Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Incidentally, if you want to install Opera web-browser onto Debian - you need to add the Opera repo onto your
Code:
/etc/apt/sources.list
Debian says you then have to trust the Opera repo.
So this is a clear example of Debian going outside of its ecosystem to offer users 'choice'.
This may become a worrying trend.
It's always been the case that if you install a proprietary binary package, you have to trust that repo, obviously Debian has no way of verifying it.
The idea of browser fingerprinting (Wikipedia) shows a user can be identified by various info held on their web-browser.
Web-browser fingerprinting could be used by a bank for example to make sure it's you making a transaction from your PC at home - and not someone else.
But it can also show your browsing history.
To avoid this we can turn off javascript (i.e. use NoScript) and use anti-tracking add-ons (e.g. uBlock Origin, Ghostery).
The above Wikipedia link says:
'Firefox provides a feature to protect against browser fingerprinting... but as of July 2018 it is still experimental and disabled by default.'
This 'resist fingerprinting' feature can be enabled by following this Mozilla page.
For good opsec - I think it is perhaps more advisable to use the FF 'resist fingerprinting' feature once FF green lights it.
Currently the feature is at its 'experimental' stage.
Which means we are taking a risk if we use it.
The latest release of Privacy Badger gives it the power to detect and block a new class of evasive, pervasive third-party trackers, including Google Analytics. Most blocking tools, like uBlock Origin, Ghostery, and Firefox’s native blocking mode (using Disconect’s block lists), use human-curated lists to decide whether to block or allow third-party resources. But Privacy Badger is different.
borrow your bandwidth, inject ads into displayed websites or sell user browsing histories. (Opera does at least the last of those, as detailed in the service's privacy statement.)
Seems like that undermines the point of using VPN in the first place. On the other hand, that linked privacy statement says
Quote:
Browser VPN. When you use our built-in VPN service, we do not log any information related to your browsing activity and originating network address.
Apparently Brave's dev used to be one of the heads at Firefox. Sounds good to me. And Brave is based on Chromium.
Brave vs. Chrome: Which Browser is Better?
Privacy
Brave blocks ads by default (unlike Chrome, which requires a 3rd-party extension such as AdBlock).
Brave blocks 3rd-party tracking by default.
On Chrome, mega-advertisers like Google and Facebook use 3rd-party cookies to track your browsing on nearly every website.
By blocking 3rd-party cookies, Brave limits the amount of data Facebook, Google, and other ad networks can collect about your browsing habits.
Brave stores all your browsing data locally on your computer, which means you can delete it at any time.
Brave supports Tor browsing, making it the first all-purpose browser to do so.
Opera has you covered for privacy with it's free built in VPN.
I used to use Opera as my main browser until I heard the Browser was sold to
a Chinese tech company, now I use it only to stream sports. Now that I'm reading a little bit more
that a whistle blower exposed them for a having a 'backdoor' in their software I will use it a lot less now.
'Qihoo 360 backdoor'. Dissenter Browser, Brave, and Iridium Browser is what I use now.
For VPN Extension cyberghost works pretty well 256-bit AES encryption
Now that I'm reading a little bit more
that a whistle blower exposed them for a having a 'backdoor' in their software
You can monitor what your browser is doing and stop it from sending packets to places that you don't approve of. Or at least watch what it is doing.
Code:
tcpdump -qtni any
Watch that and/or log that to file. Use whois to see who those ip ranges belong to. If you don't like your browser talking to it, block that range in your firewall. In fact you can block entire domains if you want to. Like ones that constantly knock at your firewalls ports. That may or may not cause you issues. http://www.ipdeny.com/ipblocks/
Then for all the obnoxious ads
Google
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.64.0/19
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
I used to use Opera as my main browser until I heard the Browser was sold to
a Chinese tech company, now I use it only to stream sports. Now that I'm reading a little bit more
that a whistle blower exposed them for a having a 'backdoor' in their software I will use it a lot less now.
'Qihoo 360 backdoor'. Dissenter Browser, Brave, and Iridium Browser is what I use now.
For VPN Extension cyberghost works pretty well 256-bit AES encryption
You might like to check out Otter which is based on the old Opera (12.x):
Google’s Plans for Chrome Extensions Won’t Really Help Security
Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation.
To start with, the Manifest V3 proposal won't do much about evil extensions extracting people’s browsing histories and sending them off to questionable data aggregators.
Additionally, Manifest V3 won’t change anything about how “content scripts” work.
Google keeps claiming that the proposed changes are not meant to “[prevent] the development of ad blockers.” Perhaps not, but what they will do in their present form is effectively destroy powerful privacy and security tools such as uMatrix and NoScript.
That’s because a central part of Manifest V3 is the removal of a set of powerful capabilities that uMatrix, NoScript, and other extensions rely on to protect users.
Extensions won’t be able to modify most headers or make decisions about whether to block or redirect based on contextual data.
If Google decides that privacy extensions can only work in one specific way, it will be permanently tipping the scales in favor of ads and trackers.
The latest release of Privacy Badger gives it the power to detect and block a new class of evasive, pervasive third-party trackers, including Google Analytics. Most blocking tools, like uBlock Origin, Ghostery, and Firefox’s native blocking mode (using Disconect’s block lists), use human-curated lists to decide whether to block or allow third-party resources. But Privacy Badger is different.
...but uMatrix is different: it gives all that power back to the user, so they can see what's happening and decide themselves what they want to let through.
All in all I'm getting increasingly leery of the EFF. Not sure at all if their recommendations & tools provided are supposed to be swallowed without critical examination. And critical examination has revealed flaws, time and again! But that's unpopular stuff and a little harder to find on the internet. In any case, there was a thread right here on LQ about how flawed their very own certbot (letsencrypt javascript software) is. My blog also has something to say about letsencrypt. https://dt.iki.fi/https http://dt.iki.fi/https
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.