Results 1 to 10 of 31
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-25-2013 #1
- Join Date
- May 2004
- arch linux
Tips Regarding Internet Tracking and Your Privacy
While I don't go to places online that I would be embarrassed about, I still don't want someone following me everywhere I go online just like I wouldn't want that happening when at the shopping mall, or the grocery store. In fact, I walk out of those places where an employee follows me around after they've been told that I don't need any help.
If any of you have additional tips, don't hesitate to post them.
- 02-26-2013 #2
OK, not trying to be a butthead oz (but just saying) for the tabs on the left-hand side of that site to work you'd have to have java-scripts enable in your browser. I'm sure that site is fine. But, if you don't want to be tracked in general then having js enabled by default in your browser is bad mojo.
My recipe for *minimal* browser security (it can and does get more intense than this for banking, this is just to surf the web):
There's a lot here and it's in no particular order.
1) Have AppArmor installed with the utils suite added to it. Utils contains a set of AA configuration tools and a non-default set of AA profiles; including a non-default profile for FireFox. Or you can build a non-default AA profile or use SE-Linux.
2) In browser configuration:
A) Edit / Preferences / Privacy = Tell websites I do not want to be tracked.
B) Edit / Preferences / Privacy = FireFox will use custom settings for History,
Also Uncheck "private browsing" , "remember search" and "remember history"
Check "accept cookies", uncheck "3rd party cookies"
Keep until: Ask me every time
Keep cookies only for session
And only keep cookies on sites where an interactive dialogue occurs; such as when you sign in here or your web mail or check the weather by zip code or shop for cars or pay bills. All “non-interactive” cookies are for tracking purposes only.
3) Use a document reader like evince, instead of the built in FF PDF reader. You'll have a smaller exposed potential exploit footprint.
4) Set your downloads to ask every time instead of automagically being dropped in to the downloads folder. Even FF is susceptible to driveby Dls. And tell the DL dialogue box to pop open on DLs. This might give you a visual cue on a driveby DL.
5) Install NoScripts and learn how to use it and configure it. Basically, when I set up a new browser installation I remove all the exceptions and just add back the ones I actually use as I use them. On the “Embeddings” tab forbid everything EXCEPT DO NOT apply the restrictions to white listed sites too. In the advanced / untrusted tab check all boxes. All of the other defaults should be correct.
6) Install Ghostery and set it up to automagically block everything (pretty straight forward).
7) Install Ad Block Edge, not Ad Block Plus. Edge is a fork. The author of Plus was under pressure to let a lot of crap slip by and here recently more and more exceptions for crap keeps creeping in to the default installation. Edge strips that crap out and is 100% compatable with Plus lists and plug-ins; ignore errors messages to the contrary. Subscribe to Fanboy's list.
8 ) StartPage makes an excellent search engine.
9) Install “New Tab Homepage”. Do no use the default new tab (which shows lots of previous tabs) as this fun little tool will pull up fun stuff like oh, A COPY OF THE BANK PAGE YOU JUST LOGGED OUT OF! OOOPS! Set StartPage as your homepage; it's customizable and you can install the engine to your browser.
10) Google EverCookies, SuperCookies and LSOs (local shared objects [flash]). Basically these nasty little pukeburgers write themselves all over your system in lots of places cookies don't normally go and where you would never think to look for them; which is the point. I have tried recompiling FF to reject the @#$%^& things. And doing so will break 98% of the web, literally. Even cookie management won't keep them out. The only way I've found to manage them is to run BleachBit between sessions. They can still track you in session, but at least they can't build a profile of you that spans sessions; at least not easily.
11) Install BetterPrivacy and learn how to configure it. It will help with the LSOs and SuperCookies, but not the EverCookies.
12) Install Calomel SSL Validation. This will tell you just how strong HTTPS is at your favorite sites. (Like your bank, really wanna peeve somebody off? Call your bank and tell them to quit using weak encryption!) It also has options in it to configure FF to write the cache only to RAM and not the hard dsik.
13) Install WOT, everybody should already know this one.
14) Edit / Preferences / Security / Warn me when a site tries to install addons / execptions = Make sure the box is checked and all exceptions are removed. This hole combined with driveby DLs was infecting peoples browsers with bad addons not long ago.
dom.storage.enabled set to false
geo.enabled; set to false
network.dns.disablePrefetch; set to true
network.dns.disablePrefetchFromHTTPS; set to true
16) Block pop up windows on the content tab. Block attack sites and web forgeries on the security tab.
17) Install Passive Recon and learn to use it. You'll have a much better idea of who's really on the other end of the connection.
18 ) The Modify Header plugin will allow you to drop the user-agent string of a different browser / OS in to your broswer so you look like something you're not. This is a really easy way to protect yourself when you accidentally end up at malicious / compromised sites. Such sites often employ automated scanners that indentify the type of system that you have and customize their automated attacks to your system. So, when they attack me they are attacking FF 5 on XP!. BTW, there is an identifying string generated by FF that cannot be obfuscated - last I heard. So, if you run FF never change your header to say that you're on something elses like IE. You'll give yourself away. Instead change your OS and FF version.
19) Install Webmail Ad Blocker.
20) Install unplug and rip flash video from remote pages to local storage. This will strip out a ton of tracking crap.
21) Install AskForSanitize and Secure Sanitizer and configure them to do a DOD 3 pass wipe of the cache on browser shut down. But, be sure not to tell either FF or the sanitizers to clean site preferences on shut down or you'll lose your per site cookie settings and your per site NoScripts settings.
22) Install Search Engine Security.
That will get you a good start on having the tools necessary for basic web privacy.
If anybody really wants to go down the rabbit hole let me know and I'll pick up from here and give tips for setting up a banking machine.
I covered a lot of this here.
- 02-26-2013 #3
Also install easylist to your ad blocker. At the moment in ABP you can turn off acceptable ads.
A simple way to deal with LSOs is
mv .macromedia saved-evil-stuff ln -s /dev/null .macromedia
Install the HTTPS Everywhere extension from the Electronic Frontier Foundation.
I always say that you can't stop yourself being tracked around the Internet but you can make the bastards work for it!"I used to be with it, then they changed what it was.
Now what was it isn't it, and what is it is weird and scary to me.
It'll happen to you too."
The Fifth Continent
- 02-27-2013 #4
Well BB will "flush" LSOs, so I haven't messed with moving directories around. And easylist is a good addition to either version of AB.
There's a big arms race going on in the privacy space. Almost as soon as somebody comes up with a new snooper somebody else comes up with a new counter; which is then countered.
Custom configuration is *very* important to system sec. The more non-standard you are the harder you are to crack (usually, unless you do doofus stuff). But, if you get too non-standard then the counter punch will not work for you either.
And elija is right: Tracking is an odd duck. You can never get away from it completely. And if you get away from it too much you actually become more tracable by not being trackable enough.
I have two more "levels" of privacy in my playbook: Banking and Spooky. All three levels are progessive. So the one above is Basic, Banking builds on that, Spooky builds on banking.
I use HTTPSEverywhere for Banking along with a lot of other stuff.
For Spooky a Banking setup (with no actual banking info) gets dropped in to Tor along with a lot of non-standard stuff that you don't normally see coupled with Tor.
The results do not make me UNTRACKABLE!. They make me ~untrackable.
My guestimate (based on lots of stuff I've read) is that there are probably well less than 25K people on the planet that can make a machine become that big of a pain in the @$$ to track. With <25K people out of ~2B people on the net being that hard to track you stand out to the algo's like a friggin beacon!
Thus the act of becoming "untrackable" actually makes you more trackable. You might as well stick a flare up your nose because the potential pool is so small that it is very easy for the algos to separate you out from each other based on individually distinguishable characteristics like the neuro-lingustic patterns in your writting samples.
The only way to "defeat" tracking is to starve the bastards of information.
Setup a basic profile and disrupt their profile building without standing out too much.
Set up a banking machine so you don't have script kiddie headaches.
Go spooky only when you absolutely have too so that there is as little information as possible for the algo's to associate back to you from that user mode.
We now return you to your regularly scheduled program.
- 02-27-2013 #5
If you want to be really mean you could fill it with barbecue sauce or something like that but that's probably overkill.
- 02-27-2013 #6
- 02-27-2013 #7
- Join Date
- May 2004
- arch linux
- 02-27-2013 #8
Oz, many years ago a friend told me about a shoplifting gang that would send in two or three male decoys into a large store and a few minutes later the female thieves would go to work robbing the place blind while " security " stuck to the decoys like glue!! I'm old and use a cane so when store security is stalking me in a store I ask the manager to call the police because I think the guy might be trying to rob me!PCLinuxOS Gnome and PCLinuxOS Mate
Linux user # 414321
You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
Everything Within The Universe Is Related; We Are All Cousins!!
- 02-27-2013 #9
- Join Date
- May 2004
- arch linux
Edit: just to add that if you aren't sure that someone who is following you around is an employee, you could always call 9-1-1 for the same reason as above. After the police show up a few times, maybe management will consider changing their tactics.
Last edited by oz; 02-27-2013 at 05:38 PM.oz
- 02-28-2013 #10
Well, I've been playing with the new addon all day. This is what I came up with:
If you use no google sign in services like gmail or video chat then the propper configuration is to deny all google cookies locally in FireFox and allow java-scripts requested by google services like .com, static, (on some sites you might need to enable stuff like js for apis or ajax, etc) in NoScripts. You also need to allow google redirects in both FF and NS.
In this configuration,with no local google cookies (which means they have no "on-machine" way to track you) all non-sign-in google services (like map directions) have worked for me without a hitch all day.
But, this configuration will break any google sign in services; which you shouldn't be using any way because they're evil. They're the biggest friggin tracker on the planet and they're in bed with the guberment up to the tips of their stylishly frosted hair.