Browsing the internet and privacy

20151920518 · 2011-11-02 22:28:00

Leonid.I wrote:

So basically, in order to be completely anonymous, we all have to use IE?

Good point. I'll check out the same thing with Windows XP and Firefox 3.6 installed. Also with no Addons installed I should be pretty invisible in the masses of people moving around the web like this. On the other hand - do I want to be like that then?

ewaller · 2011-11-03 01:20:27

I keep thinking of producing a browser extension that generates rotating lies in the browser strings, and returns crumbled cookies with mangled ingredients. Maybe that would slow the side channel attacks on our privacy.

Just because you're paranoid, it doesn't mean they are not out to get you.

Grinch · 2011-11-03 03:39:49

Paranoia is all the rage these days, but maybe there's good reason for that who knows. A while back I was talking to an IT-tech buddy who described a very arcane system he had seen at a customers for their in-house online browsing needs. Basically when the employee wanted to go online, he/she clicked on an icon which launched some script which in turn copied a ready-made vm-image and launched it. The vm launched a linux system which in turn launched into a webbrowser set-up to run on TOR (and perhaps with other security measures aswell). Once the person was done browsing and shut down the VM, the script would shred and remove the vm-image.

Anyway I remembered that when reading this thread, maybe using a VM with very default settings for the OS/Browser would be your best bet not to be identified though the method described.

Blµb · 2011-11-03 10:14:33

Leonid.I wrote:

Blµb wrote:
Whaa, I'm unique because of my browser string and http-accept headers? Am I the only one using a manually compiled SELinux sandboxed chromium of this very development revision I chose to build it at?
1 in 45953.28 use that browser string, and I have javascript disabled.
Headers... 1 in 1838131 o.O
Kinda funny...
EDIT: Oh... it sends my locales in the accept header... now THAT might explain it... nobody on this earth has english, german and japanese locales it seems
Custom compiled SELinux, chromium sandbox -- is is linux-selinux from AUR?
When I went to that EFF website my browser (links) was identified as unique per 2 mil based on the fact that I have an en_US locale and the OS is 3.0-ARCH.
This is total bogus IMHO and these EFF people are even worse than greenpeace.

More or less yes. I used this archwiki entry as a reference, using the refpolicy-src package. Since I'm using a custom kernel I added linux-selinux to that kernel's "provides" array in the PKGBUILD.
As for chromium, I used the PKGBUILD from abs as a reference, but to get the selinux sandbox to compile I had to change quite a few things in the sandbox. I actually found a working code here I used as reference, basically, the IPC implementation of the fontconfig stuff needs to be
moved - no idea why it isn't already... anyway... I might make a PKGBUILD and upload it to AUR as soon as I finished the policy for it. Policy is mostly working, just have to check if flash is working correctly - I think
It might need to change context of ~/.macromedia, or I allow it access to user_home_t, but that would make the sandbox much less strict.

rogue · 2011-11-06 14:53:17

For casual browsing, I use Firefox with NoScript, and Better Privacy.

For when I'm feeling naughty, I fire up a kvm box, with tor; hop in my car and go wardriving...

Eric Schmidt of Google pretty much sums up the reality of how "anonymous" you are these days here. With Facebook using tracking cookies (even after you logout) and the Google Street View car wardriving for MAC addresses, your privacy online is pretty much null and void. Imagine a giant database of all of your online activities neatly organized on a Google Earth map, easily read by even the most incompetent Fed. If you use NoScript, just start paying attention to how often Google analytics shows up in your list. Better yet, check out this handy data sheet of "official" user data requests from Google here. Keep in mind, that a "request" may be one user's data, or it could be thousands at a time. Who knows.

Edit: A compendium of spying guides for "officials" may be found here

Edit 2: tl;dr

Last edited by rogue (2011-11-06 15:06:40)

olive · 2011-11-06 15:35:26

I have read Eric Schmidt comment but I do not agree with it, at least not completely. I think that a certain anonymity is desirable. This is not for committing criminal activities. I have read many post that someone did not have a job just because (s)he one day put on internet an opinion that is not the one of the prospective employer. Suppose you have defended anti capitalist ideas, maybe many years ago, and that you want to apply to work in a bank. Suppose that you have treated M$ as evil (this is not so uncommon in GNULinux Forum) and you want to apply to because a M$ (or apple, or Adobe) employee.

I think that to have an online identity that is different from the real one is desirable. It is true that government want to know more and more about citizens and I think it is worrying situation. I do not want another USSR government

Leonid.I · 2011-11-06 17:08:05

olive wrote:

Suppose that you have treated M$ as evil (this is not so uncommon in GNULinux Forum) and you want to apply to because a M$ (or apple, or Adobe) employee.

This is a frequent argument which makes little sense to me. Claiming MS, Apple etc as evil is just childish. Those are just companies making profit as best as they can, because software is not an object of religion (not even art but just tools). A grown up would provide a founded critisism or don't speak. So if someone got declined at a job interview because of such claims, this is well deserved.

Regarding the transparency and government access in general: those privacy ideas are great and all until you become a victim of identity theft. Then it really helps if your bank can track the bad guys down. If google/bing/MS/FBI storing my MAC/IP helps to stop or prevent crime, I'll all for it.

EDIT: No personal offense. Also, as pointed out, let's stay above the politics here... sorry.

Last edited by Leonid.I (2011-11-06 17:25:28)

jasonwryan · 2011-11-06 17:16:27

Please keep politics out of this thread...

rogue · 2011-11-06 20:03:18

those privacy ideas are great and all until you become a victim of identity theft. Then it really helps if your bank can track the bad guys down. If google/bing/MS/FBI storing my MAC/IP helps to stop or prevent crime, I'll all for it.

In general, informed people don't lose their identities from phishing, man in the middle attacks, or from someone going through their trash. Instead of relying on someone else to take care of you, act responsibly and inform yourself. Apathy is inexcusable.

Edit: Lock it down too tight though, and this could have never happened

Last edited by rogue (2011-11-06 21:33:25)

fukawi2 · 2011-11-07 05:21:25

olive wrote:

Suppose you have defended anti capitalist ideas, maybe many years ago, and that you want to apply to work in a bank. Suppose that you have treated M$ as evil (this is not so uncommon in GNULinux Forum) and you want to apply to because a M$ (or apple, or Adobe) employee.
I think that to have an online identity that is different from the real one is desirable....

You don't think it's reasonable for a prospective employer to consider the "real" person, rather than just the "good" parts the person chooses to reveal?

If I was an employer in a "controversial" industry (say tree logging), and I found out AFTER I employed someone that they were a tree-hugging hippie who just wanted a job so they could sabotage operations, I would be mighty pi55ed. In a less extreme example, if I was MS/Apple and had a choice between 2 equal candidates; 1 with neutral opinions of MS/Apple; one with anti-MS/Apple sentiments, it's going to be more beneficial to all parties to employ the person with neutral opinions.

(No, I do not work for a logging company, I actually work for a company based around environmental sustainability)

jocheem67 · 2011-11-07 07:36:31

Privacy goes 2 ways..I will make it harder on those harvesting giants until they will show me openly what they gather 'bout us.
Noscript, adblock, hosts file, ghostery, eventually tor.
I would opt in for a vpn, that's a little project for later on though..

Leonid.I · 2011-11-07 20:32:13

rogue wrote:

In general, informed people don't lose their identities from phishing, man in the middle attacks, or from someone going through their trash. Instead of relying on someone else to take care of you, act responsibly and inform yourself. Apathy is inexcusable.

If only data breaches never occured... and all employees ar amazon, expedia, etc are absolutely responsible with user data.

alphaniner · 2011-11-07 20:45:24

Leonid.I wrote:

those privacy ideas are great and all until you become a victim of identity theft..

Except for the fact that identity theft wouldn't exist if our governments respected privacy in the first place. IDK about the history of other country's ID programs, but in the US primary opposition to Socialist Slavery (err, Social Security) Numbers at the time of the program's inception was based on privacy concerns. The powers that be swore up and down that SSNs would never be used for identification. And now they form the very crux of the identity theft phenomena.

rogue · 2011-11-07 23:06:53

Leonid.I wrote:

If only data breaches never occured... and all employees ar amazon, expedia, etc are absolutely responsible with user data.

Nothing is ever wholly secure no matter what.

alphaniner wrote:

Except for the fact that identity theft wouldn't exist if our governments respected privacy in the first place. IDK about the history of other country's ID programs, but in the US primary opposition to Socialist Slavery (err, Social Security) Numbers at the time of the program's inception was based on privacy concerns. The powers that be swore up and down that SSNs would never be used for identification. And now they form the very crux of the identity theft phenomena.

That's the sorry truth for sure. It is incredibly simple to obtain anyone's SSN. What next, RFID's in our driver's licenses... oh wait...

Last edited by rogue (2011-11-07 23:08:12)

inch · 2011-11-11 11:24:32

Your browser fingerprint appears to be unique among the 1,852,966 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 20.82 bits of identifying information.

I wouldn't mind to disappear into the crowd a bit more

User Agent 10.82 1802.51 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
HTTP_ACCEPT Headers 14.63 25383.29 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 UTF-8,*;q=0.5 gzip,deflate,sdch en-US,en;q=0.8

using Chromium, changed User Agent and ScriptNo. HTTP_ACCEPT could be better.

Last edited by inch (2011-11-11 11:37:48)

Arch Linux

#26 2011-11-02 22:28:00

Re: Browsing the internet and privacy

#27 2011-11-03 01:20:27

Re: Browsing the internet and privacy

#28 2011-11-03 03:39:49

Re: Browsing the internet and privacy

#29 2011-11-03 10:14:33

Re: Browsing the internet and privacy

#30 2011-11-06 14:53:17

Re: Browsing the internet and privacy

#31 2011-11-06 15:35:26

Re: Browsing the internet and privacy

#32 2011-11-06 17:08:05

Re: Browsing the internet and privacy

#33 2011-11-06 17:16:27

Re: Browsing the internet and privacy

#34 2011-11-06 20:03:18

Re: Browsing the internet and privacy

#35 2011-11-07 05:21:25

Re: Browsing the internet and privacy

#36 2011-11-07 07:36:31

Re: Browsing the internet and privacy

#37 2011-11-07 20:32:13

Re: Browsing the internet and privacy

#38 2011-11-07 20:45:24

Re: Browsing the internet and privacy

#39 2011-11-07 23:06:53

Re: Browsing the internet and privacy

#40 2011-11-11 11:24:32

Re: Browsing the internet and privacy

Board footer