Heyha !

This is probably going to be long take and it’s late here in europe… So for those who bare with me and are ready to read through my broken English, thank you.

I’m personally concerned about how my data and my identity is used against my will while surfing the web or using/hosting services. Self-hoster and networking enthousiast, I have some entry/medium security infrastructure.

Ranging from self-hosted adblocker, dns, router, vlans, containers, server, firewall, wireguard, VPN… you name it ! I was pretty happy to see all my traffic being encrypted through wireshark and having what I consider a solid homelab.

Also having most undesired dns/ads blocked with adguard in firefox with custom configuration, blocking everything, and changing some about:config options:

  • privacy.resistFingerprinting
  • privacy.trackingprotection.fingerprinting.enabled

I though I had some pretty harden security and safe browsing experience, but oh my I was wrong…

From pixel tracking, to WebRTC leaking your real ip, fonts fingreprinting, canvas fingreprinting, audio fingerprinting, android default keyboard sending samples, ssl certificate with known vulnerabilities…

And most of them are not even some new tracking tech… I mean even firefox 54 was aware of most of these way of fingerprinting the user, and it makes me feel firefox is just another hidden evil-corp hiding with a fancy privacy facade ! Uhhg…

And even if you somehow randomize those fingerprint, user-agent and block most of those things, this makes you stand out of the mass and makes you even easier to track or fingerprint. Yeah something I read recently and it actually make sense… the best way to be somehow invisible is actually to blend into the mass… If you stand out, you are pretty sure to be notices and identified (if that makes sense :/)

This really makes me depressed right now… It feels like a losing battle where my energy is just being wasted to try to have some privacy and anonimity on the web… While fighting against the new laws ringing on our doors and big tech company always having two steps ahead…

I’m really asking myself if it really matters and if it actually make sense to use harden technology or browsers like arkenfox or the tor browser whose end node are mostly intercepted by private institutions and governemental institutions…

I’m probably overthinking and falling into a deep hole… But the more i dig into security and privacy, the more I get the feeling that this is an already lost battle against big tech…

Some recent source:

https://avoidthehack.com/firefox-privacy-config

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    11 months ago
    1. Use DoT
    2. Use Librewolf
    3. TOR has been compromised, use it sparingly.

    Understand the fight. We have three major pipelines for leakage of inferences/data on the internet:

    1. IP
    2. Metadata
    3. Content we produce
    • finestnothing@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      11 months ago

      How has tor been compromised? I know windows defender was throwing a false-positive for a trojan after an update back in September but that’s all I’ve heard

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        The NSA has always had multiple 0-days for TOR, but that’s beside the point. The current rumour is that the NSA controls more than half of the traffic on the TOR network, courtesy of them owning a massive number of high-performance nodes.

        I’m going to read more on how i2p works, but if I see more NSA involvement I’m bucking out of that too

      • Bronco1676
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        DNS over TLS

        The more widespread variant is DoH which is DNS over HTTPS. e.g. the Android “Private DNS” feature is DoH or firefox has this also bultin as a feature.

        But currently both are relatively useless, as there is no encrypted client hello in TLS. https://blog.cloudflare.com/announcing-encrypted-client-hello

        The only benefit of using DoH/DoT is, it’s more unlikely that the Network Operator will serve you different DNS records.

    • driveway@lemmy.zip
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Meh, IP is overrated. You have to pay extra to get a static IP. Just reset your router frequently, automate it if possible and you’re set. Doesn’t do anything about the ISP, of course.