Even using ' User Accounts ' created an issue with using passwords. Screen froze up and wasn't able to enter password. Not sure what the cause. Able to create passwords for any user accounts, but typing in password for LUA when logging on was not working. Admin account does work with password logon, but only if I don't create password for the LUA. Alternative is to change the way users log on or off by unchecking the Welcome screen box. When logging on or off in user account(s) you enter your user name and password. This worked for LUA and admin account. Start > Run > Type: control userpasswords2 Advanced tab and under Secure logon it reads: For added security, you can require users to press Ctrl+Alt+Delete before logging on. This guarantees that the authentic Windows logon prompt appears, protecting the system from programs that mimic a logon to retrieve password information. NOTE: Noticed when opening ' User Accounts ' it adds a bunch of files to Local Settings\Temporary Internet Files. Testing done with IE HTML Rendering Engine installed. When removing Windows Script Host component. Causes a popup message in ' User Accounts ' when clicking on 'change the way users log on and off ' or Learn About. Message reads "Automation server can't create object". Was able to select logon and logoff options, but was not able to change settings back in User Accounts. If you want to password protect your logon user account(s) then open Windows registry and navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Key name: LogonType Type: REG_DWORD Value data: 0 (classic mode where you enter your user name and password) Other option would be: Value data: 1 (Welcome screen - auto logon) NOTE: User Account popup message will still remain unless you re-install Windows Script Host. Testing done with IE HTML Rendering Engine component installed. Didn't test all options available in User Accounts. Conclusion: Your still able to use ' User Accounts ' to set passwords and choose the logon type option you prefer even if Windows Script Host component is removed.
I've now set up SeaMonkey, with RP, Prefbar, BetterPrivacy, Flashblock and Proxomitron. Right now I'm ready to carry on with Proxomitron, and I'd really find it handy if could get some tips on using the proxblox component, including how it interacts with the rest of Proxomitron. I'm wondering what exactly the options in "advanced" are and what they affect plus tips on when best to allow something at Host, subd, path. I'd be keen to only allow to the level of what was needed and to do it on a temporary basis if that is possible. Not all sites I go to are dealt with in the same way and I may elect to allow something I normally wouldn't in order to view the content. Also, some of the filters need a bit more of an explanation, especially if they are interdependent on others. It would be handy to know what settings are best/dependent for a given situation, for example video. ATM I'm basically ABing between said SM setup and FF/Noscript/RP. I'm not able to achieve the same results I get with noscript, which I'm keen to discard as soon as I get this working where I'm fully confident with it. In noscript it would show you individual things you could allow/temporarily allow. I've always used the temporary allow option, basically in part as a precautionary measure. I'm dealing with a particular news website I often go to, which has started to lock me out because they've "updated" their site and my browser is now considered "outdated". Hmmm a quick change of the UA allowed me to view pages it wouldn't let me before, so I DONT BUY for a moment what they're saying. Anyway, as an example, this same website (which is typical of news type sites) is full of potential pitfalls like ads, the usual "like" buttons, google spyware, (analytics tags etc etc), which Ive been able to stop with noscript and RP. One thing I can't do so far is play videos on that site even though I've allowed everything in proxblox.
The problem with SeaMonkey as I see it is it doesn't have a regular update cycle like the regular FireFox does. I just unistalled SeaMonkey because it lags behind. I know people are looking for less bloat but are there any other reasons you want to use a outdated version of SeaMonkey?
Outdated by design is just one. The latest is not necessarily the greatest. This whole thread describes more reasons which make more sense than whats currently on offer. Briefly, though, FF has become a nightmare to keep up with as can be seen in the FF lockdown thread. I wouldn't trust IE at all. If you have a complete package which you feel is airtight then that's what this thread is for. Feel free to contribute.
But that's the beauty of SeaMonkey - no silly frequent updating. I'm usually on their latest release, love its stability and practically no surprises which force you to continuously adjust everything. Just my opinion.
OK I will try Home computer OS: Qubes 3.0 RC1 with Whoinx workstation & Gateway in seperate Qubes VM's with added Macchanger , 3 X Pfsense Qubes VM's connected to nested chain of VPN's (Thanks mirimir for the guide), VPN's which I'll detail later, Thunderbird with TorBirdy & Enigmail, FireFox 39.00 with NoScript 2.6.9.30 with all aditional restrictions checked and whitelisted sites removed, Adblock Plus 2.6.9.1 with all malware & country filters enabled, Tinfoil 0.7.1 set to full tinfoil mode, HTTPS EVERYWHERE 5.0.5, CanvasBlocker 0.1.6, Disable Plugin & Mimetype enumeration 1.1.5.1, Ghostery 5.4.5.1, Then I add to the mix OpenVpn 2.3.7-I602, then I add my personal VPN's starting with Perfect-Privacy.com VPN service 4 hops, Prq.se VPN service 1 hop, ZorroVPN.com service 4 hops, Tigervpn.com VPN service 1 hop, IVPN.net VPN service 2 hops, & multi-vpn.biz VPN service 3 hops. I like my VPN's if you couldn't tell. It's nice to have options Personal Mail Server OS: Debian 8.10 Jessie, Fail2ban with country bans on .RU, .RO, .FR, .SK, .IN, & all of Afrika & all of Asia & all of South America & lock out SSH wrong password after 1 wrong password for 48 hours, SSH port changed to different port, Grsecurity patches for the Kernal, SElinux patches for the system, IPtables rules set to strict guidlines blocking any traffic except port 443 & port 9050 & SSH port, Chkrootkit, Snort with updates ruleset, OpenVAS to check the server, I disable root logins i find this helps securing the server, Only allow login by public key NO login by password, TripWire is another tool I use to secure the server. Server location: China - about as bulletproof as you can get these days. I only use it for a personal email server so bandwith isn't an issue. China has crap bandwith if you didn't know. Server is registered to a .CN citizen so no ties to my personal life. It was a strugle getting them to load Debian 8.10 but I can speak decent Mandarin since I lived in Bejing for 3 years, so after a few emails they relented and loaded 8.10 on my box for 100 yuan fee. What do people think? Am I paranoid enough? Good? Bad? Room for improvement?
Regarding how Firefox words things in 'about:config', try: http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries It looks to be fairly complete listing, though your post is from Sept. 2014, so maybe I'm way too late. I have been reading this thread from the beginning with great interest. My gratitude to Reality for starting it, and to all who have contributed. As one who is sticking with XP Pro, I can attest to the great benefit of this endeavor.
@ComputerSaysNo The tools you have chosen are not the same as the direction I'm going in, but then this thread is not just about what I'm doing. Hopefully others will comment on your setup. With the main focus on privacy/ anonymity/security it's open to what people have to offer, and preferably as airtight as possible. No reason is too small to want protect your privacy. It's more beneficial, thus appreciated if people can also offer practical guides, and tips in their setups. A package is only is good as it's weakest link and so effectively chaining things together is obviously going to be important. Your setup is obviously more "niche", nonetheless thanks for your input. I don't see terms such as "paranoia" and "tin foil hats" as particularly relevant. AFAIC it's about ascertaining the facts and deciding to act on those. The fact is we have real adversaries and the most dangerous are those in officialdom. They are busy snooping on what they have no business to snoop on. Neither do I like their "grab it all" approach, so I'll spend my time thumbing my nose at them whether I'm a person of interest or not.
I'd never trade eye candy for privacy, but I was pleasantly surprised at SeaMonkeys (2.26.1) other Theme (modern) they offered. I prefer it to FF. One thing I found with starting SM, Kerio showed some calling out to Google when I thought I had those bases covered. I'm also aware it's under the Mozilla umbrella plus has default search set to the Google. What I love about SM is it's seems to be so fast.
Welcome to the thread Uitlander. Glad to see another person sticking with XP Pro. I hope you continue to find this thread beneficial. On post 1 there are links set up for various topics discussed. You might find that handy if you're following one particular subject or looking for something in particular. Which reminds me...LowWaterMark has kindly allowed me some more room to finish those links. To conserve space I won't be doing those still in black as they are just follow on posts anyway. I don't have a lot of room left for too many more additions so I'm going to have to be careful.
It's their safebrowsing feature. Outpost FW(on Win7) reports this sort of http activity for every site I visit: I'm on SeaMonkey 2.33.1 and you can see it in the http entry at the end. Outpost's firewall packet log reports google address on my ISP's server (Verizon), 633 bytes sent and 2372 received. These numbers don't change. And that's the spying part I suppose. I don't know if we changed search engine, safebrowsing would stop. Reality, try it since you don't want anything to do with google. Yes, SeaMonkey is fast and their IMAP mail is neat and clean looking, good display, just like in Outlook. Edit: Safebrowsing explained: https://en.wikipedia.org/wiki/Google_Safe_Browsing and more detail here: https://developers.google.com/safe-browsing/
My one exception to Google is I do watch some youtube and that's it. The day Google forces me to join to watch YT is the day I say bye bye YT. That said, I use StartPage as my search engine. I won't touch Google search. I've been tweaking around with SM and I can't remember if I saw that Google entry in Kerio before I disabled safebrowsing. I'm on FF right now, and when I'm done here I'll go enable safebrowsing again in SM and see what Kerio puts up.
I looked at their site a little while ago, but just haven't used them. I think search engines are extremely important as they have immense ability to profile you in ways that not even those closest to us can. Just another gross erosion of privacy. What did you think of DDG as far as privacy goes?
Has anybody noticed that the TOR browser now defaults to Disconnect search? Dissconect is the browser privacy app. Now they have their own search enginge. Anyone had experience with Dissconnect search engine?
I use: https://search.disconnect.me/ and love it. Gives me the exact same results as google only I don't have to go through / use google. DDG, start page etc. are ok however google seems to provide better searches (at least for me). The disconnect search engine doesn't even store a cookie on my machine (unless I set it to use something other than google) and even then it pops up a warning about setting a cookie. The fact that Tor now uses it actually puts my mind at a little more ease as I know they are very privacy conscious and would not use them without thorough research.
Security and privacy preferences in about:config Shows a list of Firefox preferences and a description of what they do. Compare and change the settings of your choice in the browsers about:config. (e.g. SeaMonkey, Pale Moon etc.) http://www.ghacks.net/overview-firefox-aboutconfig-security-privacy-preferences/ Also looking at another search engine. Says it's open source, no logs, no ads and no tracking. When doing a search it apparently lists which search engine was used in the results. https://www.privatesearch.io/
Awesome thread... a subject near & dear to my heart. Surprised I haven't seen it til now but then again I was away for awhile. Or maybe I did contribute but forgot. Don't feel like combing through all 31 pages right now. Most people have given up on privacy but I still try to cling to what semblance of it I can. It starts for me with the right OS(s). To me that's XP Pro. And stripping down/limiting the attack surface as much as I can, leaving only what I must have for essential functionality. Hardening and limiting my own privileges with what's built into the OS. You can make XP almost inpenetrable with no 3'rd party software at all, or even a router and/or firewall. A good router is a must for me though. I like my machines to be hard wired into them if possible when at home. Configure them very tightly. A strong 32 digit password. An IP range only as large as the number of machines I have connected to the internet at that given time. Manual configuration. The right DNS servers, preferably your VPN's in the router. It's nice to have a router firmware with OpenVPN in it that you can put your config files in there instead of on your box. I don't use the mac add. of that device. I have a list of mac ID's from modems/routers/adapters I've had over the years and randomly switch them periodically. I usually only use wireless when I'm out, not from my own router/home. Always disable UPnP, RIP and other things in routers. And WPS... disabling the router pin will do this if there's no place that specifies disabling WPS. Make your SSID long too, and end it with "_nomap" (without the quotes). This stops Google from adding you to their maps/street view. Or at least... is legally supposed to. And of course use WPA2 with a 63 digit ASCII key. Channel 11. I see you use Firefox 28 (OP). Good call, but I'd go even 1 version earlier, to 27.0.1 which is what I use. Although Australis began with v29 there were changes in 28 and it's the first version made since a former NSA code breaker joined the Mozilla team, which IMO is what changed the "direction" of the company. I tweaked the crap out of my about:config and suggest you do the same. There's plenty of input in here on that. I went through every single one, one by one. My addons are: Adblock Edge 2.1.3, Calomel SSL Validation 0.70, CS Lite Mod 1.4.9, HTTPS-Everywhere 3.5.3, NoScript 2.6.8.16, Private Tab 0.1.7.5, RequestPolicy 0.5.28, Youtube ALL HTML5 2.1.3, Element Hiding Helper for Adblock Plus 1.3.2 ... I have reasons for not updating past the versions I have. Either because of privacy eroding features or because it's just compatibility with Australis, or both. All plugins are removed and plugin-container disabled. In options Auto detect proxy settings. All auto updating disabled as well as safebrowsing. OCSP disabled (but not the stapling in about:config). FIPS enabled, along with a (strong) master password. Ixquick Custom Search as my search engine. You can get this by after adding Ixquick you go into the settings and tweak them the way you want. Then at the bottom it gives you the option of creating a URL to set as your home page instead of saving the settings using cookies. Click on that link to create the URL and another one appears for the Custom Search. I do both, use that URL as my homepage and use that search engine. Another thing I never hear people mention and never got around to myself... In Tools > Page Info. > Permissions tab. Just look at some of that stuff once... "Access your location"?... like, seriously?! I would want that? I disable all that stuff when I get to a site, with the exception of Load Images sometimes. And under the "Media" tab it lists the individual images and 3'rd party sources so you can be selective. But then in my about:config I have "permissions.default.image" set to 3, which blocks 3'rd party images already. 2 blocks all images FYI. This can give you a nice privacy boost. Others have explained the importance/methodology of writing tight, granular firewall rules already. I'm anal about that. Always write block rules underneath the allow rules. I do it with all rules, not just to prevent DNS leaks for VPN's. All of my rules are custom I don't just allow all outbound or something like that... too much rope for it to hang me with. And my sandboxes are well restricted too, allowing only that program internet and start/run access. With Firefox I won't even allow it access to bookmarks, or safebrowsing (it's disabled anyway). I also run Comodo's Defense+ in Paranoid Mode, which is basically default deny policy for every action that ever happens on your computer. It takes awhile to get everything how you want it, but it's well worth it. In the end I have a setup that allows only what is absolutely necessary/beneficial, and blocks all else. I do it with Software Restriction Policy as well. Isolation is a huge part of my plan too. Most of my programs have their own partitions, other than games and tools like CCleaner. But anything realtime, like FW, or internet facing like a browser. A partition I move all my temp folders to. One for downloads, which is sandboxed. VM. SBIE, TrueCrypt. It's a sound strategy. And always use Windows Explorer, not just My Computer, and sandbox it (Windows Explorer). Also sandbox optical/removable drives, USB ports, etc... This way if something malicious is on any media introduced to your box it's sandboxed, whether through that Realtime sandbox or the W.E. one. Always scan it of course. If it's dirty you just close W.E. and it's like it never happened. This isn't really privacy related though. And on XP you have the luxury of not having to have .NET Framework on your box. It's buggy, bloated, unsecure and apps that run on it tend to be the same, probably because of it. You can't build a good house on a bad foundation. Avoid it when doing your updates. If something you use relies on it I suggest finding an alternative for it. This is why I love Malwarebytes Anti Exploit. I wanted EMET but refused to put .NET FW on my box. I held out hope for an open source version of it but it doesn't look like it's coming to fruition, sadly. Dont use the cloud... for anything. If you're going to chain VPN's I recommend Mullvad for the 2'nd hop because you can pay for it with cash money and give away no personally identifiable info. Download the config file from somewhere other than your own house. It doesn't matter how you pay for the VPN you connect to initially because they can see your ISP, and vice versa anyway. And if I'm not doing anything that requires filling in forms I use Ixquick's proxy too. Again I do the "Page Info" thing to even block the stuff for ixquick-proxy. In NoScript options under Advanced > HTTPS I choose "When using a proxy (Recommended with TOR)" and list the url's for all HTTPS sites I frequent, and also check the box to encrypt the cookies in the other tab and list the sites as well. Sometimes you'll have to remove a site, or uncheck that box temporarily to sign into some sites, like webmail or to check out at Amazon. I could go on and on but I've said plenty here already I think.
The only reason I chose v29 FF over v28 was because I couldn't shut up the update requests. Even if auto-update was unticked, it would still download and when I restarted browser, I would have the latest version of FF...
@luciddream it was either in here somewhere or on another thread it was you who was telling me about FF 27v28. It was because of what you said that I did in fact go back to 27. I'm using Sea Monkey and FF at present. Thankyou for your post. There's a lot in there to consider. We've been talking in this thread about areas still needing to be covered. One of those is services. I see you've started a thread on that. In case you hadn't seen it, my old XP Pro computer spat the dummy. PSU blown. I miss it, but I'm on a second computer same vintage more or less same specs but XP home. Thankfully my XP Pro HDD survived the fireworks and it's sitting slaved right now in current computer. I have Authentic XP Pro disk but it's OEM. I don't use the cloud and never have. Ive set up an index with subjects discussed and links to relevant posts in post#1. It may be helpful if you want to find something specific.
Have you considered shopping for a used gas-powered home generator, and a cheap UPS that could power 4 devices for 10 minutes (or however long it would take you to get the generator running). This setup looks to cost about half as much as the fancy UPS models.
A couple of days ago I installed the RAM from my other computer with the bricked PSU. Fully unexpected, but amazingly it's been working just fine and I now have 1Gig on my XP box. I thought I'd like to try a RAM drive and I'm looking for a free utility. Any recommendations welcome.
If you want a Firefox browser that behaves itself, & fairly easy to customize, you will likely have to rollback to version 3.5, strip out the Java, Flash, etc., and run it in Sandboxie or Virtualbox. As for 'phoning home' have you seen this: https://support.mozilla.org/en-US/k...stop-firefox-automatically-making-connections
Like luciddream, I haven't been around as much as I used to be, but I've watched this fascinating thread. I thought I would weigh in with my simplicity. 1. Instant Restore (Deep Freeze, SD) 2. A perfectly clean, slimmed down, cut-to-size "perfect image." 3. Minimal "cloud" for serious use...I use a cloud storage service, but only after strong encryption client side - on my computer. 4. VPN 5. Physical security 6. FDE 7. Minimal software - period. I've gone back to pen and notebooks for a lot of things. Some of it ends up scanned - but mostly not. For anybody who wants to just watch the traffic from connected devices, and which software is constantly "calling home" just download a very simple no-install wonder from NirSoft - SmartSniff. Let it begin recording traffic, kick-back and be amazed as you watch it all in real time. It will make you want to burn your computer. Great posts in this thread. Have enjoyed seeing the range of views and practices.
