50
submitted 1 year ago by Kidplayer_666@lemm.ee to c/privacy@lemmy.ml

Hello there! Im looking for increased privacy when it comes to my network connections. So far I know of TOR as an almost absolute bastion of security, but how do I ensure the remaining network traffic is encrypted and private? I know of signal for communication, and I’m aware of VPN’s. However I’m not sure whether to trust most providers regarding government interference as their software often isn’t open source. Is there a federated VPN of sorts, similar to how lemmy and other fediverse apps work?

all 21 comments
sorted by: hot top controversial new old
[-] jet@hackertalks.com 34 points 1 year ago

https://www.privacyguides.org/en/

You should start reading this website. It's going to answer a lot of questions.

Tor is not the absolute bastion of security! It is a tool with trade-offs both good and bad. It is not a panacea

Check the privacy guide to VPNs. They'll give you the trade-offs

[-] FarLine99@lemm.ee 8 points 1 year ago

PrivacyGuides is VERY valuable and respected resource. OP, trust comment above 😃

[-] NightAuthor@beehaw.org 5 points 1 year ago* (last edited 1 year ago)

I like privacy guides, OP you can trust Farline99

[-] Qvest@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

I'll just throw another tool to the mix: https://prism-break.org/en/

[-] Syrup@lemmy.world 10 points 1 year ago

It's important to distinguish privacy, anonimity and security.

[-] Banana_man@reddthat.com 7 points 1 year ago

I'm pretty much also a beginner when it comes to privacy so I'd be gladly corrected, but if you read the Tor manual you'll see it works best on its own. VPNs offer very limited protection and if you're looking to reinforce Tor, you might want to look into Tails instead, since Tor is meant to work on its own.

A good first point to make is your operating system. Ditching proprietary software is a must there as well since they have back doors from which they can steal most of your data anyway. Use a Linux distro, preferably not Ubuntu based, however it might be a little harder to use and the difference is not that big afaik. Ubuntu hasn't given us reason to worry other than that it's developed by a for profit company, in addition to some additions that were not considered ideal by the open source Linux users. I am typing from memory of some videos I watched though, so if you're looking for a distro you best do your own research.

One additional necessity is encryption. Use it everywhere you can. Proton mail and other such providers encrypt your emails and allow only the recipient to read them. You can also encrypt your hard drives to protect the information inside them. De-google your devices and use as much open source software as you can. Newpipe or YouTube revanced should be installed instead of the official yt app, Lemmy(as you know lol) instead of reddit, Instagram or any other social media, however this can be hard to execute so what you might want to do instead is delete the apps from your phone and log in to your accounts from a browser that isn't Tor, since logging in with Tor defeats it's purpose completely. Alternatively you can use clients for some like frost for Facebook and, as previously mentioned, newpipe or yt revanced.

Finally, you might want to set up a Tor network server in your residence, as it helps hide your own traffic among the others using it. Additionally, the more wide the Tor network is, the more efficient blending in the crowd becomes. In fact, this is tor's biggest strength. Using any extensions and add-ons to the browser can help make you stand out from the other users and allow others to track you.

Sorry for the long response not necessarily explaining what you were originally asking for, network privacy. But if you are to make your online computing private you must shield yourself from all directions and not leave back doors open at all. It's not all or nothing but it certainly isn't a one click wonder either.

TL DR: Leave Tor as is with the strongest default privacy and security settings, replace closed source apps with open source ones(like clients) and get a privacy respecting OS for both phone and PC.

[-] merde@sh.itjust.works 5 points 1 year ago

tor has it's place. you can't use tor as your only browser (unless your life depends on your anonymity). There's mull (hardened firefox) for daily needs or mullvad browser on desktop.

what os are you on?

if you're on android: I no longer use it, but blokada is simple enough to start with and learn about dns, ip &c. I thought trackerControl too was instructive but you won't stop there either.

if you're on a desktop, try piHole instead.

on Mac i've found Vallum to be the most efficient. With piHole it becomes redundant.

on windows the best solution was to install linux instead 😅

don't use your ISPs DNS server, neither google.

read other threads on this community, then follow the links to read from sources instead.

good luck

[-] Radiant_sir_radiant@beehaw.org 4 points 1 year ago

It depends on what you want to achieve.

Encryption (if done right) will protect you against people eavesdropping on your connection, but not against tracking by cookies, device fingerprinting or similar technologies. I.e Google, Facebook etc. will still be able to track your every move. A web browser with good ad/tracking blocking will go a long way here, but if technically feasible you'll also probably want something like Pi-Hole to complement your browser's ad blocker and also catch network traffic from other apps.

For better recommendations you'll probably need to tell us about what exactly it is that you want to protect yourself against.

[-] Banana_man@reddthat.com 1 points 1 year ago

Isn't a secure operating system essential anyway though? Like, can any decent privacy level be achieved on a windows computer?

[-] NightAuthor@beehaw.org 4 points 1 year ago

The first question is always: what’s the threat model?

[-] Banana_man@reddthat.com 1 points 1 year ago

Maybe but at the end, user data is bought and sold by corporations, so if you avoid a few collecting them that doesn't mean you'll be private.

[-] Radiant_sir_radiant@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

I agree in principle - on Windows it's a bit of a cat-and-mouse thing between people building tools to disable Windows telemetry and Microsoft building 'better' telemetry. And don't get me started on Edge. It really is time for the courts to force Microsoft to allow consumer choice once more.

Having said that, it does depend on what your objective (resp. threat model) is whether or not you consider Windows telemetry a problem. Microsoft will know that you've used this web browser for that much time, but not what websites you've visited (unless it's Edge of course). It's up to you whether that bothers you.

[-] Banana_man@reddthat.com 1 points 1 year ago

I never bothered checking edge's TOS and data collection since I never considered using it in the first place so idk how bad it is :p.

But also can't the person you're hiding from also buy your data from Microsoft anyway? I mean, they collect them to sell, not only store. Your metadata are the ones they go after first right? Easy to store and analyze, usually betray behavior patterns etc.

Having said that, I do get your point and maybe it does depend on who you want to protect yourself against. But I'm just asking to verify my own knowledge.

[-] gutter564@feddit.uk 4 points 1 year ago

If you want a VPN I would recommended Mullvad and pay with with Crypto

[-] thecam@lemmy.world 3 points 1 year ago

TOR is the closest thing you will see to a "federated VPN". You should always trust your VPN more than your ISP. There are open source VPNs like IVPN and Mullvad.

[-] ______@lemm.ee 2 points 1 year ago

I know you guys are technical and smart. Can you explain to me how secure https is in terms of privacy. I heard that isps can track which domain you're hitting but not the exact endpoint, is this true ? Where can I read more about this sort of thing?

[-] randombullet@feddit.de 1 points 1 year ago

No all of your packets will have a destination IP address. Meta data isn't encrypted for an HTTPS.

[-] gutter564@feddit.uk 1 points 1 year ago

Some more info and helpful blogs from mullvad https://mullvad.net/en/help/all-about-dns-servers-and-privacy/

You can use quad9 or mullvad DNS resolvers for free to prevent DNS leaks

[-] jet@hackertalks.com 1 points 1 year ago

Https is based on the web of trust. You're trusting each of the central certificate authorities not to issue a certificate incorrectly.

So if you're doing something sensitive enough that somebody might compromise their certificate authority for then HTTPS is not the be all end all.

There was a fun program that the Great firewall of China was running, they would look at where you were sending traffic, and then do a man in the middle attack giving you a different certificate so that they can see what you were actually saying unencrypted.

[-] VolunTerry@monero.town 2 points 1 year ago

Lots of good responses in here already. Any VPN that is reliant on the use of others resources, federated or not, will require some level of trust.

You can "roll your own" and spin up a personal VPN that you host yourself that may remove some of the trust concerns, but if you aren't building it from scratch or don't audit any source code you use from others, whether foss or not, you are right back to the issue of trust.

Everything has a tradeoff, just like people have pointed out about Tor in this thread.

My advice is to try to balance your needs and concerns by doing research and ask around until you can narrow things down to specific products or services and then dig in anf ask pointed questions about them until you reach a level of comfort and trust that satisfies you.

this post was submitted on 19 Aug 2023
50 points (94.6% liked)

Privacy

32120 readers
513 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS