itsmect

joined 1 year ago
[–] [email protected] 3 points 11 months ago (1 children)

Thanks for the heads up, my setup is indeed 6-12 months old. My thoughts on the linked list:

  • uBlock origin is the #1 recommended plugin, and can make some other plugins redundent, see below
  • Decentraleyes only helps only for some scripts/sites and may be fingerprintable. Considering that it targets major CDNs and it's widespread use, I still think it's benefits outweigh the possible downside, especially if used in conjunction with a good VPN, so its optional but I'd keep it.
  • Privacy Badger used to be unique in that it creates a custom blocking list based on your behavior. There was some security and privacy vulnerability with this method, so it's no longer done. It depends now solely on a pre-trained list just like uBlock origin, offers no additional features and should be removed.
  • Cookie extensions may give you a false sense of privacy as they do nothing for IP tracking or other vectors. However they do patch one area, and are useful if used correctly and together with other methods.
  • noscript is technically covered by uBlock origin as well, but the UI is far superior and you'll be using that a lot.
  • Canvas Blocker was an optional plugin to begin with, and starting Firefox 120 the FPP (Fingerprint Protection) can subtly randomize canvas, hopefully with less problems. You should be using this build in feature instead of the plugin.
  • Font Fingerprint Defender is the one plugin that broke tracking on fingerprint.com, combined with VPN IP change, despite javascript being enabled. If you care about privacy, and not anonymity, you should still be using this.
[–] [email protected] 21 points 11 months ago* (last edited 11 months ago) (3 children)

Edit: Crossed out slightly out of date recommendations, see comments.


Do not confuse privacy with anonymity. Your goal is not to defend against governments or other entities with limitless resourced, but against profit oriented companies. By reducing the amount of data you leak and obfuscating what is left, your data becomes progressively worthless as you improve your setup. This is a good thing, because companies will focus their limited resources on areas with a higher profit margin.

Given your description, I think the network side of IT security is pretty much top notch, firmly in the top 0.1% if not 0.01% of users. However most of the tracking happens at the browser level, so it alone does not protect you that much.

Firefox is a solid base, but it is optimized to not break any websites, rather then providing maximum privacy. You can try to tweak settings manually, but I'd rather recommend you to use LibreWolf on PC and Mull on Android. Both are pre-configure, hardened versions of Firefox, that also have proprietary Mozilla features like "Pocket" and some telemetry removed form the source. A standard install has basically no downsides, 99.9% of sites work normally and privacy is quite good.

Librewolf has ublock origin pre-installed and pre-configured with sane defaults. I'd recommend the following additional addons:

  • Decentraleyes: Local CDC cache to reduce third party requests. Improves privacy, performance and doesn't break anything. No configuration needed.
  • ~~Privacy Badger: Prevents some interactive features (disqus comment section, embedded youtube player, etc) from loading until explicitly confirmed with a mouse click. Also prevents some tracking in the background, but that might eb covered by ublock already.~~
  • Cookie AutoDelete + I still don't care about cookies: This combo silently suppresses all cookie pop-ups, allows them for the session and cleans up afterwards. This is different then disabling all cookies, and does not brake websites then rely on them while providing all privacy benefits.
  • Disable WebRTC: WebRTC can leak your IP address, but disabling it breaks eg. real-time video calls. This plugin is a simple toggle, only turn it on when you need to.

If you are willing to do some fine tuning or accept broken sites, consider also:

  • noscript: Most privacy leaks happen because of Javascript, but disabling it basically makes the modern web unusable. noscript offers a middle ground to enable/disable javascript on a domain-by-domain basis. Can be annoying at times, but arguably the best way to defend yourself.
  • ~~Canvas Blocker: WebGL powers most of the advanced visuals, and can read out a lot of data that is used for fingerprinting. This plugin can randomized requested data to protect you, but it also brakes sites in weird and unexpected ways. It's powerful, but I rarely use it these days.~~

And finally consider some obfuscation techniques to throw of the remaining trackers. Right now I only use one, and highly recommend it because of its effectiveness:

  • Font Fingerprint Defender: Using javascript, websites can read out the list of installed fonts on your device. Some programs install fonts in the background when opening a document with missing fonts, so this list is highly unique for each user and effective for tracking. The plugin throws is some noise, and causes automatic systems to detect you as a new unique user each time.

All of this throws off the vast majority of trackers, and puts you in the top 0.1% of users. Yes, this also makes you kinda "unique", because websites may notice the effort you put in to defend yourself. Bad idea if you try to hide from the government, you should be using TOR for that anyway, but great to signal companies that you are not worth the squeeze.

Keep your head up bro. The situation is not as terrible as it may seem, but companies want you to believe that, so that you don't even try.

[–] [email protected] 38 points 11 months ago (2 children)

Reminder is much appreciated. I checked out their donation page and learned that they also accept XMR, which is great if you don't want to give the middleman leeches (paypal etc.) any data or money: https://join-lemmy.org/crypto

[–] [email protected] 4 points 11 months ago (1 children)

Can they teach me how to remove the license check from an app? I don't want it for free, I paid for it and would gladly pay another 50 times, rather I want to get rid of the google play framework altogether and it's the only irreplaceable app that doesn't work on microG :(

[–] [email protected] 42 points 11 months ago

Millions of auto-updating installs on unsuspecting users devices who thought they installed a privacy respecting app, but is now likely to harvest as much personal data as possible.

[–] [email protected] 19 points 11 months ago (3 children)

Same here. Donated not only to cover my installs, but also for everyone I recommended it to. I hope the f-droid version wont be affected, otherwise I have to uninstall the upcomming bloat- and spyware ridden versions manually from a bunch of devices smh.

I mean I am fine with apps not being maintained and eventually break, but selling out and breaching trust like this is exactly how regular companies would treat me and why I chose FOSS in the first place.

[–] [email protected] 1 points 11 months ago

For editing pictures, try out Pocket Paint (F-Droid). Feature rich and surprisingly good UX for a mobile editor app.

[–] [email protected] 3 points 11 months ago

DAVx⁵ works great and super reliable

[–] [email protected] 6 points 11 months ago (3 children)

Try Neo Luncher (IzzyOnDroid repo). It supports a lot of the customization options as Nova, but is completely FOSS.

[–] [email protected] 20 points 11 months ago* (last edited 11 months ago)

May I introduce you to our lemmy instance? Sending over $600 without the IRS feeling up on you, lol.

I don't condone tax evasion, but I do oppose mass surveillance and firmly believe "innocent until proven guilty". The biggest tax evaders are large corpos and megachurches anyway.

[–] [email protected] 2 points 11 months ago
[–] [email protected] 17 points 1 year ago (4 children)

Essentially it's a giveaway/handout/distribution to people who fulfill some criteria. There was one coin that gave away significant amounts (>1k USD) to early users and since then it has become kinda popular. Because who would turn down something free?!

Except its not free. For starters, you'd usually have to pay significant network fees to claim the airdrop, and second the money has to come from somewhere. It's the same with government printing money and distributing some to the people, in the end we all pay for it with inflation. So yeah, pretty scammy overall.

view more: ‹ prev next ›