Privacy Phones and computers

Started by james03, January 21, 2021, 09:49:09 PM

Previous topic - Next topic

james03

QuoteOk, I downloaded that Tor on the list Lynne and entered daft.ie which is a property website for Ireland.

What happens when you access the site using Tor is that the site has no idea who you are or where you are coming from.  You could be in Japan or Argentina.
When you accept a cookie, it allows tracking.  Once you enter personal information on any website, then the cookie tracking number gets tied to you, and now you can be followed again.

Braxman has a way to defeat this.  He recommends you have 2 browsers.  One is plain vanilla firefox or brave.  For this, go with Brave.  You can install something like Privacy Badger to block trackers and ads, and also I like TrackMeNot which sends out random google searches every 5 minutes.  You use this browser to do things which require your information.  Like accessing you bank account or shopping on Amazon.  Most likely, you'll end up in the database.  But who cares.

For political activities, like posting on this forum, you use the Tor browser.  You should also use the Tor browser to set up a "fake" email account like on gmx.com.  You usually need an email address to create forum accounts.  So you create two separate sandboxes.  Big data and Big Tech will track your Brave activities (somewhat thwarted by the add-ons I mentioned) and conclude you are a plain vanilla sheep.  Your free speech activities will exist in the Tor sandbox and not be trackable or tied back to you.
"But he that doth not believe, is already judged: because he believeth not in the name of the only begotten Son of God (Jn 3:18)."

"All sorrow leads to the foot of the Cross.  Weep for your sins."

"Although He should kill me, I will trust in Him"

Lucy_Helene

Quote from: james03 on February 08, 2021, 09:11:35 AM
Braxman has a way to defeat this.  He recommends you have 2 browsers.  One is plain vanilla firefox or brave.  For this, go with Brave.  You can install something like Privacy Badger to block trackers and ads, and also I like TrackMeNot which sends out random google searches every 5 minutes.  You use this browser to do things which require your information.  Like accessing you bank account or shopping on Amazon.  Most likely, you'll end up in the database.  But who cares.

Compartmentalization is key, and probably the best way to protect yourself. It starts from the premise that nothing is unhackable, and nothing can be 100% private and secure, given that data breaches and cybercrime are simply facts of life today. With compartmentalization, when something inevitably fails, at least damage control is already in place.

Another thing to consider is privacy vs anonymity. With privacy, "they" know who you are, but not what you're doing. With anonymity, "they" can see what you're doing, but not who you are. It's very difficult, if not impossible, to achieve both at the same time, hence the need for having multiple "compartments."

Lucy_Helene

Quote from: james03 on February 08, 2021, 09:11:35 AM
For political activities, like posting on this forum, you use the Tor browser.  You should also use the Tor browser to set up a "fake" email account like on gmx.com.  You usually need an email address to create forum accounts.  So you create two separate sandboxes.  Big data and Big Tech will track your Brave activities (somewhat thwarted by the add-ons I mentioned) and conclude you are a plain vanilla sheep.  Your free speech activities will exist in the Tor sandbox and not be trackable or tied back to you.

If you created your SD account on the clearnet, don't sign into it on Tor, since that would de-anonymize your Tor session. The basic principle is this: only use accounts created over Tor on Tor. Only use accounts created on the clearnet on the clearnet.

GMX isn't the worst email provider (it's certainly better than Gmail, Outlook, or Yahoo--the last of which really shouldn't exist anymore in 2021), but there are also .onion email services that can be used on Tor. Some clearnet providers (like Protonmail) also have a .onion version. As usual, keep clearnet and Tor activities separate.

Lambda Phage

Quote from: Lucy_Helene on February 08, 2021, 11:35:09 AM
Quote from: james03 on February 08, 2021, 09:11:35 AM
For political activities, like posting on this forum, you use the Tor browser.  You should also use the Tor browser to set up a "fake" email account like on gmx.com.  You usually need an email address to create forum accounts.  So you create two separate sandboxes.  Big data and Big Tech will track your Brave activities (somewhat thwarted by the add-ons I mentioned) and conclude you are a plain vanilla sheep.  Your free speech activities will exist in the Tor sandbox and not be trackable or tied back to you.

If you created your SD account on the clearnet, don't sign into it on Tor, since that would de-anonymize your Tor session. The basic principle is this: only use accounts created over Tor on Tor. Only use accounts created on the clearnet on the clearnet.

GMX isn't the worst email provider (it's certainly better than Gmail, Outlook, or Yahoo--the last of which really shouldn't exist anymore in 2021), but there are also .onion email services that can be used on Tor. Some clearnet providers (like Protonmail) also have a .onion version. As usual, keep clearnet and Tor activities separate.

More info about .onion email services please :popcorn:

Lucy_Helene

Quote from: Lambda Phage on February 08, 2021, 01:03:46 PM
More info about .onion email services please :popcorn:

Unfortunately, I don't have too much experience with .onion email providers, but since I'm a long-time user of Protonmail, the only provider I can recommend from experience would be the .onion version of Protonmail: https://protonmail.com/tor.

Since the site will probably make you choose a verification method, just make a fake GMX account using temp-mail.org (since there's no verification of that required), and then use the GMX email address to verify the Protonmail account (the verification email address is simply stored as a hash, so there's no association between the two accounts). If verification fails, just keep trying new Tor nodes. It's frustrating, but eventually something has to work.

There are some sketchy darknet providers out there, so I'd be careful.

andy

The biggest problem with Tor is that those who really track you already know that you use Tor. At that point it really does not matter what you post behind the overlay network.

james03

QuoteCompartmentalization is key, and probably the best way to protect yourself. It starts from the premise that nothing is unhackable, and nothing can be 100% private and secure, given that data breaches and cybercrime are simply facts of life today.

So what you are doing is reducing the attack surface?
"But he that doth not believe, is already judged: because he believeth not in the name of the only begotten Son of God (Jn 3:18)."

"All sorrow leads to the foot of the Cross.  Weep for your sins."

"Although He should kill me, I will trust in Him"

Lucy_Helene

Quote from: james03 on February 08, 2021, 08:49:10 PM
QuoteCompartmentalization is key, and probably the best way to protect yourself. It starts from the premise that nothing is unhackable, and nothing can be 100% private and secure, given that data breaches and cybercrime are simply facts of life today.

So what you are doing is reducing the attack surface?

Yes. If someone managed to breach one of your compartments, your other ones wouldn't be affected.

Say that you only use work devices and accounts for work purposes, and some platform that your company uses gets breached. None of your information will be of any use to them; usually, all they'll see is your name (not that big of a deal) and your work email (probably already listed on the company website).

For random trash (think of those incidents whenever someone asks for your email address just so you can get that one discount, or take that random online survey), just use something like AnonAddy (https://anonaddy.com/) or SimpleLogin (https://simplelogin.io/).

Lucy_Helene

Quote from: andy on February 08, 2021, 07:32:10 PM
The biggest problem with Tor is that those who really track you already know that you use Tor. At that point it really does not matter what you post behind the overlay network.

There are risks with using Tor, of course, and as always, each individual should assign a proper use case to each service. There is no one software that will help if one has poor online hygiene, or uses these tools incorrectly.

There are ways of hiding the fact that you use Tor, or at least reducing the traces. Don't de-anonymize Tor sessions by entering personal information that you'd enter on the clear web. Cross-browser tracking is also possible, so don't have any other browsers open. Don't even maximize the Tor browser window, because that makes it possible for sites to track your screen resolution, giving them another data point to fingerprint you. Don't add extensions or change the settings of Tor browser, because it's configured in such a way to make each user's browser fingerprint identical--this is another reason why using the Tor network apart from the Tor browser is a bad idea. And so on.

ralfy

Quote from: diaduit on February 08, 2021, 03:38:13 AM
Ok, I downloaded that Tor on the list Lynne and entered daft.ie which is a property website for Ireland.  Asked me to accept cookies and adds popped into the page.  I'm a complete dope when it comes to tech but I thought that privacy browsers point was not to have cookies?? 

IF you use words like interface or flux capacitator  :D - I glaze over

I think Tor allows you to hide your location and so forth. It can be slow, and you'll still need to include an ad blocker.

The easiest way is to use a browser that has these built-in, like Brave. The settings have to be reviewed.


ralfy

If you have friends and relatives who use Facebook and Instagram, need to use apps like Waze and ride-sharing and store apps, log in to stores and banks, log in to file-sharing accounts for business, and want to view various content found in sites, as well as want to block ads, customize your desktop interface (like maintaining browser window sizes), want fast browsing, etc., then you might encounter problems when using non-Android systems, vanilla browsers, VPN, etc., not to mention older versions of browsers, and built-in cookie managers and ad blockers that might not block as much as you want.

Given that, here's what I did:

1. Firefox with about:config tweaks;

2. Cookie Autodelete set to whitelist only cookies needed for logins or to maintain settings in various sites;

3. Multi-Account Containers: put certain sites for personal and business use in containers, and everything else left outside with non-personal accounts;

4. A wide-spectrum blocker (like uBlock Origin, but now Adguard because of a lifetime sub promo, which can also be used for Android phones) and anything else;

5. For sites with both a personal and non-personal account (like Google), another browser (Iridium) for the personal account.

Anything tracked will involve non-personal accounts. Personal/business accounts are isolated in containers.

For anything beyond that, there's Tor and VPN.