How Google is tracking you, and how to avoid it

Thanks guys.

 

If you took the 9 IP ranges listed under Google then I come up with blocking 212,992 IP's in PeerBlock.

 

I haven't used PeerBlock. Does it accept IP ranges or single IPs only?

 

It can do both. Thers is a starting IP & Ending IP. If for example you wanted to block a single Google IP then input
same IP in Starting IP & Ending IP. If you want to do a Google IP range input the range IP in Starting IP & Ending IP.

NOTE: You can create your own lists as well and name them.

 

For me PeerBlock and hosts file entries aren't an option. By adding them to Kerio's custom address group, I can block them for my browsers while still allowing them for the Tor exit. Anyone who monitors my traffic will see lots of connections to Google and Facebook, but none of it is mine.

 

OK Im entering those ranges in Kerio 2.1.5. Ive just started with the 1st one. Noone is there anything Im doing wrong here?

In the filter rule screen Ive filled in these fields as:
- Description - (name)
- Protocol - Any
- Direction - Both
- Address type - Network/range
- First Address - 64.18.0.0
- Last Address - 64.18.15.255
- Rule Valid - Always
- Action - Deny
- Log when this rule matrches - checked

 

Set the protocol to TCP/UDP. Outbound is all that's necessary. I'd also disable the logging feature or you'll have entries for most every site that you visit. A log like that can get huge.

Making separate rules for every IP range that you want to block can make a ruleset quite large. If you're not using it for something else, I'd suggest adding the IPs to the custom address group and making one rule to block all of the IPs it contains. Kerio reads the ruleset from the top downwards, so put global blocking rules at the top of the ruleset.

 

Thanks for your help. Ive altered what youve said, but I cant see how or where to do a custom Address Group.

I forgot to mention above Port type Ive put "any" is that correct?

Edit: OK just doing what we all should do...look at the help menu. Its under the Miscellaneous tab. I'll see how I go now.

 

Any port is fine for both local and remote.

 

Ive entered those 9 ranges applied it all OK'd everything as well. BTW I can still get youtube.

Certainly Tracebook can be included as well.

 

Thanks. I see DNS entry has gone to the top and my entry is 2nd.

 

The rules are quite easy to rearrange with the arrow buttons on the right side. When adding rules, the "insert" options puts the new rule below the one that's highlighted. "Add" puts the rule at the bottom of the ruleset. The status screen can supply the IPs and/or resolved names of connections as they're made.

 

Yes, I used add instead of insert, and my rule did go to the bottom so I used the arrows to put it up the top like you said, then I noticed there was one above it. GOing from memory (Ive had Kerio for YEARS) there were supposed to be about 5 things up the top that took priority over everything else. Other than that, I was never sure how to decide what priority something had above something else.

DO you always have your status window open for monitoring or just occasionally, or do you use other tools? I suppose it is something I should utilize.

 

I use the status screen occasionally, more for checking Tor traffic than anything else. I also use it to get IPs of specific connections. For obtaining IP ranges, I use Sam Spade 1.14. It's one of the best internet utilities for Windows I've ever seen.

Regarding rule order, there's several ways to approach that and several variables. I put items that require unrestricted internet access first. These include the Tor exit and a few utilities. After these I have the junk blocking rule (Google, Facebook, etc). For DNS rules, this depends on whether you use the DNS service or have individual apps perform their own DNS. It also depends on whether you want all apps to have access to DNS or if you want it restricted.

 

In case you haven't seen it, a good thread regarding configuring Kerio 2.1.5.
https://www.wilderssecurity.com/thre...rity-in-kerio-2-1-5-learning-thread-3.182158/

 

Brilliant thanks Noone. A while ago I rummaged through the firewall forums and saw posts on Kerio. Not sure if I saw this one though...9 pages is going to take some time to work through.

 

We should move this to a separate thread. Getting off topic.

 

Your right. I thought the same myself.

 

Google Disconnect

 

Searchonymous?

(Also discussed here)

 

it's just not as good as Google.
for example, if I want to see videos on a particular topic I can filter by length of the video, the age of the video, the source, etc

no one but Google Search does that as completely which is why I use it.

 

I've been using DuckDuckGo a lot more since its recent addition of new features like image search and calculator, which replace the Google equivalents nicely for my usage case. I still use Startpage as default, but if DDG keeps improving I might switch over to that.

 

Do Google servers see unique identifiers of your equipment when you use the internet with desktop or laptop computers?
Can Google see your computer serial number, or a router unique identifier, for example, or is this just problem for devices like smartphones and tablets?

I ask because Google privacy policy mention unique device identifiers:

(Sorry to repost from other thread. Maybe nobody see the other thread?)

 

Not for desktops.

Google wants to reinvent the browser cookie – should you be thrilled or terrified?

 

Generally speaking, I think that would be context dependent. What software does the user have on their desktop or notebook? What if anything communicates with Google servers? What exactly is phoned home to Google or collected by a Google partner of some sort?

Obviously, Google software would be in a position to phone home unique hardware or other system identifiers. Even hashes of such identifiers would be of concern and require assessment if/when they are sent off device. I haven't tried to research such details, but I noticed that the Chrome Privacy Notice touches upon unique identifiers, such as those applicable to DRM scenarios, which would seem to apply to some destop/notebook scenarios. It also mentions usage statistics reporting, and crash reporting. Which we would assume have the potential to phone home such identifiers. If the notebook, or desktop, has a WiFi interface and WiFi based location services are active, information about your AP/router may be phoned home. IIRC, that used to include and may still include SSID + MAC Address + signal strength. Hardware identifiers within IPv6 public IP Addresses would be of concern, but I'm not sure how likely that is to happen in a notebook/desktop situation. Even if it doesn't, any at least somewhat sticky public IP Address (or other identifier, account login, what have you) will create the potential for correlating information.

Furthermore, non-Google applications, websites, apps, extensions, merchants, and/or services have the potential to feed information to Google. Via direct contact with Google (non-google software tied to Google service(s) for some reason), indirect contact with Google (an email client embedding local network IP Addresses and/or machine names within headers that make their way to Gmail), and/or through back channels not observable by users (business partners sharing information about consumers).

I think, to play it safe, one would want to review what they are using and how it is configured... actually monitor their devices/network for communications with Google servers and try to determine what is/isn't getting phoned home... and investigate to whatever extent possible any business relationships between Google and other companies they do business with.

Heh, just saw the "Google can now follow you from the computer to the store (article)" thread.