The Online Privacy/Security Thread -

Garm

kiwifarms.net
I know I talk about this a lot but have you guys reviewed the FreedomBox stuff?

www.freedombox.com

I know enough about computers to get in trouble but not enough to know if that does a decent job.
 

ItsTheShitt

kiwifarms.net
I know I talk about this a lot but have you guys reviewed the FreedomBox stuff?

www.freedombox.com

I know enough about computers to get in trouble but not enough to know if that does a decent job.
Dead link, I think you meant freedombox.org

It seems to be an easy way for normies to host free services like MediaWiki, Gitweb, my fav I2P, and more
It's a good project, hope it gets popular
 

3119967d0c

"a brain" - @REGENDarySumanai
True & Honest Fan
kiwifarms.net
Out of curiosity: what chromebook with which SoC?
I've done this with a Lenovo Chromebook past ChromeOS EOL.

There's a guy who does coreboot FW development in an easy package for a wide variety of Chromebooks. Possibly the only coreboot developer who isn't a MTF tranny. You generally have to open 'er up and toggle a jumper or remove a screw to open up FW flashes to allow this, which I would recommend researching for a specific model especially if you're buying it to do this with, but it's all done in quite an easy way.
Now, the fact that these things will boot doesn't mean that fiddly things like graphics or wireless or cellular components are fully supported. Though everything on mine seems to work fine. And while battery percentage indications work on mine, I suspect that processor throttling type stuff may not be fully supported. So you might not get the full Chromebook battery life.
 

HumanHive

Human Behavior is Exceptional Behavior
kiwifarms.net
What makes you think that? I've heard a lot of people say it's a botnet and full of spyware, but I genuinely want to know why?
What is? Neither one really can be to my knowledge.
Ungoogled Chromium is debotnetted, it does not phone in to google or anyone else for that matter and its code is up on github for all to see.
Ublock is a adblock script manager, and a powerful one at that. Vital to security on the modern web. I imagine it does phone home, but only to keep itself and its scripts updated.
 

Flabba_Wabba_Jabba_Noonga

Just a man trying to change things
kiwifarms.net
What is? Neither one really can be to my knowledge.
Ungoogled Chromium is debotnetted, it does not phone in to google or anyone else for that matter and its code is up on github for all to see.
Ublock is a adblock script manager, and a powerful one at that. Vital to security on the modern web. I imagine it does phone home, but only to keep itself and its scripts updated.
Sorry I meant to specify about Brave. I had a look at some stuff about Brave having spooky spyware on it, but all it was was external libraries, fonts, and the Brave BAT system doing affiliate link checks from time to time. Although the section about telemetry was slightly concerning, it can be manually turned off (using Wireshark you can see there's no more messages being sent out to static1.brave.com anymore).

Plus Brave is open-source also.
 

thrusting

iced out
True & Honest Fan
kiwifarms.net
I've heard a lot of people say it's a botnet and full of spyware
I get the feeling that people who claim that are turbo autists who value theoretical privacy over pragmatism. I'm all for infosec but I'm not gonna avoid 90% of the modern Internet because muh spyware botnet concerns.
 

glow

Softly glowing in the dark
kiwifarms.net
A few easily actionable steps you can take that I didn't see mentioned here:
  1. Disable WebRTC, because it can reveal your real IP address, it can even evade VPN software in some cases. The website has to decide to use it but if someone can trick you into going to a webpage they control, they can get your IP address.
  2. Regular DNS is plain-text, so anyone who can observe your traffic (your ISP, government, etc) can trivially find out what domain name you are going to, even if you see HTTPS in the browser bar
  3. You can use DNS over HTTPS if you think you can trust the providers of the services in question. You probably can't fully but it's probably better if the service is in another jurisdiction.
  4. Use a separate browser profile for browsing you don't want connected to your main profile - use your personal gmail account on a different browser profile to the one you browse KF on for example. Of course, you're still browsing from the same IP address but it could be someone else on your network so it's not as likely for the traffic to be linked to your profile.
To find out what you are leaking please see the Mullvad connection check site.
 

Merrick

kiwifarms.net
I don't have much to add, but if you are talking about paying crypto to certain VPNs I would nominate Mullvad as the best VPN for anonymity, you can literally just send them money by post for your account (or use crypto if that's your thing). No email and no card (unless you wanted to pay by card) required, if there are any other companies with that model by all means list them, but I would say Mullvad > Nord.
I know someone who torrented a Game of Thrones file both with and without Mullvad.

He got a notice from his ISP without Mullvad on, and no notice when he used Mullvad.
 

glow

Softly glowing in the dark
kiwifarms.net
He got a notice from his ISP without Mullvad on, and no notice when he used Mullvad.
Perhaps you know this already but for those that don't, the systems that do this are largely automated these days. Effectively it works like so:
  1. Someone uploads a torrent
  2. Anti-piracy firm connects to the tracker and sees you downloading a torrent they care about
  3. They find the IP address, look up the ISP's ASN and send an email to an abuse or anti-piracy contact (I assume the message has an attachment follows some sort of data driven format like CSV that is easily parseable)
  4. The ISP automatically sends you a message to knock it off
  5. Optionally the anti-piracy firm subpoenas the ISP and tries to sue you but this doesn't seem to happen so much these days
If you use a VPN, at stage 4, the VPN company just routes it to /dev/null and continues with their day.

I would trust a VPN for my regular thoughtcrime posting and for civil offences like torrenting but you must know that nothing is bulletproof and if you use it to perform acts that are actually illegal then you are still taking a serious risk. I would expect intelligence organisations to attempt to compromise major VPN services (by turning individual employees for example), and there are potential temporary takeover methods on Tor, although I don't know how workable they are today.
 

Account

A nondescript anime avatar account
kiwifarms.net
You can use dnscrypt-proxy to send encrypted DNS requests to a customizable list of DNS servers.
You can use public invidious, nitter, libreddit, and searx instances to proxy requests to popular websites and search engines. If you're autistic enough you can hop instances for each thing you do (search, video watch, etc.) so the people hosting each instance have only get a fragment of your activity.

Tangentially related but firejail (linux only) can isolate programs into sandboxes that have very fine-grained customization (deny access to the network, allow access to certain files, replace certain folders with other folders, allow only certain binaries to be executed, etc.). Useful for denying programs the ability to phone home if you're suspicious, and I assume it can mitigate the impact of any security holes in software by denying it access to your filesystem or the internet.
 
Top