Difference between revisions of "PrivacyGroup"

From das_wiki
Jump to: navigation, search
(other tools)
(News: added PIA ownership)
(One intermediate revision by the same user not shown)
Line 14: Line 14:
 
[[File:Santa be good small.png|size=400px|link=https://en.wikipedia.org/wiki/Information_Awareness_Office|frame|[https://en.wikipedia.org/wiki/Information_Awareness_Office The new TIA Office]]]
 
[[File:Santa be good small.png|size=400px|link=https://en.wikipedia.org/wiki/Information_Awareness_Office|frame|[https://en.wikipedia.org/wiki/Information_Awareness_Office The new TIA Office]]]
  
* [https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/f3wxiia/ Startpage.com is now owned by an advertising company] - Tough to trust them in the future. Consider searx.me, or give me suggestions. <span style="color:RED">NEW</span>
+
* [https://web.archive.org/web/20191202141345/https://vpnpro.com/blog/private-internet-access-announces-merger-with-kape-technologies-in-latin/ Private Internet Access (PIA) is now owned by a company with questionable past] - The company, formerly called Crossrider, was responsible for scads of adware. <span style="color:RED">NEW</span>
* [https://www.devever.net/~hl/cloudflare The trouble with Cloudflare]. Blocks Tor, blocks bots (even good ones), MiTMs connections and can break TLS. Unknown history with DHS following overtures to Cloudflare's previous incarnation, Project Honeypot. <span style="color:RED">NEW</span>
+
* [https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/f3wxiia/ Startpage.com is now owned by an advertising company] - Tough to trust them in the future. Consider <strike>searx.me</strike> searx.laquadrature.net (and set "Engines" to not include Google, to avoid errors). <span style="color:RED">NEW</span>
 +
* [https://www.devever.net/~hl/cloudflare The trouble with Cloudflare]. Blocks Tor, blocks bots (even good ones), MiTMs connections and can break TLS. Unknown history with DHS following overtures to Cloudflare's previous incarnation, Project Honeypot.
 
* [https://www.dropbox.com/privacy2019 Dropbox has updated their privacy policy] Check it out if you use it (I don't, when I can avoid it).
 
* [https://www.dropbox.com/privacy2019 Dropbox has updated their privacy policy] Check it out if you use it (I don't, when I can avoid it).
 
* [https://ostif.org/the-audit-of-unbound-dns-is-fully-funded/ OSTIF will audit Unbound DNS]
 
* [https://ostif.org/the-audit-of-unbound-dns-is-fully-funded/ OSTIF will audit Unbound DNS]

Revision as of 21:05, 3 December 2019

This page is an effort to maintain an updated collection of important work on privacy. Recommend stuff from this page? Link to us!

Hooray! 100K 200K views

Calendar

Events in this calendar are to privacy-related events. Click an event for more details, and links.

News

Tools help

People often tell me they are unsure about which privacy-enhancing technologies to use, and how to set them up. Here are some suggestions.

secure hardware elements

operating systems

censorship resistance

  • Psiphon - I don't know how good this is yet. Here's a contributor talking about it at the latest CCC.

anonymous browsing

  • Set up an alias, with associated accounts. This is perfectly legal as long as you don't use it for fraud, as Julia Angwin notes in her article for Consumer Reports.
  • Tor -- I suggest subscribing to the RSS feed of the blog of the Tor project to be sure you stay up to date. The hardened version of Tor has been discontinued; the Tor project recommends moving to the sandboxed version for increased security. As of Tor 8.0, the sandboxed Tor is no longer a separate thing; download the experimental version (>8.0) to get the benefits.
  • Also who uses Tor?

browsers

  • Tor Browser for everyday Use a second installation of the Tor Browser for everyday browsing without connecting to tor. Very actively maintained (better than regular FF); works great. Why do this? A big reason is TB has much, much better fingerprinting protection.
  • Changing search providers in Firefox and Tor Browser without 'search addons" etc. is an indefensible PITA. Here's how to do it: if you have rid yourself of the cruft that is the separate search bar to the right of the address bar---as all people of sound mind and good will have done---then temporarily add it in using the 'Customize...' option (right-click on an empty area to the right of the tabs to see 'Customize...', drag the search bar next to the address bar). Now go to a search engine site---currently I like searx, one instance is searx.me---, and click the magnifying glass icon with the green plus, then click "add 'searx.me'). Now go to your preferences (Edit->preferences, or Alt-E, N if you don't have a menu bar) and set your default search provider to the new one you added. Finally do the customize rigamaroll again, but drag the superfluous search bar off. Wasn't that easy?! NEW
  • Why not Chrome/Chromium? -- It does have a sandbox, but it is also the most privacy invasive browser (of the major ones). Also Google controls the extensions for it, and they are sometimes unjust.

browser tools

these all work with Tor Browser, Icecat, or (vanilla) Firefox.

  • Random Agent Spoofer (blocks a variety of fingerprinting attacks)
  • RequestPolicy (By Justin Samuel and Beichuan Zhang, of University of Arizona!)
  • NoScript
  • PrivacyBadger (EFF)
  • Self-Destructing Cookies
  • HTTPS Everywhere (EFF)
  • BetterPrivacy (removes LSO's -- supercookies -- which survive normal cleaning of cookie cache)
  • decentraleyes - runs CDN scripts locally, rather than using remote CDNs (which is trackable)
  • Privacy Settings (the plugin) -- Gives quick access to useful privacy settings in the browser, with toggle switches.
  • Update Scanner -- Useful for watching privacy policies for changes (since that is your obligation, as a continuing user of the site. Often such changes are not highlighted; only a new version is posted).

testing for problems

facial recognition

other tools

  • Standard SKS servers for PGP keys are broken, use Hagrid servers instead - A good one to use to keep your keys up to date (see parcimonie, below) is keys.openpgp.org. NEW
  • Security freeze for great good -- Prevent not just identity theft, but resale of your data by the Credit Reporting Agencies with a security freeze.
  • Keep your PGP keys up to date, privately -- Parcimonie updates your keyring over tor (catching revocations and expirations), at random intervals. It leaves open a connection to tor for a long time, so you may want to run it as a cron job and kill it after some interval.
  • anonymize scanned printouts from printers using tracking dots. From TUD, where lots of useful privacy tools have been created (kudos)
  • Protecting against baseband firmware backdoors, and provider backdoors-- A little outdated, but still full of good stuff. This is a comprehensive approach; for specific tools see below. EDIT: RIP Copperhead OS.
  • Silence SMS/MMS. Recommended -- Mark Zuckerberg says: "many people use Messenger on Android to send and receive SMS texts. Those texts can't be end-to-end encrypted because the SMS protocol is not encrypted." Well, I guess I wouldn't expect much understanding of privacy tech from Mr. Zuckerberg.
  • Noise is just like Signal, but without the hard dependency on Google Play Store. It is therefore better! But Silence is better still...
  • Get an RSS feed reader to keep up to date on privacy-related sites. For example *cough* subscribe to the PrivacyGroup's feed (It's good to use a secure RSS reader. For mobile there is Courier from The Guardian Project).
  • Youtube-dl -- Downloads a variety of streaming formats -- not just for youtube! Can be used with torify (see below) to anonymously view streaming video/audio that otherwise compromises privacy (e.g., flash). Note the version in packages is often not up to date--install the latest with pip to get a version that actually works.
  • Torify -- A SOCKS proxy to the Tor network, and a wrapper to use it, so you can e.g. look up GPG keys, or perform WHOIS queries, anonymously.
  • Get a GPG key
  • installing the latest GPG
  • Get a Gnuk token! -- Good way to do encryption in a protected dedicated device. You can buy them, or build them yourself
  • secure SSH

Other Sites with Tools for Protecting Your Digital Rights

Tools for Making Consent to Privacy Policies More Informed

Why care about privacy?

Anonymity

Giving up privacy

How universities can help

Videos

Miscellaneous

Privacy theme music!