💾 Archived View for bbs.archaicbinary.net › blog › internet › 2022.04.18-Web%20Browsing%20Anonymousl… captured on 2023-11-04 at 11:27:48.
⬅️ Previous capture (2023-07-10)
-=-=-=-=-=-=-
I want this post to focus on browsing the web anonymously more-so then pointing out which browsers you should be using, or which VPN provider is the best, etc. I will go into a few small details about browsers, but how you use them usually has the most positive vs negative effect on privacy and anonymity. I believe being anonymous on the web should be viewed from a human perspective, and not from a technology one. If you are posting personal information, photos, and everything about your daily life and activities, changing web browsers won't fix your privacy or anonymity issues. You need to stop posting personal information, and use different usernames and passwords for various services. Using various web services and staying anonymous is very difficult. You will need at least two browsers available, one to use for various services where you are known (banking and such), and one for everything else. You will also need to not login to services, don't "Remember This Device", and be extremely mindful of what you install, write, submit, post, tweet, reply to social media and the internet as a whole. :: Operating System I want to make something clear, I do not care what Operating System you run. It does not matter if your running Linux, Windows, Mac, or FreeBSD. Anyone using any OS has the right to privacy and anonymity. If somebody is using Linux and posts daily about personal details, they are far more targetable then somebody running Windows and not doing such activities. I highly suggest the use of container Virtual Machines for various tasks though, such as one for secure, private web browsing, one for general testing of software and other small tasks and another for specific work tasks. There are a good amount of free or open-source VM hypervisor applications you can install on any Operating System. I also suggest a good software firewall to control what applications are talking to the network. The firewall should be installed on your computer as well as any and all VMs that are talking to the network or internet. Along with a software firewall controlling which applications are allowed to talk to the network and/or Internet, you should have a hardware firewall protecting the incoming and outgoing traffic for the network as well. :: Virtual Machines (VMs) The correct use of a VM to do tasks, is that these actions are not performed directly on your computer which is referred to as the "host" in VM terms. Anything done in a VM is contained inside that VM as far as disk activity, files, and hardware. Networking on the other hand, depending how you set it up can still have issues, not so much with privacy but protections if your testing public software or binaries that may contain malicious code. I will make an article in the future on installing some VM applications and then the installation of various Operating Systems within them. For now the following list can help you get started. VirtualBox ::https://www.virtualbox.org/ VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. VMware Workstation Player ::https://www.vmware.com/products/workstation-player.html Easily run multiple operating systems as virtual machines on your Windows or Linux PC with VMware Workstation Player. Hyper-V Hyper-V requires a Education, Professional, or Enterprise version of Windows 10 and allows you to create VMs directly via Windows. I don't recommend Hyper-V as it requires some special setups in some cases and is very tightly integrated into the base host Operating System. Others There are many other projects that provide virtual machine functions or similar that still achieve the desired goal of containerization. Bochs, QEMU, Xen, Windows Sandbox, Sandboxie :: Software Firewall I'm not talking about your hardware firewall, router, or internet gateway here. I'm speaking about a software firewall. One that you can install on your computer and inside your various Virtual Machines. I personally use TinyWall on all my Windows hosts and VMs. This allows me to pick and choose very specific programs that are allowed to speak to the network and internet. It's extremely small and generally stays out of my way until I need it. If you are using an anti-virus solution on your machine, you might already have one. Which ever firewall you choose, including one with AV or not, just give it a look and check the settings. Block any programs that don't need to use the internet. Most programs do not need internet connectivity to correctly operate. You might also find one or two programs that are communicating non-stop submitting data for some unknown reason that is unnecessary. While installing the firewall software might be easy, tweaking and setting up the firewall will take a little more time. Some firewalls might automatically unblock "system files" for you, something you might not want unblocked if you wish to block Windows reaching out to random Microsoft servers. I recommend starting from a blank state, unblock your browsers and then watch the logs the firewall makes. Unblock only specific applications, and services. You will also want to keep an eye on the firewall settings and how your OS updates itself, as well as any programs throwing errors that you wish to allow internet access to, then allow those specific programs as well. :: VPN It seems everywhere on the internet you read, watch or listen has an advertisement for some VPN service. They are everywhere. Lets ignore the fact for the moment that almost all VPN services are owned by the same five parent companies. When you use a VPN, you are indeed protecting your traffic from your ISP and in-turn the local coffee shop wireless connection. But remember that your traffic passes through servers owned by one of the VPN companies above. If your goal is hiding traffic from your ISP that's great, but your traffic is now (mostly) viewable by the VPN provider and they may or may not have more or less strict controls as your ISP. This is where TOR comes into the scene. Your ISP will know you are using TOR without a VPN. You also don't want your VPN provider seeing any traffic either. So you use a VPN and use the TOR Browser (or binary if you are in need of a SOCKS5 proxy). Mixing both a VPN and TOR will prevent the above situation. In my opinion you should never use TOR without a VPN because of the statement above. Which VPN you use does not matter, you could even run your own VPN service as long as the IP you are connecting to TOR with, is not yours. The only use I have for a VPN provider is P2P traffic (Torrents) and using TOR. To me there is no other reason to use a VPN. Every VPN provider will scream privacy and security, but the reality is that they themselves have the ability to view your traffic flowing across their infrastructure. When using a VPN for web browsing, always use TOR. As an aside I will note that if you are going for extreme privacy, you don't want to ever use your own self-hosted VPN servers. The more random traffic (other users) leaving a server containing your traffic is much harder to observe. You need to blend into the 'normal' as much as possible. This prevents you being singled out as the only user with $specific_identifiable_property coming from a specific server/address. If you are using VMs, you should install your VPN client inside of the VM. This will allow you to control traffic easier, but may be dependent on how you setup your VM networking. :: Email Providers Which ever provider you use is your choice. Do note that there are some exceptions to the privacy rule with many providers. If your reading this, you probably already know how bad Google is at information gathering. This is not limited with their Chrome browser or Google search engine. They also read every email you receive and send. Google is not the only provider doing this, I'm sure that Hotmail/Live (Outlook.com) by Microsoft is doing this as well. How deep this goes with their business/enterprise products is to be seen, but there is a high probability they are being read as well. (Welcome to the cloud...) When it comes to email, many people flock to services like Protonmail and such which is probably better then using other public mail services. At the end of the day, email is used for so much personal data that the only result I can come to is self-hosting your email services, but this is not always a simple task and will require it's own post in the future. :: Fake Email Generators Giving out your email to various services simply to download a file, or continue through some process that is not permanent is something that really gets to me. Why do you need my email address to download a file? It's purely for marketing purposes. This issue has already been addressed with simple fake email generators. My current go-to is EmailGenerator.org as you do not need to give a forwarding address to get the email. The page is dynamic and nothing more is needed. There are many fake email generator services out there, just throw the search in your favorite search engine and give it a go. Do note that there are many sites and services that block these fake email generator links, instead wanting specific email domains. If you can, find a different service and don't give them the pleasure of spamming your mailbox. :: Browsers My thoughts on browsers to use when you need to go private, or generally don't want to leak information. - Brave Brave does offer a built in TOR private browsing mode which is a nice touch. But there are already faults with the Brave TOR browsing mode, such as the previous link showing a DNS leak of Onion addresses. If you already use Brave as a non-anonymous browser and still want to use TOR, just use the TOR Browser Bundle. That being said, using Brave with Brave Rewards enabled would not be very anonymous or private. So if you are using the Brave Rewards system, I recommend using a different browser when you wish to be "anonymous". The real issue regarding Brave and the BAT system is Uphold, the company that works with the BAT cryptocurrency. Just let us get Ethereum, Bitcoin, or something anonymously. - Chrome Chrome is built and distributed by Google. Google is a marketing and search company. Google loves data. The fact is that Chrome collects more data than any of the other browsers and I do not suggest using Chrome for any private browsing needs or even daily driver needs. There are many other browsers using the Chromium (Chromium is not Chrome...Mostly) source code like Brave, Edge, and Vivaldi. These may also present their own privacy issues. I don't need to continue telling you how much personal data Chrome reports to Google. This would be the one browser I would stay away from. - Chromium Chromium is the free and open-source code base that serves as the initial build for a wide variety of browsers such as Vivaldi, Edge, Opera, and Brave. Chromium is sometimes called "de-bloated Chrome". The browser is still dependent on Google pushing the source code, updates, patches, etc. There are also multiple reports of Chromium "calling home" to Google servers. I would not use Chromium directly instead use one of its' modified forks; Ungoogled Chromium, Brave, or others. But remember, these all share the base source code with Chromium, if Google changes to block addons, or other features these browsers may have to just suck it up. - Firefox Firefox is the open-source browser from Mozilla. It's very popular right next to Chrome for most people. As far as privacy goes, we already know it leaks data to Mozilla. This setting can be disabled by choosing Disable "Contextual suggestions" and "Include occasional sponsored suggestions" in the settings to stop Firefox from sending data to Mozilla. (Possible there are more settings needed, or it might not be possible to stop all data.) On the topic of being private, the Mozilla team has done some odd things (why are they getting political?), Firefox is still highly touted as being a privacy respecting browser. That being said, Firefox includes a unique download token in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is not included in releases from the Mozilla FTP server. - TOR Browser TOR Browser uses the TOR network, bouncing your connection around a series of "hops" before leaving an "exit node" so your data cannot be tracked back to your machine. This process is not entirely perfect as your ISP can see you are using TOR, but cannot see the traffic inside its' tunnels. I recommend using a VPN with the TOR Browser to get a more complete solution. This is the second browser you should use for private, anonymous browsing. While you can use it for everything if you can deal with slower loading pages, most banking and other secure sites will probably reject connections via TOR. Also remember how to you use the TOR Browser matters. You cannot load every Javascript file that comes across, every HTML5 applet, etc. - Waterfox Waterfox is currently my go to for everyday banking, and secure sites. Being a fork of Firefox the browser can load any addons for Firefox and specific versions of Waterfox can still load all the older Firefox addons as well. The issue I have with Waterfox now is that it is owned by System1, an advertising company. I don't believe anything has been added to the browser as far as tracking, adware, spyware or telemetry. I will be keeping an eye on updates. :: Browser Plugins Most browsers allow a multitude of plugins to be installed. These can help us with privacy and keeping as anonymous as possible while browsing the web. Remember that while most plugins are good, there are some that could make your situation worse by leaking data or being outright malicious by sending your browsing habits or browser fingerprints to remote servers operated by various plugin developers, usually owned by advertising companies. - uBlock Origin uBlock Origin is a free and open-source, cross-platform browser extension for content filtering primarily aimed at neutralizing privacy invasion in an efficient, user-friendly method. It is available for Chrome, Firefox (and forks) Browsers, Edge, and Opera. - HTTPS Everywhere HTTPS Everywhere is a plugin that attempts to force HTTPS connections on all websites you visit. I don't think this plugin is really needed anymore, most browsers that I have tested already have this built in. They will all attempt an HTTPS connection first, and then show a warning when you attempt to connect to a non-secure server. It is still available for Chrome, Firefox (and forks) Browsers, Edge, and Opera. Apparently it is already "included" in Brave and TOR Browser. Waterfox has this built-in as well as a setting called "HTTPS-Only Mode". - Privacy Badger If you are already using uBlock Origin, there is no benefit in using Privacy Badger alongside it (If I am incorrect in this, let me know). Privacy Badger seems to co-exist nicely with uBlock Origin but again, I see no benefit. If your looking to improve your privacy while using uBlock Origin, give Privacy Possum a try. - Privacy Possum Privacy Possum produces false (fake) data that gets offered up to tracking companies when pages load advertising scripts. It does not block anything, instead it gives this fake data which is perfect for throwing random garbage at advertising and tracking companies. Available for Chrome and Firefox. - SponsorBlock SponsorBlock is an open-source crowdsourced browser extension and open API for skipping sponsor segments in YouTube videos. Users submit when a sponsor happens from the extension, and the extension automatically skips sponsors it knows about using a privacy preserving query system. It also supports skipping other categories, such as intros, outros and reminders to subscribe, and skipping to the point with highlight. SponsorBlock is great if you are directly viewing videos on YouTube. It does not seem to work on videos viewed through 3rd party services or proxies to YouTube like Invidious instances sadly. I highly recommend SponsorBlock if you are viewing anything on YouTube even if you are using a redirection addon like Libredirect, as you might have to view the real YouTube at times. - Libredirect Libredirect is an addon that redirects YouTube, Twitter, Instagram, TikTok, Imgur, and Reddit requests to alternative privacy friendly frontends and backends. In one hand I see this as a good thing, on the other your not loading an official site and some instances could possibly be less privacy focused, keeping logs and such. The software used by these instances is open-source and available freely, but can also be modified on the destination server. Using services other than Reddit, Facebook, Twitter, YouTube, and Google is always a great way to keep the Internet to its' true intent and keep traffic away from these companies.