Slashdot Mirror
How To Protect Your Privacy Online (theverge.com)
Though the U.S. Congress voted to roll back privacy rules, broadband customers can still opt-out of targeted advertising from Comcast, Charter, AT&T, and T-Mobile. But an anonymous reader explains why that's not enough:
"It's not clear that opting out will prevent ISPs from putting your data to use," reports The Verge, adding "you're opting out of seeing ads, but not out of providing data." Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, tells NPR that consumers can also "call their providers and opt out of having their information shared." But he also suggests a grass roots effort, calling this "an opportunity to pressure companies to implement good practices and for consumers to say 'I think that you should require opt-in consent and if you're not, why not?'"
To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations.
I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?
To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations.
I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?
Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing: https://motherboard.vice.com/e...
http://www.geoffreylandis.com
The only real way...
Ad hoc mesh to bypass the ISP. As long as we remain beholden to them there is no hope for any kind of privacy amounting to anything more than a pipe dream. There is no law that can stop them from doing what they are doing. They are simply untrustworthy. It's that simple.
Mostly I don't care but I do have an EC2 instance set up with stunnel and apache acting as a pure TLS protected forward proxy. That allows for local tokens and cookies to persist if i so choose and still mask everything from my ISP. I don't really use it that often though. If I see a reason to I can, that's enough for me.
Now gets you put on a list just for using it. I suspect VPNs are going to do the same.
Any browser that doesn't completely anonymize and secure browsing, social media, hosted email, any other applications that don't encrypt their communications, any network connection that isn't anonymous, any device you don't plan to ever re-use and that wasn't purchased with a traceable payment. I think that covers it, if you accept a couple dozen more assumptions that aren't listed in addition to the above.
Set up a browser to randomly hit websites, click on ads, and otherwise feed useless data into the maelstrom.
Heck, let's pay Indian Call Centers to contact Comcast with tech support problems.
It'll be worth it in the end.
There's literally nothing you can do if you're paying an ISP for connectivity.
The only way you can begin to have any kind of privacy is to connect through somebody else's connection (public or otherwise). From there, you can encrypt and all that good stuff. But with this new law passed, there's quite literally nothing you can hide from your own ISP.
I don't respond to AC's.
I thought TrackMeNot was a good approach to poisoning big data analysis, but it does not appear to be receiving any updates and Google apparently figured out a way to detect it.
sPh
Just don't look at porn.
I hate the color orange.
Not sure how much it prevents the ISP from tracking me but I've long NOT used my ISP's DNS servers and only used OpenDNS. Just this week I configured my router (asus, using merlin's stuff) to use DNSCrypt to OpenDNS which should SSL the requests - making my lookups private. That plus https practically everywhere else should secure my CONTENT but my IP connections could still be logged and sold - though I'm not sure how valuable that is for advertisers.
Before everyone loses their shit over these "rollbacks to privacy", let's remember that these rules that are being rolled back didn't exist until fucking October. So it's not like we're losing some sort of magic protection that we've always had. If you weren't losing your shit over your ISP tracking you six months ago, there's no reason to lose your shit over it today.
To summarize the article linked by the parent: "Wahh, encryption slows down my 100GB connection and evil Republicans broke the Internet. I shouldn't have to use encryption because it's inconvenient and makes it harder for me to watch Netflix."
More or less accurate. You missed "and some sites won't load at all."
http://www.geoffreylandis.com
"But he also suggests a grass roots effort..."
Neema Singh Gulani is female.
See subject: Stop ads & dns tracking via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
How all these so-called "Privacy" sites are polluted with Third-Party trackers, Third-Partly loaded malicious Javascript, and that they prevent you from seeing anything at all if you block all the nastiness.
This should give a clue that *NONE* of these sites are actually interested in safety, privacy, or security.
The have alternate goals which is to have you choose to be pawned by them rather than your ISP.
TOR through a VPN
Change you user agent to something like this:
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 Copyright2017@"
Then tell your ISP that your queries are copyrighted and they have to negotiate with you (and perhaps pay you) to use them.
TAILS, baby, TAILS..
Windows 10, Edge, Office 365 and the Microsoft Cloud are BRILLIANT for your privacy. Nobody will ever know who you are or what you do online. Nobody. =)
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
Entered my email address at the Charter opt-out site. Got this response:
"Targeted Digital Marketing Ads
Your Privacy Preference has been submitted successfully.
Please note that it may take up to 60 days for this request to take effect."
More VPN providers than you can throw a bucket of sticks at:
https://thatoneprivacysite.net...
TorrentFreak 2017 survey:
https://torrentfreak.com/vpn-s...
I've moved from PrivateVPN (seem incompetent) to CyberGhost premium (slow, dodgy untrustworthy they essentially log), NordVPN next.
Valve/Steam f**ks over VPN users, downloads go at 40KB/s whilst using VPN, they seem to think it's up to them whether I use a VPN, like fuck you valve, that isn't your choice to make.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Cylance recently posted a blog on steps to take to protect online privacy: https://www.cylance.com/en_us/blog/ten-practical-steps-to-protect-your-online-privacy.html
If you roll your own VPN via a VPS not only can you optimize the settings for maximum throughput, you're the only one consuming all the bandwidth so you aren't competing with other users. And, in many cases VPS cost less than a VPN service! With the latest OpenVPN 2.4 add this to the server.conf for increased throughput, you'll be pretty surprised. My tests show on a 30 Mbit connection, with compression I get 28 mbit, and without I get 16 mbit:
proto udp
fast-io
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
txqueuelen 1000
fragment 1450
mssfix 1450
comp-lzo no
compress lz4-v2
push "compress lz4-v2"
Granted, the U.S. government can subpoena your VPS connection, but I'm not trying to hide from them. I just want to protect myself from; hackers, ISPs, and DDOSers. I'm in a hotel right now, I wouldn't want to send unencrypted packets over this awful bullshit, especially when doing something like banking for example. The problem with any big VPN provider is that they've made themselves a target for government requests, hackers, and with this new law they could snoop and make money off your data legally now too.
The drawback to doing it yourself is that you have to spend significant amounts of time researching best security practices. Like checking and verifying integrity of downloads with gpg, keeping an eye on your server logs, running tripwire, tiger, rkhunter, chkrootkit, logwatch, OSSEC, psad, haveged, ed25519 ssh, fail2ban, not permitting remote root login, no ssh passwords - passworded preshared certs only, rsa 4096 and not the default for dh for pfs over the control channel for vpn (btw the next bump up in 5-10 years is 15k rsa keys most people don't know that), setting up a nice big swap file, turning on mlock in openvpn to get rid of old nonces, adjusting swappiness and cache pressure, automatic security updates, keeping your kernel up to date, rotating out old keys once in a while, blocking syn, xmas, and null attacks, build your keys with a local trusted machine not the vps, use tls-crypt not tls-auth, ncp-disable renegotiation cause that shit is retarded, use a non-root user/group for the vpn daemon, use persist-key persist-tun, run lmd maldet in a cron job, lock cron to root via cron.allow, check your tripwire tripwire tripwire often!, use mobaxterm (turn off the built-in x11 server though) because putty is antiquated crap, set tls-version-min to 1.2, using nonstandard alternative ports under 1024 for ssh and vpn (1024 because if someone breaks into your server as a guest and manages to crash your daemon remotely they can bring a daemon up on the same port, but if it is 1024 they cannot because 1024 is restricted to root), properly jailing services and setting file system permissions, using a proper hash and cipher, restricting the cipher list, making your iptables persistent, setting up your firewall correctly, geoblocking entire nuisance countries, having emails sent to a 3rd party email system in case someone modifies your logs, being prepared to burn your node and set it up again on a new IP if it does get compromised, and probably more I forgot to mention.
If you aren't doing all of that and even more, you aren't doing it right and probably shouldn't bother then.
But, at least, when you do it yourself you know due diligence has been done, with a public VPN you're putting yourself in their hands and they might have just flicked a switch and gone golfing. -- Most likely scenario.
Also, don't use Tor it just mixes your connection in with actual criminals and now you look like one too. If you do use it, absolutely DO NOT set up a super node! You'll get paid a few visits by law enforcement for certain.
Though, the average consumer can't pull off what I'm doing, unfortunately. Nor do they probably care enough. I've thought about setting up a service for people who want fast VPNs, since I know what I'm doing. The only reason I haven't done it is that a) I can't guarantee I wouldn't hand shit over to law enforcement, b) I don't want the terries to have a nice secure place to do their business. So, to do all of you a favor I haven't started a service like that. You're welcome.
Sorry for the rant.
Of what measures are site owners and ad-platforms doing to ensure the integrity of their content and that their ads are not replaced midway...
I have been opting out for years with 'AdBlock Plus' and Privoxy. I rarely see any ads and never see popup ads.
ISP only sees encrypted packets going to an anon VPN - that will make your PC be ''located'' anyplace you like... USA, Europe, etc...
Why Washington D.C. thinks professional hackers would openly walk naked through the internets ... broadcasting their location as 'russian' is silly.
more like known state actors, within the USA can easily make their activities appear to come from Canada, or Russia, or where ever they like.
Change all your DNS settings to make sure they route through private DNS and not your ISPs DNS - and all of that goes through your VPN
with now DNS leaks.
Living in MN seems to help.
If you want privacy, you'll have to go find a wilderness hideout somewhere, not connected to the grid. It's an arms race. The more we try to protect our privacy, the more ways corporations will find ways to circumvent our protections.
While you're out there, you might run into some people who think Y2K destroyed civilization...
Step 1: Create a Macro / Script to auto click every 3 seconds
Step 2: Search for cat videos and set to auto click them
Step 3: AFK for 1/2 the day
Step 4: All your ads are now nothing but cats regardless of whatever you searched (search pizza -> get cat ads)
If you want to protect your privacy, the first step is to not use use google services or Facebook. That includes google DNS!
See subject: By using hosts hardcoded favorites (where u spend most time online) my program generates (shown here https://yro.slashdot.org/comments.pl?sid=10440093&cid=54160873/ IF you're ISP is tracking DNS requests via logs of them (most do).
APK
P.S.=> You also avoid DNS security & inefficiency issues galore (100's I listed here by category & FAR from a complete list) https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ as well as malware + ads tracking/infecting/slowing you etc. (hosts do tons more vs. ANY other single solution & for less, natively, using what you already have in faster kernelmode in the IP stack itself)... apk
Hosts file (and your solution) won't protect you against your own ISP storing your browsing history and possibly selling it to a third-party.
Otherwise prevention of crime would be impossible. That is not to say it is not almost impossible already. But I mean the perception and the belief it is possible are important in itself.
Law enforcement works like a religion: the more people believe in it, the better it works in preventing crimes.
Privacy and _belief_ in law enforcement are at somewhat mutually exclusive. When another gets stronger, the other gets weaker.
Last week, I started up 3 relays (different cloud providers) and one exit nide (at home) and I urge everyone to do the same.
Let's help everyone that want to protect their privacy
alltoptrending.com
See subject: When you do hardcodes in hosts for resolving your favorite sites (my program does) avoiding ISP dns lookup for them.
* A reverse-proxy hosts don't avoid though...
APK
P.S.=> Nice part is, those same hardcoded favorites are FASTER than calling out to a remote DNS (especially, but even vs. a local one YOU setup too as there's no network traversal @ all, but done in your local system RAM) & avoid TONS of DNS security issues enumerated here (100's in various categories of many kinds in security/efficiency https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ )... apk
My pfSense firewall has an alias (group of IPs) that it routes via VPN. Originally it was only my OrangePi torrent server, but with the new legislation, I've moved my phone and PC into the group. My 6 Rokus go out unprotected, but I have to imagine for security Netflix and Hulu use HTTPs for all their control signaling, so short of throttling by the ISP, I don't see them being rewarded for trying to read that data.
Maybe we should just develop a browser extension that will visit random sites in the background. If enough privacy minded people installed it then it seems as though the data would be bad enough to not even be worth buying. Is there a downside that i'm not seeing?
-Anonymous Coward :P
If you're interested in rolling your own VPN I can recommend libreswan.
I got both L2TP over IPSec and IPSec with XAUTH and PSK configurations working with the native VPN client (racoon?) in macOS Sierra (and presumably iOS). I'm still trying to get Android 6.0 working with XAUTH and PSK (establishes tunnel, but doesn't route properly), but L2TP works ok. My *NIX hosts just use libreswan as the client.
Amazon offers 1,000 free hours to new AWS users and the pricing on their EC2 instances is very good, so it shouldn't cost too much to route your connections through them.
Don't forget that your computer has fingerprints.
1. Operating System
2. Browser
3. Browser Plugins
(versions and possibly installation dates of above)
4. Cookies
5. Tracking Files (1x1 invisible image isn't just to fill in a small hole in the picture)
Mix all of that together, and add in the IP addresses these fingerprints are observed at and you are very well known. It doesn't matter if you use a VPN or not... The one time that you forget to login to the VPN, you've just left a calling card. On top of that, most people don't realize that their ISP has been quietly rolling out IPv6. Nothing to see here, except a permanent IP address for your home, and every IPv6 compatible device that happens to use the internet via your connection. No worries about running out of address space here. Each mac address that's "found" connecting to your network is remembered.
So, go ahead. Waste time/money on a VPN.. it's only a minor speed bump to the big-data-monster
Breezy and Warm by the Beach
Considering the clown show that most VPN services are (IPSEC key is 12345678 is a good one...), before the obvious problem of them tapping into your exit clearnet datastream for analytics, it isn't sane to trust them. Roll your own VPN exit.
Use Algo (IPSEC) or Streisand (almost every modern VPN method) as prerolled VPN exits you can deploy on any public cloud. True you have to trust the cloud provider to not tap you like an ISP, but the odds are better there since the incentives are aligned differently.
Or use Signal, use TOR.
As I wrote here: http://web.archive.org/web/201...
"Now, there are many people out there (including computer scientists) who may raise legitimate concerns about privacy or other important issues in regards to any system that can support the intelligence community (as well as civilian needs). As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about privacy and something like TIA). On the other hand, the internet can be used to change the status quo in various ways (better designs, better science, stronger social networks advocating for some healthy mix of a basic income, a gift economy, democratic resource-based planning, improved local subsistence, etc., all supported by better structured arguments like with the Genoa II approach) to the point where there is abundance for all and rounding up dissenters to mainstream economics is a non-issue because material abundance is everywhere. So, as Bucky Fuller said, whether is will be Utopia or Oblivion will be a touch-and-go relay race to the very end. While I can't guarantee success at the second option of using the internet for abundance for all, I can guarantee that if we do nothing, the first option of using the internet to round up dissenters (or really, anybody who is different, like was done using IBM [tabulators] in WWII Germany) will probably prevail. So, I feel the global public really needs access to these sorts of sensemaking tools in an open source way, and the way to use them is not so much to "fight back" as to "transform and/or transcend the system". As Bucky Fuller said, you never change thing by fighting the old paradigm directly; you change things by inventing a new way that makes the old paradigm obsolete."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
This interference isn't arbitrary, its comprehensive.
"Trump!!", the new Godwin.
It seems to me that there is a bit of confusion regarding the issue of ISPs and privacy.
According to a US Rep, Costello, (R) PA, it is the FTC, and NOT the FCC, that is to regulate privacy concerns here.
Here's a link to his explanation: https://iqconnect.lmhostediq.c...
Seems to me that we, the People, have allowed too much confusion and B/S from our political parties, such that it allows them to get away with too much.
I say we start purging the system of band-aid laws and get serious about being FOR the People!
What say you?!
Self-importance and self-indulgence is the root of ALL evil.