[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology

[Advertise on 4chan]


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


File: psg.png (870 KB, 1280x720)
870 KB
870 KB PNG
Technical Information for Privacy & Security #46

>Resources
https://www.privacytools.io
https://www.eff.org
https://haveibeenpwned.com
https://stallman.org/facebook.html
https://madaidans-insecurities.github.io
https://sizeof.cat/links
https://ryf.fsf.org/products
https://www.youtube.com/techlore
https://www.youtube.com/TheHatedOne

>Browser tests
https://browserleaks.com
https://ipleak.net
https://d3ward.github.io/toolz/adblock.html

>Advanced content blocking
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode

>Privacy oriented DNS
https://nextdns.io
https://www.quad9.net
https://adguard.com/en/adguard-dns/overview.html

>Recommended browsers
Chromium based:
Brave, Bromite, Ungoogled Chromium
Firefox based:
Firefox (w/user.js), IceCat, LibreWolf

>Recommended search engines
Brave Search, DuckDuckGo, Searx, Startpage

>Privacy oriented email
CTemplar, Disroot, mailbox.org, ProtonMail, StartMail, Tutanota
Cock.li, RiseUp (invite only)

>YouTube front end
https://redirect.invidious.io
https://newpipe.net
https://freetubeapp.io
https://github.com/TeamPiped/Piped

>Beginner-friendly distros
Linux Mint
Manjaro
K/L/Xubuntu

>Additional resources
https://www.torproject.org/download
https://chromium.woolyss.com
https://ffprofile.com
https://pastebin.com/eQUZTzYC
https://eldritchdata.neocities.org
https://vez.mrsk.me/linux-hardening.html

>"Facebook is not your friend, it is a surveillance engine."
--Richard Stallman

>"The NSA has built an infrastructure that allows it to intercept almost everything."
--Edward Snowden

>>85142903
>>
>>85201580
That woman looks familiar
>>
>>85201715
She looks like my dad during "family wig fun day"
>>
>>85201715
https://www.youtube.com/watch?v=w1pK5MRd5TM
Is this it?
>>
File: 5831.jpg (92 KB, 867x592)
92 KB
92 KB JPG
>>85201730
Yep, her.
>>
File: 1624602524691.jpg (101 KB, 612x1023)
101 KB
101 KB JPG
>>85201748
Late Nixie is cringe tho, pre-Facebook Nixie was cute
>>
>>85201580
shit general, shit thread.
>t. glowie
>>
File: 0142.jpg (96 KB, 546x800)
96 KB
96 KB JPG
>>85201769
Yep. True, true. Far more socially awkward.
>>
>>85201730
Yeah I fucked her actually
>>
What do I do to secure >windows?
>>
>>85201580
>https://madaidans-insecurities.github.io
>https://sizeof.cat/links
>https://ryf.fsf.org/products
Thank you for these
>>
>>85202563
Have a look at https://sizeof.cat/links/
Ctrl+f "Windows"
>>
>>85202605
good stuff
>>
>>85202700
I was looking for stuff like simplewall, etc. Nothing similar seems to be there.
>>
>>85203011
https://pixelprivacy.com/resources/windows-privacy-settings/

https://github.com/bitlog2/DisableWinTracking
>>
>>85202563
uninstall it
>>
File: VPN-Protect-you.jpg (33 KB, 640x428)
33 KB
33 KB JPG
>>85201580
I've heard VPNs aren't secure and don't do anything, but can somebody provide some evidence to this?
>>
>>85203808
https://madaidans-insecurities.github.io/vpns.html
>>
>>85203827
What about running a VPN server at home? Also, that was really simple and well written for the average person, thanks anon!
>>
>>85203904
NTA. What would be the point? You would still be presenting the same IP address to the world. At least put it on a VPS if you're going to selfhost a VPN.
>>
>>85203808
In your picture it looks like the threat are MITM attacks. HTTPS already encrypts your connections so they can't siphon off much. The only thing they could see is the domain/ip you are connecting to and your usage patterns. So for example they could see you would be using mostly facebook and only a bit of wikipedia. With the VPN, the agents can't tell which sites get traffic since it's all the connection to the VPN. Your VPN provider can see which sites get the traffic and they still can't siphon off data because you are still using HTTPS, VPN or not.
>>
>>85201836
Proof?
>>
>>85204310
His dad works at Nintendo
>>
>>85201769
>>85201786
god she hit the wall hard!
>>
Noob here, if i enable OpenPGP on Thunderbird and want to send an encrypted message to someone, I need the public key from that person first even though they have OpenPGP enabled aswell? Or does it happen automatically?
>>
>>85204159
>don't run a VPN at home, you'll be using an IP address that's tied to your identity
>run a VPN on a VPS instead, so you can use an IP address that's tied to your identity
>>
>>85204662
And another question, when i send an encrypted message with public key attachment to an e-mail, can a recipient who doesnt use PGP still read that e-mail?
>>
>>85204669
There are ways to buy VPS services anonymously.
>>
>>85204454
those are the old pics tho
>>
>>85204793
and how are you going to anonymously connect to your vps serving as vpn? lol
>>
>>85204740
Also, is it pointless to automatically attach my public keys in every email i send and digitally sign it?
>>
>>85204871
You don't have to, you can't be tied to it for just connecting, while you can be tied to it when it's under your name. This is also only a problem if you do illegal things and get caught.
Otherwise it doesn't matter, the other side can't see behind the VPS's VPN anyways.
>>
i love cock.li
>>
>>85201748
>>
>>85203808
>but can somebody provide some evidence to this?
The evidence is that it's literally not how VPNs work. Your web traffic is already encrypted via SSL. Effectively the only thing a VPN does is give you a different IP address. They don't somehow make your connection more secure. If you're connecting to a non-HTTPS website, then the connection from the VPN server to the destination webserver is still going to be unencrypted. VPNs do not make you anonymous, since you're still sending the same data to th destination webserver, and most VPNs keep loads of customer data. You're even potentially increasing your attack surface because the VPN provider could be intentionally harvesting data from the connections going through them.
>>
>>85204871
Through Tor
>>
>>85204662
>>85204740
>>85204931
https://emailselfdefense.fsf.org/en/
>>
>>85205478
Well the ISP or glownigger on the route would see the unencrypted traffic and your IP. With the VPN he doesn't unless he has access to the VPN which is not certain.
>>
>>85205706
>which is not certain.
lol

Major VPN providers are 100% pozzed, and if your threat model includes the government you're an absolute retard for using anything other than a darkweb VPN.
>>
>>85205706
This is actually correct. It's not a yes or no thing. You can still put enough cost on the adversary to deter them, it's the very definition of 'defense in depth'. The purists ITT are retarded.

That said, the VPNs you see advertised on YT for example are 100% pozzed.
>>
>>85203808
They are not anonymizing tools if glowies are after you, but it protects from script kiddies and traffic monitoring on public hotspots.
>>
>>85202563
There's actually a lot of things. If you're on matrix then you can join the windowssec room. The admin, randomhydrosol, is a grapheneOS developer and he publishes his policies that locks down windows quite well. Everyone in the room is from the GOS community and are quite knowledgable.

https://app.element.io/#/room/#windowssec:grapheneos.org
>>
>>85201580
Nah thanks, I have friends and Facebook groups are actually funny
>>
>>85203808
When you use a VPN you are simply shifting trust from your ISP to the provider. Nothing more, nothing less. Like >>85204246 mentioned, the widespread use of SSL/TLS prevents your ISP/VPN from seeing what you're doing on the website. For example, your ISP/VPN knows you're on youtube.com, but they do not know what you're searching or watching. Of course, if you visit pornsite.com or criminalattorneys.org then they'll have an idea of what you're doing. In this case, you should be using Tor. Overall, never trust the network.
>>
>>85206437
thanks for stopping by, enjoy your botnet
>>
Start mail is fucking shit. They take my payment info and now want my phone number before giving me the account
>>
>>85206485
>never trust the network
Risk Acceptance is a thing. Also trust is a spectrum. Also ISPs and glowies are far from the only adversaries that are involved in this scenario.
>>
>>85201580
Any videos of her giving head?
>>
>>85206435
If they were knowledgeable they would not be using Windows from the start. The dev mentions having a steam account vtoo lmao
>>
>>85206834
Nixie is too pure for that
>>
>>85207639
Wut, she literally has a overweight muslim (or was it a indian?) fuckbuddy while dating other guys on Tinder.
At least that was true a few years ago, dunno what she does now, if she isn't dead from her meme cancer yet.
>>
>>85201580
Between Nixxy and Hannah Minx youtube provided a great service to teenage boys.
>>
>>85201580
I remember watching some of her videos long time ago. How old is she?
>>
>>85206437
>muh fakebook groups
lmao
>>
>>85209080
>lmao
Yep, I told you they're funny
>>
>>85206885
>If they were knowledgeable they would not be using Windows from the start.
Why not? Windows has decent security for a traditional operating system, provided you use the Pro and Enterprise editions (stay away from Home). It doesn't have full verified boot like macOS does, most likely because they don't control all of the possible hardware configurations like Apple can, but its boot process does verify the kernel and system files:
https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process#the-countermeasures

Additionally, hyper-v is extensively used in windows as well. This allows you to easily open web pages in edge and programs like office in a VM, which significantly helps with security due to isolation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview#what-is-application-guard-and-how-does-it-work

If you have an issue with telemetry, you should use group policies to disable it. If you want, you can install your own root certificate and MiTM your windows machine to see what connections it's making to verify its working:
https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#use-group-policy-to-manage-diagnostic-data-collection
>>
What are some good beginner tips/resources for hardening a linux os?
>>
>>85209638
Unfortunately there's only minor things a beginner can do. In order to deal with the non-existent security model of linux you would at least need to have full system mandatory access control (MAC) and run every program within a proper sandbox. The former is a massive undertaking but for the latter I would recommend you start learning seccomp and how to use bubblewrap, a very minimal sandboxing program. Avoid firejail since it's a massively bloated SUID program, meaning it runs as root and then its supposed to drop privileges. If you want something a bit easier, I would also recommend minijail0, you still need to understand what syscalls to allow, but the policies are in plain text:
https://google.github.io/minijail/

You can also check this resource out by madaidan, a security researcher who works on Whonix. Keep in mind that you can break your system if you randomly follow this guide:
https://madaidans-insecurities.github.io/guides/linux-hardening.html
>>
I know this topic is debated about by people with a room temperature IQ, but today I've sort of become curious about it, so I thought I'd ask here (the browser shill threads on this board usually have really terrible discussion going on with nobody learning anything from them).
What do you guys think of brave? I use ungoogled chromium and librewolf (and recently I've begun using tor more and more) myself, and I didn't really think much of brave before other than it being a crypto scam. Everything from the affeliate link controversy to the BAT stuff (I think this is a feature that's there to win out third worlders who made 100usd/month honestly) makes me just think of it just as a shoddy botnet made by grifters.
But recently, I've started seeing it more as controlled opposition by the glowies rather than just that. What do you guys think? I'm still moreso on the side that it's just some crypto scheme because the affeliate link thing was such a sloppy job that not even glowies would fuck up so badly, but I'm not really sure.
>>
>>85210053
Stop falling for the cryptoscam meme, there's literally nothing wrong with Brave and any feature you don't want just disable it. I use Brave with uBlock Origin medium mode and the flags --disable-brave-extension --disable-brave-rewards-extension
>>
File: img-2022-01-13-18-32-58.png (331 KB, 1560x672)
331 KB
331 KB PNG
>>85210053
Brave is in bed with Israeli finance firms, I'll pass.
>>
>>85210323
>Oh noes Brave allows eToro to advertise their platform on the browser, it's over
Fuck off schizo
>>
>>85210053
>retarded animefag doesn't know that traffic attribution is very common in the browser market
ngmi
https://brave.com/referral-codes-in-suggested-sites/
>>
>>85201580
privacy protip:
destroy the "winbond" chip on your motherboard for maximum privacy, anonymity, and security.
>>
>>85210053
>makes me just think of it just as a shoddy botnet made by grifters.
It's made by pajeet programmers, targets noob thirdworlders who fell for bait.
it has bad privacy, it has unique add-on fingerprint for the pdfviewjs and then it even shows your built-in ram, graphics card, and display resolution which is what most "fingerprintjs" and anti-fraud systems use these days.
> I've started seeing it more as controlled opposition by the glowies rather than just that.
Maybe, but it's also probably the clown of all projects.

Honestly my opinion is just stick with librewolf if you're casual however librewolf has oopsies because they use ff nightly and arkenfox/ghacks are outdated af and aren't targeted for nightly. librewolf also uses jenkins to auto-build but the flaw is they never tested their shit, it phones to mozservices, mozlocationservices (MLS) and amazon IPs whenever I use a simple packet inspection.
Meanwhile, ungoogledchromium has made ZERO unsolicited requests ever since I've used it whenever I inspect the packets. It's detached from any form of bigtech that you're even gonna have to lose access to addon store, while compared to tbb, tor browser bundle sometimes makes unsolicited requests when it updates its own addons.
Both librewofl and ungoogledchromium mask your display, even firefox normal build masks your display size.
For mobile I can only recommend bromite which masks your display drivers (gpu), ungoogled build for android does not hide your gpu which is what fingerprintjs of many sites use these days:
>gpu
>ram and cpu cores
>display resolution (brave fails)
>fingerprint of pdfjs
forget about brave's canvas or whatever meme they try so hard to imitate ungoogled chromium. they likely paid browserleaks to sell out the results and you can even fake yourself as brave to get "hiscore" meanwhile ipleak.net and similar sites will show brave fails miserably.

>>85210323
kek what's that addon or script that adds echoes to certain words? I want that
>>
>>85212192
>gpu
>ram and cpu cores
>display resolution (brave fails)
>fingerprint of pdfjs
brave fails all of these four. firefox librewolf and ungoogled masks those some or all four by default vanilla.
fuck 2000 charlimit
>>
>>85212095
winbond?
>>
>>85210053
The crypto thing is the main focus of Brave. They have added some anti-fingerprinting in the past, but have missed others.
Like usually, this is neglected. Most people don't notice the data collection and so there is no real feedback.

Browser detection evasion is usually relevant to scammers. Like click fraud with ads.
https://adtechmadness.wordpress.com/2019/03/19/overview-of-googles-picasso/

Lately, Brave has been adding IPFS support, probably because of NFTs.
https://github.com/brave/brave-browser/pulse
>>
bump
>>
>>85212215
stop lying retard, firefox just mask ram, ungoogled doesn't mask anything, i don't know librewolf
>>
>>85209716
> Avoid firejail since it's a massively bloated SUID program, meaning it runs as root and then its supposed to drop privileges.
One thing I like about firejail is that it has good(ish) defaults. It's better than nothing but I'll look into Bubblewrap.
>>
>>85210053
Just turn off all of the crypto stuff, but it's obviously the idea of it being a scam is a really dumb meme. Brave does a much better job than Ungoogled Chromium with better anti-fingerprinting. Generally chromium customisation is poor which is why the defaults for chromium based browsers are good. Although I recommend a hardened Firefox or Librewolf.

You'll often find criticism of Brave (and most browsers to be honest) is as stupid as >>85210323

>I've started seeing it more as controlled opposition by the glowies rather than just that.
Oh wait sorry I thought you were a reasonable person. Stop believing memes and factoids.
>>
bump for privacy
>>
File: brave-pdfjs.png (71 KB, 1476x443)
71 KB
71 KB PNG
>>85212192
>fingerprint of pdfjs
brave randomizes the pdf fingerprints. It keeps them the same for a session and website. That's good because changing with each pageload is the most obvious way of telling the website you are faking the values. brave reports values that are supposed to look like a normal browser (this is their philosophy in terms of fingerprinting protection)

picture related shows some of the pdf plugin values
>>
>>85216598
but they can't hide display resolution :)
>>
>>85216701
That doesn't matter.
>>
>>85216776
why?
>>
Someone has made a copy cat version of /psg/, please do not participate in it, this is the real/official version.
>>
>>85216805
Because your resolution very often isn't that unique.
>>
>>85212826
>The crypto thing is the main focus of Brave. They have added some anti-fingerprinting in the past, but have missed others.
>Like usually, this is neglected. Most people don't notice the data collection and so there is no real feedback.
So neglected that Brave recently improved their fingerprinting protections
https://brave.com/privacy-updates/15-grab-bag-3/
>>
>>85201748
at least its a real woman.
>>
>>85217142
Those were the times
>>
>>85216818
with that thought we should't use brave because privacy isn't that unique
>>
File: gemini.png (42 KB, 977x637)
42 KB
42 KB PNG
>>85201580
Gemini seems promising
>>
>>85207762
Is there a reason that even every not retarded woman still turns to coal burning eventually?
>>
>>85217162
What? Browser fingerprint is a non-issue in general. Browser fingerprint isn't used to track people because it's often constantly changing and is very unreliable. It's really stupid to do something that is privacy intrusive just because it makes your fingerprint slightly more generic. Secondly, as an unreliable as a browser fingerprint can be to track people, relying on screen resolution to track people when almost everyone has the same resolution is an impossible task.
>>
>>85217216
You must be American
Here women hate niggers
>>
>>85217216
Yes the reason is that it doesn't happen. You spend too much time on 4chan to get a good gauge of the rest of the world.
>>
File: 1638026032633.png (137 KB, 478x492)
137 KB
137 KB PNG
>>85217232
>Yes the reason is that it doesn't happen.
>>
>>85217217
there is a reason because torbrowser exist and it's the best, nothing to do with anyone think, it's a fact
>>
>>85217247
>there is a reason because torbrowser exist and it's the best
Yeah, but screen resolution is still an almost useless metric for targeted surveillance let alone mass surveillance. Tor does much much more than just browser fingerprint protection.
>nothing to do with anyone think, it's a fact
I have no idea what you're trying to say.
>>
File: brave-glparam.png (50 KB, 777x488)
50 KB
50 KB PNG
in the picture we can see brave changing the fingerprint of WebGL parameters without triggering the lie detection

it does this by taking real values and changing them just a little bit

>disclaimer: there will always be things not covered by these anti-fingerprint measures
>>
File: 1641679085594.png (75 KB, 755x591)
75 KB
75 KB PNG
>>85212192
>they try so hard to imitate ungoogled chromium
>>
>>85201580
>Browser Fingerprints
>This websites thinks there is a 65.22% chance I am the same person who visited yesterday
>Save me Snowden!

Browser Fingerprints are bad because.....
>>
>>85201580
Can anyone replicate the fingerprint showed at https://noscriptfingerprint.com/result/FwToczNIye9uiGpj on vanilla GTK NetSurf?
AFAIK none of the fonts reported as installed are actually installed on my computer.
>>
>>85217361
....they are often extremely unique.
>>
>>85217396
But they're also constantly changing and unreliable. There's no evidence that they're being used to track anyone. Websites would rather use many other better metrics.
>>
>>85203808
Install Tails and use TOR if you want security. Whonix on Windows if you want meme feeling.
>>
File: css-fonts.png (12 KB, 921x628)
12 KB
12 KB PNG
>>85217384
can confirm that all fonts show as positive even though they are not installed and don't show on other browsers

it also doesn't have any screen metrics like resolution, pixel density
>>
>>85217430
yeah the overall hash is constantly changing and they are unreliable. But you can compensate for that if you look at the actual changes, usually only a few of thousand parameters will change at the same time

of course websites prefer to use definitive ids like cookies (and they will always set them), but the trackers are not oblivious to the fact that those may get deleted
>>
>>85217396
Why not just use cookies to track, I don't understand what a website gains by thinking I am the same person. Even if they're right what's the harm to me? They know I visit their website often? I honestly don't understand how they're bad.
>>
File: netsurf-support.png (21 KB, 354x219)
21 KB
21 KB PNG
>>85217451
>it also doesn't have any screen metrics like resolution, pixel density
I assume that would be because NetSurf does not support anything newer than CSS 2.1 and HTML 4.01 (according to their website at least)
>>
>>85217505
for most websites this isn't a problem. The threat here are the advertising networks, they also match what they know about you to complete partial profiles
>>
>>85217540
Hmm, so advertiser's can use the stateless method of fingerprinting to build a profile on me? Are there multiple parties accessing my fingerprint when I open Amazon for example or can only Amazon see it? How would advertiser's then deliver ads to me from this information?
>>
>>85217499
>of course websites prefer to use definitive ids like cookies
I would even say cookies are mostly obsolete now partially for the reason that you stated. Most tracking that occurs isn't even in the browser but when people install an app on their phone, use 'sign in with Google/Facebook/Apple' or on the operating system level etc. Phones and their unique advertising ID that rarely changes are much more of threat to privacy than browser fingerprint on desktop in my opinion.
>>
>>85217581
when you open amazon, only amazon can fingerprint you. The information can be exchanged though (look into cookie matching)
>>
>>85217630
Thank you anon I will. I understand that cookies can be tracked and accessed by third parties, but it seems like Fingerori is the current trend. It's either not as big a deal as people make out or it's going way over my head. It's stateless so cannot be blocked, but I feel like the tracking potential is much less
>>
>>85217581
>Are there multiple parties accessing my fingerprint when I open Amazon for example or can only Amazon see it?
Do you use a hardened uBlock Origin or NoScript? If not then there are usually many third parties (usually Google) that are providing scripts/services for these websites. For Amazon I can only see first party scripts. However I'm pretty sure Amazon shares data with third parties. Browser fingerprinting is not a reliable method of tracking and no individual ad network (except Google) runs scripts on the majority of websites. Fingerprinting is mostly a meme and there's no evidence of it being used to track people at any significant level.
>>
>>85210323
>israel

based
>>
>>85217521
makes sense: usually, the font test will wait whether the browser downloads a missing font or not. Since netsurf doesn't support this feature, it will never download, which would normally indicate the font is installed.

for screen size etc., there is nothing, because every browser that supports media queries should download one of the stylesheets, but netsurf doesn't download any of them since it wouldn't support media queries.
>>
>>85210053
Brave is the best privacy orientated browser for zero effort giving tech illiterates. I fully recommend using it over just about anything. Librewolf is probably your overall best choice in Jan 2022 if you don't mind dealing with any issues that may occur when you browse the web.
>>
>>85217896
no, the best is torbrowser without tornetwork
>>
>>85217918
>break a lot of websites
>>
>>85217951
just google and youtube
>>
>>85201580
OpenBSD guys make some pretty good stuff such as doas, signify, LibreSSL, OpenSSH.
>>
>>85217984
>"Why are there borders when I maximize the window?"
>>
>>85217918
>i want to be easily fingerprinted, the post
>>
Is it possible to set up a private email server, have your own email domain name, yet being able to receive and send email globally, not having to spend a dime?
There's a lot of email providers but I despise having a middleman for everything.
Also asking, is the same possible for a website?
>>
>>85218340
kek, imagine being those developers that thing same that this guy, the thing is that more and more people use torbrowser, with that no one will be easily fingerprinted, torbrowser without tornetwork better
>>
>>85201580
>Privacy oriented email
RiseUp (invite only)

Isn't RiseUp Antifa?
>>
>>85218664
>Isn't RiseUp Antifa?
Yes, but I think that shouldn't be too much of a problem unless you don't declare your political stance when asking them for an invite or something like that.
I assume they don't monitor any emails for things that they are against, for obvious reasons...
>>
>>85218705
>you don't declare
without the "don't", I wrote it wrong
>>
>>85218600
Try /hsg/. I seem to remember it being a huge effort, most established services are going to block you.
>>
>>85218705
>Yes, but [something something] for obvious reasons...

I am speechless
>>
>>85218606
Yeah, no one would notice you're one of the 10 people with a tor browser fingerprint not using any tor exit nodes anon, you're right. Completely indistinguishable.
>>
>>85218705
Why should I assume my enemy is principled?
>>
>>85219307
they should release an alternative without tor network, that is the best solution for everything
>>
does localcdn is not redundant with ublock origin?, looks like they block the same, sometimes they block fonts and jqueries (i don't know what are these)
>>
>>85219615
localcdn doesn't block, it replaces the script with a local copy saved in the extension. some websites are using js libraries hosted on external servers or cdns now, blocking them will often break site features like search or hover menus
>>
>>85219615
it's interesting that fonts and jquery is blocked though, usually ublock origin lets them through
>>
>>85219615
LocalCDN and Decentraleyes
These extensions aren’t required with Total Cookie Protection (TCP), which is enabled if you’ve set Enhanced Tracking Protection (ETP) to Strict.

Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of enumeration of badness. While it may work with some scripts that are included it doesn’t help with most other third-party connections.

CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer points out. They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the resources for Decentraleyes are hugely out of date and would not be likely used anyway.
>>
>>85219959
>LocalCDN and Decentraleyes
yeap, pretty much snake oil resource eaters
>>
>>85219959
>Total Cookie Protection
how is this called in chrome?
>>
Question: I've been running Ubuntu for maybe a year or so now since switching from (((windows))). I don't see it recommended in OP so did some research now and see that they sold info to amazon a while ago and may still collect some info even of opted out (debates on whether this is misinfo or not it seems). Should I just keep what I have or look into something else? Main concern is a (mostly) just werks distro, I don't really want to struggle with drivers and such. Not looking for anything like Tails or Arch, just something that's plug & play with good privacy. Asking here instead of linux gen because of the question pertaining more to the privacy aspect
>>
>>85220323
Chrome doesn't have this feature
>>
>>85220656
just block 3p cookies by default
>>
>>85204983
>blocked
heh, nothing personnel kid
>>
>>85221521
i'm just asking for invites
>>
Fuck... I think I done goofed.

I installed GpgFrontend and created a keypair with an email from some totally law-abiding people and I wasn't using a proxy when I did it. What kind of info does GpgFrontend send over the internet? did I just broadcast to the internet that someone from this IP is exchanging keys with certain people?
>>
Make sure you get your updates /psg/
https://www.youtube.com/watch?v=bNF_Bn6bZUo
>>
>>85222866
BUMP
>>
>>85223233
>This video is sponsored by cake wallet
Cake wallet more like cuck wallet jej
>>
>>85222866
you just did this here, and entered something in email?
https://www.gpgfrontend.pub/#/manual/generate-key
I don't think that sends anything, but I don't know for sure
>>
>>85223261
the cake is a lie
>>
>>85223542
epic post
>>
>>85223571
thanks
>>
>>85204454
You need to be 18 to post here.
>>
>>85223362
Looks like that's what I did. Man I'm getting hella paranoid, I remember when github used to attach your email to commits for whatever reason, I feel like this might be the same kind of shit.
>>
how can i disable dns prefetch in chrome? does this is disabled by default in ungoogled chromium?
>>
>>85220437
No, it was just a web-app and it was disabled since the 20.04 version. It no longer comes preinstalled on the base system. It was an exaggeration from freetards, but anyways... Ubuntu doesn't bundle it anymore.
>Main concern is a (mostly) just werks distro, I don't really want to struggle with drivers and such.
Stick to Ubuntu then, or maybe PopOS or Mint (both based on Ubuntu, anyway) if you don't like how Ubuntu looks.
If you hear other recommendations they are just trolling you.
>>
File: 1602600967678.jpg (18 KB, 528x528)
18 KB
18 KB JPG
Does it make sense to digitally sign my e-mails even if the recipient isn't using OpenPGP?
>>
I notice that when I unplug my USB drive which stores my .kdbx database, I can still open the database in KeePass. Why? Can I make it not do that?
>>
Thought on Electronmail as desktop client for Protonmail? Is it safe to use?
>>
>>85220437
>Should I just keep what I have or look into something else?
There's no need to move, but if you're really concerned you can move to Linux Mint (or the LMDE version) which offers a nearly identical experience but without a lot of canonical's bullshit.
>>
>>85224636
>https://www.technipages.com/google-chrome-prefetch
But I think it's bizarre to use Chrome. Just switch to Brave.
>>
>>85224775
OS? It might be stored in temporary files.
>>
>>85225001
Windows
>>
>>85224777
The source code of ElectronMail is open-source, you are free to check it to see if there is anything malicious
https://github.com/vladimiry/ElectronMail
>>
File: 1591539492601.jpg (14 KB, 463x324)
14 KB
14 KB JPG
>>85225085
That's great, unfortunately I don't understand anything about code :/
>>
>>85224985
based and bravepilled
>>
Are there only two sides for internet privacy, expose everything or be a tin foil hat? What little the average person can do isn't enough to keep them private, secure and anonymous and in some cases makes them more unique. What can the average person do for a safer browsing expe without installing brave and running noscript on every website
>>
>>85227203
just installing ublock origin and nothing else will get you a massive improvement
>>
>>85227203
uBlock is the easiest thing, next would be Brave and activate shields (you don't really have to configure anything or run noscript)
If you watch youtube on your phone (if its an android) download Newpipe from their website as it has built in adblock and you can watch it with the screen locked like a podcast/spotify
>>
>>85227203
the first step is determining what your threat model is. who are you trying to hide from? other end users? corporations/data collecting? government surveillance? what is the reason for wanting to accomplish this? is it principal or is there a specific goal in mind? if your ideal level of privacy/anonymity was compromised then what would the impact of that be? cause you to flee the country and go into hiding? lose friends or family or impact your work? or nothing?

point is, it's only all or nothing if "all" is your goal. you won't achieve anonymity with javascript enabled anywhere for example.

>>85227219
massive improvement in what sense? i dont think you realize how connected data collection agencies are. leaking anything once should be assumed to mean leaking it everywhere.
>>
"OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers"
https://www.researchgate.net/publication/356421360_OmniCrawl_Comprehensive_Measurement_of_Web_Tracking_With_Real_Desktop_and_Mobile_Browsers
>>
>>85227476
creepy
>>
>>85227203
replacing search engine also helps
>>
File: omnicrawl1.png (56 KB, 741x492)
56 KB
56 KB PNG
>>85227476
>>
>>85224722
>>85224920
Thanks anons, I went over to mint, it's very nice and I do notice it is a tad easier on the system and quicker. I have a pihole and kept seeing "metrics.ubuntu.com" with ubuntu even tho I opted out of sending stats. Not seeing any similar queries with mint if I'm not actually browsing online which is very nice
>>
File: trancolist.png (27 KB, 242x713)
27 KB
27 KB PNG
>>85228633
>>
File: omnicrawl2.png (30 KB, 579x160)
30 KB
30 KB PNG
>>85228692
>>
File: omnicrawl3.png (60 KB, 514x539)
60 KB
60 KB PNG
>>85228733
>>
File: omnicrawl4.png (193 KB, 528x825)
193 KB
193 KB PNG
>>85228844
>>
File: omnicrawl5.png (56 KB, 527x359)
56 KB
56 KB PNG
>>85228850
>>
File: gloww.jpg (239 KB, 1024x758)
239 KB
239 KB JPG
>>85201580
Bump for privacy
>>
>>85229918
thanks I passed out lol
>>
So Signal is creating a cryptocurrency and Alex Stamos said it would be the end of Signal because financial regulations would kill the messaging service. Do you think they'll just stop doing the cryptocurrency or will Signal really die?
>>
>>85201580
>>
>>85228983
it seems like canvas is the most common
>>
is there a way to hide "HTTP Request Headers" in firefox or all sites need this
>>
>>85232031
You may find this article helpful:
https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
>>
>>85232031
I tried a few add-ons and was not able to change the headers much less remove them.

However, request headers are not a problem when they are common. In fact, common headers are better to blend in with the many other entries in the web server logs.

check if your request headers are rare here
https://amiunique.org/fp
>>
>>85232858
>https://amiunique.org/fp
these sites are absolutely worthless, they can't tell you jack shit due to the massive amount of selection bias
>>
>>85201580
what software are there for an encrypted folder or encrypted volume that works on borh linux and windows?
>>
>>85232933
bitlocker?
>>
>>85232884
Which would you recommend?
>>
>>85201580
Privacytools.io sucks now, ir recommends brave
Check privacyguides.org
>>
>>85232884
>these sites are absolutely worthless
definitely not

they do have selection bias, sure, since users like here run them. But many that run the test have stock browsers anyway, even if it's just one of the devices they check with.

so for example I checked with normal chrome on windows 10 and it is quite common

but if you have something better like from a real world setting feel free to share
>>
>>85233194
still meaningless, read any good statistics book on sampling methodology
>>
>>85233110
What's wrong with Brave, redditard?
>>
>>85233209
Crypto app
>>
>>85233110
privacyguides is reddit tier garbage
>>
>>85233223
>opt-in features
Cope
>>
>>85233223
Turn it off.
>>
>>85212192
Coincidence Detector
>>
>>85233209
>Brave
hihihihihihihihihihihi you are everywhere right?
>>
>>85233110
any site that uses javascript is anti privacy and thats how you should filter out the noise
>>
>>85233297
>hihihihihihihihihihihi
cringe
>>
File: canvas-groups.png (87 KB, 868x234)
87 KB
87 KB PNG
>>85231988
yeah canvas is easy and established and still very unique on most platforms
>>
>tfw when hardware backdoors (IME, PSP) renders all of your attempts to stay private via software useless
>tfw nonfree firmware built into ARM boards renders all of your attempts to stay private via software useless

How will privacyfags ever cope? You can use brave or loonix or whatever the fuck else but it's all useless because the hardware it runs on is spyware. Soon M$ Pluton will be on %99 of new chips, which is literally hardware-level DRM. Might as well just give up, goys. Prove me wrong
>>
File: 1630304317763.jpg (57 KB, 1000x666)
57 KB
57 KB JPG
>>85233378
PSP was hacked back in 2004 when it was originally released in fucking japan on 1.0 firmware, you fucking moron. it literally was released without any backdoors and only later firmware updates like US release and 1.5 removed immediate hacking
>>
>>85233378
all current hardware has telemetry, privacy maybe and just maybe can be done with very old harware
>>
>>85233378
Refer to OP, there is a free hardware link to FSF RYF devices
>>
>>85233560
>old hardware
How old are we talking?
>>
>>85233884
There's also newer options like Talos II or MNT Reform
>>
>>85233378
t. seething glowie
>>
>>85233353
to monitor the canvas api, you can use Fingerprint Shield

when a canvas gets generated and then read back, a little shield will appear in the location bar (when canvas is just being used to draw, this will not trigger)
when you click it, you can see the image that was created, and you can see if it looks suspicious

https://addons.mozilla.org/en-US/firefox/addon/fingerprint-shield
>>
>>85234999
chromium has built in canvas protection with the flag
--disable-reading-from-canvas
>>
>>85233110
Get fucked reddit fag
>>
>>85235022
how can i use this in chrome?
>>
>Recommended browsers
>Brave
lmao
Fuck you, pajeetlion shills
>>
>>85235472
There is literally no reason to use Chrome. At least install Chromium.
>>
>>85235472
You add it to your launcher

>>85235600
Nothing wrong with Brave, it has the highest privacy rating among mainstream browsers according to recent study
https://arstechnica.com/information-technology/2020/03/study-ranks-edges-default-privacy-settings-the-lowest-of-all-major-browsers/
>The rankings were revealed in a research paper published by Trinity College Dublin computer scientist Doug Leith. He analyzed and rated the privacy provided by Google Chrome, Mozilla Firefox, Apple Safari, Brave, Edge, and Yandex. Specifically, the study examined the browsers’ sending of data—including unique identifiers and details related to typed URLs—that could be used to track users over time. The findings put the browsers into three categories with Brave getting the highest ranking, Chrome, Firefox, and Safari receiving a medium ranking, and Edge and Yandex lagging behind the rest.
>>
>>85235614
:), i also have installed it, how can i add there?

>>85235700
>You add it to your launcher
but i already have webgl disable flag added on launcher, how can have webgl flag+this
>>
File: smug_panty003.png (113 KB, 300x302)
113 KB
113 KB PNG
>>85235745
Do you not know how to use a command line?
>>
>>85235778
>she didn't understand me
>>
>>85235700
>mainstream browsers
brave has less users than opera
>>
>>85235814
No, I understand your problem perfectly. You just don't know how to use a computer.
>>
>>85235745
>but i already have webgl disable flag added on launcher, how can have webgl flag+this
--disable-3d-apis --disable-reading-from-canvas

not rocket science you just keep adding more, I have 6 flags on mine
>>
>>85235821
opera is a chinese botnet so that's not surprising
>>
>>85235852
it's also a well known brand name unlike brave
>>
>>85235837
can i ask you what flags more do you have?

>>85235828
>seething anime tranny
>>
>>85235932
Cope all you want, but you'll be a newfag until you install gentoo and actually learn how to use a computer. Let me guess, you use Windows, right? At least your browser will be secure while microsoft sends your data off to the feds!
>>
>>85235959
seethe
>>
>>85233404
LOL they're talking about AMD PSP, genius. The equivalent of Intel ME.

>>85204793
sure, but there's no way such services can stay afloat forever.
>>
>>85235997
But let me guess, you disabled windows telemetry, right? So it's totally secure now! Too bad you can't read the source. How do you know it's not sending data anywhere? Are you monitoring external connections? Do you have an external firewall running to monitor activity on your LAN? Of course not. If all you're doing is throwing some flags onto chrome, while still surrounded by close-source software and absolutely no mitigation, you're just larping.
>>
>>85231184
They are in desperate need for cash if they want to make the app sustainable in the long run. It's near impossible to live off donations after the initial funding money runs out.
I believe the will have the same fate as Firefox; an open source project always on the red but sponsored by some 'big tech' that seems convenient to keep them alive.
>>
>>85232933
VeraCrypt
>>
>>85236089
>I believe the will have the same fate as Firefox; an open source project always on the red but sponsored by some 'big tech' that seems convenient to keep them alive.
Current projections show Mozilla will make about 30 to 40 million dollars of not-google service revenue this year, which is pretty good.
>>
Can I trust weird router hardware after I install openwrt?

not sure if gl.inet is trustworthy.
>>
>>85235932
>can i ask you what flags more do you have?
--incognito --disable-background-networking --disable-reading-from-canvas --disable-3d-apis --disable-brave-extension --disable-brave-rewards-extension
>>
>>85235821
Normalfags only use Chrome or Edge if they're too retarded to install Chrome
>>
>>85236239
thank you very much
>>
>tfw no cute privacy-caring autistic bf
i got put on this earth to suffer everyday till i die alone
>>
>>85236773
how much do you weigh, and do you have a penis?
>>
>>85232933
for private messages i use PGP
encrypt my drives veracrypt and folder containers (works for windows and linux)
save passwords with keepassxc

some people will suggest using truecrypt 7.1 for reasons but hasnt been maintained in years

>>85236826
under 70kg, above 180cm and i have a penis
>>
>>85236941
>under 70kg, above 180cm and i have a penis
oh, see the dealbreaker is that you're e*ropean
>>
>>85235872
opera it's proprietary spyware, who gives a crap whether it's well known. people who think "well known" and proprietary is better than less well known and open source are fucking retards. that includes YOU, retard
>>
>>85236962
what is your euro ancestry? as long as youre not a shitskin i take a flight to USA
>>
what should I do if my plan is to hide my traffic from the government (based in Saudi Arabia)?
I imagine VPN is enough but I vaguely remember something about routers here having builtin surveillance. Does VPN hide traffic as it passes through my local network?
>>
>>85201580
>recommending brave
Lost credibility
>>
>>85233226
>reddit
RENT FREE
>>
>>85237517
>t. seething firefox tranny
>>
>>85237281
Yes, it does. Your router can't see the unencrypted traffic either.
Use a killswitch to prevent the vpn disconnecting and the next requests going with no vpn.
>>
>>85237818
It recommends Firefox too, retard
>>
>>85237832
Thanks anon, that's reassuring to know.
>>
File: IMG_3778.jpg (403 KB, 1125x609)
403 KB
403 KB JPG
>>85201580
please give me a cock.li invite code mossfarmer@protonmail.com thanks im gay and stupid
>>
>>85236485
note the last two are specific to brave
>>
>>85224763
It doesn't do harm, it may make people think you're an autist though.
>>
>>85238402
>2022
>not having a cock mail
>>
what's so good about cock mail anyway
>>
>>85239650
It's mail with cocks.
What's not good about that?
>>
>>85201580
She is still kinda cute
>>
>>85239650
it's cock blocked on nearly every service... so I'm not really sure why people like it so much
>>
>>85201580
GlowSlayer LSM version 1 is complete.
I need to get around to trying to submit it to the kernel but I've applied CERT C secure coding standards to it so it may fail kernel standards validation.

Now on to the next part.
I'm going to learn sel4 and try to sandbox nvidia drivers with it. I'll use my LSM to perform a "driver self check" for any files that may be required for the nvidia drivers to work.

https://github.com/coryc257/slowboot/tree/main/deployment

sel4 is the future of open source operating systems:
https://github.com/sel4/sel4
>>
>>85237832
>>85238278
The endgame is having a VM connect the VPN and function as a switch for other VMs and using firewall rules for making sure you don't leak your real IP.
>>
>>85239702
sounds kinda gay desu senpai
>>
>>85241302
why not just use a vpn client that literally does this for you instead of wasting vm resources?
>>
>>85201580
Why do women paint eyebrows?
>>
>>85201580
did this whore ever release nudes
>>
>>85201730
that has to be a man
...unfortunately
>>
>>85206435
>>85209580
Yea I consider "only run UWP applications signed by Microsoft" great advice.
at least randomhydrosol is still realistic about Windows and doesn't act like a fanboy for it, even if he's clearly committed to using Windows. madaidan doubles as a faggot and a Windows fanboy, despite running Arch Linux and running his VMs unsandboxed, not even with apparmor.
>but use WDAG
Yeah... can I get Chrome on there? Instead of Edge?
>but use Windows Sandbox
it's cool but there's no storage persistence and I have no control over its networking. Can I Tor-ify my Windows Sandbox? No. I can't tell it to use another hyperv net interface, because Microsoft hides those Windows Sandbox attributes.
I'm happy with running Windows VMs. I would've been using Hyper-V to do that, but Microsoft are faggots who decided that I can't use DDA (PCI passthrough) because I had a Windows 10 Enterprise license instead of Windows Server.
>>
>>85204454
^ faggot
>>
>>85201769
I don't see cringe in that pic, is she cringe in another way?
>>
>>85233378
Show proof that Intel ME and AMD PSP use the network interface to talk to jews
>>
File: 1642264496015.png (2.26 MB, 1080x1635)
2.26 MB
2.26 MB PNG
>>85243045
that is a woman

this is a man
>>
File: 1642308530894.jpg (1.52 MB, 3840x2076)
1.52 MB
1.52 MB JPG
>>85201580
Is E-mail fundamentally insecure? Why's it the case that so many high profile and prominent personalities have their most notable leaks originate from their emails(even though most use Gmail, which should be secure no?)?
I would imagine if it was end-to-end encrypted, like WhatsApp, this would not be an issue.
>>
>>85243715
Technology is fundamentally insecure
>>
>>85243715
>I would imagine if it was end-to-end encrypted, like WhatsApp, this would not be an issue.
there are notable leaks through whatsapp or other messaging services

it's often email because that's what they are using. The hackers break in and will get the information from whatever platform they are using
>>
>>85217175
no, it doesn't
>>
duckduckgo has made a website database where you can find if they accessed fingerprintable apis with javascripts

To check a website:

first, search for the domain in the repository
https://github.com/duckduckgo/tracker-radar/search?q=domain.com

There will be two types of entries, entities and domains.
If the result is of the form "domains/xx/domain.com", it will have the information.
>>
open the json page for the domain and search on the page for "fingerprinting". The first one is the overall worst value. Below, the separate scripts are listed.

"apis": {} will show which of the apis were called during the test.
>>
>>85201730
Is she still around? I thought she disappeared like 10 years ago.
>>
>>85243360
>despite running Arch Linux
So?

>running his VMs unsandboxed
A VM is the ultimate sandbox, why would you sandbox it again?

>not even with apparmor
That's not a sandbox.
>>
File: alicdn.png (22 KB, 452x419)
22 KB
22 KB PNG
>>85245011
don't get fooled by websites like aliexpress.com

they are fingerprinting, just not on their main domain
>>
bump
>>
>>85236160

that's a huge amount of cash and probably enough to sustain signal, but they don't have a corporate backer. maybe they should stick to the norton model of just loading up a cryptominer?
>>
i tweaked my chrome almost identical that ungoogled chomium, does chrome still have spyware?
>>
>>85236485
>--disable-reading-from-canvas
aren't you just making yourself easier to track with this because your profile becomes more unique
>>
>>85247076
anything you do can be tracked, but you could argue that the statistical entropy from a blocked readout is lower than the unique hash of your image processing of the browser, since by blocking you look like everyone else who blocks that api instead of the smaller % of people who might have identical hardware to you. ultimately it doesn't mean much because you can be tracked even with JS completely disabled, but it's better than nothing, I just block it out of spite because I know a few places run canvas hashing scripts like my bank so a blocked output is just my way of saying 'fuck you'
>>
>>85201580
wtf I'm a simp now
>>
>>85246135
i mean do they send info to their servers, in a hidden way?
>>
>>85246135
>>
>The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app.

>The new campaign, however, is entirely focused on the argument that improved encryption would hamper efforts to tackle child exploitation online [...] One key slide notes that “most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”

>The opening phase of the campaign is expected to launch within days. According to the presentation, the push will appear to be the result of grassroots action and children’s charities, while downplaying any government role.

>“A glass box is installed in a public space,” the presentation notes. “Inside the box, there are two actors; one child and one adult. Both strangers. The child sits playing on their smart phone. At the other end of the box, we see an adult sat on a chair also on their phone, typing away.

>“The adult occasionally looks over at the child, knowingly. Intermittently through the day, the ‘privacy glass’ will turn on and the previously transparent glass box will become opaque. Passers by won’t be able to see what’s happening inside. In other words, we create a sense of unease by hiding what the child and adult are doing online when their interaction can’t be seen.”


https://www.rollingstone.com/culture/culture-news/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453/
>>
>>85243370
That's like a 2006 picture, anon. That isn't late Nixie.
>>
>>85242842
because women are all clowns
>>
>>85242949
yes
>>
>>85201580
this is her now
>>
>>85247076
possibly. I would suggest to run the EFF test. coveryourtracks.eff.org
some canvases are actually quite common. If your canvas is very rare, then disabling it may help. If it is common, then it's probably more rare to see a disabled canvas than the common one.

keep in mind, there are so many things you can do with javascript, that it probably doesn't matter no matter if it is enabled, faked, or disabled.
>>
>>85248664
holy shit she's fat, nice giant size 15 slacks you whale. NICE SHITTY LOOKING PANCAKE TITS YOU UGLY FRUMP TART SKANK
>>
thoughts on using a custom linux kernel? Want to use xanmod to improve performance.
>>
>>85248664
Exactly what you'd expect
>>
File: 1642260064941.png (175 KB, 406x594)
175 KB
175 KB PNG
>>85248664
>>85248773
>>85248894
>>
>>85243380
just google Intel vPro and AMT
>>
>>85251377
and?
>>
>>85253000
sorry I can't fix stupid
>>
A pretty good research paper that demonstrates how browsers are performing against fingerprinting
https://www1.icsi.berkeley.edu/~mct/pubs/www19.pdf
>>
>>85253007
well the other anon asked for proof that it was spying on people, saying google it doesn't really provide any proof of what you're getting at
>>
>>85253397
no they didn't, they asked for proof that ME can be accessed remotely over the network. This is exactly what vPro/AMT is for. It even works when the machine is off but still plugged in. It's basically the same thing as iLO or DRAC (or other lights-out management systems) on server systems.
>>
>>85253425
that's for corporate management of preconfigured many devices, where's the proof average joe is being spied on by IME
>>
>>85201580
Is there any guide on how to do a "great migration" where you download your data from everywhere and delete accounts everywhere you can (and parse/replace/remove old posts/etc.)
>>
>>85253452
you don't need proof. the mere fact that it enables people to do that is enough.

this is like saying "guns are dangerous" but then demanding proof anyone has actually pulled a trigger before.
>>
>>85253461
Just do it slowly over time. Between 2016 and 2021 and deleted about 60 accounts online. Most didn't have "download your data" nor did I really care. Now I only have 4 online accounts.
>>
>>85242766
If the your program that uses the vpn gets hacked it could circumvent the vpn. If you use VM and a virtual switch you prevent that from being a possibility.
>>
>>85253474
that's not proof of anything other than you have no argument, please demonstrate one unsolicited packet sent by IME, I'll wait
>>
>>85253490
>If the your program that uses the vpn gets hacked
don't know what this means, please tell me how that would happen? especially if the program is running in a container, which it is. but go ahead, enlighten me
>>
Has anyone managed to get KeePassXC browser integration working with Firefox in Bubblewrap? I'm binding KPXC's socket to the same path in the sandbox but the extension can't detect KPXC.
>>
>>85253621
a VM uses the hardware for security which is more resilient than a software solution. With modern hardware that supports IOMMU you can 100% guarantee a vm that doesn't have a network interface assigned to it cannot talk to the network card directly. This is hyper-schizo stuff. 99% of users shouldn't need this but having total security should be the goal.
>>
>>85254914
you didn't even answer my question. you completely avoided it. ill ask again.
>If the your program that uses the vpn gets hacked
don't know what this means, please tell me how that would happen? especially if the program is running in a container, which it is. but go ahead, enlighten me
>>
>>85255017
oh, like your web browser. If that gets hacked and it is running on the same "machine" as the vpn client it is possible that it could disable the vpn and then you leak your real ip against the websites you are visiting.

VM page mappings are stronger than what a container would provide.
>>
>>85255097
He's talking about how Whonix is configured so the workstation VM can't leak the real IP address of the NIC if it gets compromised because it doesn't know it, it only talks to the NIC via the gateway VM.
>>
>>85245372
>So?
For all the cheer-leading he has done for Windows and macOS on his blog, and the selective ignorance of Windows problems to the point of being stupefying, and the criticism of Linux problems while also not stating when a Linux problem also exists on Windows and macOS, he still doesn't commit to running Windows bare-metal.

randomhydrosol does run it baremetal, he runs his VMs on Hyper-V, and while he really likes Windows, he is more clear-headed and is realistic about Windows problems. He's more likely to ban you from his group while he's drunk than when you criticize something he said or criticize Windows.

>A VM is the ultimate sandbox, why would you sandbox it again?
Read about QEMU.
Even Ubuntu applies AppArmor policies on qemu processes started by libvirt. Only a guy who receives dopamine from masquerading as a security researcher on the internet will install libvirt and allow the Arch default to leave his QEMU processes in a more compromising state than "normie distros" like Red Hat and Ubuntu would by default.

>That's not a sandbox.
It provides MAC, and it does provide sandboxing.

madaidan seems to be hyper-aware of his name on the internet (I've also seen his friends frequently critiquing mentions of him on internet forums), to the point that writing is name, not even tagging him, in an unrelated group that he happens to be in, will prompt a response within a minute.
So, he may start saying that he did configure an svirt driver on libvirt.
The thing about madaidan is that he's a parrot, he regurgitates what he reads, and pretends to know what he's talking about. I also think that his Windows fanboying on his blog might be because he is friends with two Windows fanboys.
>>
>>85255125
Exactly. A container still has access to a NIC that could know the true IP and while unlikely could result int he leak of the IP. A VM with proper IOMMU will result in a false NIC that only know the internal ip address and cannot know the real IP address.
>>
File: 1631642090310.jpg (523 KB, 1200x675)
523 KB
523 KB JPG
>>85253500
based
hi im the anon who asked for proof that AMT/PSP talks to jews (btw "unsolicited packet" is a good way to describe it, I should've said that instead of "talk to jews" lol)
So far I've seen no proof. It's worth saying that these systems can be exploited from the host (it has been done by security researchers before and reports of it were public), so I understand the "backdoor" concerns, even though it's not quite a backdoor for a remote attacker to access at all times, it's just another exploitable part of the system. It is like the platform firmware (BIOS, UEFI), except more discrete. It's like a blackbox.
Attacking from the host (the application processor, in this case the x86 processor) is the clear way to do it, and I find that it usually requires acting as a privileged user (admin, root) because that is necessary to talk to Intel ME, at least if a driver for it is present and working. If no driver is present, they'll need to become kernel-mode to talk to the interface itself (instead of using an Intel-provided driver to do it).

So, these things are not good. But it's just slightly different from malware becoming privileged enough to overwrite your UEFI with malware. The only difference is that a UEFI flash chip's data is not as protected (from forensics) as the data stored by Intel ME.
>>
>>85255365
(continued) as long as Intel ME / AMD PSP are not able to be exploited by the app processor (and before anyone things it cannot be done, it indeed can be achieved, if complexity is reduced), you are only trusting that Intel/AMD's code is not malicious, and I don't have a reason to believe that they would be.
I do believe that their source code is gifted, by jews, to Israel and maybe, just maybe, maybe even the US government (CIA, NSA),
but I don't believe their code is malicious.
But the real world is different, so while it may not be malicious, they certainly don't write good code, so they will be exploitable, and that is why people inside these companies sell their source code and any other secrets necessary to find bugs, whether it's source code or unencrypted binaries.
>>
>>85255125
here is a picture

we can probably skip the gateway if we do not need a direct connection then we could make everything from the host torified
>>
new thread starting
>>85255536
>>85255536
>>85255536
>>
>>85217175
I like gemini but it will not ever see mass adoption.



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.