THE Big thread about security

best security for your pc is to cut your wlan cable :crazy_face: :upside_down_face:

4 Likes

which search engine everyone using to stay private and is best for privacy/security...?

1 Like

https://start.garudalinux.org/

Well, with regular web it's probably searx.

I made this a while back:

4 Likes

This thread can be an addition+user feedback on that page :thinking:

Yep, thats a pretty nice idea. Additional stuff will be added to the wiki then :relaxed:
Using a VPN is on the list as well :thinking:

2 Likes

canvas blocker is only for firefox...?

Havent found it for Chromium yet :thinking:

1 Like

This one?

Adguard dns or Cloudflare dns or Nextdns or Isp default dns or any other...?

right now I would say adguard. But when I will dig deeper to it, maybe it will change.

well right now i'm using adguard....and also searching for better dns

2 Likes

Thank you sir

Big privacy advocate here. I actually came to the forum to post a new thread polling users about their favorite privacy-focused browser extensions. I'll start things off with a few but feel like they should perhaps be split into two camps, those for chromium-based browsers and those for gecko-based browsers.

Gecko-based (FireDragon, Firefox, Librewolf, etc.)

Some of our favorite, locally developed by dr460nf1r3 browsers (read: FireDragon) come with a few baked in, including one of my favs, CanvasBlocker, which unfortunately isn't available for Chromium-based browsers (don't be fooled by the Chrome Webstore Extension by the same name, it's not the same), however, I found a very impressive alternative that I'll list below. uBlock Origin is almost a given at this point but still needs to be mentioned. I've also included it's lesser known sister-extension (I'm calling it that because it is made by the same people and does essentially the same thing, they just take different approaches), however this one is not for the faint of heart and is definitely reserved for advanced users. Both it and uBlock are available for both browser types.

In addition to the those already mentioned, one of my very favorites all around for both Chromium-based and gecko-based is Privacy Redirect. As the name suggests, it redirects links originally directed to Twitter, YouTube (including embedded content), Instagram, Google Maps, Reddit, Wikipedia, Google Translate and Google Search (or any other SE for that matter) requests to their respective privacy friendly alternatives - Nitter, Invidious/FreeTube, Bibliogram, OpenStreetMap, Libreddit, Wikiless, SimplyTranslate & Private Search Engines like Whoogle, searX, DuckDuckGo and Startpage. You can toggle all redirects on and off or select a specific instance for those with several to choose from, the default uses a random instance if none are selected. You can also set custom/private instances - I use this option to redirect Wikipedia links to wiki2.org, which is a Wikipedia frontend that's much nicer to look at / easier on the eyes. I was actually under the impression that Wikipedia is / was already open source but between the fact that this extension redirects links from Wikipedia to Wikiless and after a cursory glance into what the internet has to say about it and now I'm not so sure anymore. It appears that its roots are based on open sourced code / it has a FOSS foundation in Wikimedia but things have been muddied over the years and while it does share some characteristics, there are other characteristics generally expected of open sourced projects that are noticeably absent (see this old-ass but still relevant article). I think if you want to split hairs it could be considered open-sourced but apparently has some tracking elements involved that I'd think most FOSS advocates wouldn't appreciate. I plan on looking into whether one can use wiki2 and wikiless in tandem.

Also available for both browser types and a much easier to use alternative to something like uMatrix is the well known NoScript. There used to be one called ScriptSafe that was good but looks to have been abandoned as it hasn't seen any updates since 2017.

Another favorite is one that I discovered while looking for an alternative for CanvasBlocker on CBBs. It's called Trace and it turns out that this one is available for both as well, I just hadn't seen a need for it because CB does such a good job but after using Trace for a while now and being very impressed, I'll have to look more closely at what each do because there is a fair amount that Trace does that CB doesn't, including:

  • Canvas Fingerprint Spoofing
  • Audio Fingerprinting Protection
  • WebGL Fingerprinting Protection
  • JS Crypto Currency Mining Domain Blocking
  • WebRTC IP Leakage Protection
  • WebRTC Device Enumeration Protection
  • Client Rects Protection
  • Screen Resolution Spoofing
  • User-Agent Spoofing
  • Battery API Spoofing
  • Network Information API Spoofing
  • Browser Plugin Fingerprinting Protection
  • Hardware Fingerprinting Protection
  • Beacon/'Ping' Request Blocking
  • Blocks Malicious Top Level Domains
  • Hyperlink Auditing Prevention
  • HTTP Referrer Headers Controls
  • Google Header Tracking Controls
  • E-Tag Tracking Mitigation
  • Removal of specific Tracking Cookies
  • Removal of URL Tracking Parameters

It's being actively developed again after a short break for apparent personal reasons (its Github page still says it's not been updated in a while but the changelog says otherwise) and the roadmap looks promising.

My last highly recommended extension/addon is called SponsorBlock and once again this one is available both CBBs & GBBs. Aptly named, this is a YouTube extension that, you guessed it, skips the sponsors. You can also configure it to skip self-promotion, interaction reminders, Intermission/intros, and endcards/credits as well as skip right to the meat of the video. So if you don't fancy something like Privacy Redirect to take you to Invidious, Freetube, etc. (or directing yourself there, for that matter) and you don't use something like NewPipe or YouTube Vanced (both have SponsorBlock integration, though technically the NewPipe Integration is a NewPipe fork) and don't care for watching commercials or any other kind of disruptions with your YT content, this is the extension for you. Just a note though, you really should turn it off for any of the smaller channels you subscribe to/watch as its use could hurt the income potential, although there is some debate about this. I read something that lead me to believe that it's up to the influencer(s) and their discretion as to whether sponsors would be notified of dips in viewership that exactly coincide with the ad placements (indicating some sort of ad blocking). If you care about the channel, though, better to be safe and just take the 30s to watch the damn thing :stuck_out_tongue_winking_eye:

That's all, I guess I didn't have any that were expressly for CBBs after all but that's due in large part to FireDragon successfully converting me (thanks @dr460nf1r3!)

Anyway, your turn. What are some of your favorites, for any browser? (on that note, many of the above are available for Opera, Vivaldi, Safari, etc.)

PS - every time I go to bump an old thread like this, I get a warning message warning me about it and asking me if I'm sure I want to do it, which leads me wonder - despite the single most important commandment of any forum community being, "THOU SHALL USE THE SEARCH FUNCTION PRIOR TO POSTING," is it better/preferred by the powers that be and/or the community at large to start a new thread rather than revive an old one? I wouldn't think so but between the warning associated with this thread and the one I just posted in a few minutes ago by @brvheart (crossposted just above), I thought it prudent to ask. Spanks

5 Likes

heh glad you did bump this thread. made me read some things i liked :slight_smile:

I am using firedragon ( used firefox before with alot of customizations from user.js and ublock+localcdn+cleanurls ).

though my "darling" browser is qutebrowser :slight_smile: Qutebrowser - Spyware Watchdog

very actively developed, very configurable, integrates perfectly with kde x11/wayland, adblocker and python scripts. only negative is qtwebengine being always behind on chromium integration.

I also use sometimes brave, because I don't trust the firefox reddit sycophants, but nothing too serious.

2 Likes

btw .... should one enable firstparty isolate on firefox or not?

I seem to have read that since firefox 77 if not mistaken, it should be disable and enable instead "dynamic first party isolate".

Anyone ideas ?

@alexjp sorry, I don't know the answer to your last question and was hoping that someone with knowledge on the subject would've chimed in by now.

I don't know if this calls for its own separate thread, probably not but if so I suppose I can tackle that when we cross that bridge.

The subject I wanted to get into is security-focused operating systems. Most of these are of the type that you write to/boot into on a separate storage medium, most likely a USB flash drive. I really only know 3 well, and wanted to survey the community (i.e., you guys) to learn if there are any additional security-oriented OS's that I'm missing, don't know about, etc.

The 3 that I'm familiar with are:

  • Tails - the granddaddy of the security-focused OS. Arguably the best and all one should need.

  • Whonix - I'm least familiar with this one but know that it must have gained its reputation for good reason.

  • Kodachi - while this one is lesser known than Whonix, personally I am more familiar with it and some might argue that it does itself a disservice with all its bells and whistles but they'd be hard pressed to argue, with me anyway, that it doesn't look the part and/or that it's way nicer than Tails to look at, anyhow. I actually happened across an article at Tech Republic on Kodachi, which prompted this post.

  • Honorable mention goes to Qubes OS. I feel like this one is a little bit different from the others but still deserves mentioning. I'm not super familiar with it, I've only booted into it a few times and found it to be not very user friendly but I really like the concept of sandboxing everything.

So, what am I missing? Even if I'm not missing any to your knowledge, what are your thoughts and/or personal experience, etc. with those mentioned? Your favorite(s)?

Hopefully this post doesn't fall under the umbrella of not welcome conversation for the simple fact that it's discussing OS's other than Garuda Linux. I think anyone would agree, though, that while Garuda is our favorite distro and is my daily driver, for the purposes of this post, i.e., identifying privacy focused OS's, Garuda doesn't fit the bill.

PS - I'm aware of the Blackarch flavor of Garuda and quite like it. It's on my Ventoy powered USB drive with about a dozen other OS's that I have reason to boot into on occasion and I even daily drove it for a little while, however while great for pen-testing, I don't view it as being nearly as hardened as the others mentioned and I personally view it as serving a different purpose. If I'm incorrect in this assumption, please don't hesitate to let me know and show me the light :yum:

1 Like

I use systemd-boot now with private keys and secure boot enabled with UEFI locked down. Can't even boot a USB stick without dropping protection.
Been happy for the last few years with my protection to the Internet and so on, only weak spot was the front end until recently.

2 Likes