Security and Privacy on the Internet

Posted 08-12-2010 at 03:31 AM by craigevil
Updated 04-24-2021 at 09:07 PM by craigevil (Most of the advice is outdated.)

Tags anonymity, firefox, pgp, privacy, security

---

This post like all of my posts are several years out of date.
Use the Tor Browser, or a VPN preferably a paid one.
You can also use a browser like Librewolf that is a bit more hardened than Firefox or Chrome.

If you are really worried about privacy there are a few things you can do including:
Use the Adblock Plus extension for Firefox and use the
Easy Privacy list as well as the Antisocial list.
This list blocks the ever increasing social networking content on third-party sites.

Use a hosts file to block the multitude of clicktrackers

If you want to do the same thing without having the hosts file slowdown, dnsmasq offers similar functionality and it seems to be pretty snappy. Also, it allows you to use DNS for your LAN to boot!

Use Tor
Use a VPN, Linux VPN Masquerade HOWTO: Background Knowledge

Do not accept 3rd party cookies.

Use moblock/Peerguardian http://moblock-deb.sourceforge.net/

Helpful articles:
Prism-break https://prism-break.org/
Security and Encryption for Anonymous Internet and Computer Privacy
Big Brother is Watching – Privacy, Censorship, and Staying Anonymous
Encrypt your web browsing session (with an SSH SOCKS proxy)
Anonymizing Google's cookie



Do not use Google to search, instead use ixquick or duckduckgo or Startpage Search Engine. Or at the very least use the new Google SSL search.

There are several extensions for Firefox that can help to block the junk on the Internet.
Extensions to block crap or to get rid of it that I use:
- Adblock Plus
- Adblock Plus: Element Hiding Helper
- BetterPrivacy
- Cookie Monster
- Flashblock
- NoScript
- Hide My Ass Proxy Extension
- HTTPS-Everywhere
- HTTPS Finder
- Ghostery
- GoogleSharing
- Open in Private Browsing Mode
- QuickJava
- QuickProxy

Also for Firefox there are a few things you can tweak either in about:config or by creating a user.js.
Firefox makes unrequested connections http://support.mozilla.com/en-US/kb/...ed+connections

Code:

/* Disable network prefetching/search engine suggest */
user_pref("network.prefetch-next", false);
user_pref("browser.search.suggest.enabled", false);

/* Disable geolocation */
user_pref("geo.enabled", false);

/* Disable Google lookups */
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.remoteLookups", false);

If you use Chrome/Chromium you can add the Google SSL page as the default search.

Quote:

Right click on the Omnibar and select ‘edit search engines...’

Select ‘Add...’

For ‘Name’ enter: “Google SSL Web Search beta” (without the quotes)

For ‘Keyword’ enter: “ssl.google.com“ (without the quotes)

For ‘URL’ enter: “https://www.google.com/search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie= {inputEncoding}&q=%s” (without the quotes)

Select ‘OK’

With the new Google SSL Web Search entry selected, hit the ‘Make Default’ button

Basic Rule: Always browse in "Private Mode" so that fewer traces of your web history remain on your HDD. Opera,Chrome, Firefox, Safari, and Internet Explorer all include a form of Private Browsing.
Privacy mode - Wikipedia
https://secure.wikimedia.org/wikiped...i/Privacy_mode
Midori isn't on the wikipedia list but it also has Incognito.
Epiphany doesn't or at least it doesn't from what I can tell. http://live.gnome.org/Epiphany/Featu...rityAndPrivacy

If you use instant messengers or irc you want to use OTR along with using SSL.
See my blog about irssi for how to set-up SSL on the OFTC and Freenode networks.

Off-the-Record Messaging

Quote:

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.

Use PGP/GPG in your email client.
Enigmail: A simple interface for OpenPGP email security

Quote:

Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Some of the other popular email clients.
Evolution and PGP http://support.real-time.com/linux/e...lutionpgp.html
Pretty Good Privacy (PGP) / GNU Privacy Guard (GnuPG) http://kmail.kde.org/manual/pgp.html
Mutt-i, GnuPG and PGP Howto http://www.faqs.org/docs/Linux-HOWTO...PGP-HOWTO.html
Encrypting email in Claws Mail http://www.ghacks.net/2009/07/11/enc...in-claws-mail/

Other projects that protect you on the web.

HTTPS Everywhere | Electronic Frontier Foundation - https://www.eff.org/https-everywhere

Quote:

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

The Freenet Project - http://freenetproject.org/

Quote:

Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect.

Privoxy

Quote:

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.

JonDo - the free client software for JonDonym | JonDos GmbH

Quote:

JonDo is a free, open-source and highly portable (Java-based) client software for accessing the JonDonym services. Its primary use is the anonymisation of web site requests against web site operators, internet providers and the anonymisation service Operators.

They even provide a Debian repo
JonDos http://jondos.com/en/download/linux
Add the following line to /etc/apt/sources.list. Replace DISTRI by the name of your distribution. At the moment lenny, squeeze, sid, intrepid, jaunty, karmic and lucid are supported.
# Secure Apt - apt-key add JonDos_GmbH.asc
# deb http://debian.anonymous-proxy-servers.net DISTRI main

Posted in Uncategorized

Views 137006 Comments 38

Comments

1. i2P - Anonymizing Network What is I2P? http://www.i2p2.de/ Quote: I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. You can get the source from the homepage or a .deb package from the German Privacy Foundation e.V. repo at https://www.awxcnx.de/wabbel-en.htm Enjoy your anonymity and privacy! There's a version for Windows (also portable), Linux, MacOS. I2P Tutorial for Windows Video: https://www.youtube.com/watch?v=5J3nh1DoRMw I2P Tutorial for Linux - Video: https://www.youtube.com/watch?v=QeRN2G9VW5E How to set up your own website on I2P - Video: https://www.youtube.com/watch?v=2ylW85vc7SA http://geti2p.net http://i2p2.de IRC on i2p:127.0.0.1:6668 For more and active I2P sites visit: http://inr.i2p The ports I2P is using: http://www.i2p2.de/faq#ports See also your router's configuration. I2P installation and running on Linux I2P on Linux: just download and extract the installation files, no need for separate install (such as apt-get install). Run the router from /i2p folder with 'sudo sh i2prouter start'. In seconds, I2P should open a Konqueror-browser page of I2P-main console. Configure your bandwidth settings. You might also consider opening some ports on your firewall for optimizing the use of your bandwidth. Portable I2P (windows only) Windows users can use a portable package; it contains I2P, several plugins (email, torrent client), preconfigured browser,preconfigured IRC client and messenger. Download located at: http://portable-i2p.blogspot.com ! Before you can use anything on I2P, you have to start the I2P router from the portable apps tray icon-menu with the button "I2P Launcher". Anonymous surfing with I2P To enable I2P to anonymize you in your browser, go to your browser options/preferences (depending on your browser) -> network/connection settings -> select manual proxy configuration and in http insert 127.0.0.1 and 4444 for port, in https 127.0.0.1 and 4445 for port. Make sure that you have 'No proxy for' as 'localhost, 127.0.0.1' so you'll be able to reach your I2P configuration page. To test your anonymity, go as example to: cmyip.com Also see Debian/Ubuntu - I2P : http://www.i2p2.de/debian#debian The Invisible Internet Project Quote: I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).

   Posted 08-13-2010 at 12:57 PM by craigevil Updated 02-26-2012 at 01:37 PM by craigevil (added more info)

2. For more information see: GUADEC: Danny O'Brien on privacy, encryption, and the desktop [LWN.net] https://lwn.net/Articles/398545/ GoogleSharing :: A Special Kind Of Proxy http://www.googlesharing.net/ GoogleSharing :: Add-ons for Firefox : https://addons.mozilla.org/en-US/firefox/addon/60333/ The SSD Project | EFF Surveillance Self-Defense Project https://ssd.eff.org/ Tor: anonymity online - https://www.torproject.org/ FoxyProxy Standard :: Add-ons for Firefox : https://addons.mozilla.org/en-US/firefox/addon/2464/ CsFire :: Add-ons for Firefox : https://addons.mozilla.org/en-US/firefox/addon/58189/ OpenDNS > FamilyShield - http://www.opendns.com/familyshield TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software http://www.truecrypt.org/ HTTPS Everywhere [LWN.net] http://lwn.net/Articles/393387/

   Posted 08-13-2010 at 01:03 PM by craigevil

3. Beefree is an extension, also called add-on, for Mozilla Firefox. http://honeybeenet.altervista.org/beefree/?id=101000 Quote: Beefree is a little extension that will avoid your searches target links to be recorded! It works with several of the most known web search engines! Beefree can't prevent a search engine to know what you are looking for, but it'll prevent a search engine to know what you are looking in!!! Beefree will also help you to hide your browser and operating system information from web search engines! This is possible, because beefree will generate random (fake) User-Agents and, instead of send your real one, beefree will send those fake information to web search engines. One of the newest features of beefree is to remove the referer link sent from your browser to search engines and to external websites. This is very important because also targets websites of your search-results could be websites made to track your online activity, and recording which keywords you used and on which search engines. Beefree will automatically detect which referrers to remove, this will avoid to compromise the working operations of others web-sites that require referrers to work.

   Posted 08-15-2010 at 10:37 AM by craigevil

4. 	Use a temporary email address when signing up for things like forums or web pages that need a valid email address. 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html Other disposable email addresses Disposable e-mail addresses - JonDonym Wiki http://secure-proxy-howto.anonymous-...mail_addresses
   	Posted 08-15-2010 at 11:15 AM by craigevil

5. Google Analytics Opt-out Browser Add-on Download Page Quote: Google Analytics Opt-out Browser Add-on (BETA) To provide website visitors more choice on how their data is collected by Google Analytics, we developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services. If you want to opt out, download and install the add-on for your current web browser. The Google Analytics Opt-out Browser Add-on is available for Internet Explorer (versions 7 and 8), Google Chrome (4.x and higher), and Mozilla Firefox (3.5 and higher). Google Analytics Opt-out Add-on (by Google) - Google Chrome extension gallery https://chrome.google.com/extensions...odhfapmkghcbnh Google Analytics Opt-out Browser Add-on now ready for download http://www.downloadsquad.com/2010/05...-for-download/ For more info on how Google handles your privacy take a look at: Google Privacy Center http://www.google.com/intl/en/analyt...yoverview.html

   Posted 08-17-2010 at 03:24 PM by craigevil

6. Click to play plugins now in Chrome: Google Chrome Flash Blocker and Plugin Blocker Quote: Google Chrome dev version has been updated to 6.0.490.1 and this version now has out-of-the-box Apps support and also adds a new feature called Click-to-play which is similar to a Flash blocker and can be used to block content served by browser plugins like Flash, Shockwave etc. Google Chrome dev build users (and future stable users), here is some good news for you. The latest dev build of Google Chrome now includes an integrated Plugin blocker in the form of Click-to-play, which can block Flash content and content served by other plugins used by Google Chrome. Click-to-play is a really welcome feature since it will allow you to control what content is shown in the browser and block content on a plugin to plugin basis. To enable the Click-to-play feature in Google Chrome, just add the "–enable-click-to-play" command line switch to the Chrome shortcut. Once you do that, you will be able to block plugin content by visiting "Options -> Under the Hood" and clicking on the "Content Settings" button.

   Posted 08-17-2010 at 03:26 PM by craigevil

7. 	Extra security for paranoid users: PGA - Pretty Good Anonymity
   	Posted 08-18-2010 at 07:49 AM by Web31337

8. NotScripts - Google Chrome extension gallery : https://chrome.google.com/extensions...pidmdajjpkkcfn Quote: NotScripts gives you a high degree of "NoScript" like control over what javascript, iframes, and plugins runs in your browser to increase security and lower the CPU usage. It is useful to help mitigate attacks like cross-site scripting (XSS) and drive by downloads by blocking the third-party content before it even runs with it's default deny policy. You can whitelist the sites you want through an easy to use url bar icon and drop down menu. NotScripts uses a unique and novel method to provide this "NoScript" like functionality in Google Chrome that was not previously possible. It introduces a break through technique of intelligent HTML5 storage caching to over come the limitations in Google Chrome that prevented an extension like this from being made before. NotScripts blocks third-party content BEFORE they load and it does this while also having a whitelist. This is one of the key extensions that many people have been waiting for since Google Chrome came out. You can test NotScripts' ability to block third-party javascript over at the project's homepage: http://optimalcycling.com/other-proj...tscripts/#test NOTE: When you install NotScripts, you will be required to set a password for it to use to encrypt it's site specific settings. I HIGHLY RECOMMEND you read the instructions about NotScripts on the project homepage to understand how it works: http://optimalcycling.com/other-projects/notscripts I expect to answer a lot of questions from people about NotScripts since V0.9 is the first release, so please be patient and leave a comment on the website or here. NotScripts is inspired by the “NoScript” addon for Firefox (http://noscript.net) and seeks to emulate it within the limitations of the Google Chrome extensions API. It is not affiliated with “NoScript“, I just happen to like it’s functionality. -Eric Wong

   Posted 08-19-2010 at 04:45 PM by craigevil

9. 	Documenting Tools for Beating Internet Censorship | Electronic Frontier Foundation - https://www.eff.org/deeplinks/2011/0...net-censorship The SSD Project | EFF Surveillance Self-Defense Project : https://ssd.eff.org/
   	Posted 05-16-2011 at 11:28 PM by craigevil Updated 06-16-2012 at 12:12 AM by craigevil

10. 	Several useful extensions for Firefox to help bypass censorship: MAFIAAFire.com - http://www.mafiaafire.com/ MAFIAAFire Redirector MAFIAAFIRE: Gee! No evil! MAFIAAFire: ThePirateBay Dancing!
    	Posted 05-16-2011 at 11:28 PM by craigevil Updated 04-06-2012 at 07:18 PM by craigevil

11. PrivacySuite :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir.../privacysuite/ Abine - http://www.abine.com/ Beef Taco - http://jmhobbs.github.com/beef-taco/ For Chrome take a look at: Disconnect - http://www.disconnectere.com/ AdSweep - http://adsweep.org/ Web Proxy Browser Extension (Chrome & Firefox)- Hide My Ass! - https://hidemyass.com/software/proxy-browser-extension/ Quote: HMA! Web Proxy Browser Extension Our free browser extension helps you to redirect your web browser traffic through our secure web proxy nodes with just one click. To hide your online identity and surf anonymously simply click our icon located to the right of your address bar; clicking this icon whilst already on a website will take you to the proxified version of this website, and clicking this icon with no website loaded will display a web proxy form for a quick start. Our free proxy extension is compatible with Google Chrome and Mozilla Firefox CsFire :: - https://addons.mozilla.org/en-US/fir...-oftenusedwith Quote: CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery (CSRF). CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE/SANS top 25 programming errors. Chrome Extensions For Your Privacy - Raymii.org - http://raymii.org/cms/p_Chrome_Exten...r_Your_Privacy Just posting some add-ons/extensions that may prove useful.

    Posted 05-20-2011 at 06:19 PM by craigevil Updated 05-30-2012 at 10:38 AM by craigevil

12. https-finder - A Firefox extension that detects valid HTTPS pages as you browse. One-click rule creation for HTTPS Everywhere - Google Project Hosting : https://code.google.com/p/https-finder/ What is HTTPS Finder? HTTPS Finder automatically detects and forwards to web sites that offer HTTPS, as well as automating the rule creation process for HTTPS-Everywhere (instead of having to manually type "https://" in the address bar to test, and writing your own xml rule for it). The extension sends a small HTTPS request to each HTTP page you browse to. If there is a response, the certificate is checked for validity (Any certificate errors will result in no notification, the site is ignored). If valid, the user is given an option to navigate to the HTTPS page (or optionally auto-forward to HTTPS), and save the auto-generated rule for HTTPS Everywhere. Version 0.51 adds "in-Firefox" editing of the rule before saving.

    Posted 06-18-2011 at 02:11 PM by craigevil

13. Secure Login https://addons.mozilla.org/en-US/fir.../secure-login/ Screenshots: http://securelogin.mozdev.org/screenshots.html Features: * Works out of the box without any configuration needed. * Login with one click or a keyboard shortcut (automatically submitting the login forms). * Easy and convenient selection for multiple logins (multiple users) * Provides direct login to any site from the bookmarks (using the "Secure Login Bookmarks"). * Integrates with Mozilla Firefox password manager. * Provides easy access to the saved passwords. * Prevents malicious JavaScript code to automatically steal your login data. * Provides an option to protect your login data from all JavaScript code during login. * Websites requiring JavaScript for the login process can be added to an exception list. * Can prevent cross-site scripting (XSS) attacks to steal your passwords without having to deactivate JavaScript. * Helps to protect you from phishing. * Shows the login URL(s) and the number of available logins in a tooltip of the toolbar button and the statusbar icon. * Can be set to automatically search for login data and highlight form fields. * Can be used with a toolbar button, a statusbar icon, a keyboard shortcut or via the context menu. * Completely customizable interface (buttons, icons and menus can be enabled/disabled). * Provides a customizable keyboard shortcut * By default only active on login so it doesn't consume any system resources while surfing. * Can fill out additional form fields using the Autofill Forms add-on. * Possibility to play a sound when logins are found or when logging in. Documentation: http://securelogin.mozdev.org/drupal/wiki

    Posted 07-02-2011 at 06:29 PM by craigevil

14. Some interesting links: A Gentle Introduction - I2P - http://www.i2p2.de/how_intro.html Tor Project: Overview - https://www.torproject.org/about/overview.html Want Tor to really work? - https://www.torproject.org/download/...tml.en#warning Debian User Forums •installing tor/polipo - http://www.debianuserforums.org/view...php?f=24&t=961 How to: Privoxy (proxy) + Polipo (web cache) + Dnsmasq (DNS - http://forums.debian.net/viewtopic.php?f=16&t=66500

    Posted 07-07-2011 at 04:16 PM by craigevil Updated 07-07-2011 at 04:21 PM by craigevil

15. 	Nixory - Antispyware tool for Firefox, IE, Chrome - http://nixory.sourceforge.net/ BASTILLE-LINUX - http://bastille-linux.sourceforge.net/ I also follow the advice in Securing Debian Manual - http://www.debian.org/doc/manuals/se...-debian-howto/ Warning the Debian Hardening Guide is outdated.
    	Posted 07-11-2011 at 11:16 PM by craigevil Updated 02-26-2012 at 01:46 PM by craigevil

16. 	Some useful extensions for Chrome. Ghostery for Google Chrome NotScript - A clever extension that provides a high degree of 'NoScript' like control of javascript, iframes, and plugins on Google Chrome. FlashControl - Add extra control features to Adobe Flash players. Use FlashControl to turn Flash players on and off, or toggle their visibility.
    	Posted 08-27-2011 at 02:18 AM by craigevil

17. Priv3 :: Add-ons for Firefox : https://addons.mozilla.org/en-US/firefox/addon/priv3/ Priv3: Practical Third-Party Privacy : http://priv3.icsi.berkeley.edu/ Quote: How Priv3 Works Blocking simple "web bugs" or "trackers" is fairly straightforward, because doing so does not harm your web surfing experience. By contrast, completely blocking social networking features is counterproductive, because doing prevents you from actually using these features—say to leave a comment, or to "like" something—when you would like to do so. Therefore, Priv3 does not block third-party interactions completely. Instead, it selectively suppresses the inclusion of third-party web cookies when your browser pulls in content from the social networks, but does provide them if you decide to interact with the social networking features. You still see the number of "likes" the page has accumulated on Facebook or the comments other people left using Facebook's discussion mechanism. Facebook however only learns the IP address of the computer you are using. Should you decide to interact with the social feature, Priv3 detects any mouseclick or keystroke directed at the feature. It then reloads it with your session cookies and passes on the click or keystroke, thus revealing your identity to the social network and informing it of your desired action. Priv3's Currently Supported Social Networking Sites Priv3 currently understands the interactive features of the following social networks: Facebook Twitter Google +1 LinkedIn

    Posted 09-18-2011 at 07:47 PM by craigevil

18. Essential apps for any Android phone. Always use encrypted communications whenever possible. droidwall - DroidWall - Android Firewall - Google Project Hosting : http://code.google.com/p/droidwall/ APG - https://play.google.com/store/apps/d...ar.android.apg Quote: Public key encryption for the Android. Encrypt/decrypt emails/files via OpenPGP.OpenPGP for Android. It's open source and its goal is to provide a similar OpenPGP implementation as GnuPG. Privacy on Android: Installing and Configuring APG | www.eugenemdavis.com - http://www.eugenemdavis.com/privacy-...onfiguring-apg Tinfoil for Facebook - https://play.google.com/store/apps/d...azco.fbwrapper Quote: Tinfoil for Facebook is for those users that require a Tinfoil Hat when logging in to Facebook. It creates a sandbox for Facebook's mobile site in order to protect your privacy and to avoid them tracking your browsing history. LBE Privacy Guard For Android Monitors Access Requests, Guards Privacy - http://www.addictivetips.com/mobile/...uards-privacy/ LBE Privacy Guard - Android Apps on Google Play - https://play.google.com/store/apps/d....security.lite Quote: LBE Privacy Guard requires a ROOTed phone, please make sure your phone has been unlocked and ROOTed. With the state-of-the-art API interception technology, LBE Privacy Guard provides great enhancement to Android permission system, now the first time you are able to: - Protect your privacy by controlling the permission of each application to access your sensitive data. - Block malicious operation from Mal-wares and Trojans. - Block unwanted network traffic if you don’t have a unlimited data plan. - Find out which application is trying to steal your privacy by checking the security log. netsentry - NetSentry is a network traffic alert system for the Android operating system - NetSentry keeps track of how much data is transferred over each network interface available to your Android system. https://code.google.com/p/netsentry/ Tor Project: Android Instructions : https://www.torproject.org/docs/android.html.en ProxyMobile: Firefox Mobile Add-on | The Guardian Project : https://guardianproject.info/apps/pr...irefox-add-on/ Proxy Mobile :: Add-ons for Mobile : https://addons.mozilla.org/en-us/mob.../proxy-mobile/ Quote: Simple add-on for settings HTTP, SOCKS and SSL proxy settings. Works by default with Orbot: Tor on Android. Developed by the Guardian Project at https://guardianproject.info DroidSheep Guard - https://play.google.com/store/apps/d...ard.free&hl=en Quote: DroidSheep Guard protects your phone from DroidSheep, Faceniff & other hijackers. DroidSheep Guard protects your phone from Tools like DroidSheep, Faceniff and other Session hijackers! It monitors your ARP-Table and alerts on any unusual change to this table. So use it to secure your Facebook, ebay, Twitter, LinkedIn etc accounts from "Man In The Middle" attacks on public WiFi! Also see shARPWatcher in Google Store. Both DroidSheep Guard and shARPWatcher are free apps. Wifi Protector is not free, but worth taking a look at. For more info see: Android Security with Wifi Protector - FAQ gurkedev.com - http://www.gurkedev.com/wifiprotector/faq/ Gibberbot: Secure Instant Messaging | The Guardian Project : https://guardianproject.info/apps/gibber/ Android permissions explained, security tips, and avoiding malware - http://androidforums.com/android-app...g-malware.html How to Encrypt All Internet Use on Your Android Phone - SSH Tunnelhttp://lifehacker.com/5803880/how-to...-android-phone Interesting article: The Guardian Project : https://guardianproject.info/

    Posted 12-13-2011 at 06:43 PM by craigevil Updated 04-06-2012 at 07:14 PM by craigevil (Adding a couple more extensions)

19. DeSopa :: Add-ons for Firefox - https://addons.mozilla.org/en-US/firefox/addon/desopa/ DNS Evasion to Stop Oppressive Policy in America Quote: HOW TO USE: --------------------------- - Enable the Status/Add-on bar if it is not enabled (View->Toolbars->Add-on bar) - Click on the light blue DeSopa button in the Status/Add-on bar, at the bottom of the browser window, to access websites by IP. - Click the green DeSopa button to switch back to DNS resolution. III. KNOWN LIMITATIONS: --------------------------------------- - Can only resolve tabs one at a time. - First time resolution is a bit slow because three services are checked serially and compared. This may be done in parallel in the future, or a trusted single source may be used. IV. HOW IT WORKS: --------------------------------- When turned on, DeSopa intercepts URLs, sends the base URL to three offshore DNS services via HTTP, makes a best effort to check that two of them are equivalent, caches the IP for the browser session, redirects to the equivalent URL using the IP, and substitutes out the domain name in the source code with the IP address for future requests. GitHub: https://github.com/TamerRizk/desopa

    Posted 12-22-2011 at 01:44 PM by craigevil

20. Some more Firefox extensions: Certificate Patrol :: Add-ons for Firefox : https://addons.mozilla.org/en-US/fir...ficate-patrol/ Quote: Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. This add-on reveals when certificates are updated, so you can ensure it was a legitimate change. RequestPolicy :: Add-ons for Firefox : https://addons.mozilla.org/en-US/fir...cy/?src=search Quote: Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks. TrashMail.net for Mozilla Firefox® :: Add-ons for Firefox : https://addons.mozilla.org/en-US/fir...cb-dl-featured Quote: Create free disposable email addresses and paste them directly in forms. This helps to protect you from spam mails and could be useful when subscribing to forums or newsletters ProxTube - Unblock YouTube :: Add-ons for Firefox : https://addons.mozilla.org/en-US/fir...c=cb-dl-rating Quote: In some countries YouTube videos are blocked! Unblock them with this Addon. Supported countries: Germany, Netherlands, Spain, ...? not US compatible Status+Support: www.proxtube.com www.facebook.com/ProxTube & Twitter: @maltegoetz (EN/DE) Collusion :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir...usion/?src=api Quote: Collusion is an experimental add-on for Firefox and allows you, for the first time, to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers. Google/Yandex search link fix :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir...arch-link-fix/ Quote: This extension prevents Google Search from modifying result links when they are clicked. Hide My Ass! Web Proxy :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir...on/?src=search Quote: Hide My Ass! operates the most popular browser based web proxy online, this is our official extension that enables you to easily redirect your web traffic through our anonymous proxy network. Open in Private Browsing Mode :: Add-ons for Firefox - https://addons.mozilla.org/en-US/fir...ng/?src=search Quote: Right-click on a link to instantly open it in Private Browsing mode. (Or right-click anywhere to quickly open private browsing mode.) Privly - https://addons.mozilla.org/en-US/firefox/addon/privly/ Privly · https://priv.ly/ Quote: Privly enables you to read private content through any website. Only the people you designate can read your content, and the host page never has access. NSA - NoScript Anywhere - Next Generation NoScript for Android and Maemo Smartphones - http://noscript.net/nsa/

    Posted 02-13-2012 at 03:55 PM by craigevil Updated 04-06-2012 at 05:56 PM by craigevil

craigevil

• Registered Apr 2005
• Location OZ
• Posts 4,886
• Blog Entries 28

• Find Blog Entries by craigevil

  Containing Text: Search Titles Only

  Advanced Search
• Blog Categories

  Local Categories

  • Uncategorized
• Recent Comments

  • Helpful Debian Links by craigevil
  • LibreWolf the Secure Firefox Fork by craigevil
  • Grokking Debian GNU/Linux by Kefijoo
  • Security and Privacy on the Internet by craigevil
  • Howto install Oracle Java on Debian by craigevil
• Recent Entries

  • Interesting shell scripts and helpers
  • nala an improved apt
  • Raspberry Pi OS/Debian Package Managers
  • Newer Firefox on Debian/RPIOS/Ubuntu
  • Raspberry PI OS/Debian 12 Bookworm APT Repos
• Recent Visitors

  • birtualem mihretu
  • dgi
  • NomateS
  • paulbain
  • rokytnji
  • sm0oax
  • smilliken
  • ssrewrsfz
  • thinknix
  • zeebra
• Tag Cloud

  apt debian

  Search by Tag

• Archive
  <      April 2024
  Su	Mo	Tu	We	Th	Fr	Sa
  24	25	26	27	28	29	30
  31	1	2	3	4	5	6
  7	8	9	10	11	12	13
  14	15	16	17	18	19	20
  21	22	23	24	25	26	27
  28	29	30	1	2	3	4