Best Privacy Brower?

Discussion in 'privacy technology' started by lucygrl, Nov 6, 2013.

Thread Status:
Not open for further replies.
  1. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    yeah that's the conclusion i've reached too.
     
  2. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,902
    totally agree. Nowadays there is no privacy if you go online.
    I suspect that the whole Internet fibers and nodes are all monitored somewhere by big brothers. They are watching us. Nowhere to hide.

     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Conputers A , medium level security. Currently running windows, firefox, ccleaner, https everywhere, no script, better privacy. I plan to change windoes to linux.


    Computer B , this is where I really need the help as this is where we need security. I work in a charity. we are social workers, not computer people. so please excuse my ignorance, but im learning. all i have right now is the tor browser bundle. some people suggested the tails cd, but i was thinking of whonix. any advice would be appreciated.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @spencerp

    I don't understand your aDSL prices. The faster packages are all 29.99 USD per month.

    US broadband prices are obscene, no doubt, especially aDSL. The 1-3 Mbps / 384 Kbps package would be fine, as long as you won't be torrenting.

    If you have an old PC that you're not using, you can easily install pfSense (free) and have a very capable firewall and OpenVPN client. You just hook it up to your aDSL router, with the aDSL router in bridge mode. The pfSense box will need a second network interface card, but you can find them on eBay. Just make sure they're for the expansion bus (PCI or PCIe) that the PC has.

    Start with PrivateInternetAccess as your VPN. It's only 40 USD per year, and it's fast. Once you get that working on your pfSense box, you can install VirtualBox, and play with Whonix and other VMs. Whonix is a pair of Debian 7 VMs. One is a Tor gateway, and the other is a workstation with Tor browser and typical Debian KDE apps.

    There are many things that you could do to be more private, but you don't need to do them all at once :)
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    You could start reading the guides that I've written. They're at https://www.ivpn.net/privacy-guides. Part 1 covers basic background, and part 2 describes a basic setup that might be appropriate for the second computer.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Not really, unless you have these offline: Tor, VPN, NoScript, PGP/GPG, Jitsi/RedPhone, Steganography, Encryption, FakeNameGenerator, etc.

    They're watching your phone calls, snail mail, financial/other institutions, business, and many public (and sometimes private) locations already. The Internet is just a another convenient place for them to connect the activity of most users with their massive database.

    *Somehow I've mistaken offline for no computer usage. Therefore, you would have most of the tools, but still when used your privacy is relatively well protected online. Is it worth the sacrifice when they have other means?
     
    Last edited: Nov 12, 2013
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Indeed, it's MUCH easier to be as anonymous and private as you like online. In meatspace, unless you live somewhere remote, you're constantly observed and tracked. There are camaras everywhere, in stores, on the street, etc. Creating a new identity is very expensive, and very illegal. Getting mail anonymously is very difficult. And so on.

    As J_L notes, there are no meatspace equivalents for VPNs, Tor, GnuPG, etc.
     
  8. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    So is there anyway to get rid of the browser identity/signature?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Not really. And having none would be unusual, anyway ;)

    The Tor Project provides a version of Firefox with security tweaks, and a signature that looks like a typical Windows browser. Unless customised, the signature is the same for every user.

    Having all users look the same is a cool idea, but difficult to implement. The system is designed to have sites look good, and that's hard to reconcile with privacy. There are also tradeoffs between privacy and security. By default, NoScript in Tor browser is installed but set to allow scripts on all sites.

    The reasoning was that, with NoScript blocking by default, users would be forced to customise rules for each site, and would no longer look the same. Since the Freedom Hosting compromise by the FBI using a Javascript exploit, and revolations about NSA's Firefox exploits, it's now recommended to block by default.

    My solution is compartmentalizing activities in multiple VMs. The browser in each VM is more or less as unique as any random user's. But what mirimir does, and what I do in other contexts, aren't associated with each other.
     
  10. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    If i add something like no script to Tor would it create a leak of information?
     
  11. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34
    I don't understand them either.. :(
    http://www.verizon.com/home/highspeedinternet/high-speed-internet-plans/

    Can't even go from current plan at far left side, to 1.1 to 3mbps for like 22.00 from 19.99? And maybe 24.00 for the 3.1mbps to 7mbps.. then a little more for the higher upgrade.. Don't make sense at all. If I have to shell out 29.99 for any of those upgrades, I my as well just get highest and be done with it.

    But problem is, I'm struggling to get job and living with family and the family pays for internet. And even they're struggling and borrowing money after more money to pay bills.. And even they said before repeatedly about just dropping the house phone and internet all together and just stick to using their pre-paid cell phone for calls.

    And I only have 195.00 to my name from a temp job last month.. for week and 2 days "temp work". And only got hired cause the department store was seriously desperate to get help to setup the store before grand opening. And I can't land another job since then. So how am I supposed to pay 29.99 out of my pocket.. or 30.00 some dollars with other local internet providers to get faster speed.. to make up for the loss when using a VPN.. ?

    Then STILL PAY for a premium VPN (9.95 month) along side the internet...
    29.99 x 12 months = 359.99
    9.95 x 12 months = 119.49
    50.00+ for new router that's not verizon one, to brick it with free open source DD WRT firmware, to use most vpn services..

    then however much money to just buy that device you're talking about from ebay.com. we're looking at like 500.00 plus dollars right there alone. and i'm still not keeping any privacy at all. if i skipped upgrading to faster plan, then my 1mbps connection is kicked down below an old school dialup 56K connection.. Creeping and crawling.. and no fun in that at all. :(

    isn't privateinternetaccess a log hog? and hands over things to govt? Lol! pfsense? if it's installed free, how is it i find it on ebay which means spending money for it to connect to router? lol. :p or why need a card at all? Lmao. i installed kungfu firewall or whatever.. and it's free haha. I'm on ubuntu 13.10 and following http://crunchbang.org/forums/viewtopic.php?id=24722 which I'm going down list lol. :)

    see, all this whonix, VM, etc etc.. is even MORE WORK and confusing. most guides online are confusing, the products lack support etc etc. most these people on this forum and other places are experienced people, dont have time to offer assistance for noobs like me.. And i spend all my days researching and learning things, or trying to learn things.. and no time having fun and spending that time enjoying the privacy sigh, just wasting more money yet to boot.

    i installed ubuntu 13.10 with encrypting /home and using the lvm feature as well. so need password to get to login screen to unlock it all. then another pass to login as well. the /home and all is encrypted. i dunno man.. just seems all not worth efforts.

    and if they do Grid X2 drill the 13th/14th for power out drill .. and power does go off and not back on again.. i've spent all that money for nothing anyway. :(

    http://www.governamerica.com/opinio...e-for-the-gridex-ii-november-power-grid-drill
    http://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEX.aspx

    PS: Sorry, didn't mean to come across "harsh" or whatever, just frustrating sigh lol. You're all good peoples.. :)
     
    Last edited: Nov 12, 2013
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @spencerp

    In your situation, I wouldn't be focusing on extreme Internet privacy.

    Just get PrivateInternetAccess (PIA) as a VPN. Install Ubuntu 12.04 x64 (long-term support) on your computer, using the encrypted LVM option. Don't also encrypt your home folder, because that will screw it up. Install VirtualBox, and create an Ubuntu 12.04 VM for private stuff. Use the host machine for normal, non-private stuff. Also import the Whonix VMs for using Tor. Use that for anonymous stuff via Tor. Keep those three levels -- 1) non-private stuff on host machine, 2) private pseudonymous stuff on Ubuntu VM, and 3) private anonymous stuff on Whonix -- totally separate. Don't mix them, because that will blow your privacy, and attract attention in meatspace.

    The only part of that which costs money is PIA, and that's just 40 USD per year. The rest does require learning, but that shouldn't be a problem if you aren't working ;) And who knows, maybe the new skills that you learn will help you to find work. Just remember the first rule of Fight Club: Don't talk about Fight Club! Except when you're pseudonymous online, that is. Don't cross the streams. Don't share in meatspace about stuff that you do privately online, because that blows it.

    Before doing anything else, read my guides. Start with parts 1-2. They're at https://www.ivpn.net/privacy-guides. If there's anything that you don't understand, ask :)

    Also, pfSense is a router/firewall OS. It's free from http://pfsense.org/. It runs on PC hardware. It'll work OK with a one-core CPU and 512 MB RAM. I've never tried it, but it'll probably run on an old Pentium box. Used old single-NIC Intel cards are inexpensive.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    The Tor Browser Bundle (TBB) does have NoScript. But it's set to allow all sites. Even so, it does help secure Firefox, in other ways.

    If you toggle NoScript to block all sites by default, you look different. Instead of looking like most TBB users, you look like the subset that has set NoScript to block. However, given the risk of Javascript exploits, that's a good compromise.
     
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,344
    That is one of the reasons I like Whonix so much. If you look under the hood you will see that ONLY the Gateway has NAT enabled. The Workstation is where all your "surfing" takes place and the Gateway will not pass anything through to the Workstation. The Workstation never sees it so it cannot be sent/reported to sites and malware should something make it on your Workstation setup.

    Best of all is that you can keep a clone template for Workstation and start over fresh and clean in only a few minutes if you ever feel "violated" or just start a routine to swap as needed.

    Many users actually create a Workstation for each "private" site just to make sure there is no "cross talk". A clone takes about 2 minutes to create so a clean template makes it super easy to do.

    I feel like its worth it to create an obfuscated bridge to get to TOR as well, but that is a personal choice we all make.
     
  15. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34
    You're awesome /b/ro lol. xD And I noticed just now your riseup.net email in signature haha. I was gonna go with their services before, but found in some google searches that they might have been compromised as well as TOR. Which I still see from various anons that TOR is funded or created by govt.. and they're monitoring things. And I was told by several legit anons not to use it. But anyway..

    I had installed 12.04LTS originally, but it doesn't give option during installation process to install/setup the LVM feature. It only gives option to encrypt /home, hence just going with 13.10 because it gives both options during installation. I have both version ISO's burnt to dvd, so reinstalling 12.04 isn't issue. I'm doing it now, just this Grid EX2 power drill is kicking our power off and on and off and on since 6:15am sporadically.. which of course kicks my computers on and off and on and off.. >_<. I'm trying to do this, grr lol!

    See, the original plan was to have one tower for personal crap, and other tower for other things. ;) They're both identical towers, just one has less ram, hard drive space, and processor speed than other one. Both are Dell Optiplex 755 towers.. and this tower for personal crap has Winblows 7, and other tower will have Ubuntu. This tower has 500GB HDD, 4GB RAM, Intel Core 2 Duo E6550 @ 2.33GHz processor. It's sister tower, which I gathered the hardware myself and built it (when I had funds from selling off un-needed software licenses online long time ago), has 1TB HDD, 8GB RAM, Intel Core Quad processor, which is going to be for Ubuntu tower/non-personal. So ram, hdd, processors aren't going to be problem. :)

    Regarding the screwing up of things with encrypting /home and doing LVM...I did notice that as well. But even with 12.04 I was getting the "could not mount /dev/mapper/cryptswap" message after logging in.. and I think this issue as well.. "the disk drive /dev/mapper/cryptswap1 is not ready yet or not present". With 13.10 version, I had done /home encryption and the LVM.. and got "/dev/mapper/ubuntu--vg-swap_1 is not ready or not present ". Which sucks, cause I don't know of definitive fix for issue. I had spent almost week straight uninstalling, and reinstalling the Ubuntu versions itself.. Doing various "fixes" and tips or suggestions. Wasted whole week or so uninstalling and installing like 30 times. Then tried Cherimoya 0.2.4, but it seemed to lack support, so went back to Ubuntu. Lol!

    So I just reinstalled Ubuntu 12.04 now, and then install Ubuntu 12.04 again but as VM? So download and install: https://www.virtualbox.org/wiki/Downloads and create Ubuntu 12.04 VM, and do the Whonix also? Lol! Geesh, alot of work and extra stuff to do...I was just going to make things simpler, encrypt the heck out second tower and only use that tower for private stuff.. And have this tower for personal stuff. Lol! Just don't see the need for all those hoops and hurdles for VMs and etc. Haha. But I'll look into it all, and read your guides. Thanks! :)

    I was going to go with Mullvad, and maybe do it monthly. lol. But will check out the one you suggest. :) Will check out the pfSense as well. I'll probably better get it for this tower with Windows 7 and also for second tower with Ubuntu. Currently, this tower now is wired to wall and other second tower with ubuntu is running wireless off this one for now, to set it up, download updates and etc. The plan was to move important vital things from this tower, that I want to keep. Then unmount this 500GB HDD, and wipe it clean or split it with log splitter and burn it. Lmao! Then use second tower as main tower for everything.

    Dully noted with Fight Club references. ;) Guess I have alot of work today again haha. Thanks /b/ro! :)

    PS. I wanted to install Cinnamon as well though, cause it's sexy and I'm used to layout lol. Cinnamon or not?

    PS #2.. I ended up downloading and installing Ubuntu 12.04 ALT ISO.. and encrypted LVM without /home..
     
    Last edited: Nov 13, 2013
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @spencerp

    I'll reply in more detail later.

    But for now, you need to use the alternate install disk for Ubuntu 12.04 in order to get the dm-crypt LUKS option. It has the old Debian character-based installer.

    Using a LTR release is important with dm-crypt LUKS, because doing an in-place upgrade to another release is dangerous.
     
  17. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34

    yep, already got the alternate install disk iso and cleared/wiped/formatted the drive fresh with the 12.04 alternate install disk and did update and upgrade on it. now deciding what to do next lol. xD

    besides your guides and such i mean, but some of the stuff over here i was doing before though.. http://crunchbang.org/forums/viewtopic.php?id=24722

    sudo gedit /etc/resolv.conf
    change your nameservers to trustworthy DNS-Servers. Otherwise your modem will be used as "DNS-Server" which gets its info from your ISP's DNS.

    HTTPS-DNS is generally preferred for obvious reasons.

    Your resolv.conf should look something like this:

    nameserver 213.73.91.35
    #CCC DNS-Server
    nameserver 85.214.20.141
    #FoeBud DNS-Server

    Use at least two DNS-Servers to prevent connectivity problems when one server happens to be down or experiences other trouble.

    And other useful tips and suggestions. I'm wondering if I could do those DNS changes on this computer though too.. ? Try and lock down/protect BOTH computers.. even though this tower is windows 7
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, basically. That gives you two totally separate workspaces, the Ubuntu VM (somewhat anonymous, good for stuff like Wilders) and the Whonix workstation VM (far more anonymous, good for Tor hidden services etc).

    The more that you can break up your online activity, into non-overlapping and unlinked compartments, the harder it is for Google and the NSA etc to build a profile that links everything. It's also fun to make up new identities :) I have some strange ones that I don't let out very often ;)

    I'd say forget the pfSense router thing for now. If you do come across an old Pentium box that boots, you could put pfSense on it. If you have a vLAN-aware smart switch, you can build a pfSense router with just one NIC. WAN is one vLAN, and you can have multiple vLANs for isolating clients.

    You don't need the log splitter. A hot oak fire is enough :)

    You can have lots of VMs, even if you only have enough RAM to run a few simultaneously. Keeping track of them in VirtualBox is the hardest part.

    Cool, you're good to go :thumb:
     
  19. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34

    Ah okay, just seems a bit pointless to me though. Cause you're basically setting up 3 different OS/Work stations, and all 3 are using the same DNS records, same internet connection, same vpn connections, and etc. It's basically like what I said originally, having this one tower with Windows 7 on it for personal stuff, and other second tower with Ubuntu for private stuff and both machines are running a VPN when needed. Just seems like going extra miles to achieve being anonymous, but really aren't. Because no matter which work station you're on, in same tower, same NIC card/DNS records, internet connection.. it's sending out same exact information records.


    Not sure what all that means lmao? Pentium box? vlan aware smart switch? I think this current router has options for vlan/wan and etc.. I do have some old Westell Routers 7500 that originally were used for our verizon dsl plan. This one on now is replace / newer router.. D-link 2750b. Not sure what you meant by pentium box, but have old intel mini-motherboard that works i think, but no way to fire it up as running / working tower. I tried before to get it fired up, I must not have the right equipment.

    Can't I just change the DNS records like I said in previous post.. for both towers? To help protect dns identity? Maybe change this from the Control Panel of router settings?
    Code:
    HTTPS-DNS is generally preferred for obvious reasons.
    
    Your resolv.conf should look something like this:
    
    nameserver 213.73.91.35
    #CCC DNS-Server
    nameserver 85.214.20.141
    #FoeBud DNS-Server
    
    Use at least two DNS-Servers to prevent connectivity problems when one server happens to be down or experiences other trouble. 
    Lol! True!

    Ah, so cinnamon is basically a VM then? I had it installed for the main screen/vm/feature to use and uninstalled the default ubuntu screen/grub or whatever. So when I get to login screen, I only have option to login to Cinnamon itself.. with some grub2 options there or whatever. I guess it's cause Cinnamon looks nicer, the layout I'm familiar with.. :)

    Oh yeah, should I install LVM Lens or whatever? http://iloveubuntu.net/easily-access-virtual-machines-unity-vm-lens
     
  20. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34
    Also, when setting up the Ubuntu VM, and Whonix VM or whatever.. Is 4GB ram safe to use their memory settings instead of default 512mb? This host machine is Core 2 Quad processor, 1TB HDD, and 8GB RAM... Since I plan to each OS or VM at separate times, not all at once.. I'm assuming 4GB per each VMs would be good? I'm running Ubuntu 64bit, not 32bit. Thanks.

    Oh yeah, above you said about importing Whonix? How would you import it, couldn't it just be installed as VM itself? Lol
     
    Last edited: Nov 14, 2013
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,344
    This comment is where I think you demonstrate you might be missing the point. When you are running properly isolated VM's (such as Whonix Workstation) all of the hardware related ID that you mentioned above is gone from the picture. The network time is sync'd to UTC and your fingerprint has been neutralized to be one of many instead of an EXACTLY known pseudo your normally fingerprinted browser will have created. The internet only sees what Gateway shows it with respect to hardware issues. Your actual hardware fingerprint/ID cannot be discovered so you are "in the wind". You can set up numerous workstations with specific site parameters and that way you will never have to worry about info going between sites by operator error of any kind.

    Here is a convenient link to read through:

    https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection
     
    Last edited: Nov 14, 2013
  22. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34
    Oh, okay, thank you so much for that detailed explanation! I wish I knew all about the VMs long ago though, I would have been doing this from the get go! lmao! :) :D ;) I'm about ready to install first VM now, for Ubuntu.. The host machine is 8GB RAM, 1TB HDD, Core 2 Quad processor with Ubuntu 64BIT.. Is it safe to run the two VMs at 2GB to 4GB for their individual memory limits, instead of the 512MB default one? Like, I don't plan to be using 2 VMs at once, whilst host is running in background. Plan to only use one VM at a time lol
     
  23. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    I use AdvOR and Privoxy huehuehue :D
     
  24. spencerp

    spencerp Registered Member

    Joined:
    Nov 10, 2013
    Posts:
    34
    doh, i guess i must enable VT/virtualization in bios lol! Oh, it is on, along with VT for Direct I/O. However, not sure if Speed Stepping and Trusted Execution settings need to be ON though. Intel 64bit technology processor EM64T. Core 2 Quad Q9550 2.83GHz. I have the Intel ME Configuration stuff OFF though too. ME STATE CONTROL sleep states and etc. Cause every time I booted up before, I had blinking black screen with cursor at top right for little while after Dell splash screen.. before OS screen showed up. Any tips / suggestions lol
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @spencerp

    Here's a summary:

    Host Machine

    Core 2 Quad CPU
    8 GB RAM
    1 TB HDD
    Ubuntu 12.04 x64
    VirtualBox
    runs VPN client

    Linux VM

    1 virtual CPU core
    1-2 GB RAM
    128 MB video RAM
    200 GB virtual HDD (dynamically allocated, initially ~8 GB)
    Ubuntu, Cinnamon, etc x86
    one virtual network adapter, NATed to host
    sees Internet via host VPN
    for better anonymity, can run second VPN that connects through host VPN

    Whonix 7 Tor Gateway VM

    1 virtual CPU core
    128 MB RAM (need >512 MB for GUI to load and run well)
    8 MB video RAM
    100 GB virtual HDD (dynamically allocated, initially ~3.5 GB)
    Debian 7 x86 (boots without GUI)
    two virtual network adapters
    -- adapter 1 NATed to host
    -- adapter 2 attached to VirtualBox internal network "tor"
    runs Tor client that connects through host VPN

    Whonix 7 Workstation VM

    1 virtual CPU core
    768 MB RAM
    128 MB video RAM
    100 GB virtual HDD (dynamically allocated, initially ~4 GB)
    Debian 7 x86
    one virtual network adapter, attached to VirtualBox internal network "tor"
    connects to Internet through Tor gateway VM
    to evade Tor exit blocking, can run second VPN that connects through Tor
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.