-
8 votes
-
Let's build a Chrome extension that steals everything
10 votes -
Upgraded to Windows 10, what do I need to do to optimize?
I finally got around to upgrading my mom’s computer (an Asus laptop from 2015) from Windows 8.1 to Windows 10. I’ve already deleted a few apps she won’t use (e.g., Xbox) and disabled/stopped some...
I finally got around to upgrading my mom’s computer (an Asus laptop from 2015) from Windows 8.1 to Windows 10. I’ve already deleted a few apps she won’t use (e.g., Xbox) and disabled/stopped some unneeded services. What else can I do to keep her computer fast? Particularly interesting in more services I can disable and the best browser/ad blocker combo. Thanks y’all!
10 votes -
Two types of privacy
6 votes -
TOR Workshop - Sysadmin 101 for new relay operators - tonight, June 4th 2022 @ 19 UTC
3 votes -
Linux (In)security
10 votes -
Oildrop - A self-auditable userscript manager
13 votes -
Why does a completely local, self-contained html file need to access gstatic.com?
So, I'm a privacy advocate (or paranoiac, depending on your perspective). I run both uMatrix and NoScript plug-ins (among others) in my Firefox browser, so I can see when and where websites send...
So, I'm a privacy advocate (or paranoiac, depending on your perspective). I run both uMatrix and NoScript plug-ins (among others) in my Firefox browser, so I can see when and where websites send calls out to other locations, and block the ones I want ... google analytics, google fonts, google-apis, google tag manager, and gstatic are all ubiquitous out there, probably 99% of websites use at least one of them (PS: Tildes is in the 1%; yeay, Deimos).
And note ... there may well be nothing at all wrong with any of those sites/services ... but Google has a global all-encompassing Terms and Conditions policy that says, you use anything of Theirs, and They are allowed to harvest your personal data and make money off of it.
And I do not accept those terms.
Okay, that's the prologue. The deal is, I have a small piece of documentation, just basic "how to use this" info, for a WordPress plug-in. It is in .html format, with bundled bootstrap and jquery and a few other assets.
Nothing, anywhere in the entire folder, references gstatic. And yet when I open this local, on-my-computer-only html file ... my browser tells me that it is trying to connect to gstatic.com.
Anyone happen to know why/how that is happening?
4 votes -
Disclosure of a vulnerability in AI Dungeon that enabled accessing all users' private adventures, scenarios, and posts via its GraphQL API
16 votes -
Misinformation about Permissions Policy and FLoC
8 votes -
Automatic redaction of user data from logs and crash reports in CockroachDB
5 votes -
Is Firefox still a good (enough) browser for privacy?
Someone posted this on the privacy subreddit. I also ended up finding this and this after doing a bit of searching. As someone who isn’t in the CS/IT spheres (chemical engineering is my...
Someone posted this on the privacy subreddit. I also ended up finding this and this after doing a bit of searching. As someone who isn’t in the CS/IT spheres (chemical engineering is my background), Firefox has been my go-to browser for awhile, although I’m being made aware of the flaws of Firefox (most of which go over my head) and behavior of Mozilla. What can be done to fix this, especially considering that Firefox is the only FOSS browser with a significant user base?
22 votes -
Google should rotate their email DKIM keys periodically and publish past secret keys, in order to remove the unintended capability for authenticating years-old emails
16 votes -
EU Draft Council Declaration Against Encryption [pdf]
10 votes -
US Government Continues Encryption War
7 votes -
Replacing YouTube & Invidious
14 votes -
On not caring about your privacy
7 votes -
Create No-JavaScript friendly sites
22 votes -
Code is Speech?
10 votes -
Keybase, Zoom and Messaging
11 votes -
Why I Decided to Run a Tor Relay
9 votes -
Building a secure DNS infrastructure like SecureDNS.eu
5 votes -
Stripe is silently recording your movements on its customers' websites
14 votes -
MNT Reform open source, modular laptop crowdfunding campaign launches in February
9 votes -
Multiple Fortinet products communicate with FortiGuard services while only "encrypting" sensitive user data using XOR with a hardcoded key
9 votes -
How Facebook tracks you on Android
8 votes -
The PGP Problem
12 votes -
Notes on privacy and data collection of Matrix.org
12 votes -
An interesting study into how ads are fingerprinting your devices
16 votes -
How does Apple (privately) find your offline devices?
13 votes -
Tech veganism
19 votes -
Metadata Investigation: Inside Hacking Team
4 votes -
Tor Browser for Android 8.5 offers mobile users privacy boost
3 votes -
Apple arms web browser privacy torpedo, points it directly at Google's advertising model
4 votes -
Tracking cursor movement in browsers without JavaScript enabled
@davywtf: Here's a PoC that confirms my hunch. *Neither* of these windows use JavaScript but the position of the cursor in the left window is sent to the right window. This works on Tor Browser with JS disabled. https://t.co/cnfOy5OkUj
11 votes -
Timeliner: A personal data aggregation & personal data backup utility for Facebook, Google, Twitter, etc…
9 votes -
Intelligent Tracking Protection 2.1 in WebKit
4 votes -
OnionShare 2 released
7 votes -
Inrupt releases React SDK for Solid
6 votes -
Defcon 21 - Stalking a City for Fun and Frivolity [45:19]
7 votes -
4 critical tips for creating and implementing a privacy plan
5 votes -
Comparison between several messenger systems
9 votes -
GnuPG can now be used to perform notarial acts in the state of Washington
15 votes -
Reverse-engineering "Adware Doctor", the #4 app in the Mac App Store that's been surreptitiously stealing users' browser history
17 votes -
DNS Privacy
11 votes -
How I recorded user behaviour on my competitor’s websites
32 votes -
Docker for Mac and Windows requires Docker Store login
24 votes -
How many of you host your own email server? Do you recommend hosting one?
I was thinking of setting up my own email server, just for learning and privacy stuff. Which VPS provider would you recommend? What are the major challenges one might face while hosting own email?
24 votes -
Why the "I have nothing to hide." argument is flawed.
24 votes -
Best for Privacy: Local Recursive DNS vs Cloudflare's DNS over HTTPS
I'm trying to decide what option I prefer here in terms of privacy. I'm curious of other's opinions on the issue, and if anyone has a better solution to offer more privacy. Option 1: Hosting a...
I'm trying to decide what option I prefer here in terms of privacy. I'm curious of other's opinions on the issue, and if anyone has a better solution to offer more privacy.
Option 1: Hosting a local recursive DNS
I currently have a device running Pi-hole on my local network. I recently set it up as a recursive DNS server using unbound. This allows me to no longer rely on a public DNS such as GoogleDNS, OpenDNS, Cloudflare, etc. for my queries, and just point straight to the root servers.
Pro: I removed a "pair of eyes" (Public DNS) out of the equation
Con: All my queries are not encrypted so my ISP (and potentially others) can still see my DNS queries
Option 2: Using DNS over HTTPS (DoH) using Cloudflare's client
With this option I would use Cloudflare's cloudflared daemon they provide on their website. This would allow all my queries to be encrypted when sending them to Cloudflare.
Pro: Encrypted DNS queries from my local network -> Cloudflare's servers. My ISP can no longer see my DNS queries
Security Pro: Helps prevent MitM attacks
Con: I now have a Public DNS back in the equation, which I have to put some trust into. Also, my queries are most likely only encrypted from my local network -> Cloudflare's network. When Cloudflare has to do the recursion, those queries may be not encrypted (my assumption is they will most likely be not encrypted)
Possible Con: Does Server Name Indication (SNI) "leaking" apply to DNS queries at all? If so, then my query is revealed anyways right?
As a note, I am nowhere near an expert on the specifics of DNS, so some of my assumptions on how things work may be super wrong!
6 votes