still need one just grab a cheap one like IPA, they are hosted in America but for general use that's fine. If you're doing something like activism then maybe fork out for a better one like Mullvad.
|
# ? Jul 8, 2022 10:35 |
|
I'm thinking of maybe moving from Tutanota to Proton. I've done some searching but not found much that both services don't have as potential negatives privacy-wise. Am I missing some huge scandal that Proton has been involved in that I should be concerned about? Also, if someone has the Proton ultimate package - would this work to share with my wife (i.e. separate logins for each email adress) or will it all be aliases dumped into the same inbox? Can't seem to find a definitive answer when searching. It would be nice to get my wife to stop using google services.
|
# ? Sep 2, 2022 12:10 |
MrOnBicycle posted:I'm thinking of maybe moving from Tutanota to Proton. I've done some searching but not found much that both services don't have as potential negatives privacy-wise. Am I missing some huge scandal that Proton has been involved in that I should be concerned about? No scandal from Proton. It also has some advantages over Tutanota in that I don't believe Microsoft is blocking signups for their services from it which they are are for Tutanota.
|
|
# ? Sep 2, 2022 12:52 |
|
Nitrousoxide posted:No scandal from Proton. It also has some advantages over Tutanota in that I don't believe Microsoft is blocking signups for their services from it which they are are for Tutanota. Thanks! I didn't know that Tutanota was blocked by Microsoft (but don't have any plans on signing up to their services anyway). Just have to convince my wife to give up her gmail (and move / close all accounts...).
|
# ? Sep 2, 2022 16:46 |
|
Nitrousoxide posted:No scandal from Proton. That's not entirely true. A year ago it came out that they had handed over user IP addresses to the cops. Here's my writeup (and my hot take) when it happened, from the Infosec thread: Powered Descent posted:ProtonMail is in a bit of hot water for handing over the IP address of one of their users, a French climate activist. It seems they received an order from local Swiss law enforcement, which was working with the French authorities via Europol. The buried lede is that Proton is apparently now receiving thousands of these orders per year. To their credit, they're fighting many of them. Despite this, I do still trust Proton. They could have been more transparent about what was going on, but from a technical perspective, it's hard to see what else they could have done.
|
# ? Sep 2, 2022 19:53 |
Powered Descent posted:That's not entirely true. A year ago it came out that they had handed over user IP addresses to the cops. Here's my writeup (and my hot take) when it happened, from the Infosec thread: There's precious few places where that isn't the case; Seychelles used to have no laws on this kind of thing but implemented them when they found out they were harbouring all manner of criminals in datacenters, and it's probable that any existing country without similar laws will be under significant pressure from their trade partners to implement them. In any country where such laws exist, the service providers need to keep logs to protect their own asses, as if they don't they'll be on the hook for whatever criminality their servers are being used to commit - which is ultimately why any privacy provider promising to not keep logs is probably not telling the truth or not all of it.
|
|
# ? Sep 2, 2022 21:31 |
|
Ok yeah I agree with the above points. Unrelated but fits this thread (or maybe the OPsec thread). For some reason the equivalent to a county where I live in Sweden decided that when developing the next system for keeping medical records etc (i.e the tool we work with), hiring an American firm to develop it AND host the medical records in servers located in the US was a good idea. In other words I guess that would mean that the US gov could in theory have access to a large portion of Swedish citizens medical records. Thankfully this was uncovered and a scandal ensued. The whole system is delayed by 4 years and will cost a ton more than predicted. Nice.
|
# ? Sep 3, 2022 17:12 |
|
cage-free egghead posted:Definitely recommend using a password manager like Bitwarden, Keypass, or even Lastpass just to have additional safeguards in place. It is incredibly easy to export passwords from browsers if someone has access to your PC. They'd have a harder time if they had to get it through a password manager that has a password plus 2-factor authentication. No offense but wasnt Lastpass the ones with clownshoes security and a whole bunch of breaches? My passwords were safe until I switched to Lastpass, then everything leaked. 1Passwords seems to be a better option, last I checked. Been using it for 2-3 years, but im not sure if it suddenly sucks now.
|
# ? Sep 4, 2022 19:48 |
|
|
# ? May 4, 2024 09:16 |
|
Parts of their source were leaked recently: https://www.theverge.com/2022/8/26/23323738/lastpass-security-incident-source-code buglord posted:No offense but wasnt Lastpass the ones with clownshoes security and a whole bunch of breaches? https://en.wikipedia.org/wiki/LastPass#Security_issues
|
# ? Sep 4, 2022 20:25 |