--
[INSERT .SIG HERE]
At present, I'm using Firefox 3.0, TorButton extension, Tork and tor for my
private browsing and it works very well, much better than any of the so
called "private browsing" in Safari, Chrome and IE8.
Does Firefox 3.5 private browsing changes the proxy settings to use Tor? If
not, then I will keep using TorButton.
Regards.
It does not change proxy settings... not its purpose.
--
[INSERT .SIG HERE]
If the name is any indication, its purpose is to provide browsing privacy to
the user. The current "private browsing" feature in all browsers gives
little privacy, if any.
Most people do not understand the limitations of the so called "private
browsing" and may be operating under the wrong assumption that their
activities are private. This miss understanding can be damaging to the
user.
Regards.
Thanks for that, but you're right. I think it gives people a false sense
of security, especially users who might not know much about computers
and see a big "privacy" button and assume that means they're safe.
If you want privacy on the internet, configure your computer to use Tor.
It's as simple as that. (well, not so simple for some users, but you
know...)
Tor in itself allows the user to achieve anonymity and privacy but does not
guarantee it. The user is required to make appropriate use of the computer
and the internet to get its protection.
Examples of requirements include the use of HTTPS while entering
username/passwords, not going around publicizing her(is) identity and
keeping her(is) computer safe from malware.
Regards.
I know, at the end of the day, people should be fully aware of the
environment online and what they need to do to protect themselves.
People don't find it unreasonable to be reminded that they should shield
their PIN number at an ATM.
> Snit wrote:
>> Lusotec wrote:
>>> Snit wrote:
>>>> Just curious - what do people think of the feature?
>>>
>>> At present, I'm using Firefox 3.0, TorButton extension, Tork and tor for
>>> my private browsing and it works very well, much better than any of the
>>> so called "private browsing" in Safari, Chrome and IE8.
>>>
>>> Does Firefox 3.5 private browsing changes the proxy settings to use Tor?
>>> If not, then I will keep using TorButton.
>>
>> It does not change proxy settings... not its purpose.
>
> If the name is any indication, its purpose is to provide browsing privacy to
> the user. The current "private browsing" feature in all browsers gives
> little privacy, if any.
It is quite clear.
While this computer won't have a record of your browsing
history, your internet service provider or employer can still
track the pages you visit.
> Most people do not understand the limitations of the so called "private
> browsing" and may be operating under the wrong assumption that their
> activities are private. This miss understanding can be damaging to the
> user.
>
> Regards.
>
--
[INSERT .SIG HERE]
While this computer won't have a record of your browsing
history, your internet service provider or employer can still
track the pages you visit.
--
[INSERT .SIG HERE]
In the UK there's currently a big debate about whether the government
should be able to force ISPs to do that or not. Most privacy
organisations are trying to prevent it from happening, but Labour are in
power at the moment so who knows.
It's not true that all ISPs in all jurisdictions hold these logs, however.
Configuring you computers for Tor is not sufficient to give you privacy.
--
--Tim Smith
Not from your ISP, no. That's why privacy-critical communications should
also be encrypted.
Either way, Privacy Mode is meant to help you surf for a diamond ring for
your wife and leave no traces she is likely to find - it is not meant to
help you avoid all traces law enforcement or employers can trace.
--
[INSERT .SIG HERE]
Heck, it does not even help with the things Privacy Mode helps with. Tor
does not prevent cookies nor history from showing up. Ben is way off the
mark here.
--
[INSERT .SIG HERE]
Even then, though, Tor and encryption does not prevent your history from
being written to. Privacy Mode does. They are not for the same things.
--
[INSERT .SIG HERE]
Yes, it is quite clear, but I would bet that most people will not understand
how little privacy that actually provides. I still think that "Private
Browsing" (or "Incognito") are misleading names.
I repeat the next paragraph.
Tor (or something similar) is *not* sufficient for privacy but is a
requirement.
Remarks
> Snit wrote:
>> Lusotec wrote:
>>> If the name is any indication, its purpose is to provide browsing privacy
>>> to the user. The current "private browsing" feature in all browsers gives
>>> little privacy, if any.
>>
>> It is quite clear.
>>
>> While this computer won't have a record of your browsing
>> history, your internet service provider or employer can still
>> track the pages you visit.
>
> Yes, it is quite clear, but I would bet that most people will not understand
> how little privacy that actually provides. I still think that "Private
> Browsing" (or "Incognito") are misleading names.
What would you suggest?
>
> I repeat the next paragraph.
>
> Most people do not understand the limitations of the so called "private
> browsing" and may be operating under the wrong assumption that their
> activities are private. This miss understanding can be damaging to the user.
>
> Regards.
One can not guarantee 100% privacy... so browsers should not have the
feature at all? What do you suggest?
--
[INSERT .SIG HERE]
For that use Tor's companion for Firefox, TorButton extension.
Regards.
The moral of the story is, don't bother with anniversary presents,
they're too much hassle.
At least on linux the browser doesnt write where you do to the alternate
data stream like windows does....
--
*****************************************************************************
From the desk of:
Jerome D. McBride
18:13:09 up 61 days, 23:44, 3 users, load average: 3.29, 2.67, 2.64
*****************************************************************************
I think that's the point of my whole line of argument...
Errr... I was discussing privacy in the sense of the communications
themselves, not cookies and your history folder. (seriously, you'd have
to be an idiot to not know how to clear those anyway, then only a hacker
is going to be able to find the deleted files on your hard disk).
An explanation of what it does (and what it doesn't do) on the software
itself before you use it, perhaps?
Still insufficient.
What I think some of you are overlooking is that there are two kinds of
privacy concerns. First, people seeing your traffic on the internet, so
they can spy on your communications or see what sites you are visiting.
Second, people seeing history and caches on your computers.
For most people, the former is not a concern. The people with the
necessary access to spy on your browsing at your ISP don't give a damn
that you like, say Malaysian transexual porn. However, your wife or
parents whom you share a computer with might not be pleased with your
porn tastes.
Private browsing modes in Firefox and Safari are meant to address the
latter concern, not the former. They stop the browser from saving
anything related to your browsing so that other users who share the
computer, even those who share your account on the computer, won't find
your history if they snoop.
--
--Tim Smith
I'd rather have both. And I actually think that today, where more and
more people are throwing a hissy fit over the government taking more and
more liberties to monitor what citizens do online, they'd agree with
that. That's what I'm trying to say; computer users should be aware of
both and should have the tools necessary to do both available to them,
without the ability to do one clouding the ability to do the other, as
terming something like this as "privacy mode" in a browser can do.
>>> In the UK there's currently a big debate about whether the government
>>> should be able to force ISPs to do that or not. Most privacy
>>> organisations are trying to prevent it from happening, but Labour are in
>>> power at the moment so who knows.
>>>
>>> It's not true that all ISPs in all jurisdictions hold these logs, however.
>>
>> Either way, Privacy Mode is meant to help you surf for a diamond ring for
>> your wife and leave no traces she is likely to find - it is not meant to
>> help you avoid all traces law enforcement or employers can trace.
>>
>>
>
> The moral of the story is, don't bother with anniversary presents,
> they're too much hassle.
LOL! Yeah, that is exactly what I meant.
--
[INSERT .SIG HERE]
So what do you think of the Privacy Mode... before I thought you tried to
compare it to Tor.
--
[INSERT .SIG HERE]
> Snit wrote:
I asked about Privacy Mode and you did move the topic to the type things Tor
does... now you talk about Privacy Mode and talk about how people would have
to be stupid to need it. Why do you think Firefox has it added then?
--
[INSERT .SIG HERE]
> Snit wrote:
As I noted, as soon as you invoke it you are told what it does. And what it
does not do.
--
[INSERT .SIG HERE]
I think it's a good idea as long as an everyman knows what it does and
doesn't equate it to other types of privacy. My problem is with the naming.
Fair enough - what would you suggest for the name?
--
[INSERT .SIG HERE]
Since what that mode does in not keep any records of browsing activity,
something like "No Records Browsing" or "Off-The-Record Browsing" is more
appropriate.
>> Most people do not understand the limitations of the so called "private
>> browsing" and may be operating under the wrong assumption that their
>> activities are private. This miss understanding can be damaging to the
>> user.
>
> One can not guarantee 100% privacy... so browsers should not have the
> feature at all? What do you suggest?
There is a big difference between providing 5% privacy (only "Private
Browsing") and providing 95% privacy ("Private Browsing" with Tor's help).
Calling the first case "Private" is wishful thinking.
[The numbers are obviously made up.]
Regards.
> Snit wrote:
>> Lusotec wrote:
>>> Yes, it is quite clear, but I would bet that most people will not
>>> understand how little privacy that actually provides. I still think that
>>> "Private Browsing" (or "Incognito") are misleading names.
>>
>> What would you suggest?
>
> Since what that mode does in not keep any records of browsing activity,
> something like "No Records Browsing" or "Off-The-Record Browsing" is more
> appropriate.
I could see "off-the-record browsing"... tough there still may be records
kept, just not on your computer. Does not really help.
>>> Most people do not understand the limitations of the so called "private
>>> browsing" and may be operating under the wrong assumption that their
>>> activities are private. This miss understanding can be damaging to the
>>> user.
>>
>> One can not guarantee 100% privacy... so browsers should not have the
>> feature at all? What do you suggest?
>
> There is a big difference between providing 5% privacy (only "Private
> Browsing") and providing 95% privacy ("Private Browsing" with Tor's help).
> Calling the first case "Private" is wishful thinking.
>
> [The numbers are obviously made up.]
>
> Regards.
I think expecting the browsers to have Tor built in just to have the feature
they have is silly... not sure if that is what you want though.
--
[INSERT .SIG HERE]
Local privacy, maybe?
Encryption, Tor, etc. could be named network privacy, or something similar.
But just calling it "priacy mode" is a bit misleading.
Perhaps... but I doubt Firefox could get Tor to change its name.
--
[INSERT .SIG HERE]
I don't necessarily mean the name of any specific network privacy
implementation, but the group of plugins etc. which provide network
privacy (over local privacy), or even the Firefox proxy configurations,
could be labelled under the bracket of "network privacy" (and I know the
normal proxy settings can be used to configure for transparent proxies
too, so that could be a little misleading as well).
Blah! There's no winning here.
>>> If the name is any indication, its purpose is to provide browsing privacy
>>> to the user. The current "private browsing" feature in all browsers gives
>>> little privacy, if any.
>>
>> It is quite clear.
>>
>> While this computer won't have a record of your browsing
>> history, your internet service provider or employer can still
>> track the pages you visit.
Unless you use an encrypted VPN or ssh tunnel. Even then, the VPN/ssh
server operator will be able to "spy" on you (even if multiplexing makes
this difficult), if he wants to. So the question is not "who do you
trust" so much as "who do you trust *more*". Given that these offshore
VPN operators have nothing to gain by logging the private activity of
some Western citizen, I'd trust them more than I'd trust ISPs - most of
whom seem to be acting on behalf of right-wing extremists with an
anti-Freedom agenda (e.g. ACTA) in the false name of "terrorism",
"paedophilia" and "national security".
As for this "private browsing" feature - it's next to useless. The only
half-way reliable method of attempting to leave zero trace of one's
activity on the system (so it's not easily recoverable with forensics)
is to run an immutable system, never hibernate or suspend, and ensure
that RAM is completely purged with a DoD 5220.22-M grade (or greater)
wipe before shutdown (or totally electrostatically discharged). Even
then, there are still risks during operation, such as hacking, trojans,
keyloggers, or low-tech attacks such as TEMPEST.
> Yes, it is quite clear, but I would bet that most people will not understand
> how little privacy that actually provides. I still think that "Private
> Browsing" (or "Incognito") are misleading names.
>
> I repeat the next paragraph.
>
> Most people do not understand the limitations of the so called "private
> browsing" and may be operating under the wrong assumption that their
> activities are private. This miss understanding can be damaging to the user.
Yes, any security measure which claims to be foolproof, is only proof
that those who make such claims are fools. At best, it's misleading, and
as such, dangerous, since it leads towards the greatest security threat
of all - apathy.
--
K.
http://slated.org
.----
| "The shepherd drives the wolf from the sheep's throat, for which
| the sheep thanks the shepherd as his liberator, while the wolf
| denounces him for the same act, as the destroyer of liberty.
| Plainly the sheep and the wolf are not agreed upon a definition of
| the word liberty; and precisely the same difference prevails today
| among human creatures." ~ Abraham Lincoln
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.26.8-57.fc8
19:39:29 up 38 days, 23:37, 5 users, load average: 0.00, 0.05, 0.01
> At least on linux the browser doesnt write where you do to the
> alternate data stream like windows does....
And GNU/Linux systems can be made either partially or fully immutable,
unlike Window, thus mostly negating the threat of forensic recovery anyway.
--
K.
http://slated.org
.----
| "The shepherd drives the wolf from the sheep's throat, for which
| the sheep thanks the shepherd as his liberator, while the wolf
| denounces him for the same act, as the destroyer of liberty.
| Plainly the sheep and the wolf are not agreed upon a definition of
| the word liberty; and precisely the same difference prevails today
| among human creatures." ~ Abraham Lincoln
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.26.8-57.fc8
19:43:00 up 38 days, 23:41, 5 users, load average: 0.03, 0.08, 0.03
The idea of the feature is so your wife will not see you were searching for
a diamond ring for her. It does that quite well.
--
[INSERT .SIG HERE]
> The idea of the feature is so your wife will not see you were searching for
> a diamond ring for her. It does that quite well.
If she's married to [Homer], she deserves at least 2 carets and
a platinum setting.
She deserves it.
Whatever [Homer] can "fish" out of a box of Cracker Jack doesn't
count.
For strong anonymity something like Tor (chained encrypting proxies) is
needed. I would never trust any one proxy not under my control.
> So the question is not "who do you
> trust" so much as "who do you trust *more*". Given that these offshore
> VPN operators have nothing to gain by logging the private activity of
> some Western citizen, I'd trust them more than I'd trust ISPs - most of
> whom seem to be acting on behalf of right-wing extremists with an
> anti-Freedom agenda (e.g. ACTA) in the false name of "terrorism",
> "paedophilia" and "national security".
The enormous surveillance potential of current (and future) technologies is
an enormous temptation for politicians, police and too many citizens who
think their security can be improved if there are cameras everywhere and
all communication are monitored. The problem is that such power can easily
corrupt and what starts with (lets say) good intentions quickly
degenerates.
Will democracy survive in a surveillance state? I fear not.
> As for this "private browsing" feature - it's next to useless. The only
> half-way reliable method of attempting to leave zero trace of one's
> activity on the system (so it's not easily recoverable with forensics)
> is to run an immutable system, never hibernate or suspend, and ensure
> that RAM is completely purged with a DoD 5220.22-M grade (or greater)
> wipe before shutdown (or totally electrostatically discharged). Even
> then, there are still risks during operation, such as hacking, trojans,
> keyloggers, or low-tech attacks such as TEMPEST.
Don't worry too about RAM. If someone can put their hands on your system's
RAM then they most likely will install some software and/or hardware on
your system and spy on *everything* you have and do on your system.
Regards.
> The enormous surveillance potential of current (and future)
> technologies is an enormous temptation for politicians, police and
> too many citizens who think their security can be improved if there
> are cameras everywhere and all communication are monitored. The
> problem is that such power can easily corrupt and what starts with
> (lets say) good intentions quickly degenerates.
Even before corruption takes hold, there's also the hypocrisy of
chanting to the populace "if you've done nothing wrong then there's
nothing to hide", whilst conducting underground talks designed to
destroy our liberties. If that chant actually has any merit, then let's
have these "talks" out in the open, let's make all business dealings
transparent (Memoranda of Understanding), let's mandate that all
business contracts be a matter of public record, and let's expose the
/real/ source of support and funding for these lobbying groups and
so-called grass-roots organisations. After all, if /they've/ done
nothing wrong then what have /they/ got to hide?
Hypocrites.
Everyone has /something/ to "hide". Well apart from the basic tenets of
human dignity, privacy, and the sanctuary of one's personal space, every
one of us has his own personal agenda which conflicts with each other's
to some extent. However, and please excuse my dreaded "black and white"
mentality, but it seems clear to me that some agendas are more virtuous
than others. One person who may, or may not, be scheming a sinister plot
is one thing, but a global corporation - or even a cartel of global
corporations - scheming sinister plots, is quite another. Where there is
the greatest /threat/, there should be the greatest transparency. With
power comes responsibility, and I believe part of that responsibility
should be full public accountability. What Joe Blogs gets up to in
private is irrelevant. Let the police deal with that /if/ they have due
cause to suspect an /actual/ crime, but let's not turn society into a
police state just because the powers that be don't know what we're up
to. That's not politics, it paranoia, with devastating consequences.
Corporations on the other hand...
Believe it or not, incorporating a company gives /it/ many of the same
rights and privileges as a person. Yes really. Watch this, and prepare
to be absolutely sickened:
This is the problem. Incorporated companies should /never/ have been
afforded the same rights as humans. It's profoundly cynical at best, and
at worst it's the cause of nearly all corruption in business today.
So whereas I believe that /people's/ privacy needs to be protected, for
many justifiable reasons, /corporation's/ should be afforded no such
privilege, since they are patently /not/ people.
But this is exactly the /opposite/ of what's happening. Our rights, and
in particular our privacy, is being eroded at an accelerated rate,
primarily at the behest of those same corporations who are being
afforded greater powers of secrecy.
> Will democracy survive in a surveillance state? I fear not.
Democracy is long dead, assuming we ever really attained that hallowed
state to begin with.
Eventually the far-right will push society to breaking point, and the
results will be all too predictable. We don't need to guess what will
happen, just take a look around, and see what happens in other
repressive regimes. First there'll be a far-left backlash, then after
several decades of political instability and bloodshed, we'll slowly
re-establish democracy. Wash, rinse, repeat. Like a metronome, the
politics of society swings from left to right over time, until a
competent player stops it, rests it in the middle for a while, and makes
glorious music. Pity it never lasts.
>> ensure that RAM is completely purged
[...]
> Don't worry too about RAM. If someone can put their hands on your
> system's RAM then they most likely will install some software and/or
> hardware on your system and spy on *everything* you have and do on
> your system.
Well I take it as read that once a machine has fallen into another's
hands then it's little better than an expensive paperweight, can no long
be trusted, and thus should no longer be used for secure activities. The
important point is to ensure the compromiser doesn't get anything useful
the /first/ (and only) time around.
--
K.
http://slated.org
.----
| "The shepherd drives the wolf from the sheep's throat, for which
| the sheep thanks the shepherd as his liberator, while the wolf
| denounces him for the same act, as the destroyer of liberty.
| Plainly the sheep and the wolf are not agreed upon a definition of
| the word liberty; and precisely the same difference prevails today
| among human creatures." ~ Abraham Lincoln
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.26.8-57.fc8
19:51:25 up 39 days, 23:49, 4 users, load average: 0.05, 0.06, 0.06
> Even before corruption takes hold, there's also the hypocrisy of
> chanting to the populace "if you've done nothing wrong then there's
> nothing to hide", whilst conducting underground talks designed to
> destroy our liberties.
Get the net...........
He's loose again.
That is indeed a dangerous fallacy. Privacy is the most important defence
against oppressive governments, either dictatorial or pseudo-democratic.
Before attacking privacy, democratic governments should remember that a
democracies have turned in to dictatorships by the vote, the reverse is not
true.
(will not comment of the rest because is too much off-topic)
>> Will democracy survive in a surveillance state? I fear not.
>
> Democracy is long dead, assuming we ever really attained that hallowed
> state to begin with. (...)
Not true! Democracy is still alive in many places. It isn't perfect but it
never was.
>> Don't worry too about RAM. If someone can put their hands on your
>> system's RAM then they most likely will install some software and/or
>> hardware on your system and spy on *everything* you have and do on
>> your system.
>
> Well I take it as read that once a machine has fallen into another's
> hands then it's little better than an expensive paperweight, can no long
> be trusted, and thus should no longer be used for secure activities. The
> important point is to ensure the compromiser doesn't get anything useful
> the /first/ (and only) time around.
What most worries me is not the fading bits that may still be in RAM a few
minutes after power off but any hardware of software changes that could be
made to the system (e.g. a transmitter on my keyboard cable) that could go
unnoticed and, after, I would happily be transmitting EVERYTHING I type,
including the passwords to my encrypted disks.
Regards.
>What most worries me is not the fading bits that may still be in RAM a few
>minutes after power off but any hardware of software changes that could be
>made to the system (e.g. a transmitter on my keyboard cable) that could go
>unnoticed and, after, I would happily be transmitting EVERYTHING I type,
>including the passwords to my encrypted disks.
I think that most of us just want to prevent the wife/kids from
stumbling-upon our collection of "naturalists". 8)
Either that or giving lots of diamond rings to our better halves. LOL
Regards.