On Fri, 27 Dec 2019 10:42:31 +0100, J.O. Aho wrote:
>> o Browser proxy (Epic, Opera, TBB, Aloha, & Brave proxy/tor browsers)
>
> There is always the risk of your data will be used for tracking you or
> profiling you, never trust a free service.
Hi J.O. Aho,
I realize instantly that you're trying to be helpful, which I appreciate,
but it's too easy on Usenet to say why something "can't work" where the
point of this thread is simply to come up with "ideas" via keywords, that
can be made to work.
For example, you can make proxies work simply by adding a VPN (for example)
to the front end of the proxy, where my intent of this thread wasn't to
discuss what "will work", but what "can work".
Nonetheless, we all know the flaws of _every_ keyworded topic I listed, all
of which we can ameliorate to some extent (which isn't the point of this
thread, since the ameliortion discussion can go on, easily, forever).
As an example of amelioration of your objection, it's easy to "add another
proxy" to the existing proxy, where, of course, there's always a "first
proxy", which even itself can be ameliorated by using someone elses' WiFi
connection (for example).
Since I like to make my threads "actionable" (i.e., real, & not bullshit)
as a _simple_ example, you can do this quite easily by way of amelioration:
a. Sit away from Starbuck's cameras with a WiFi enabled iPad on your lap
b. Start any public VPN service on that iPad, so now you're "on VPN".
e.g., <
https://apps.apple.com/us/app/hide-me-vpn/id953040671>
c. Start any "proxy browser" on that iPad, so now you're on a proxy.
e.g., <
https://alohabrowser.com/>
etc.
Sure, there is browser fingerprinting, and dns leaks, and hidden cameras
galore, along with government-sponsored license-plate readers and FBI
Cessnas flying overhead capturing your IMEI that can nab you as you travel
to the Starbucks or sit at home alone... but we have to keep in mind the
basic "threat model" in the situation above, where I was advising a group
of college-age boys on how to better be "private" while on the university
computer system.
Likewise, for example, torrenting amelioration steps could be:
a. Obtain a magnet URL via vpn/proxy/tor & sit on it for increased latency
b. Utilize a killswitch when the torrent begins & set the seed to 2.0
c. Ensure a reliable public VPN service to keep the DCMA notification away
etc.
In summary, we all already know of all these reasons why you "can't have
privacy" on the Internet - but - for a group of college aged kids - there
is still merit in giving them a select set of about a dozen to a score of
privacy/security based "keywords", that they can look up.
Hence, the question here is simply one of privacy-based keywords...
*What other keywords would point to basic privacy/security concepts?*
>> o Password privacy (keepass & mobile phone equivalents)
>> o Data privacy (veracrypt & mobile phone equivalents)
>
> Always avoid applications that lets you store your data online, as you
> never know if they will have the key to decrypt your data (stored or in
> transit)
Again, for _every_ topic above, there are reasons why someone will say it
"can't work"; when the truth of the matter is that you "can make it work"
by putting in place amelioration steps.
For example, I already told these boys to try as much as possible when
they're at the university to only use their USB cable, where you'll note
that the password solution of using "keypass" works on their desktop
(there's never a need to put a password database on the Internet or even on
the university LAN).
In addition, the same USB-cable amelioration applies to their truecrypt
database, and to their calendar ics file, where I showed them my Android
phone doesn't even have a Google Account, where I can easily maintain my
calendar & passwords & encrypted data over a USB cable from PC to phone.
But the point of this thread is NOT why you "can't have privacy", but why
you "can have privacy", if you know a few keywords to look up for details.
*What other keywords would point to basic privacy/security concepts?*
>> o WiFi (wireshark, tcpdump, _nomap, _optout)
>
> Avoid wifi, it's insecure and slow compared to a cable.
I told the freshman boys to keep their passwords, calendars, and truecrypt
databases only on their computers & phones (merging via USB cable).
Nonetheless, Wi-Fi is a reality, where I showed them, for example, how to
torrent a bit more safely by simply taking amelioration steps into account.
For example, WiFi amelioration steps could be:
a. Be aware of butterfly hash tables by using unique SSID & passphrases
b. Be aware of Wi-Fi Sense (e.g., _optout) & SSID naming (e.g., _nomap)
c. Be aware of WiGle & Google SSID databases (i.e., SSIDs are geolocated)
etc.
NOTE: Even Android tells people nowadays (at least Android 9 does on my new
$100 Moto G7 for example) that your SSID/BSSID _is_ your geolocation (in
essence) given there are WiGle WiFi wardriving databases which list your
geolocation and that there are freely available Google databases too.
o WiGle SSID/BSSID geolocator <
https://wigle.net/>
o Google SSID/BSSID geolocator <
https://www.mylnikov.org/archives/1170>
o *Any other sites do people know of that geolocate your BSSID/SSID?*
>> o Domain blocking (
http://winhelp2002.mvps.org & acrylic DNS)
>
> I would recommend pihole with dnsproxy, also router iptables to redirect
> all outgoing traffic over port 53 to the pihole.
Ah, _this_ suggestion is in keeping with the spirit of this thread!
Thank you for adding those "domain blocking" keywords, where I'm wholly
unfamiliar with the keyword "pihole" for example (which I've added to the
list above based on your helpful suggestion).
Googling, it seems all three go together (piholes, iptables, firewalls)
<
https://docs.pi-hole.net/guides/vpn/firewall/>
My goal, much later, for each keyword, is to have a canonical site, e.g.,
o DNSCRYPT <
https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0>
o IPTABLES <
https://www.leaseweb.com/labs/2013/12/setup-linux-gateway-using-iptables/>
o FIREWALL <
https://opensourceforu.com/2015/04/iptables-the-default-linux-firewall/>
o SSID/BSSID <
https://www.maketecheasier.com/google-know-where-wifi-router/>
etc.
Hence, I repeat the question, in that tack, where I ask for more keywords!
o WiFi setup (e.g., WPA2/PSK butterfly hash tables, & wifi sense _optout)
o Wardriving amelioration (e.g., hidden broadcast, _nomap, & BSSID cloning)
o Network firewalls (e.g., router iptables firewalls, wireshark, & tcpdump)
o Privacy smtp/imap servers (e.g., mailinator, & protonmail)
o Browser fingerprinting (e.g.,
panopticlick.eff.org)
o Browser proxies (e.g., Epic, Opera, TBB, Aloha, & Brave web browsers)
o IP address privacy (e.g., VPNs, web proxy servers, & cmd-line killswitches)
o IP address checks (e.g., curl
icanhazip.com, &
whatismyipaddress.com)
o Password privacy (e.g., keepass & mobile device equivalents)
o Data privacy (e.g., truecrypt/veracrypt & mobile device equivalents)
o Domain blocking (e.g., HOSTS, pihole, router iptables, MVPhosts & acrylic DNS)
o DNS leaks & encryption (e.g., dnscrypt, dnsproxy, &
dnsleaktest.com)
o Privacy-based OS's (e.g., tails, & copperOS)
o ???
*What other keywords would point to basic privacy/security concepts?*
--
Usenet is a wonderful public potluck where ideas can be fleshed out better.