How To Protect Your Privacy Online (theverge.com)

← Back to Stories (view on slashdot.org)

How To Protect Your Privacy Online (theverge.com)

Posted by EditorDavid on Sunday April 2, 2017 @05:34AM from the timely-tips dept.

Though the U.S. Congress voted to roll back privacy rules, broadband customers can still opt-out of targeted advertising from Comcast, Charter, AT&T, and T-Mobile. But an anonymous reader explains why that's not enough: "It's not clear that opting out will prevent ISPs from putting your data to use," reports The Verge, adding "you're opting out of seeing ads, but not out of providing data." Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, tells NPR that consumers can also "call their providers and opt out of having their information shared." But he also suggests a grass roots effort, calling this "an opportunity to pressure companies to implement good practices and for consumers to say 'I think that you should require opt-in consent and if you're not, why not?'"

To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations.
I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?

69 of 130 comments (clear)

Min score:

Reason:

Sort:

VPNs aren't all that great by Geoffrey.landis · 2017-04-02 05:40 · Score: 4, Insightful

Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing: https://motherboard.vice.com/e...

--
http://www.geoffreylandis.com
1. Re:VPNs aren't all that great by Kernel+Kurtz · 2017-04-02 09:19 · Score: 5, Interesting
  
  I have my VPN on most all the time with no issues at all. My regular PC only tests around 30 Mb/s on my 150 Mb/s connection, but that is shared with several other computers anyway. They also may or may not use VPNs and I can still saturate my connection if they are all busy. Just can't do it on one machine.
  Ironically I mostly turn off the VPN for online banking, since banks and CC companies often flag connections from random geographic locations as suspicious.
2. Re:VPNs aren't all that great by Marxist+Hacker+42 · 2017-04-02 13:01 · Score: 1
  
  If they grew up, they'd have to recognize that browsing history by default is public information. And that in fact, NOTHING ON THE INTERNET IS ANONYMOUS!
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
3. Re:VPNs aren't all that great by tatman · 2017-04-03 02:36 · Score: 2
  
  Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing: https://motherboard.vice.com/e...
  All its doing is moving your identifable traffic from the IPS to the VPN provider. The VPN provider can still sell your browsing habits.
  
  --
  I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
4. Re:VPNs aren't all that great by Lord+Flipper · 2017-04-03 05:34 · Score: 1
  
  Motherboard actually had an interesting article pointing out that VPNs actually aren't all that great for routine browsing
  Motherboard.. LOL
  They say they got 5% of their normal speed w/PIA... Gee, using an NYC server, how could that happen? /s
  I get 85-95% of my cable speed with PIA, and that's while using a crowded Silicon Valley server... Drops to 75% when I use Southampton (UK) for BBC-related. London server would be considerably worse. I think I see a pattern here...
  Again... Motherboard? Please.
5. Re:VPNs aren't all that great by bmk67 · 2017-04-03 05:52 · Score: 1
  
  I get 25 down / 36 up. That's fine for browsing AFAIC.
6. Re:VPNs aren't all that great by Hoban+Washburne · 2017-04-03 06:39 · Score: 1
  
  Just another PIA user that almost saturates my 75/75 FIOS connection, I would estimate about 60/60 bandwidth from PIA. Apparently that motherboard needs a firmware update BAD!!
7. Re:VPNs aren't all that great by slashrio · 2017-04-03 14:05 · Score: 1
  
  If you grew up you'd have understood that some people don't like it and that it shouldn't be a 'take it or leave it' proposal.
  
  --
  "Trump!!", the new Godwin.
8. Re:VPNs aren't all that great by Marxist+Hacker+42 · 2017-04-04 04:12 · Score: 1
  
  It isn't a proposal. It's a fact. You can't have a generally available cyberspace without all the information on it being public.
  It doesn't matter what people "like" or "dislike". Real growing up is learning that emotions are irrelevant criteria.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
9. Re:VPNs aren't all that great by slashrio · 2017-04-04 06:49 · Score: 1
  
  I can, on an air gapped computer, encrypt a message sufficiently strongly to not be decrypted by brute force during the coming 100 years, send that over to my friend, who decrypts it on his air gapped computer. After reading, both computers are utterly destroyed.
  This message will never (in the coming 100 years at least) become public.
  Hence your statement ("...all the information on it being public.") is false.
  QED
  
  --
  "Trump!!", the new Godwin.
"Don't be online" by Anonymous Coward · 2017-04-02 05:48 · Score: 2, Funny

The only real way...
1. Re:"Don't be online" by Rick+Schumann · 2017-04-02 06:17 · Score: 5, Insightful
  
  This AC is being an AC, but he/she/it isn't completely wrong either. The Internet is becoming increasingly unusable. No matter what precautions you're taking, you're putting yourself at an unknown level of risk just by using it at all. Sadly I don't expect this situation to improve, I expect it to get worse. Even the most egalitarian and benign governments are monitoring the Internet to one extent or another, and personally I don't trust any corporation in any country to obey privacy laws if they think they can get away with it, and if they think there's money to be made from collecting and using your personally identifiable data.
2. Re:"Don't be online" by DogDude · 2017-04-02 12:02 · Score: 3, Interesting
  
  The Internet is completely usable. It was never designed to be anonymous or private. You may not think that it's usable for what you want to use it for, that doesn't mean it's unusable.
  
  --
  I don't respond to AC's.
3. Re:"Don't be online" by Kjella · 2017-04-02 12:14 · Score: 3, Insightful
  
  This AC is being an AC, but he/she/it isn't completely wrong either. The Internet is becoming increasingly unusable. No matter what precautions you're taking, you're putting yourself at an unknown level of risk just by using it at all.
  Except that it's a really big boat and a lot more prominent people than you do stupider shit without being snuffed out by black ops teams. And if it's Titanic heading for the iceberg, well then Hitler 2 will have dirt on the 99% of the population that don't care enough that Facebook and Google and everyone else is profiling them. Sure, you can opt out of the Internet. But when the information everyone else leaves is used to turn the country into a new totalitarian state you can't opt out of that.
  What lots of people do will in practice make decisions for you too. Not just votes in an election, though obviously the majority rules there too. People vote with their wallets and when they don't vote for the same as me those services shut down because of lack of business. If people don't care about pollution or littering or killing off the local environment or the planet then the result will be the same for everyone. If the public doesn't care about privacy, well the expectation of privacy will cease to exist.
  
  --
  Live today, because you never know what tomorrow brings
4. Re:"Don't be online" by Marxist+Hacker+42 · 2017-04-02 13:04 · Score: 1
  
  How cute, you believe that voting is still based on the majority.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
5. Re:"Don't be online" by Rick+Schumann · 2017-04-03 04:07 · Score: 3, Interesting
  
  If the public doesn't care about privacy, well the expectation of privacy will cease to exist.
  "For YOU", as the meme goes.
  Privacy is not decided by the majority, it is decided by the individual. If you fall prey to the troll/meme that privacy is dead and stop protecting your own, then you only have yourself to blame -- and you're helping perpetuate the troll/meme that social media, government agencies, and law enforcement would have you fall for. Keep protecting your private life from the prying eyes of whoever would pry into it. Even if you're not 100% successful, you'll still have some parts of your life that are yours and yours alone, as it should be. Otherwise, do you not see that you'd be living like a convict in a prison, or an animal on a farm, or like a perpetual child, watched and monitored 24/7/365? That's where things are headed if people don't come back around to the basic truth that 'privacy' is a normal, natural, healthy human need, not a sickness or a sign of criminal activity.
6. Re:"Don't be online" by Marxist+Hacker+42 · 2017-04-03 09:39 · Score: 1
  
  Because there are better ways to resist than voting or blowing stuff up.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
You can be online, just don't use: by jimboinsk · 2017-04-02 05:59 · Score: 3, Interesting

Any browser that doesn't completely anonymize and secure browsing, social media, hosted email, any other applications that don't encrypt their communications, any network connection that isn't anonymous, any device you don't plan to ever re-use and that wasn't purchased with a traceable payment. I think that covers it, if you accept a couple dozen more assumptions that aren't listed in addition to the above.
1. Re:You can be online, just don't use: by gnick · 2017-04-02 10:10 · Score: 2
  
  For a few limited cases, those precautions aren't over-reaching. For the rest of us, though, it's a matter of "good enough." Personally I use a VPN, but in many other situations I could be described as lax on avoiding tracking. There's some common sense, and then there's trading convenience for privacy.
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:You can be online, just don't use: by rtb61 · 2017-04-02 14:15 · Score: 1
  
  That is not enough. You must also do exactly what they do in spy vs spy, scenarios, misinformation should be core for protecting your privacy as well as everyone else's. Two tools https://adnauseam.io/ to create a plethora of fake clicks to poison data bases and http://www.cs.nyu.edu/trackmen... to copy search data miners.
  Never ever forget email, now it is wide open in the US and unfortunately you should never ever use ISP provided email any more, no mention of that and for good reason because yes the new law is akin to allowing the postal service to open and scam all snail mail, including packages.
  So in every facet of human digital communications, digital misinformation apps are required to run in the background flooding bullshit invasions of privacy with bullshit digital data, orders of magnitude greater than what is actually produce by real people. No channel should be left untouched free of data miner toxins, poison their invasion of privacy, in the interim, whilst of course kicking the fuckers out of government who sold you privacy.
  
  --
  Chaos - everything, everywhere, everywhen
There's nothing you can do with your own ISP by DogDude · 2017-04-02 06:08 · Score: 4, Interesting

There's literally nothing you can do if you're paying an ISP for connectivity.

The only way you can begin to have any kind of privacy is to connect through somebody else's connection (public or otherwise). From there, you can encrypt and all that good stuff. But with this new law passed, there's quite literally nothing you can hide from your own ISP.

--
I don't respond to AC's.
1. Re:There's nothing you can do with your own ISP by Anonymous Coward · 2017-04-02 06:22 · Score: 1
  
  But with this new law passed, there's quite literally nothing you can hide from your own ISP.
  In other words, it's the same as it's been since the beginning of the Internet.
2. Re:There's nothing you can do with your own ISP by terbeaux · 2017-04-02 07:27 · Score: 2
  
  You must be using the new definition of "literally" because otherwise what you wrote doesn't make any sense. There are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all.
3. Re:There's nothing you can do with your own ISP by DogDude · 2017-04-02 08:28 · Score: 1
  
  here are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all.
  
  You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!
  
  --
  I don't respond to AC's.
4. Re:There's nothing you can do with your own ISP by sacrilicious · 2017-04-02 12:20 · Score: 1
  
  You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!
  The person replying to you, telling you that encryption nullifies the point you're attempting to make, is completely right. Not just vaguely right, completely right. You therefor are either trolling, extremely misinformed, or somehow connected to a govt push to dissuade people from encrypting.
  
  --
  - First they ignore you, then they laugh at you, then ???, then profit.
5. Re:There's nothing you can do with your own ISP by swillden · 2017-04-02 15:24 · Score: 2
  
  here are literally (old definition) hundreds of ways to encrypt communications and obscure the fact that they are even happening at all. You can encrypt to your heart's content, but your ISP has access to every single packet that flows over your connection, including where and when, even if they don't have immediate access to its contents. So, I'll stand by my use of the word "literally", thanks!
  Fine. So my ISP will know that I send a large stream of encrypted packets to one host that is a known Virtual Public Network service provider. My ISP can know nothing about the sites those packets are ultimately destined for, nor anything about their content. My ISP can see how much data I'm sending and receiving, but that's all... and if I really want to it's even possible to hide that by sending/receiving lots of meaningless packets. With a little work (I suspect I'd have to write some custom software, since I don't think what I'm thinking of exists) I could arrange to send and receive a continuous stream of data at a constant rate, 24x7, only a fraction of which is actual traffic. There's probably not enough information implicit in traffic volumes to make that worth the effort, but it could be done.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
6. Re:There's nothing you can do with your own ISP by Trax3001BBS · 2017-04-03 14:05 · Score: 1
  
  There's literally nothing you can do if you're paying an ISP for connectivity.
  The only way you can begin to have any kind of privacy is to connect through somebody else's connection (public or otherwise). From there, you can encrypt and all that good stuff. But with this new law passed, there's quite literally nothing you can hide from your own ISP.
  Actually you can, I found this out by accident meaning it wasn't meant for this reason. I used OpenDNS and by doing do became a ghost to my ISP.
7. Re:There's nothing you can do with your own ISP by slashrio · 2017-04-03 21:33 · Score: 1
  
  You're thinking too local. The ISP maybe can not see what sites you visit, but your VPN-SP can. And the NSA totally can see both, and connect the dots.
  
  --
  "Trump!!", the new Godwin.
8. Re:There's nothing you can do with your own ISP by swillden · 2017-04-04 10:14 · Score: 1
  
  You're thinking too local. The ISP maybe can not see what sites you visit, but your VPN-SP can. And the NSA totally can see both, and connect the dots.
  Well, the whole point of having a VPN SP is to find one that will not keep track of information about you, sell it to other parties, etc.
  As for the NSA, bah. What interest would they have in me? We're talking about ISPs selling user data to parties unknown for profit, which can lead to all sorts of actual badness that impacts normal people. While I think it's very important to reign in the NSA as a matter of principle, in practice whether or not they have our data sitting in a secure database somewhere has little to no impact on ordinary Americans. That Comcast may sell my browsing habits to all sorts of organizations who may misuse the data in ways that harm us, or leak it since they're likely much worse at security than the NSA, that's important in practice, not just in principle.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
9. Re:There's nothing you can do with your own ISP by slashrio · 2017-04-04 11:46 · Score: 1
  
  As for the NSA, bah. What interest would they have in me?
  As of now, nothing, but with the right monkey at the helm that might change in a moment.
  I remember (the story) that one year before WW II broke out, the Dutch government suddenly became interested in registering religion of its people.
  A few years later it was found out that this whole anti-jew thing of the Nazi's was planned, and the (people in) Dutch government agreed with it on beforehand.
  At that time people probably also will have said the same as you, only to find out a few years later they were wrong.
  
  --
  "Trump!!", the new Godwin.
10. Re:There's nothing you can do with your own ISP by swillden · 2017-04-04 12:03 · Score: 1
  
  Sigh. I wasn't trotting out the old "I have nothing to hide" argument. Yes, that argument is flawed, and those flaws are the reason why it's important in principle to reign in the NSA.
  My point was that that isn't the proximate risk. There's a much bigger and entirely non-theoretical risk in allowing ISPs to monitor connections that doesn't depend on the government deciding that middle-aged white guys need to be watched, and that's the risk that this thread is about, because that's the change that's in progress, in case you hadn't noticed. Whether or not ISPs can legally track you and sell the data has exactly zero impact on what the NSA may or may not do.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
11. Re:There's nothing you can do with your own ISP by slashrio · 2017-04-04 16:48 · Score: 1
  
  Ok, ic u. But now your ISP buys that VPN-SP and suddenly the dots are connected, and sold.
  Or both sell their data to a commercial third party which connects the dots...
  
  --
  "Trump!!", the new Godwin.
12. Re:There's nothing you can do with your own ISP by swillden · 2017-04-05 12:20 · Score: 1
  
  Ok, ic u. But now your ISP buys that VPN-SP and suddenly the dots are connected, and sold. Or both sell their data to a commercial third party which connects the dots...
  Again, selecting the VPN provider is an important part of the process. You need to find one that cares about security and privacy. Luckily, unlike with ISPs you can shop VPN providers worldwide and aren't limited to the small set that happen to operate in your neighborhood.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
TrackMeNo by sphealey · 2017-04-02 06:13 · Score: 1

I thought TrackMeNot was a good approach to poisoning big data analysis, but it does not appear to be receiving any updates and Google apparently figured out a way to detect it.
sPh
Re:Tor... by RotateLeftByte · 2017-04-02 06:16 · Score: 2

And all the businesses that use VPN's for their remote access will be on that list as well.
Those businesses will not be best pleased with undue attention from the TLA's.

--
I'd rather be riding my '63 Triumph T120.
I know this is off topic but... by epyT-R · 2017-04-02 06:27 · Score: 3, Informative

I hate the color orange.
Re:Another suggestion. by Anonymous Coward · 2017-04-02 06:29 · Score: 1

Do what instead? Most of us are not photogenic.
and some sites won't load [Re:VPNs aren't all that by Geoffrey.landis · 2017-04-02 06:37 · Score: 2

To summarize the article linked by the parent: "Wahh, encryption slows down my 100GB connection and evil Republicans broke the Internet. I shouldn't have to use encryption because it's inconvenient and makes it harder for me to watch Netflix."
More or less accurate. You missed "and some sites won't load at all."

--
http://www.geoffreylandis.com
Neema Singh Gulani is female. by Anonymous Coward · 2017-04-02 06:42 · Score: 1

"But he also suggests a grass roots effort..."
Neema Singh Gulani is female.
Would this work ? by Anonymous Coward · 2017-04-02 07:30 · Score: 3, Funny

Change you user agent to something like this:
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 Copyright2017@"
Then tell your ISP that your queries are copyrighted and they have to negotiate with you (and perhaps pay you) to use them.
secure on line by Anonymous Coward · 2017-04-02 07:42 · Score: 1

TAILS, baby, TAILS..
Use LOTS AND LOTS Of Microsoft Cloud Products =) by dryriver · 2017-04-02 08:08 · Score: 3, Funny

Windows 10, Edge, Office 365 and the Microsoft Cloud are BRILLIANT for your privacy. Nobody will ever know who you are or what you do online. Nobody. =)

--
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
Re:Another suggestion. by GuB-42 · 2017-04-02 08:24 · Score: 1

And what if you watch porn?
Many porn sites actually care about your privacy.
And if you are watching porn... well, it just means you are normal... 75% of American people do at least monthly.
Charter 60 days by Anonymous Coward · 2017-04-02 09:12 · Score: 1

Entered my email address at the Charter opt-out site. Got this response:
"Targeted Digital Marketing Ads
Your Privacy Preference has been submitted successfully.
Please note that it may take up to 60 days for this request to take effect."
Relevant links by MrL0G1C · 2017-04-02 09:32 · Score: 2

More VPN providers than you can throw a bucket of sticks at:
https://thatoneprivacysite.net...
TorrentFreak 2017 survey:
https://torrentfreak.com/vpn-s...
I've moved from PrivateVPN (seem incompetent) to CyberGhost premium (slow, dodgy untrustworthy they essentially log), NordVPN next.
Valve/Steam f**ks over VPN users, downloads go at 40KB/s whilst using VPN, they seem to think it's up to them whether I use a VPN, like fuck you valve, that isn't your choice to make.

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
1. Re:Relevant links by Kernel+Kurtz · 2017-04-03 03:36 · Score: 1
  
  VPN sounds alright when you're on your PC/laptop at home, but what about mobile?
  I'm using Private Internet Access and they have clients for Android and IOS. They also let you connect 5 clients simultaneously.
2. Re:Relevant links by Dupedupeshakur · 2017-04-03 06:55 · Score: 1
  
  More VPN providers than you can throw a bucket of sticks at: https://thatoneprivacysite.net...
  TorrentFreak 2017 survey: https://torrentfreak.com/vpn-s...
  I've moved from PrivateVPN (seem incompetent) to CyberGhost premium (slow, dodgy untrustworthy they essentially log), NordVPN next.
  Valve/Steam f**ks over VPN users, downloads go at 40KB/s whilst using VPN, they seem to think it's up to them whether I use a VPN, like fuck you valve, that isn't your choice to make.
  Over my 50mb/s connections I've seen 9-30 mb/s with steam using expressvpn
3. Re:Relevant links by MrL0G1C · 2017-04-03 07:18 · Score: 1
  
  Do you use a VPN server whic has an IP that has the same geolocation as your country? (when getting good steam speeds)
  It might just be that cyberghost are idiots and use the same IP address ranges for the free service as they do for the paid service which is why I see so much evidence of abuse reports for the IP addresses I'm using.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
4. Re:Relevant links by Dupedupeshakur · 2017-04-03 10:26 · Score: 1
  
  yes - it allows for the selection of server by geolocation or performance (there is a utility to ping/bandwidth test all of their servers and compare). I'm near Seattle, picked the Seattle server, and have steam d/l server set to Seattle. Sometimes I trace back to New Jersey for some reason, but I'm getting ~150 ping times worst case for gaming.
Re:Calm your tits. by WaffleMonster · 2017-04-02 09:40 · Score: 2

Before everyone loses their shit over these "rollbacks to privacy", let's
remember that these rules that are being rolled back didn't exist until fucking October. So it's not like we're losing some sort of magic protection that we've
always had. If you weren't losing your shit over your ISP tracking you six months ago, there's no reason to lose your shit over it today.
CISA seems like a good enough new reason to "lose your shit" over ISP tracking.
The fact protections are being retracted due to lobbying by telecom industry might cause people concerned with such an egregious example of regulatory capture to "lose their shit".
Since previously I "lost my shit" on the topic of ISP cyber stalking when it was made public what AT&T and crew were doing to their customers I am entitled to "lose my shit" regardless.
VPNs can be good if you DIY by Anonymous Coward · 2017-04-02 10:31 · Score: 1

If you roll your own VPN via a VPS not only can you optimize the settings for maximum throughput, you're the only one consuming all the bandwidth so you aren't competing with other users. And, in many cases VPS cost less than a VPN service! With the latest OpenVPN 2.4 add this to the server.conf for increased throughput, you'll be pretty surprised. My tests show on a 30 Mbit connection, with compression I get 28 mbit, and without I get 16 mbit:
proto udp
fast-io
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
txqueuelen 1000
fragment 1450
mssfix 1450
comp-lzo no
compress lz4-v2
push "compress lz4-v2"
Granted, the U.S. government can subpoena your VPS connection, but I'm not trying to hide from them. I just want to protect myself from; hackers, ISPs, and DDOSers. I'm in a hotel right now, I wouldn't want to send unencrypted packets over this awful bullshit, especially when doing something like banking for example. The problem with any big VPN provider is that they've made themselves a target for government requests, hackers, and with this new law they could snoop and make money off your data legally now too.
The drawback to doing it yourself is that you have to spend significant amounts of time researching best security practices. Like checking and verifying integrity of downloads with gpg, keeping an eye on your server logs, running tripwire, tiger, rkhunter, chkrootkit, logwatch, OSSEC, psad, haveged, ed25519 ssh, fail2ban, not permitting remote root login, no ssh passwords - passworded preshared certs only, rsa 4096 and not the default for dh for pfs over the control channel for vpn (btw the next bump up in 5-10 years is 15k rsa keys most people don't know that), setting up a nice big swap file, turning on mlock in openvpn to get rid of old nonces, adjusting swappiness and cache pressure, automatic security updates, keeping your kernel up to date, rotating out old keys once in a while, blocking syn, xmas, and null attacks, build your keys with a local trusted machine not the vps, use tls-crypt not tls-auth, ncp-disable renegotiation cause that shit is retarded, use a non-root user/group for the vpn daemon, use persist-key persist-tun, run lmd maldet in a cron job, lock cron to root via cron.allow, check your tripwire tripwire tripwire often!, use mobaxterm (turn off the built-in x11 server though) because putty is antiquated crap, set tls-version-min to 1.2, using nonstandard alternative ports under 1024 for ssh and vpn (1024 because if someone breaks into your server as a guest and manages to crash your daemon remotely they can bring a daemon up on the same port, but if it is 1024 they cannot because 1024 is restricted to root), properly jailing services and setting file system permissions, using a proper hash and cipher, restricting the cipher list, making your iptables persistent, setting up your firewall correctly, geoblocking entire nuisance countries, having emails sent to a 3rd party email system in case someone modifies your logs, being prepared to burn your node and set it up again on a new IP if it does get compromised, and probably more I forgot to mention.
If you aren't doing all of that and even more, you aren't doing it right and probably shouldn't bother then.
But, at least, when you do it yourself you know due diligence has been done, with a public VPN you're putting yourself in their hands and they might have just flicked a switch and gone golfing. -- Most likely scenario.
Also, don't use Tor it just mixes your connection in with actual criminals and now you look like one too. If you do use it, absolutely DO NOT set up a super node! You'll get paid a few visits by law enforcement for certain.
Though, the average consumer can't pull off what I'm doing, unfortunately. Nor do they probably care enough. I've thought about setting up a service for people who want fast VPNs, since I know what I'm doing. The only reason I haven't done it is that a) I can't guarantee I wouldn't hand shit over to law enforcement, b) I don't want the terries to have a nice secure place to do their business. So, to do all of you a favor I haven't started a service like that. You're welcome.
Sorry for the rant.
1. Re: VPNs can be good if you DIY by Anonymous Coward · 2017-04-02 11:18 · Score: 1
  
  When the publc vpn gets broken into they just bury it because it could bury them as a business. When it happens to your own DIY vpn, you just burn that bridge and start over. And, hopefully learn from it and close that hole in the future node. Also, with your own, you control the level of security and performance. The point of the ops post and link is that most vpn (especially cheap ones as you describe that "just work") have piss poor performance. They also happen to be using pretty weak hash, ciphers, protocols and keys in some cases as well. These guys aren't reacting to changes in the security landscape and updating their techniques. In some cases they can't because it would make life for their end users more difficult. Hence why "it just works." If it just works, then it probably wasn't done right.
2. Re:VPNs can be good if you DIY by Lord+Flipper · 2017-04-03 05:37 · Score: 1
  
  Sorry for the rant.
  Hey! No apology necessary. Thanks for all the info!
Live in the wilderness by Tony+Isaac · 2017-04-02 12:30 · Score: 1

If you want privacy, you'll have to go find a wilderness hideout somewhere, not connected to the grid. It's an arms race. The more we try to protect our privacy, the more ways corporations will find ways to circumvent our protections.
While you're out there, you might run into some people who think Y2K destroyed civilization...
How To Screw with ISP Ads by n329619 · 2017-04-02 13:16 · Score: 1

Step 1: Create a Macro / Script to auto click every 3 seconds
Step 2: Search for cat videos and set to auto click them
Step 3: AFK for 1/2 the day
Step 4: All your ads are now nothing but cats regardless of whatever you searched (search pizza -> get cat ads)
First step: don't use google and Facebook? by mveloso · 2017-04-02 13:36 · Score: 1

If you want to protect your privacy, the first step is to not use use google services or Facebook. That includes google DNS!
Re:Hosts files help vs. ad & dns requestlog tr by yuvcifjt · 2017-04-02 14:55 · Score: 1

Hosts file (and your solution) won't protect you against your own ISP storing your browsing history and possibly selling it to a third-party.
Re:Calm your tits. by fafalone · 2017-04-02 19:09 · Score: 1

Before, ISPs had the expectation that if they did something too outrageous, like say sell your browsing history, they could expect problems from the FCC, and that kept it from happening for a while until they started pushing things too far and the regulations got passed. Now they have the green light to go ahead and explicitly do that without fear of consequences. It's a pretty big difference.
top trending by saidsanka · 2017-04-02 22:34 · Score: 1

alltoptrending.com
pfSense - Device specific routing by ninthbit · 2017-04-03 01:48 · Score: 1

My pfSense firewall has an alias (group of IPs) that it routes via VPN. Originally it was only my OrangePi torrent server, but with the new legislation, I've moved my phone and PC into the group. My 6 Rokus go out unprotected, but I have to imagine for security Netflix and Hulu use HTTPs for all their control signaling, so short of throttling by the ISP, I don't see them being rewarded for trying to read that data.
1. Re:pfSense - Device specific routing by Kevin+by+the+Beach · 2017-04-03 08:36 · Score: 1
  
  The insidious part is that Netflix and Hulu will be able to horse trade with your ISP.
  -- ninthbit Just channel surfed from channel 5 to channel 10 (hey .. watchers.. .0003 cents for this information)
  -- Public Utility ... we noticed that his smart power meter registered a 25 watt increase in power usage (maybe a refrigerator light came on)
  -- ISP ... we see an increase in encrypted traffic from (IPv6 address for home access point) to known VPN
  -- Telco Carrier .. Ring Indicator transmitted via last known cell tower for ....
  If you take enough disparate data sources, but have a unique key that ties it together... You are owned
Re:Tor... by Sloppy · 2017-04-03 02:45 · Score: 1

So, get on a "list," then. After all, it's a list of what?
And if you don't get on that list, then they'll just put you on the other list.
You can get even, though, by putting them on your list!

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
libreswan by h4ck7h3p14n37 · 2017-04-03 07:49 · Score: 1

If you're interested in rolling your own VPN I can recommend libreswan.
I got both L2TP over IPSec and IPSec with XAUTH and PSK configurations working with the native VPN client (racoon?) in macOS Sierra (and presumably iOS). I'm still trying to get Android 6.0 working with XAUTH and PSK (establishes tunnel, but doesn't route properly), but L2TP works ok. My *NIX hosts just use libreswan as the client.
Amazon offers 1,000 free hours to new AWS users and the pricing on their EC2 instances is very good, so it shouldn't cost too much to route your connections through them.
Computer Fingerprints by Kevin+by+the+Beach · 2017-04-03 08:25 · Score: 2

Don't forget that your computer has fingerprints.
1. Operating System
2. Browser
3. Browser Plugins
(versions and possibly installation dates of above)
4. Cookies
5. Tracking Files (1x1 invisible image isn't just to fill in a small hole in the picture)
Mix all of that together, and add in the IP addresses these fingerprints are observed at and you are very well known. It doesn't matter if you use a VPN or not... The one time that you forget to login to the VPN, you've just left a calling card. On top of that, most people don't realize that their ISP has been quietly rolling out IPv6. Nothing to see here, except a permanent IP address for your home, and every IPv6 compatible device that happens to use the internet via your connection. No worries about running out of address space here. Each mac address that's "found" connecting to your network is remembered.
So, go ahead. Waste time/money on a VPN.. it's only a minor speed bump to the big-data-monster
Breezy and Warm by the Beach
Exactly -- we instead need to make the most of it! by Paul+Fernhout · 2017-04-03 14:38 · Score: 1

As I wrote here: http://web.archive.org/web/201...
"Now, there are many people out there (including computer scientists) who may raise legitimate concerns about privacy or other important issues in regards to any system that can support the intelligence community (as well as civilian needs). As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about privacy and something like TIA). On the other hand, the internet can be used to change the status quo in various ways (better designs, better science, stronger social networks advocating for some healthy mix of a basic income, a gift economy, democratic resource-based planning, improved local subsistence, etc., all supported by better structured arguments like with the Genoa II approach) to the point where there is abundance for all and rounding up dissenters to mainstream economics is a non-issue because material abundance is everywhere. So, as Bucky Fuller said, whether is will be Utopia or Oblivion will be a touch-and-go relay race to the very end. While I can't guarantee success at the second option of using the internet for abundance for all, I can guarantee that if we do nothing, the first option of using the internet to round up dissenters (or really, anybody who is different, like was done using IBM [tabulators] in WWII Germany) will probably prevail. So, I feel the global public really needs access to these sorts of sensemaking tools in an open source way, and the way to use them is not so much to "fight back" as to "transform and/or transcend the system". As Bucky Fuller said, you never change thing by fighting the old paradigm directly; you change things by inventing a new way that makes the old paradigm obsolete."

--
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Re:Another suggestion. by slashrio · 2017-04-03 21:35 · Score: 1

Why, since when is it a crime?

--
"Trump!!", the new Godwin.
Re:Use LOTS AND LOTS Of Microsoft Cloud Products = by slashrio · 2017-04-03 21:38 · Score: 1

This interference isn't arbitrary, its comprehensive.

--
"Trump!!", the new Godwin.
Re:It can not be protected by slashrio · 2017-04-03 21:42 · Score: 1

If the government had been interested in preventing crime, 9/11 and Boston wouldn't have happened.

--
"Trump!!", the new Godwin.
Confusion here... by martinfb · 2017-04-05 08:24 · Score: 1

It seems to me that there is a bit of confusion regarding the issue of ISPs and privacy.

According to a US Rep, Costello, (R) PA, it is the FTC, and NOT the FCC, that is to regulate privacy concerns here.
Here's a link to his explanation: https://iqconnect.lmhostediq.c...

Seems to me that we, the People, have allowed too much confusion and B/S from our political parties, such that it allows them to get away with too much.

I say we start purging the system of band-aid laws and get serious about being FOR the People!

What say you?!

--

Self-importance and self-indulgence is the root of ALL evil.