Security and Privacy - Malware and Corporate tracking Edition
January 19, 2014 6:54 PM
I am looking for ways to browse securely over the internet, while not giving any data to corporations (including my ISP) that is unwarranted and also preventing malware (like the CryptoLocker ransomware epidemic in late 2012).
I know that security and convenience have a ball dance, so what would be the best options to achieve my goals? At this point, government surveillance is not something I am concerned about (that is a whole new ballgame!). So, my goals are:
1. Be able to browse anonymously (IP/location, OS, Browser, Machine info should not leak) at home and when traveling (=unsecured wifi at coffeeshops etc). Being able to transact financials would be a bonus!
2. Avoid corporate tracking - prevent corporations from tying together my browsing history and make profiles that they can sell
3. Prevent ransomware and malware from infecting computer and shared drives
4. Flash and other video formats on the internet should still be accessible
5. Stream media to other devices in the house (similar to NAS or a PC with XBMC)
Here my thoughts:
1. Normal internet browsing through a LiveUSB running Tails OS - (TOR exit nodes are often watched by Gov, but as I said, that is not a concern for now)
2. Use an airgapped PC (running a patched Windows 7) for streaming
3. Run firefox with AdBlock, NoScript, HTTPS Everywhere extensions for all browsing (No Chrome)
What else should I be doing to meet my goals? How do I make sure that my network doesn't leak ports or info for script kiddies?
I know that security and convenience have a ball dance, so what would be the best options to achieve my goals? At this point, government surveillance is not something I am concerned about (that is a whole new ballgame!). So, my goals are:
1. Be able to browse anonymously (IP/location, OS, Browser, Machine info should not leak) at home and when traveling (=unsecured wifi at coffeeshops etc). Being able to transact financials would be a bonus!
2. Avoid corporate tracking - prevent corporations from tying together my browsing history and make profiles that they can sell
3. Prevent ransomware and malware from infecting computer and shared drives
4. Flash and other video formats on the internet should still be accessible
5. Stream media to other devices in the house (similar to NAS or a PC with XBMC)
Here my thoughts:
1. Normal internet browsing through a LiveUSB running Tails OS - (TOR exit nodes are often watched by Gov, but as I said, that is not a concern for now)
2. Use an airgapped PC (running a patched Windows 7) for streaming
3. Run firefox with AdBlock, NoScript, HTTPS Everywhere extensions for all browsing (No Chrome)
What else should I be doing to meet my goals? How do I make sure that my network doesn't leak ports or info for script kiddies?
1. Be able to browse anonymously (IP/location, OS, Browser, Machine info should not leak) at home and when traveling (=unsecured wifi at coffeeshops etc). Being able to transact financials would be a bonus!
I'd recommend a VPN for this purpose, personally. Especially for the 'unsecured wifi at a coffeeshop' scenario.
posted by CrystalDave at 7:19 PM on January 19, 2014
I'd recommend a VPN for this purpose, personally. Especially for the 'unsecured wifi at a coffeeshop' scenario.
posted by CrystalDave at 7:19 PM on January 19, 2014
Torrentfreak has a decent list of VPN providers. I can attest that "Private Internet Access" (the first company on their list) works well. But - who knows what they really log or do when asked?
posted by nostrada at 7:43 PM on January 19, 2014
posted by nostrada at 7:43 PM on January 19, 2014
The MVPS.org custom hosts file is a pretty popular way to block a lot of nasties out there on the 'Net. Not sure if that's entirely what you're looking for, but thought I'd throw it out there.
posted by cardinality at 9:11 PM on January 19, 2014
posted by cardinality at 9:11 PM on January 19, 2014
@gregglind: Thanks for the transparency. I have set FF to use Private browsing mode always and no user data, although I am more trusting of Mozilla foundation on what they use it for. A breach however, would be concerning.
@CrystalDave: Yeah, looking at one now, preferably somewhere privacy laws are taken seriously.
Although, after reading this link on metafilter, I think using any of this may make one a "person of interest" :) [warning: reading the links and comments left me with a feeling of utter hopelessness]
posted by theobserver at 11:00 PM on January 19, 2014
@CrystalDave: Yeah, looking at one now, preferably somewhere privacy laws are taken seriously.
Although, after reading this link on metafilter, I think using any of this may make one a "person of interest" :) [warning: reading the links and comments left me with a feeling of utter hopelessness]
posted by theobserver at 11:00 PM on January 19, 2014
First of all a disclaimer: I'm definitely not a security expert and all of what will follow is surely incomplete if not incorrect, so do not take it as authoritative information!
nostrada has it right regarding VPNs: they're essentially a single point of failure corporation, meaning you have to trust them not to do all the tracking themselves. No such problem with Tor.
The main disavantadges of the Tor network are the speed (works perfectly for normal browsing but not so hot for downloading large files - and don't even think about torrenting because it just won't work, period) and the fact that some stupid sites block access through it forcing one to use a non-anonymous browser to access them (or a VPN I suppose, though I don't use one). However, when it comes to anonymity it can't be beaten from what I understand.
Regarding some of your requirements: for 1 and 2 using the Tor Browser Bundle or better yet, running the Tails live distro, should be good enough; 4 is a terrible idea since Flash and other plugins will try their best to ignore your proxy settings so if you must both use Flash and maintain anonymity, the only option is Tails or a similar distro that doesn't allow any outbound traffic to bypass the Tor network. I can't help with streaming nor wifi since I don't use any of those.
About private browsing mode, it may not do what you expect it to do based on its name: it will erase all browsing history, cookies, etc on your PC (ie, give you local privacy by preventing someone with access to your computer to know what sites you've been reading), it will NOT give you any privacy regarding your ISP / web-tracking, which will still know who you are and what you're reading unless you use Tor or some other method.
Hiding your browsing from your ISP is probably the easier part, just using Tor with any browser should be enough in most cases but there is the possibility of DNS and other leaks if you're not careful. If you go the custom browser way (which is what I do most of the time) another couple of good extensions are Request Policy and Self-Destructing Cookies.
Having said that, hiding from web-tracking is a lot harder and requires one to use a vanilla Tor Browser Bundle because using any other browser will make one easily fingerprintable, even after deleting all cookies and coming from a Tor exit node.
Against NSA and the like: if you're targeted, you're screwed; if you're not (and you probably aren't), you can make their job harder.
posted by Bangaioh at 4:10 AM on January 20, 2014
nostrada has it right regarding VPNs: they're essentially a single point of failure corporation, meaning you have to trust them not to do all the tracking themselves. No such problem with Tor.
The main disavantadges of the Tor network are the speed (works perfectly for normal browsing but not so hot for downloading large files - and don't even think about torrenting because it just won't work, period) and the fact that some stupid sites block access through it forcing one to use a non-anonymous browser to access them (or a VPN I suppose, though I don't use one). However, when it comes to anonymity it can't be beaten from what I understand.
Regarding some of your requirements: for 1 and 2 using the Tor Browser Bundle or better yet, running the Tails live distro, should be good enough; 4 is a terrible idea since Flash and other plugins will try their best to ignore your proxy settings so if you must both use Flash and maintain anonymity, the only option is Tails or a similar distro that doesn't allow any outbound traffic to bypass the Tor network. I can't help with streaming nor wifi since I don't use any of those.
About private browsing mode, it may not do what you expect it to do based on its name: it will erase all browsing history, cookies, etc on your PC (ie, give you local privacy by preventing someone with access to your computer to know what sites you've been reading), it will NOT give you any privacy regarding your ISP / web-tracking, which will still know who you are and what you're reading unless you use Tor or some other method.
Hiding your browsing from your ISP is probably the easier part, just using Tor with any browser should be enough in most cases but there is the possibility of DNS and other leaks if you're not careful. If you go the custom browser way (which is what I do most of the time) another couple of good extensions are Request Policy and Self-Destructing Cookies.
Having said that, hiding from web-tracking is a lot harder and requires one to use a vanilla Tor Browser Bundle because using any other browser will make one easily fingerprintable, even after deleting all cookies and coming from a Tor exit node.
Against NSA and the like: if you're targeted, you're screwed; if you're not (and you probably aren't), you can make their job harder.
posted by Bangaioh at 4:10 AM on January 20, 2014
Here's a somewhat similar AskMe you may wish to keep an eye on.
posted by Bangaioh at 4:25 AM on January 20, 2014
posted by Bangaioh at 4:25 AM on January 20, 2014
@Bangaioh: Excellent points! I am not going to go against the NSA or similar LEA - their technical capabilities are unbeatable, at least for ordinary mortals like me.
IP address masking is probably the biggest issue, since that can be used to tie in all browsing, from a corporate perspective. As you mentioned, it is also the most difficult to achieve.
Anonymity can be difficult to achieve, but I never thought achieving a modicum of privacy would be so difficult!
posted by theobserver at 7:28 AM on January 20, 2014
IP address masking is probably the biggest issue, since that can be used to tie in all browsing, from a corporate perspective. As you mentioned, it is also the most difficult to achieve.
Anonymity can be difficult to achieve, but I never thought achieving a modicum of privacy would be so difficult!
posted by theobserver at 7:28 AM on January 20, 2014
« Older Where can I find this brand of buckwheat tea? | How to locate someone who is in jail in Toronto? Newer »
This thread is closed to new comments.
Your call on things like how much Mozilla and Google should know about you, but MeMail if you want more hints on it. (I haven't full thought through an exhaustive list.)
transparency: I work with user collected data from Firefox, at Mozilla
posted by gregglind at 7:05 PM on January 19, 2014