💾 Archived View for tilde.team › ~smokey › logs › 2022-02-26-privacy-advice.gmi captured on 2023-04-19 at 23:55:42. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-07-16)
-=-=-=-=-=-=-
Like many, I have been taking my privacy a little more seriously over the years. Here are some practices and information which a beginner might find handy. The main goal is to curate a privacy respecting browser with strong fingerprinting and tracking protection.
The heart of your internet experience
before we even begin its worth doing a test with your current internet browser of choice. Because privacy is our main goal, having some way to quantify and score 'browser privacy' is important. Numbers over feelings and all that. So I recomment the testing tool Cover Your Tracks by the Electronic Frontier Foundation.
Make sure the "Test with a real tracking company?" option is enabled for most accurate results. After the test is complete take time to read through the results. You many find it enlightening just what kind of tricks are being used to track you.
I've tinkered and toyed with many different browsers over the years. Mostly firefox forks but also qutebrowser and lynx. Experementation is key to discovering what works best personally. For example, Qutebrowser has many rough edges but is second to none when it comes to workflow once you get a hang of things.
My main browser is Librewolf, a fork of firefox centered on privacy while keeping it up to date with current releases. It also has ublock origin packaged with. Unfortunately, ad-blockers are a near necessity for browsing the modern web. I respect what the project is doing and like how they handle stripping all the telemetry out of FF.
This project is an independent fork of Firefox, with the primary goals of privacy, security and user freedom.
LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.
Here is a list of what I would consider essential addons. Keep in mind that some websites can detect your addons and use them as a way of fingerprinting you. The more you add, the more unique the fingerprint becomes. Try to keep it to the bare essentials.
One of the ways you are being tracked is your screen size. Because many people maximize their browsers window, websites can record your display screen size and use that as another piece of identifying info. Canvas Fingerprint Defender helps spoof this information.
I have Cookie Autodelete set on automatic delete mode, erasing most cookies as soon as leaving the site.
Anyone who stares at screens long enough should understand the blessing that is dark mode. I considered not including this but it really is a necessity to me. Extend the life of your screen, save some power, and save your eyes from the blinding white of light mode.
Removes those annoying "will you accept our cookies?" messages that pops up on every other website. Nuff said.
Protects from tracking via Content Delivery Networks (CDNs) by redirecting to local resources. CDNs are a technical aspect of how web content gets to your computer. Do your own research if you want to know more.
Links to common centralized websites are redirected to their more privacy friendly, decentralized, and open source front-end counterparts. Do some research and discover what instances work best for you.
My wikipedia redirect is set to Marginalia's simple encyclopedia. I like its reading oriented nature. Plus its nice to support a fellow community members project.
A great adblock that can acompanies both beginners and advanced users.
One way you are being tracked is by your user agent. Whatever browser you are using has a identifying string which websites can use to display different versions of the same website. That string contains the name of your browser with its exact version, as well as what operating system you are using.
The more obscure your browser or operating system is, the more unique its identifying string becomes. For example only 2-3% of the OS market share is linux and bsd based. If you are using any kind of linux or bsd OS, you are already standing out like a sore thumb.
User-Agent Switcher and Manager allows you to spoof your user agent to a extremely common string for increased anonymity. If everyone is windows11-google-chrome, no one is.
Some other addons Ive left out but personally use are keepassXC, EpubPress, and OneTab. They are situational and not 'essential but worth mentioning in passing.
Google, Bing, and Yahoo. Three of the biggest search engines everyone is familiar with. They happen to also be backed by some of the richest conglomerates of the 21st century: Alphabet, Microsoft, and Yahoo. Not only are they rich with money, but also information. Our personal information to be exact.
The right bidders (read as: Advertisers) will pay pennies on the dollar for any scraps of information they can get on you for the sake of targeted ads. Where are they getting this data from? Many places, one of which are search engines. Nothing gives away a persons thoughts quite like their search history. So what are the better options for searching the web? How can we keep our information safe when everyone wants to sell it?
The good news is that there are many privacy respecting alternative search engines out there. Some honorable mentions are yandex, swisscow, YACY and startpage. The one that probably comes into your mind is DuckDuckGo.com.
They had a great advertising campaign with the forefront motto being: privacy respecting. Unheard of! DDG put a lot of effort into trying to gain peoples trust through a solid privacy policy and transparency when it came to ads (which you could turn off in the settings, nice!) Bangs are also a killer feature. Alas, there are still some problems with DDG.
UPDATE 3/25/22: DDG has recently gone through a big controversy over a statement from the president about censoring 'russian disinformation' by lowering its sources in the search ranks. I do not recommend them at this point.
Anyone sufficently deep enough down the internet security rabbit hole knows that blind trust is a bad idea. No matter what the privacy policy says, there is no gaurentee of what DDG is really doing with your search history and metadata behind the scenes.
Hypothetically in order to truly know whats happening to your data at DDG (or any other public service), you must be an IT security professional allowed into the physical servers hosting the site. Be able to inspect the entirety of the source code and file system of the server array. Unless you can do all that, There is no way of knowing what is really happening to your information. How is it logged, where its being logged, if its being sold and what kind of security is in place to protect that data is a complete mystery.
Thus is the crux of trusting any service you do not personally host and have complete control over...
Short of being enough of a IT giga-chad to create and host your own webcrawler/search engine, what can be done? The closest answer Ive come to is SearX/SearXNG. (and maybe YACY but havent tried it personally)
Searx is a free internet metasearch engine which aggregates results from more than 70 search services. Users are neither tracked nor profiled. Additionally, searx can be used over Tor for online anonymity. Get started with searx by using one of the Searx-instances. If you don’t trust anyone, you can set up your own, see Installation. -Searx homepage
In my own words, Searx is a kind of search service. Instead of using its own webcrawler, it submits your query to multiple different search engines, and collects all of their results in your stead. One service collecting content from many other services is technically refered to as "aggregation". Theres a similar idea in gemini space with Antenna aggregating gemlogs from many different capsules into one place.
A Searx instance acts as a middle-man between your computer and the search engine. Stripping away all your private information before it even touches the big search engines servers. The only thing search engine sees is the Searx domain information. Your private information stays between you and the searx instance. As a bonus, many people using a searx instance will help anonymize all queries from that particular instance.
SearXNG is a fork of Searx. It was started by a former founder of Searx after ideas towards the future of the project started to diverge. SearXNG has many features and fixes to the code which Searx lacks. More information can be found in a discussion linked below.
Discussion on differences bewtween them
To get started using searx or searxng, visit their public instances index to browse all of the instances. The top ones have the fastest response time.
Take some time and view the github page of each instance (if it exist) by clicking on the "source code" section at the bottom of each searx page. For example, paulgo.io has a beautiful github page describing all the details of their custom instance such as added protection with implementing filtron to filter reverse HTTP proxies.
There is still some uncertainty in how your data is treated & stored. Switching to Searx just shifts the trust of your data from a search engine to the searx provider. All servers need to log some basic information for logistic and possibly legal purposes. There is also no gaurentee of security in how these logs are stored.
While only slightly related, I wanted to mention one of my favorite statements regarding privacy from a small email provider in their FAQ section. While being an email provider and a search engine maintainer are two different things, I can imagine maintaining they might follow similar ideas.
From their FAQ:
How can I trust you?
You can't. Cock.li doesn't parse your E-mail to provide you with targeted ads, nor does cock.li read E-mail contents unless it's for a legal court order. However, it is 100% possible for me to read E-mail, and IMAP/SMTP doesn't provide user-side/client-side encryption, so you're just going to have to take my word for it. Any encryption implementation would still technically allow me to read E-mail, too. This was true for Lavabit as well -- while your E-mail was stored encrypted (only if you were a paid member, which most people forget), E-mail could still technically be intercepted while being received / sent (SMTP), or while being read by your mail client (IMAP). For privacy, we recommend encrypting your E-mails using PGP using a mail client add-on like Enigmail, or downloading your mail locally with POP and regularly deleting your mail from our server.
Also, there's this quote from /g/:
Administering a mail host is sort of like being a nurse; there's a brief period at the start when the thought of seeing people's privates might be vaguely titillating in a theoretical sense, but that sort of thing doesn't last long when it's up against the daily reality of shit, piss, blood, and vomit.
Now that I think about it, administering a mail host is exactly like being a nurse, only people die slightly less often.
Thats about as real an answer you can get.
In the end, The only way you will know what happens to your data is if you are in complete control of it. decentralized, open source front ends to huge centralized services like invidious and metasearch engines like searx are some of the best defense the privacy concious have in the modern internet.
This is one of the most drastic things I recommend. Javascript, as we gemnaughts know, is the true root of all evil. Okay maybe its not that serious, but JS is still very misused in the modern web. Not only is it partially to blame for making many websites bloated, there are also about a dozen different ways JS is used to fingerprint you. Combine that with the fact that almost every website uses some form of javascript.
JS is a necessary evil if you want a convinent and easy browsing experience. Disabling it by default will break just about every website in some way. Only the most hardcore privacy nuts are willing to manually set permission and rules for each website. If you just arent willing to go that far its okay.
The other drastic thing to do is use Arkenfox's custom user profile optimized for maximum security and set it as the default profile. In Librewolf/Firefox enter
about:profiles
and make a new profile. Name it something like "maximum security". After its made, select the "open root folder option" then go to the github and download the "user.js" file. Put the file in the root folder and youre done!
If you decide to use this custom profile, you might want to edit the user.js to change some things. For example, I type search queries into my url bar and had to change a line 328 to true for things to work how I wanted.
Okay, thats just about everything I can think of right now. Hopefully something new will catch your eye that you didnt know about. Thank you for reading!