Ask Slashdot: How Do I Reduce Information Leakage From My Personal Devices? 261
Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own. And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how. Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.
Simple (Score:4, Informative)
Never use an internet connected device
Re: (Score:2)
It's rather shocking that APK wasn't the first to post in this discussion.
Re: (Score:3)
I think it was APK who did the submission.
Re:Simple (Score:5, Insightful)
No, it appears to be reverse-trolling aimed at APK. For one, it links to a competing HOSTS file engine.
And then the most telling, is this quote:
But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own.
Re: (Score:2)
No, it appears to be reverse-trolling aimed at APK. For one, it links to a competing HOSTS file engine.
And then the most telling, is this quote:
But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own.
"Managing" the list isn't needed.
I use the same one linked in the submission, and I update it about once a year when I start to see stuff I don't want.
Sometimes I add things I want, and sometimes I have to search through it to take something off. But, both of those things are pretty rare.
For most stuff, the HOSTS file lists are 99.9995% effective at blocking ads, and slightly less effective at preventing malware attempts.
Some day I am going to figure out how to pull that list into a script and load
Re: (Score:2)
"Managing" the list isn't needed.
Never said that it was. Just saying that this fact wouldn't be brought up if it was APK doing the submission.
Re: (Score:2)
Never have information.
Re:Simple (Score:5, Interesting)
Yesterday, I was waiting while sitting in an airplane. I hadn't put my iPhone yet in "airplane" mode. The cell reception was next to non-existent. I turn on the music player and it gets stuck on the startup screen. Nothing I can do. I turn on airplane more, then it works immediately. It's not the first time I noticed this happen. Even just trying to listen to your own tunes Apple still makes your devices connect "home", regardless of how you disable any limited settings that may have an effect on this. Therefore,
> Never use an internet connected device
is accurate.
That's just an example. Almost every program by Apple does that, as seen in the Activity Monitor on OS X. People like to rant on Windows 10 calling home, but MS is just learning from the experts ;)
Re: (Score:2)
At least they could make phoning home asynchronous. It would at least hide it better.
Re:Perhaps Not Simple but ? (Score:2)
If that is the case, then shouldn't it be possible to create a program that pre-cashes all outgoing streams prior to their being sent and then inject meaningless random signals into the stream so that the receiving end simply gets garbled data?
This way one could conceivably "randomize" data except that you specifically wish to transmit. Presumably, such an algorithm would intercept all interrupts, trace their source, and randomize as required. No doubt it would greatly slow the system, but would it not i
Re: (Score:3)
I have no idea what you are saying.
Re: (Score:2)
turkeyfish is suggesting that the TCP/IP sockets layer attempts to cache all the data being sent. Unfortunately, this isn't going to work because the reason the application stalls is because the TCP/IP layer is attempting to request a DHCP address from the network (which isn't going to happen), look up the address of a particular hostname (which isn't going to happen either), then stalling again when it tries to open a synchronised two-way connection with the desired host (which isn't going to happen as wel
Re: (Score:2)
My subthread was about this tracking being better (or at least unnoticeable) if performed asynchronously to the main program thread (it works offline just fine). They likely use the word cache (or cash) when they meant buffer. And changing the outgoing data is just going to cause an error response from Apple and still put the app on hold . Why not just block the request or simulate a dead connection (airplane mode) instead? There's no point interpreting his post, it's worse technobabble than you'd find
Re: Perhaps Not Simple but ? (Score:2)
It's worse than it sounds. I watched the first episode and laughed. It has worse technobabble than regular CSI's "GUI interface using visual basic to track the killers IP [youtube.com]"... By far.
Re: (Score:2)
For not having watched television for 3 decades, you seem to be able to practically quote The Simpsons [youtube.com]:
We can't bust heads like we used to, but we have our ways. One trick is to tell 'em stories that don't go anywhere - like the time I caught the ferry over to Shelbyville. I needed a new heel for my shoe, so, I decided to go to Morganville, which is what they called Shelbyville in those days. So I tied an onion to my belt, which was the style at the time. Now, to take the ferry cost a nickel, and in those days, nickels had pictures of bumblebees on 'em. Give me five bees for a quarter, you'd say.
Now where were we? Oh yeah: the important thing was I had an onion on my belt, which was the style at the time. They didn't have white onions because of the war. The only thing you could get was those big yellow ones...
Re: (Score:2)
I'm told I can get OTA, even with just an internal antenna, but I've never actually tried it and I don't believe them anyhow.
I do use OTA. But I have a poor connection and poor aim - it's inside my attic pointed at a metal vent and with trees and a building in the way. And for that matter, I think the F-connector was crimped onto the cable wrong at the attic end. The antenna itself is half a broken outdoor antenna that I got for free from a friend. At 40 miles out, I get all the major networks in HD (ABC, FOX, CBS, NBC, CW, PBS). It's better quality that satellite or cable, since they recompress and rebroadcast from antenna
Re: (Score:2)
Way up on a hill will greatly increase your range (as will having a mast otherwise). In fact, instead of putting your street address or zip, put in your direct latitude and longitude (zoom in on Google Maps and pull it from the URL as a cheap trick). Or drag the marker. That web site takes elevation into account. I always used antennaweb.org but I like this a lot too. No parameters on either site to adjust for a taller antenna or a stronger gain antenna.
Problem with these sites is that if you're "out o
Re: (Score:2)
"I have no idea what you are saying."
Proof that the scheme works.
Re: (Score:3)
Best bet is for a fire wall router to block all undesirable IPs out and in and this updated from the internet, with user interaction required. Trying to secure an OS from perv http://www.urbandictionary.com... [urbandictionary.com] OS manufacturer, is impossible, the can straight up go around any software blocks you put in and redo them every single update. So either drop the OS or upgrade to a secure modem router designed with the express purpose of blocking pervert corporations. Windows anal probe 10, specifically requires a
Re:Simple (Score:5, Informative)
Never say yes to an app permission your use of the app doesn't require. Generally this requires only using open source apps, and downloading the source and turning off extra permissions.
Never require networking from apps that you don't want to phone home.
Assume everything that can phone home, does.
As to the complaint that MS's "privacy mode" isn't as private as some people wanted, it reminds me of Richard Feynman at Los Alamos complaining that otherwise-intelligent people thought that secrets were safe because they were stored in devices called "safes." Had they been called "locking cabinets that reduce the likelihood of access a little bit, especially by honest folks" or something else literal, they might have had less problems with secrets being stolen. "Privacy mode" isn't intended to make everything "private," it is intended to mask your pr0n access from casual examination of your browser history. But that isn't actually private in most cases, it is just web traffic and they could unmask you at the router anyways. Internet doesn't have a "private" option, if you want private you'll need a "private network." Internet is a "public network." It is like wanting privacy on the sidewalk; you can't have it. You can usually keep people from touching you, though.
Ultimately if you want a private mobile device, you should be buying hardware, replacing the OS with something FL/OSS and only using a private network.
Re: (Score:2, Funny)
Almost all apps, even a basic fleshlight app
That was an interesting error.
Re: (Score:2)
Re: (Score:2)
I see what you did there. :)
+1 Funny
Freedome VPN claims to do this (Score:2, Flamebait)
Freedome VPN claims to help with this:
https://www.f-secure.com/en_US... [f-secure.com]
Re:Freedome VPN claims to do this (Score:5, Insightful)
Right - then you just leak information to the VPN host.
Re: (Score:2)
Eh, you're only safe until the value of the data they're holding is greater than what they're being paid. Or until a government insists on having access.
Good luck proving they're the source of the leak and suing them when the company is gone, there's no money and the people involved are sitting on an island somewhere.
The third choice is not doing anything wrong, not caring who is folding, spindling and mutilating the tidbits of your life and not worrying about it. Because they probably already know almost
Financial models is the key (Score:2)
Only mention of "financial models" in the thread? But that is the key.
IF (the big "if") the financial model depends on protecting your privacy, then your privacy might get protected.
If the financial model depends on abusing your privacy, then you are firetrucked.
Small solution: Persuade the google (good luck, Mr Phelps!) to add a financial model tab to Google Play. The developer would explain what the financial model is, and the google would add a secure annotation about any part of the financial model they
To refine the question, with subquestions (Score:3)
Is there a way to use some things (E.g. Google Maps) with known leaks, without exposing every activity to Google all the time on unrelated sites. It seems like limiting some domains make sense, but I'm thinking of things like cloudfront.net
Also, is there some way to prevent the CDN-style spying/extra downloads?
Re: (Score:2)
cloudfront, as far as I am aware, usually operates via per-distribution subdomains.
But then, based on your follow-up, "CDN-style spying", I might simply have no idea what you're talking about. Do you consider CDNs to be a form of spying?
Re: (Score:2)
To my understanding, some CDNs server a unique datafile to every response, instead of using cached files. This can be done by introducing meaningless arguments into the URL that resolve to the same location, but do not need to. It's similar to the 1 px transparent gifs.
Unlike the gifs, blackholeing the CDNs doesn't work, because the JS is required by the main page.
So, it's more expensive, but also more reliable.
Re:To refine the question, with subquestions (Score:4, Informative)
There's a curated hosts file here that contains a section for blocking domains used for Windows 10 reporting, if that's your thing:
http://someonewhocares.org/hos... [someonewhocares.org]
There are also several domains relating to Google and Apple.
If you have a small list of several domains you want to block, you can probably just search for hosts files and include several of those domains as additional keywords.
Re: (Score:2)
I understand that, but it sounds like the OP is looking for more than browser-based blocking.
Re: (Score:2)
Which hardware firewall is recommended for use with a laptop on Wi-Fi at a restaurant or public library?
Re: (Score:2)
VM pfsence or similar route everything though that.
ZSUN Wifi Flash is tiny and there have been a string of portable firewalls to do just this.
Re: (Score:2)
You could run Windows in a VM or an alternate OS. Or, you could use a wireless bridge device connected to your laptop's LAN port.
Maybe you could write a rootkit to bypass the hardcoded IPs.
Re:To refine the question, with subquestions (Score:4, Informative)
This is getting harder and harder to do.
If you do want to make progress invest in a Raspberry Pi
and a WiFi USB thing. Perhaps two....
Run the Pi and the laptop network hardwired together.
Have the Pi connect to the WiFi of the coffee shop.
A Pi can run a decent firewall and Squid proxy with one of many Linux
distro packages. It is easy to reload the uSD card with a clean
OS install. It is easy to remove the uSD card and inspect the
system for anomalies.
The second one... Install it as a VPN access point at your home network
connection. The Pi in your home and the Pi in the coffee shop can contain
shared secrets for a secure link that is harder to man in the middle attack.
There are cooperating groups sharing curated lists of addresses and host
domains that the Pi at home can slurp up and maintain.
The mobile Pi WiFi USB thing can be replaced for ten bucks and
some can have their MAC address randomized to look like yet
another iPhone.
I would love to see a product packaged like the Airport Express
that would manage a firewall and VPN.
It is also important to explore VM. A virtual machine
can operate as a sacrificial OS. Copy the image
start it, get work done, stop it and trash it.
This is astoundingly difficult to do correctly.
Re: (Score:2)
Google maps doesn't have a leak; actually, google is the data provider! They're not providing a pipe to some other map, or putting a tollbooth in front of a public map, it is actually their map stored on their server, and when you use google maps you explicitly ask them for that data. Asking somebody for something isn't the same as leaking your identity to them. You're telling them who you are when you show them your face to ask to look at their stuff. ;)
Re: (Score:2)
Right, I want to use some Google services (e.g. Maps) while preventing a data-leak when not using their service (e.g. being on /.)
I get that I cannot use G.maps without telling Google things. I just want to only tell Google what I want to tell them explicitly.
Re: (Score:2)
If you're worried about a data-leak "when not using their service," it sounds like you're a bit confused about what you want. If it is some other thing that is leaking, like slashdot, then why are you even talking about maps?
Try to describe your complaint in such a way that your words are literally true. Whatever stylistic form you're attempting may be great, but your complaint is not at all clear.
It may be that you don't have a specific complaint, and just heard some people on the internet say some non-spe
Re: (Score:2)
I want to use Google maps. This means not blackholing all of Google to 127.0.0.1.
I want to use /. and other sites, without Google tracking me. Normally this means blackholing all of Google to 127.0.0.1
Sure, it's technically /. that put the tracking on their site, but the solution is normally to violently kill Google's IP.
Similar to how I typically keep FB from getting any requests, which means I could not log into FB if I want to.
Re: (Score:2)
I presume you use google maps on a mobile device, and firefox on non-mobile device, so uMatrix cannot help you, right? Or am I mistaken?
For mobile devices, where google maps is most useful, I try blocking all access from it using Xprivacy / firewall when I am not using. This includes contacts, GPS, internet and some other. When using, I only enable GPS and internet, and disable again once I am done.
Not sure how good this is.
Re: (Score:2)
Thank you for the recommendation, AC. I plan on experimenting with umatrix tonight.
Re: (Score:2)
Your Sig, Juxtaposed on this thread is freaking hilarious!
Re: (Score:2)
I'm certainly capable of getting past 4cam being already set up with the whitelist. If you don't mind sharing your JSON file... well, I'll probably have to do a lot of work on my own. But it always helps to have a working example.
And, from what I understand, I would just use the JSON file initially until I found a specific site that did not work.
APK - hosts file engine (Score:2)
How the hell are you someone that's been on slashdot EVER and haven't been bombarded by "APK" posts.
Google "APK Hosts File Engine".
Re: (Score:2)
In his quest to block ads that he doesn't want to see, maybe he's just looking for a piece of software that isn't advertised via spamming Slashdot.
Recommended by Malwarebytes (Score:2)
Then how about a piece of software advertised via the "Third Party Misc Tools" section of a site operated by Malwarebytes [hosts-file.net]?
Also watch for the "ad spaminem" fallacy.
Re:Recommended by Malwarebytes (Score:5, Insightful)
You know as well as I do that his software would be better received if he maintained a web site for it and didn't treat Slashdot as his personal advertising site. When he posts 30+ wall-of-text advertisements in certain threads then his reputation gets diminished a bit. He is, by definition, a spammer, so people can be excused if they don't want to use a piece of "security software" advertised by a spammer, regardless of who else hosts or recommends it.
Re: (Score:2)
Apk posts ac so you can avoid him.
You are seriously still posting as other people, referring to yourself in the third person? Seriously? You still think people don't know that's you? Or some random AC out there just knows APK's motivation for posting as AC?
OK, you're saying that you post as AC so people can avoid you? Then here's a question: if you purposefully post using low karma so that your spam is easy to avoid, then why do you re-post your spam when someone mods it down? And then, after re-posting your spam 30+ times in a single [slashdot.org]
Re: (Score:2)
Here's APK thinking that "outsmarting" means posting as someone else and referring to himself in the third person. Soon he'll be along to post as himself thanking himself for posting as someone else [slashdot.org]. This is APK "outsmarting" someone.
an inferior competitor
APK insult? check [slashdot.org]
advertiser lackey
APK insult? check [slashdot.org]
in fear of apk's superior methods
APK insult? check [slashdot.org]
failing vs. apk
APK insult? check [slashdot.org]
Your favorite color truly must be transparent
APK insult? check [slashdot.org]
We all see through you easily
APK insult? check [slashdot.org]
You can't handle that apk outsmarts you at every turn
APK insult? check [slashdot.org]
If you're trying to make apk look good you're doing a marvellous job.
APK insult? check [slashdot.org]
Yeah, there's noooooo way that's APK posing as someone else. Can't be that. An AC using all of APK's lame insults and backing him u
Re: (Score:2)
APK, you forgot to answer my question for a third time. Here it is again:
OK, you're saying that you post as AC so people can avoid you? Then here's a question: if you purposefully post using low karma so that your spam is easy to avoid, then why do you re-post your spam when someone mods it down?
Re: (Score:2)
No APK, not every AC poster is you. Just the ones who defend you using the same lame insults or grammar structure that you use. And especially the ones who cite my post history, as if there are people out there not connected to either you or I who decide to spend the time going through my post history, as if they have nothing better to do. What's more, you know that I'm right, because you're sitting there actually making those posts. You know that it can't be proven, and you know that I'm right. You al
Re: (Score:2, Flamebait)
OK, what's the "crazy, strident, screeching nut job" fallacy one?
Sorry, I've seen the posts, and you don't get to be taken seriously by being a ranting idiot who is only a half a degree of crazy away from the time cube guy. At that point you should just accept that nobody is ever going to decide to try your "product" or listen to what you say.
Crazy internet troll posting isn't a criteria for ever trusting the crap you keep claiming is awesome.
Re: (Score:2)
Wow, an "AC who is definitely not APK, posting about APK in the third person" posting a duplicate reply [slashdot.org] in the same comment thread? That's so unlike APK, APK never posts duplicate replies, this AC must definitely not be APK! APK is so clever!
Re: (Score:2)
Get your story straight APK, this week I'm the Adblock shill, not the advertiser. Next week I'll probably be the advertiser again, or maybe just a bad programmer. Whatever your mind decides to conjure up that week, really.
got root? (Score:3)
You can't install it as an APK on your Android device because only root can write to the hosts file, and by default, only an Android device's manufacturer (not its owner) is root.
Re: (Score:2)
I've been here for a long time, and active that whole time, and that doesn't really ring a bell to me. Probably seen it, but probably ignored it too. When was the last time I heard some neckbeard pining for hot grits? I don't know, I never paid much attention to that sort of idiocy. The idiocy itself sometimes rises to a level that feels like a bombardment, but it is generally a wide range of idiocy rather than a specific meme being the bomb.
When I think of slashdot and hosts files, I actually think of the
Re: (Score:2)
Who is responsible for that strobing set of web pages? Seriously, that's not cool.
Re: (Score:2)
Kinda silly to complain about the strobing when I put a warning right on the link.
It is by some famous artist, you'll have done well in life if you die half as famous as him. If it doesn't speak to you, well that is art. Nobody asked it to speak to you. Go and choose something else. Be strong, little newbie. You can do it. Find some kittens or something.
Re: (Score:3)
You should have put the warning before the link. His finger got cramp before he reached it.
Good luck ... (Score:4, Interesting)
You haven't been given the same tools on your mobile device as we have on desktops, because the ad revenue from mobile devices is what everybody most wants.
The OS, and every app largely exist to track you and serve you ads.
I'd be surprised if there was an easy mechanism, which worked on multiple devices, and didn't require a rooted device. Because this is precisely the kind of thing which isn't nearly as available as it should be.
Me, I'm betting the OS makers have pretty much decided no way in hell you're getting that kind of control, and if they gave it to you malicious apps would use it to take over where your device really goes.
Being able to control that is a two way street, and the potable devices don't surrender as much control.
Re:Good luck ... (Score:4, Informative)
Disable Google Play Services and obtain free apps through F-Droid instead of proprietary apps through Google Play Store. Better yet, if your phone is supported, install a third-party Android Open Source Project (AOSP) ROM such as CyanogenMod or Replicant. I can't guarantee it'll plug all leaks, but it should stop the big one.
Re:Good luck ... (Score:5, Insightful)
So, root it, built it from a kit, forego the apps you really wanted, and hope you can trust these 3rd parties.
While technically correct, people generally don't wish to build their phone from a kit and have to take that level of control. Because it's a pain in the ass.
I've pretty much decided I'll use Firefox with no javascript or cookies enbaled for most of my browsing, I'll uninstall any app which is just a wrapper around content I can get from the web or which can't run in airplane mode, I'll mostly leave my wifi off, and when I used the native Google apps I just go "la la la". But for most people, that's not going to be acceptable either.
Your solution? I'd probably just stop using the device altogether ... at a certain point in one's life, endlessly fiddling with technology ceases to be fun, and just becomes a chore.
Re: (Score:2)
There is a balance, but it isn't easy for most:
1: Start with a decent phone that has an unlockable bootloader. HTC devices come to mind, as well as Google Nexus offerings.
2: Install CyanogenMod, or a good base ROM with support. It doesn't hurt to donate some as well to said project. Gapps after that.
3: Install XPrivacy if possible. This does an excellent job at stopping nosy apps cold.
4: Install AFWall+. This is a last resort, but a solid defense at keeping apps that phone home from doing so.
5: En
Re: (Score:2)
I'll mostly leave my wifi off
Good practice, since (for example) a given grocery store can start correlating your media access address with your presence, even if they don't (initially) know your identity. Ditto anyone scanning for wifi pings on the highway.
So here's an elaboration on keeping wifi mostly off: I have an event managing app (in my case, Llama, there are others) that I've configured to shut off wifi every time I disconnect from any network. I manually re-enable whenever I get to my destination (e.g. home); for whatever
Re: (Score:2)
CyanogenMod and Microsoft are getting a little too close for comfort. http://www.androidcentral.com/... [androidcentral.com]
However, the last version I used (6 mo. ago) was very nice if you didn't want to tie your device to Google. At this point for security conscious people, Apple might be the least horrible solution. I've also started to be less critical of Microsoft lately.
Self Controlled VPN + DNS Forward with Hosts (Score:2)
I've gone the route of using VPN to my home network, and using a DNS Server with the Hosts file installed, effectively destroying many advertising links on my mobile devices. Unfortunately, it's not perfect, but I have ad-block in nearly ever application on my iDevice now.
It comes down to VPN settings and tuning effort (Score:5, Informative)
If you don't want to root your device and don't want to tunnel all your traffic to a VPN server (adds latency) , you can use one of the Android "NoRoot" firewalls that routes app traffic through a local VPN for inspection and filtering. This uses more CPU and battery, but all protection is done within your mobile device. It takes a lot of manual effort to build a policy that blocks undesirable traffic and still lets apps work.
You can tunnel your traffic to a commercial VPN provider, but now you are trusting them to maintain performance and not invade your privacy, and they won't have any visibility to the contents of traffic that is inside SSL/TLS encryption, for better or for worse (e.g. cannot inspect Android apps downloaded as APKs from SSL websites).
Better yet, you can root the device and add your own Certificate Authority and firewall settings. Now you can use your own VPN to ensure all traffic from all applications goes to a remote VPN headend for inspection/modification, even traffic the device thinks is encrypted with SSL. If you have many users going through the same VPN, you can do things with packets and headers to make it difficult for CDNs and ad networks to identify individual users who are all behind the same gateway.
If you have more time than money, you can build up a VPN headend with open source tools (e.g. Squid+SSLbump)., and write policy to block traffic that doesn't meet your security policy, and to log what your device tries to send. You can use header modification to strip out identifying information and cookies.
If you are a business or otherwise have more money than time, the expensive approach is to use a commercial firewall appliance that has a client VPN and URL filtering service (e.g. Checkpoint, Palo Alto, Juniper, F5, etc). You set up the VPN to send all your mobile device traffic through the firewall, and use firewall policy to decrypt SSL, inspect APKs, and block ads. This solution is very effective at blocking ads and undesirable network traffic, and can often detect or block malicious APKs and other attacks.
Xprivacy (Score:3)
1) Root your phone. If you don't have full control over your device, you have no chance.
2) Install Xposed Framework (http://repo.xposed.info/)
3) Install Xprivacy (http://repo.xposed.info/module/biz.bokhorst.xprivacy)
Xprivacy doesn't block your programs from sending whatever they want to send - if you try to do that, most programs will crash. Instead, it feeds your programs completely false information. Boom, you win.
Re: (Score:2)
Does Xposed stuff work on Android 5/Lollipop? At least when I upgraded from 4.4 to 5.1, most of the Xposed plugins that I had stopped working.
Easy.... (Score:2)
Two things...
1. VPN your network connection.
2. Don't put anything on your device you wouldn't want to publish on line.
Apart from that, who cares? IF you do, you are either worried about stuff you shouldn't for health reasons, or stupid to put information into that portable computer you call a Smartphone/Tablet..
Double-ziplock bags (Score:2)
I prevent leakage by using those little plastic bags with the two rows of ziplock. Especially the ones with the yellow and blue making green (even though it’s actually magenta and cyan that make green).
Here's how to do it (Score:5, Informative)
Here's my old comment verbatim:
First of all there are immortal cookies (infinite cache entries created specifically for your unique PC). Secondly, there's a unique combination of your web browser + OS + fonts + plug ins: https://panopticlick.eff.org/ [eff.org] Thirdly, there are unique patterns in your behaviour (websites that you visit and how frequently you do that) and other wonderful metrics to trace you.
If you want to avoid being traced and tracked there's just one way:
This is actually a recipe for browsing the web anonymously however this is the reality of the modern web - not to be traced means to be anonymous as much as possible.
All other ways are only half measures. Or, like people have suggested, you may stop using the Internet completely. It should have long been renamed to a "Trackingnetwork".
Read how Black Hats Work (Score:2)
If you really want to start limiting info gathering, I would suggest a 2nd phone for digital work.
Your first phone might just be analog voice only, or at least you don't do digital on it.
Move the digital phone from ATT to Verizon every month back and forth with a new SIM card and disposable email addresses & new phone numbers if you really want to limit access.
Connecting through your lapto through a cell phone hotspot connection isolates it from WIFI snooping.
Brave might suffice your browsing privacy needs. (Score:3, Interesting)
Brave [brave.com] beta is just out. A project from the former CEO of Mozilla.
AFAICT out of the box one of the safest and most private browsers around.
Definitely a leg up from the usual suspects.
Re: (Score:2, Informative)
The last I read, Brave will inject it's own ads. No thanks.
Firewall (Score:2)
Personally trying to set up a Ubiquity EdgeRouter to do the same. In my case, there are just a few devices I don't want to have any external access, so I will have a dedicated SSID for them and provide local network access but no routing. Other things I will have to manually switch a network port for a device to give access to the Internet.
Haven't hit the point yet where I feel a need to do a transparent proxy; my goal is mainly to strip "cloud" functionality off devices that I don't want to have it.
Try to
Fox Mulder (Score:2)
Trust no one.
Re: (Score:2)
Otterbox! (Score:2)
For Computers (Score:2)
For Computers - OS X and Little Snitch https://www.obdev.at/products/... [obdev.at]
A bit costly but it does the job you want.
Also, OS X being a UNIX machine, you can use your hosts file.
You'd be surprised how much you lose (Score:2)
About 18 years ago, well before our current models of internet, social media and data collection were even born I had an interesting experience.
I applied for a high end insurance package with a lot of umbrella/liability protection that came at a very low cost. The cost was low because as my insurance agent put it "They're going to crawl up your with a microscope the size of a small country". Since I've held top secret and nuclear q clearances, this didn't really bother me.
About 3 weeks later I get a call
Turn it off, select devices with care (Score:2)
Buy a camera thats a camera and not a networked database device with a good lens. Select the images you like and upload them later or from an OS.
Sort the images on a computer and select only the images you want to share. Understand that any free cloud, hosting, advertizing network or OS uploads will have all images examined for facial recognition, for images of interest of th
To stop personal data leakage (Score:2)
Re: (Score:2)
To where?
Re: (Score:2)
BB10!
My thoughts exactly (Score:2)
Windows will never really be safe, you have no idea what the heck MS is up to today, and what the next service pack will do. Just install FC23 or whatever and be done with it.
Re: (Score:2)
Re: (Score:2)
Maybe not, but we KNOW that MS is actively gathering information. I don't doubt that if you are an expert enough Windows guru there are policies and documentation somewhere to allow you to root it all out and make it behave as you want, but I can install FC23 and OOTB I'm pretty much certain its not doing something untoward. Nor will it be filled with crapware that some OEM added which totally defeats all security (MAJOR problem IME).
Just saying "nobody is ever safe" is pretty silly though. There's a reason
Re: (Score:3)
Just install FC23 or whatever and be done with it.
That's fine if you either A. own hardware compatible with Fedora (or whatever X11/Linux distribution for PCs) or B. were planning on replacing your PC anyway. Desktop compatibility is pretty good, I'm told, but laptop compatibility is not guaranteed unless it's from an explicitly Linux-friendly manufacturer such as System76.
Re: (Score:2)
laptop compatibility is not guaranteed unless it's from an explicitly Linux-friendly manufacturer such as System76.
That it a bit pessimistic. A quick google will tell you what issues, if any, others have had installing Linux on your hardware. I find that most works well.
Re: (Score:2)
Not Really (Score:2)
I've been running Linux since kernel 0.99a (the first one that had networking that really 'just worked'). I can count the number of times an x86-based piece of hardware that I could ATTEMPT to boot an install medium on failed to actually install without some sort of effort (and in EVERY case I got the machine working by searching around online for a bit and adding a kernel boot param). This includes many different laptops. I think there've been a very few cases where some ancillary piece of hardware on a la
Re: (Score:2)
but you'd have to try pretty hard to end up with a laptop that can't run Linux out of the box.
Laptops whose keyboard is detachable (e.g. ASUS Transformer Book T100TA) and compact traditional laptops with the same chipset (e.g. ASUS EeeBook X205TA) have been troublesome, with keyboard, touch, Wi-Fi, audio, and suspend not working out of the box for quite a while. And that's disappointing, as the same company's compact laptops used to be poster children for X11/Linux support.
Re: (Score:3)
you've been to my house, clearly. Please turn off the light next time, hm?
Re: (Score:2)
But then they'll claim they couldn't reach me, and bulldoze my house!
Re: (Score:2)
Hahahahaah!
wait, you're serious? Allow me to continue,
HAHAHAHHAHAHAHHAAHHAH
Half baked mobile OS that was what, three years late to the party? No.
Besides, then you're just leaking data to Canonical.
Even simplerer (Score:2)
Don't buy any devices.
Re: (Score:2)
or you could just ask your friendly neighbourhood homeless person to buy you a prepaid sim card in his name for a big mac meal.
he wants a list (Score:2)
he seems to know already you need to block at the router.
what he is looking for is a simple list. amazingly nobody has posted one.
one problem is that you need to keep updating the list, because microsoft keeps adding new to the list.