What is your privacy setup like?

I thought it would be interesting to see the different setups to see how everyone here fights ads and trackers.

My setup right now:

Firefox 12, I currently have these privacy addons installed:
Adblock plus w/ Easylist+EasyPrivacy & Fanboy's Annoyance list
Noscript
Refcontrol
RequestPolicy (i keep installing and removing it. I've tried it countless times and give up with it but I think plan on sticking with it because it is a very powerful extension. I can't wait until the new version comes out of alpha.)
HTTPS Everywhere

Do you guys think my setup is overkill / overlapping?

 

I think HTTPS Everywhere is a nice idea but why should I read the news via HTTPS? Most of the time it makes no sense ...

ABP is the most important add-on imho and you could keep the rest RequestPolicy is a powerful extension but it's difficult to allow/deny connections, I deinstalled it because I don't really need it

 

Right now, I have it setup where I do have my history stored. I don't think that would be harmful in regards to trackers. I have 3rd party cookies blocked and I allow all first party cookies as session cookies, they get cleared when I close the browser. I was thinking about adding a cookie manager addon, but then that requires another addon to fiddly with. I see you have ghostery, isn't that unnecessary since you have RequestPolicy blocking most of the requests?

I do agree with you, I'm not sure how necessary HTTPS Everywhere really is. I just installed it recently. Most of the important sites such as gmail, twitter, etc have https enabled by default. I guess it doesn't hurt to have it, just in case certain sites that should have it enabled don't.

 

I run multiple Firefox installations all are sandboxed individually and all browsers receive 35 passes from Eraser upon closure:

Tor Browser: (Main browser)
Adblock Plus + Popup + Element Hider
Better Privacy
Cache Status (For clearing the cache between sites/pages)
Cookie Monster
DNS Cache
Flashblock
Ghostery
HTTPS Everywhere + Finder
Link Password (For encrypting bookmarks)
MasterPassword+
NoScript
Redirect Remover
RefControl
RequestPolicy
TorButton
WOT

Firefox Portable.
Limited to grooveshark and youtube IPs all other Internet Access is blocked.
Only Firefox and Plugin container have internet access.
Additional Addons (Plus TorBrowsers)
IPvFox (To find IPs to temporarily whitelist)


Waterfox:
Used for Flash games, java, etc. not available in other browsers.
Additional Addons (Plus TorBrowsers)
IPvFox (To find IPs to temporarily whitelist)

It's a very strict setup.

Firefox settings:
DoNotTrack
Use Custom Settings
(Everything unchecked Cookie Monster manager allows cookies temporarily when necessary)

DuckDuckGo instead of google.

 

35 passes is overkill. A simple single overpass is enough. Too lazy to find the article.

 

35 passes isn't overkill when it takes less time than a tooltip popping up in the tray and disappearing. If its less than a few seconds why not?

 

Ok, lol.

Crazy erasing on new drives worth it?

 

In terms of preventing cookies and ads my firefox simply has:
Adblockplus
NoScript
Request Policy

My firefox also sits inside a type 2 hypervisor (Linux Mint image)

 

Noscript, HTTPS Everywhere... And that's it. I don't bother with drive encryption, Tor, etc., on the basic theory that
1. If you have nothing to hide, you should have nothing to fear.
2. If the former does not hold true, then your country is sufficiently far gone that encryption won't protect you from anything.
3. Using advanced encryption to hide totally mundane stuff is a bad idea. Nobody can tell what's behind the encryption, so they'll naturally assume it's something incriminating.

Edit: Perhaps I'm generalizing a bit much there. Encryption certainly has its uses for civilians; and I see very clearly why they should have legal access to advanced encryption methods. I'm just not sure it's sensible for citizens of democratic countries to use those methods.

 

There are actually a lot of uses for encryption:
When your laptop got stolen/lost
1. Your important documents containing private information will be safe.
2. Your pictures will be protected. (You don't want someone you don't know making fun of your pictures right? )
3. etc. lol

The quote "If you have nothing to hide, you should have nothing to fear." for me is stupid. While I do agree that some uses encryption for illegal purposes, many uses it to protect private data (passwords, important documents, etc). Without encryption, what will you do if your computer suddenly got stolen? (Well I know that not everyone keeps private information in their computers)

Note: I don't do drive encryption, just file and folder encryption .

 

gullible jones youre username seems to reflect your way of thinking xD, joke aside , encryption is the only way to keep youre private data yes that would be YOUR data safe from theft and unauthorized people, dont matter what it is and if its pictures of leaves falling into a toilet , dont matter , YOUR data is nobodys buisness period if you think otherwise then i wish you good luck with that , i just hope youl see the light at the end of the tunnel eventually as we all have once in our lives , not to mention times have simply changed

 

These are the thing's I do to help out my privacy. There are a ton more tweaks I can apply, but after a while thing's start to become too restricting.

Search Engine/Homepage:
I use DuckDuckGo HTTPS search as my default search engine/Homepage.

All Cookies Disabled, Session allowed only when clicked:
Accept cookies from sites, as well as Third Party cookies are disabled. If I need to access a site that requires cookies (Log-ins, etc.), I simply click "Allow for this session only" in the TeaBiscuit extension for Firefox. Works good.

Geolocation disabled:
about:config, geo.enabled value is set to False. This will disable Geolocation services in Firefox.

Referrer disabled:
about:config, network.http.sendSecureXSiteReferrer value is set to False
about:config, network.http.sendRefererHeader value is set to 0
This hides the referrer when visiting other sites, leaves no trace of visited pages if disabled.

Tabs History:
about config, browser.sessionhistory.max_entries value is set to 7.
The lower you set the value, the less history of your tabs there is. I prefer 7, recommended is 2.

User-Agent string:
about:config, Right-click, new, string, Preference name to general.useragent.override, Value is set to Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0. This will change the information about your web browser, basically its tricking sites into thinking you're running in a different browser, numbers, etc. This can be a problem though with addons for Firefox. This value can be changed to anything you want, Chrome String, Opera String, whatever. But, the one I listed is the ideal recommendation.

Local Storage:
about:config, dom.storage.enabled value is set to False
This will disable web storage, less tracks.

Cache E-Tags:
about:config, browser.cache.disk.enable value is set to False
This prevents third party caching.

Link reputation:
WOT: Web Of Trust

Ad-Blocking:
AdBlock Plus with Easylist, EasyPrivacy, Fanboy Ultimate adblock and Malware Domains subscriptions.

Plugin Control:
I use the QuickJava extension for On the fly disabling of Java, Javascript, Flash, Silverlight and Proxy. Settings can be made permanent if needed.

Do not Track:
Do not track is enabled in Firefox

Doing all these tweaks, as well as running these extensions give me a reasonable score at Panopticlick

Here is a Screenshot before adding privacy:


Here is a Screenshot after adding privacy:


Plus, Everytime I open and close Firefox, the number always gets lower and lower at Panopticlick. So in two days or even a week, it will probably be one in 29,000 people.

 

interesting ...any other tweaks worth mentioning ? had most of em except for the about:config tweaks , you forgot about noscript , one of my favorites , fyi i wouldnt use WOT , read the privacy policy = not good

 

Hi Radeon0101:

I can't grasp the uniqueness numbers on Panopticlick and could use a little help. Is there any easy way to explain them? I can't get past the part where 1 in a million is worse than 1 in 29K, but I know there is logic behind it (and that's the part which escapes me).

I believe I understand the entropy/bits of identifying info number - the lower the better.

Thanks

 

You may be giving away less entropy, but you are becoming more unique. If the stats are correct, 1 in a million is better than 1 in 30,000. Extrapolate it:

"You have added so many privacy options and custom code/settings to your browser that we can confidently predict that you are the only one using it. You have 0 bits of entropy"

PD

 

I have been told that the lower the number, the better off you are (More than what I've heard below).

I have also been told that the higher the number, the better off you are.

HaHaHa, So what is it?

 

the higher the number the worst it is.

if you are the only person in 3 billions to have a particular setting they know exactly who you are.

i would not use that to dictate how i go about my privacy though.

most likely, Joe and Jane Average would probably get good scores but they are just data mining cattle!

 

Thanks for the clarification, that makes sense...didn't think of looking at it that way. It *is* a little confusing.

PD

 

I am not basing my whole privacy setup on Panopticlick, just thought it would be interesting to share what results I got.

Thanks for describing on how it works, I appreciate it. It is a little confusing, but it all makes sense now.

 

Thanks guys for explaining it.

So am I correct with the following sample numbers?

--------------------------------

We’ll assume a sample base number of 1,000,000 users.


1 in 1,000,000 = 1 user for every million users has that fingerprint
1 in 100,000 = 10 users for every million users has the same fingerprint
1 in 10,000 = 100 users for every million users has the same fingerprint

-------------------------------

For kicks and giggles I ran Pano under:

Ubuntu 11.10 Virtual machine
Tor w/Noscript, BetterPrivacy

Pano numbers:

Bits of id info: 6.01
One in x browers have this value: 64.64

 

Within our dataset of several million visitors, only one in 736,712 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 19.49 bits of identifying information.


i asume this is good enough ?, but tbh it keeps on going way lower than that atm im at 56,871 browsers ,depends on how many times i reload

 

Indeed. If I allow javascript, this VM is unique in EFF's sample. But that's not a problem for mirimir, because he's the only one who uses this VM, and he never tries to hide who he is

My true identity is entirely "data mining cattle", and always has been.

 

Well, out of many years using WOT (Web Of Trust), I decided to stop using it. Although it has saved my behind on some sites, it isn't as reliable as I had thought. It flags good sites (Now I know why people say to get rid of it).

I have decided to replace it with BitDefender Trafficlight.

I figure the filtering from that and OpenDNS is plenty.

 

Here's my security setup which focuses on anti-forensics.

​

 

Firefox 13
No Script
Adblock Plus with Fanboy easylist
Bitdefender TrafficLight
Web Developer - Referrers disabled
Ghostery
BetterPrivacy set to 1 second delete
CS Lite aka Cookiesafe - All cookies are set to block by default. Registered sites are set to session.

Chrome 19 Only for multitasking.
ScriptNo
Adblock Plus with Fanboy easylist
TrafficLight
Ghostery
non add-ons
All cookies set to disable. Only registered sites are set to accept cookies.
Referrers disabled
Data sent to Google disabled.
BetterPrivacy works with Chrome when Firefox is active.