I finally got around to upgrading my mom’s computer (an Asus laptop from 2015) from Windows 8.1 to Windows 10. I’ve already deleted a few apps she won’t use (e.g., Xbox) and disabled/stopped some unneeded services. What else can I do to keep her computer fast? Particularly interesting in more services I can disable and the best browser/ad blocker combo. Thanks y’all!

So, I'm a privacy advocate (or paranoiac, depending on your perspective). I run both uMatrix and NoScript plug-ins (among others) in my Firefox browser, so I can see when and where websites send calls out to other locations, and block the ones I want ... google analytics, google fonts, google-apis, google tag manager, and gstatic are all ubiquitous out there, probably 99% of websites use at least one of them (PS: Tildes is in the 1%; yeay, Deimos).

And note ... there may well be nothing at all wrong with any of those sites/services ... but Google has a global all-encompassing Terms and Conditions policy that says, you use anything of Theirs, and They are allowed to harvest your personal data and make money off of it.

And I do not accept those terms.

Okay, that's the prologue. The deal is, I have a small piece of documentation, just basic "how to use this" info, for a WordPress plug-in. It is in .html format, with bundled bootstrap and jquery and a few other assets.

Nothing, anywhere in the entire folder, references gstatic. And yet when I open this local, on-my-computer-only html file ... my browser tells me that it is trying to connect to gstatic.com.

Anyone happen to know why/how that is happening?

Someone posted this on the privacy subreddit. I also ended up finding this and this after doing a bit of searching. As someone who isn’t in the CS/IT spheres (chemical engineering is my background), Firefox has been my go-to browser for awhile, although I’m being made aware of the flaws of Firefox (most of which go over my head) and behavior of Mozilla. What can be done to fix this, especially considering that Firefox is the only FOSS browser with a significant user base?

I'm trying to decide what option I prefer here in terms of privacy. I'm curious of other's opinions on the issue, and if anyone has a better solution to offer more privacy.

Option 1: Hosting a local recursive DNS

I currently have a device running Pi-hole on my local network. I recently set it up as a recursive DNS server using unbound. This allows me to no longer rely on a public DNS such as GoogleDNS, OpenDNS, Cloudflare, etc. for my queries, and just point straight to the root servers.

Pro: I removed a "pair of eyes" (Public DNS) out of the equation

Con: All my queries are not encrypted so my ISP (and potentially others) can still see my DNS queries

Option 2: Using DNS over HTTPS (DoH) using Cloudflare's client

With this option I would use Cloudflare's cloudflared daemon they provide on their website. This would allow all my queries to be encrypted when sending them to Cloudflare.

Pro: Encrypted DNS queries from my local network -> Cloudflare's servers. My ISP can no longer see my DNS queries

Security Pro: Helps prevent MitM attacks

Con: I now have a Public DNS back in the equation, which I have to put some trust into. Also, my queries are most likely only encrypted from my local network -> Cloudflare's network. When Cloudflare has to do the recursion, those queries may be not encrypted (my assumption is they will most likely be not encrypted)

Possible Con: Does Server Name Indication (SNI) "leaking" apply to DNS queries at all? If so, then my query is revealed anyways right?

As a note, I am nowhere near an expert on the specifics of DNS, so some of my assumptions on how things work may be super wrong!