/All/
|
index
catalog
recent
update
post
|
/math/
/tech/
/anime/
/misc/
/free/
/meta/
|
Guide
dark
mod
Log
Thread 56333
in
/opsec/
P: 88,
last 1 month ago
The Lesser Evil III: Reasonably Anonymous General Browsing on Today's Internet
A frequent topic of discussion in communities concerned with technology and, in fact, an increasingly frequent topic of discussion in general is how the modern Internet, with it's ever-increasing scope and hold over people's lives, is evil. More specifically, people talk about how it serves as a sort of permanent record of everything you've ever said, done, or seen. For the vast majority of Internet users, this is true. If you use the Internet like a "normal" "person," your activity is not only logged in perpetuity, but that activity is also linked to you. This is true even if you use a VPN, browse in Chrome's incognito mode, and sign out of your Google account. While your activity will always be logged, there are ways you can have a
[bold:
reasonable
]
assurance that your activity isn't linked to your identity. Before we can find out a valid way to do so, however, we need to create a proper threat model. What information are we trying to protect? What are the threats (adversaries) you're trying to protect our information from? What vulnerabilities exist that could be used to reveal our information? What risks are posed by each of these vulnerabilities, and which threats can exploit them? Only then can we answer with what should be done to counter the threats, vulnerabilities, and risks to us. This thread covers a setup that we can use to counter a wide variety of these things at once while doing general browsing on the Internet, and the websites that are least hostile toward users of such a setup.
Feel free to skip to the part where I list all of the sections of this post if you already understand the threat model that a noJS Tor setup is meant to address, don't care for reading huge walls of text in one sitting, and just want to learn about some noJS Tor-friendly websites.
[bold:
00. THREAT MODEL
]
[bold:
What information are we trying to protect?
]
~ At the highest priority, we're trying to make it so our general browsing activity can't be linked to our real, legal identities.
~ At high priority, we're trying to make it so we can't be uniquely fingerprinted across the websites we visit. This is important to not make it easy to link
[bold:
all
]
of our traffic to our real identities if we ever slip up and reveal our real identities on one website.
~ At medium priority, we're trying to make it so visits on different sessions to the same website can't be linked together unless we want them to be.
~ At the lowest low priority, we're trying to make it so our traffic, while remaining anonymous, doesn't fall into more hands than it needs to. Specifically, we're trying to avoid central points that exist across many websites that can read our decrypted (but not deanonymized) traffic.
[bold:
What are the threats we're trying to protect our information from?
]
~ This depends on the reader. However, below lies a list of threats that might be relevant to Nanosphere users:
~
[bold:
The advertising industry and data brokers
]
: This threat is interested in all data of all people, as the more they have, the more money they can make. They're constantly innovating in the methods that they use to create ad profiles of everyone, and they have a presence across most of the modern web. In some countries (including the United States), they can even buy the data on the websites you visit (including the times you visit them and how much data you send/receive!) from your Internet Service Provider. Since this guide is intended toward making
[bold:
general browsing
]
as anonymous as possible, mitigating vulnerabilities we have that this threat can exploit will be the first priority.
~
[bold:
Law enforcement agencies (LEAs)
]
: This threat is interested in putting certain kinds of people away
[spoiler:
to secure more funding by improving their public image in the eyes of retards
]
to protect our *****ren/society/Israel. In the U.K., for example, possession of lolicon/shotacon is a criminal offense. If you're a resident of that country, visiting a website clearly related to it over the clearnet would result in a...less than ideal situation. While a dedicated setup (separate from the setup you use for your general browsing) meant to be used exclusively for when evading this threat is the primary goal would be ideal, this guide can hinder a good portion of the threat's capabilities as well. For the purpose of this thread, LEAs that would arrest you simply for using Tor alone are considered outside of the threat model.
~
[bold:
Angry stalkers
]
: This threat has varying reasons for what they do, but is more likely to be relevant to those with taboo interests. They have varying capabilities, but they're almost never capable of what LEAs are capable of.
[bold:
What vulnerabilities exist that could be used to reveal our information? What risks are posed by each of these vulnerabilities, from which threats using them?
]
~
[bold:
Browser fingerprinting
]
: This vulnerability is primarily exploited by the advertising industry. The vast majority of browser setups are uniquely identifiable to a user or small group of users, because the vast majority of browser setups reveal a combination of information that gives them each unique fingerprints. The browser itself, the version of the browser, the operating system it's being used on, language, canvas fingerprinting, fonts that are installed, time zone, performance, resolution, and add-ons being used only scratch the surface of the list of variables that help make this a very powerful method of tracking users across websites. If you do something that reveals your real identity on the same uniquely identifiable browser setup that you browse on, your browsing and your real identity can be linked by adversaries with this capability.
~
[bold:
Tracking cookies
]
: While they are increasingly becoming an antiquated tracking method in the 2020s, tracking cookies are and have been used by the advertising industry to track users across websites.
~
[bold:
IP addresses
]
: While not nearly as big of a vulnerability as some VPN companies make them out to be, revealing your IP address
[bold:
does
]
(more often than not) provide whoever you reveal it to with your approximate location. While there are exceptions, the fact is that you run a significant chance of reducing your anonymity set if your IP address is disclosed. One company that sells IP geolocation services (
https://www.abstractapi.com/guides/how-accurate-is-ip-geolocation
) has claimed that your IP address can be expected to reveal your country 95-99% of the time, your state 55-80% of the time, and your city (or equivalent) 50-75% of the time. The advertising industry can use that information to send you targeted ads specific to your location. Angry stalkers can use that to become one step closer to doxxing you (or they can be s***** and DDoS your router with the botnet they bought with their mother's credit card). But the adversaries that can get the most out of having your IP address by far are the LEAs – they can contact your ISP and compel them to reveal which customers were using what IP address at what time.
[bold:
Even if you switch your IP address (like with a VPN service), if you use the same IP address to access different websites during the same browsing session, those activities can still be linked together.
]
~
[bold:
Behavioral tracking
]
: Rather than fingerprint your device or the software on it, this tracking method fingerprints how you interact with your device. The two main ways this is done are keystroke fingerprinting and mouse fingerprinting (It's known that the latter can be done with just CSS, but in a considerably less precise way). An explanation of what about your keystrokes and your mouse movements can be fingerprinted can be found on the Whonix Wiki:
https://www.whonix.org/wiki/Surfing_Posting_Blogging#Keystroke_Fingerprinting
– needless to say, if both of these are used, your anonymity set will be (at the very least) reduced. This is probably most likely to be used by the advertising industry, followed by LEAs, followed by abusive stalkers, and most likely to link visits on different sessions to the same website or track across websites. If you don't mitigate this or don't change the way you interact with your mouse and keyboard when browsing under your real identity, your activities could be (to some extent) linked with your real identity.
~
[bold:
Browser exploits
]
: On most setups, this is the most damaging of the vulnerabilities on this list, but one of the least widespread (but still more than widespread enough to be worth mentioning). If an adversary can exploit a security vulnerability that takes over your browser, they most likely (assuming you're using a traditional desktop operating system that you're not actively modifying to prevent this) now have access to all of the files, settings, information, and everything else the user account you're browsing from has access to. There are many vectors that can be used to exploit a security vulnerability in a browser, but a very large portion (by no means all) of these vulnerabilities depend on JavaScript being enabled (CSS, SVG images, and WebP images in the browser, to name a few, are other potential attack vectors). Generally speaking, your typical angry stalker won't be able to do this. However, if you're doing something that LEAs don't like, this is arguably the most common way (short of piecing together information that you've shared that doxxes yourself) that LEAs de-anonymize Tor users.
~
[bold:
Other software exploits
]
: Obviously, browsers aren't the only applications that are vulnerable. PDF readers, Office documents/spreadsheets/presentations (no, using LibreOffice doesn't change this), video players, email clients, IM clients, and more are all capable of being exploited. There's even a market for selling 0-day vulnerabilities for a wide variety of applications to governments:
https://zerodium.com/program.html
~
[bold:
Cloudflare
]
: Some speculate that Cloudflare, being a DDoS mitigation service in a position to MitM the encryption on websites with HTTPS, is a front for the U.S. National Security Agency to see the decrypted traffic of the websites that use it. While this theory (with the evidence that is available at the moment) is unproven, how widespread they are across the modern web gives them a position to read
[bold:
a lot
]
of decrypted traffic if they wanted to. This is understandably unsettling to some. While this post is focused on achieving anonymity first, with data privacy for anonymous activity/psuedonymous identities being largely outside of the scope of the threat model, it could be argued that whether a website is behind Cloudflare is worth paying at least a little bit of attention to.
[spoiler:
It may also be useful to mark websites behind Cloudflare because some people here (in spite of my arguments) might disagree with my take that the Tor Browser is currently the best option for browser anonymity – Cloudflare is (as I've heard and know from experience) much more hostile to Tor users when said Tor users aren't using the official Tor Browser, so what works on what's assumed to be a noJS Tor setup under this guide might not work for them if they use a noJS Tor setup that doesn't involve the Tor Browser.
]
~
[bold:
Money trails
]
: If you're like any person who purchases shit online, it is almost certain that the money trail you leave to the website you order from de-anonymizes you (or will de-anonymize you someday), from the perspective of both the owners of the website you ordered from and the people who work for whatever companies (e.g. (((banks))), online payments processors like (((PayPal))), custodial wallet scammers) facilitated the transaction. Obviously, LEAs can have as much access to your purchase history as they want when you use methods of this nature. There's a chance (depends on the laws of your country) that the advertising industry/data brokers can have access to your purchase history as well. However, even payment methods though to be "anonymous" by some come with severe limitations. The most obvious example is Bitcoin and other cryptocurrencies with public blockchains. At least by default, the transaction history of
[bold:
all
]
wallets using cryptocurrencies like these are public and can be traced (making the list of potential adversaries/threats
[bold:
literally everyone
]
) – if you ever do something that can be linked with your real identity on the same wallet (like the overwhelming majority of ways to cash out, with fewer anonymous options left as time goes on), you're de-anonymized. Monero is an exception, but even it may have vulnerabilities that allow different transactions to be linked that we don't know about yet. Due to the inherently permanent nature of blockchain-based cryptocurrencies, such a vulnerability would likely be retroactively applicable. It's unreasonable to think that any software project is perfect. Therefore, it's unreasonable to rely entirely on Monero to protect transaction privacy in the long-term. Gift cards log which store they were bought in (most likely narrowing your anonymity set down to your general location), and cash can be impractical to send anonymous all of the time, especially in larger amounts. Safe and sorry to say, this vulnerability will take more than a "use this tool" solution to meaningfully close.
~
[bold:
Ourselves
]
: For some of us, possibly the greatest vulnerability that allows us to be de-anonymized, whether that's linking different browsing sessions on the same site to one psuedonym, linking our activities across different websites, or even linking our activities online to our real identities, is the self. If we talk about things that angry stalkers, LEAs, or the advertising industry could know or find out about our real identities, our activities online can be linked to our real identities. More subtlely, unique phrases that only we use, our unique set of interests, our unique life circumstances, and more can be cross-referenced to dox us.
[bold:
What countermeasures can we apply to secure ourselves with all of this in mind?
]
~
[bold:
Use Tor
]
: The best known (public) way to mask your IP address while accessing the public Internet.
~
[bold:
Tor mitigates de-anonymization/anonymity set reduction via IP addresses
]
: This hides where you're going from your Internet Service Provider, and therefore any data brokers that buy from your ISP. When using the clearnet over Tor, your traffic is first routed through a guard node, which knows who you are (your IP address), but not where you're browsing. Then, it's routed through a middle node, which doesn't know who you are or the sites you're visiting (it only knows the guard node you're coming from and the exit node it's sending your (encrypted to them) traffic to). Then, your traffic is sent to the exit node, which knows the sites you're visiting (as well as all of your traffic if you're using a non-onionsite plain HTTP website, but this is rare and only getting rarer), but not who you are, or even the guard node you're using. You're given a
[bold:
huge
]
anonymity set when using this set of IP addresses (which for visiting clearnet websites includes over 2,000 exit nodes:
https://metrics.torproject.org/relayflags.html
), as the Tor network has (at the time of writing)
[bold:
over 4 million daily users
]
:
https://metrics.torproject.org/userstats-relay-country.html
~
[bold:
Tor mitigates even malicious Tor nodes themselves trying to de-anonymize you
]
: As mentioned above, no adversary with access to logs for just one node can know both who you are and where you're browsing. But even for adversaries with control over multiple nodes, or even dozens of high-bandwidth nodes, there are numerous ways that Tor minimizes the extent to which an adversary can get "the whole package," so to speak. First, there's a high expense involved in running enough nodes to de-anonymize a significant number of people, as there are thousands of nodes to compete with (
https://metrics.torproject.org/relayflags.html
). Second, even if there's an adversary with enough nodes to de-anonymize a significant number of people, they'll most likely have to wait before that number of people includes you, as guard nodes (necessary to either control or watch over to do a correlation attack) are only changed every 2-3 months. Finally, even if they control/watch over a large number of nodes including your guard nodes, your set of Tor circuits (including the middle nodes and exit nodes that are part of them) is normally changed
[bold:
every 10 minutes
]
(Exceptions: circuits for large downloads that take longer than 10 minutes, connections to IRC servers and other services that require a constant connection). This means that unless they literally control an outright vast majority of the Tor exit nodes, there will always be some traffic of yours that they miss. This is only by default; the protections offered can be even further enhanced by editing your torrc file and using IsolateDestAddr (to use different Tor circuits for each destination address) and/or IsolateDestPort (to use different Tor circuits for each destination port), or you can:
~
[bold:
Use the Tor Browser
]
: The browser made by the Tor Project to ensure the smoothest and (arguably) most anonymous way to browse with Tor. A lot of thought has gone into it:
https://2019.www.torproject.org/projects/torbrowser/design/
~
[bold:
Tor Browser mitigates linking activities across different websites/different browsing sessions on the same website together via IP addresses
]
: In addition to the protections that just using Tor with any browser offers, the Tor Browser intelligently isolates Tor circuits across first-party domains, with all of the third-party requests originating from those first-party domains using the same circuit. This is in some ways even better than using IsolateDestAddr, as it ensures that even if there are third-party domains that are requested from across multiple websites that you use, those third-party domains couldn't tell by the IP address you're using that you're the same person using those different websites. And, to make it so activities on the same website on different browsing sessions can't be linked by IP address, a "New Identity" button is provided that closes the browser and then opens it again with new circuits for you to use. Closing and re-opening the browser has the same effect.
~
[bold:
Tor Browser mitigates linking activities across different websites/different browsing sessions on the same website together via tracking cookies
]
: First-party isolation is done for cookies, cache, and more in the Tor Browser. Furthermore, third-party cookies are disabled altogether. Even if/when there's something the Tor Project has overlooked/hasn't considered yet and you're still worried about different activities on the same browsing session being linked, you can always compartmentalize across different browsing sessions and nuke everything by pressing the New Identity button.
~
[bold:
Tor Browser mitigates de-anonymization, anonymity set reduction, linking activities across different websites/different browsing sessions on the same website together via browser fingerprinting in a way that any one other browser can't
]
: The Tor Browser is designed in a way that makes different users of it look as identical as its developers can make them look. The version of the browser that most people (of the same language) use is kept to the latest version by auto-updating the browser. The user agent of every copy of the browser (on the same version) is the same, regardless of the actual operating system being used (Note: There are still ways to tell the actual operating system you're using it on, especially when you have JavaScript enabled. The Tor Project prefers to fix things that let this happen in batches at a time). HTML5 canvases aren't rendered without permission. All copies of the Tor Browser (at least on the same operating system) come with support for the same set of fonts that websites are limited to using. All copies of the Tor Browser (across all operating systems and languages) use the same time zone (UTC). The resolution of the browser window is 1000x1000 by default, going down by 100 pixels in either width or height depending on how small the window needs to be for your screen to support it (For example, a 1600x900 screen will most likely give you a 1000x800 window by default). Letterboxing is used to keep the browser window to a limited set of resolutions even if the window is resized. The same set of add-ons is always used, and users are strongly discouraged from adding any other add-ons. It does all of this and more as described in its design document (linked above). There's a good reason why no one other browser can give you the same protection against browser fingerprinting:
[bold:
No other browser that's used by millions of people does all of this by default.
]
Anonymity that doesn't have company is little anonymity at all. The only comparable solution would be using an entirely different browser setup for every new activity.
~
[bold:
Safest mode+
]
: While using the Tor Browser does a lot in ways of protecting you from adversaries that use browser fingerprinting, IP addresses, tracking cookies, and the like to attempt to de-anonymize/profile you, history has shown that it's quite vulnerable when threats like LEAs target it with exploits, especially when you use it in it's default standard security level. Fear not – some simple modifications (most of which are provided just by clicking on a little shield the Tor Project put on their browser's toolbar) can help mitigate this, too.
~
[bold:
Safer mode somewhat mitigates de-anonymization via browser exploits
]
: This mode reduces the attack surface of the browser by (among other things) disabling the JIT compiler and using NoScript to require you to click on audio and videos before they can play in the browser. JavaScript is also disabled on plain HTTP clearnet websites.
~
[bold:
Safest mode mitigates de-anonymization via browser exploits further
]
: Safest mode really is the safest mode (among the pre-set security levels, anyway) to use the Tor Browser in. By default, it uses NoScript to disable JavaScript on
[bold:
all
]
websites, not just websites without encryption. Additionally, it reduces the browser's attack surface even further by disabling remote fonts and SVG images.
~
[bold:
Safest mode mitigates de-anonymization/anonymity set reduction via behavioral tracking
]
: Because JavaScript is disabled at this security level, adversaries can't use keystroke fingerprinting, and they can only use mouse fingerprinting in a limited capacity.
~
[bold:
(OPTIONAL) Some about:config changes can mitigate de-anonymization via browser exploits even further
]
: Every few years, the rare exploit is discovered that allows NoScript to be bypassed and JavaScript to be run. There's also the possibility that exploits that don't require JavaScript could be used on Tor users. Therefore, I suggest at the least to go into about:config (type it in Tor Browser's URL bar) and change the setting "javascript.enabled" to "false". Every known vulnerability in NoScript so far (alone) wouldn't have been able to re-enable JavaScript for users who changed this setting in about:config. It also runs very little risk of making your browser more fingerprintable, as presumably the only way this could be discovered is if NoScript were bypassed and an adversary still couldn't run JavaScript in your browser. Even if there were some other way, this advice is common enough in Tor communities that you'd still have a decent anonymity set. Other about:config changes can also be made to reduce your attack surface even further (e.g disabling opening PDF files in the browser by setting "pdfjs.enabled" to "false," disabling WebP images by setting "image.webp.enabled" to "true"), but they might run the risk of making you more fingerprintable. I'd recommend only making those changes in specific high-risk environments (to create a separate profile from that of your general browsing), or better still, giving yourself an extra layer of security by using Whonix to make browser exploits less meaningful instead.
~
[bold:
Keep your shit up-to-date
]
: It's a really water-is-wet thing, but there's a surprising number of compulsive contrarians
[spoiler:
(nearly all of them being /g/tards)
]
who think updating their software will introduce supposed "government backdoors" that they have no evidence for the existence of. Meanwhile, using 10-year-old obscure software will presumably keep them safe. Here in reality, though:
~
[bold:
Keeping software up-to-date mitigates de-anonymization via software exploits (browser or otherwise)
]
: Having to find a new vulnerability is harder than exploiting a vulnerability that is already known. Oftentimes, when a piece of soyftware has a vulnerability that's known for long enough, there are even public tools available to exploit said vulnerability that even script kiddies can use. Even if you greatly reduce the attack surface of your browser by disabling JavaScript, for example, there's been a recent reminder that you're still vulnerable if you don't keep your shit up-to-date:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
~
[bold:
Keeping software up-to-date mitigates anonymity set reduction via browser fingerprinting
]
: Intuitively, unless there's a huge portion of a browser's userbase that stays out-of-date and on a specific out-of-date version, the best browser version to be on to mitigate browser fingerprinting is the latest version of that browser.
~
[bold:
Pay attention to the files you download
]
: This is to mitigate non-browser software exploits. The more complex the file type, the more likely it is that the file you downloaded is malicious and shouldn't be opened (at least without employing additional countermeasures).
~
[bold:
Don't use paywalled websites and don't purchase shit online
]
: This categorically eliminates all threats to anonymity that require there to be a money trail to de-anonymize users. While there are ways (under some threat models) that you can pre-plan purchases that make it all-but-impossible to trace a transaction back to you, they're for another thread (for now).
~
[bold:
Minimize oversharing
]
: This prevents you from doxxing yourself. If you hunger for a crumb of human contact, instead of sharing information in a public forum about stuff in your grass-touching (or otherwise not anonymous) life that can easily be cross-referenced, share information with your fellow autismos privately that they (if they were an adversary) couldn't easily cross-reference (at the very least, they alone couldn't easily cross-reference).
[bold:
For simplicity's sake, people who employ the countermeasures described above will henceforth be described as noJS Tor users, and the setup itself will be described as a noJS Tor setup.
]
Thread 73171
in
/opsec/
P: 3,
last 9 months ago
lesser evil v privacy
~
https://4get.ca/instances
~ use
https://ping.pe
(cloudflared) or similar to find hosting provider info (remember use 4get.ca instead of
https://4get.ca/
)
~ once desirable target is found add search engine. in firefox right click on domain very last option on pop-up menu 'Add "4get.ca"'
~ install libredirect (fork of privacy redirect) from
https://addons.mozilla.org
~ go into extension settings to find frontend name
~ look up list of instances for frontend
~ add instance to 'Add your favorite instances' section in libredirect
~ done
Thread 61971
in
/opsec/
P: 18,
last 10 months ago
The Lesser Evil IV: How to ***** a ***** in today's world
[bold:
00. First Disable Javascript
]
This is a crucial first step before getting your feet wet or your dick wet to be more specific.
Take note that if the ***** is not a boy and is a girl you can most likely get by on safer security slider level on the Tor browser.
Since this is all a preference (boy or girl) you can tweak and change your browser preferences to your liking in the about:config.
[bold:
01. Wear Protection
]
You want to make sure you are wearing protection via a condom but not just a condom.
Make sure you are wearing latex gloves or any gloves (think of white mickey mouse gloves).
You do not want to leave any dna traces on the ***** via semen or fingerprints.
Not doing so will increase more of a chance getting browser fingerprinted.
[bold:
02. Enjoy The Beauty Of The *****
]
Safely enjoy putting your cock deep in the boys anus or girls cunny.
Thread 57291
in
/opsec/
P: 23,
last 1 year ago
Intel ME, Non-free boot firmware
How dangerous are the Intel ME and non-free boot firmware really. Generally speaking I am rather too cautious than the opposite, but my current computer, a laptop with libre bootfirmware and an Intel Core 2 Duo, just sucks for everything - I can barely run multiple programs at once and even if I run one program like icecat or tor-browser, it is almost overheating. I do not care as much about the boot firmware stuff, as I think it's more of a purity spiraling thing than a privacy thing, but I am very concerned about Intel ME/ARM Trustzone/AMD PSP and I kinda feel like all my security measures I take are absolutely useless if there is still a potential backdoor at such a low level.
What is your solution to this problem?
Mod Controls:
x
Reason: