Being privacy-aware in 2016 (opens in new tab)

Your comment is the first time I've ever read someone recommending a browser over Firefox (when discussing security and privacy). I find it even more surprising because you're recommending possibly highly unstable Chrome/Chromium releases. I'd like to hear more from you and the HN community on this topic.

Firefox seems to be the only browser in which one can maintain privacy and security (e.g. all the privacy tweaks from privacytools.io). Chrome doesn't allow for most of the tweaks, for example WebRTC can't be disabled.

Curious, who is "compiling KeePassX for Linux themselves" when it's in the Ubuntu and Debian repos? I haven't checked Arch or other distros but KeePassX is a widely used and active project, and I suspect it is available in many package managers. I wasn't aware that people were having to compile it from source (and I agree this would be more intimidating to new users).

1. Honestly I made bad experiences with PW managers. After having a corrupted PW database a couple of times I stopped using them.

2. I do that. In addition I use this: http://winhelp2002.mvps.org/hosts.htm I have a python script that builds a host file from several sources.

4. Most readers here should be able to build their own router with a banana pi and IPfire

Instead of a VPN subscription, I'd recommend a self-managed VPN solution. One can easily fire one up thanks to Streisand (https://github.com/jlund/streisand)

> even better sinkhole a random domain name you register

What does this mean? I've tried to figure it out from context, the article, and a quick google search, but It's not clear how dns sinkholing is going to help me stay secure.

regarding a secure router, the .cz tld operator cznic (authors of knot dns) are building high-security high-performance opensource hw/sw router (coming in October) https://www.indiegogo.com/projects/turris-omnia-hi-performan... https://www.turris.cz/en/

Adding the URL (or application name), or rather part of it, to a secure password also makes for a good way to not use the same password everywhere, imo. In case of not wanting to use a password manager.

https://support.mozilla.org/en-US/kb/create-secure-passwords...

>Password re-use is the #1 way accounts are being compromised at the moment and there are now good password managers that are easy to use with a low barrier to entry

What accounts? At least for financial fraud this is certainly not true, phishing remains #1 by far.

I'd also hazard to guess that botnet logs result in far more hijackings than password reuse.

What about smartphones? Should I use my real identity or is that safe?

use startpage.com then. They're based in the Netherlands.

I'm not convinced this localization argument holds so much water. Consider the following:

Case 1: If you're using a search engine not based in the US, and you're not a US person, then the NSA probably can't use any legal tools against you (depending on country). However, the NSA is allowed to use the full range of its capabilities to collect against you (PPD28 notwithstanding). They can infiltrate that service by technical or human means and carry out espionage activity without legal restriction (Title 50/EO12333). Further, they can retain the data unredacted for a long time.*

Case 2: On the other end of the spectrum, if you're a US person and you're using a US-based search engine, surveillance activities against you are far more complex. Warrants, NSLs, and/or other legal paperwork is involved, and there are strict rules on data retention, sharing, and minimization. That's not to say that there isn't surveillance, just that it comes with substantially more overhead. Meanwhile, most of the NSA's technical exploitation approaches are off-limits, and any collection/exploitation activity must be carefully managed.

Case 3: The intermediate case, where you're a non-US person using a US service, is a bit more hairy but still is better than the first case. While the NSA/FBI can utilize a range of legal tools (again, warrants, NSLs, etc) against you, because your data is likely entangled with US-persons data, it must also deal with all the overhead of minimizing and redacting that data (same as case 2). Similarly, the use of technical means against US providers is heavily restricted, so you won't be fighting against the same capabilities as you would be in case 1.

At the end of the day, which do you think is easier for the engineers at NSA: exploiting, entering, and just taking everything (case 1) or filling out a huge amount of paperwork and carefully handling the redacted scraps of data that comes back from the provider eventually (cases 2 and 3)?

I think you can make an argument for either side, but I tend to believe that technical exploitation is easier than legal, for now.

*Caveat here is that this intelligence data is hard[er] to use in US law enforcement activity against you. It's worth noting, however, that NSLs and FISA data are also non-trivial.

All is about trust. You can't completely verify a company does not store IP and other personal information even if the core is open-source...

https://duckduckgo.com/privacy

As they run on AWS they may not even know if this happens, but that isn't the threat model addressed by this article.

The lack of warrant canary on DDG is strange considering their entire premise.

privatelee.com is a nice alternative to DDG.

The solution to that is to use the IdentityFile directive in your ~/.ssh/config with username / hostname expansion. I use:

    Host *
        # Disable SSHv1
        RSAAuthentication no

        # Only use a key explicitely provided by an IdentityFile directive
        IdentitiesOnly yes

        # %h expands to the hostname, and %u to the username
        IdentityFile ~/.ssh/%h/%u.key

This ensures that at most one key is used, and prevents me from having to modify my config every time I generate a key for a new host.

I think you're supposed to configure SSH to use the right key without trying them all in your ~/.ssh/config

> What attack is this even preventing

I think the thought is the security practice of compartmentalization. If you lose the private key you use for GitHub, Amazon, DigitalOcean, your home servers, etc... you've effectively given root away.

Now if my laptop is compromised, it doesn't matter if I have one key or ten, I've lost them all. But if there's something heartbleed-esque that allows individual private keys to be stolen when pushing commits to GitHub, I've at least isolated damage to my GitHub account.

> What attack is this even preventing - that someone will be able to reverse ssh public keys and get the private? A better approach is to generate a unique key per client so that if you lose access to a device you can remove only its public key.

I don't think this is about security. Just about privacy.

Some people don't like that they can be identified by their public key. eg (I think) github allows public viewing of a specific users public key, and that allows other services you use with your public key to know your github account etc.

It's not a mainstream privacy concern, but there are some privacy oriented people that worry about it.

Why not use 'ssh -i key_file user@domain'?

Should only use the specified key file then, AFAIK, without doing the cycling you mentioned.

I have found my YubiKey quite nice for password sercurity, but I use it in a slightly different way. I use password-store, which is a git repository of GPG encrypted passwords. While I'm on my main laptop, which has Qubes, I can access passwords using a key stored in my keys vault using Qubes split GPG. Encrypted passwords are synced through SSH to my serwer. On my other computers, I can decrypt passwords with my YubiKey as a gpg smart card. This is probably way overcomplicated, but it works.

I am security conscious but not as conscious as jgc, I am doing the same with the database on the drive and the drive is encrypted. I have a "smaller" password in the head plus a Yubikey password which is appended to my smaller password. For each website I am using a randomly generated password.

What is important is that in my daily life, this is working perfectly well and I do not feel at all the annoyance of the added security against using the same dadada password on all the websites.

I really recommend a head stored + hardware generated password too, this is working wonderfully.

Just had a look at KeePassX, as it looks as though it has a sleeker UX, when compared with KeePass2.

It may be considered a faux pas, but I have come to like the http plugin, for KeePass2, which allows Firefox to reach into my database when I come to sign into an online account.

do you have a backup yubikey? I'd be worried about losing mine and then losing all my data.

Or may be it's just time to consider the state for the enemy that it really is. They are the main targets of such security measures, "hackers" are really not a concern, state actors on the hand have proven to be major threats.

I will not let their fear tactics get in the way of my freedom of doing what I please without fear of leaks, theft or spying, be it directed toward my person or as a simple passive measure.

I don't need to go to North Korea, but I'd certainly like to visit my family in Russia again.

Ideally you have both: Unlock the phone with the fingerprint and unlock more private data with a passphrase.

Same for password managers: Are there any that allow you to split your data into two categories: Protected by fingerprint and protected by passphrase? I'd love to see that feature.

Then if you believe in the rule of law (in germany we say "Rechtstaat") and the presumption of innocence, it is kind of a civic duty to follow these steps. If only to oppose this line of thinking. Or even better, bait those who would like to control us into openly acting. Especially if you are a lawyer, have enough money to pay a lawyer etc.

I will probably piss myself and cry if I ever really "become a target" as it happens in China, cartel controlled parts of south america, dictatorships etc. But I will be damned if I don't make some kind of token resistance to us going down that path if all it costs me is keeping my privacy and maybe having legal hassle+ cost of replacement if my stuff gets seized.

The [chilling effect](https://en.wikipedia.org/wiki/Chilling_effect) is strong with this one.

It's not just techies or criminals that want this level of security: companies also want to keep things secure, trust me. In the oil rig industry we used TrueCrypt to secure (1) employee/vendor lists, and (2) location scouting information. Given how difficult it is to obtain tis information, competitors would pay big dollars for this information, regardless of how obtained

I really dont see whats in this list that will get you marked as a suspect in relations to a speeding ticket or other cursory stops...

Originally it was glitter nail polish http://motherboard.vice.com/blog/itll-take-more-than-glitter... ... the idea wasn't just to mark the screws to show if there'd been physical access, but to make a mark that's easily verified but very hard to reproduce, so you also know if your whole laptop has been replaced by the 'evil maid'. You need to photograph it to check!

The actual bit in the 30c3 talk where this was discussed is here: https://www.youtube.com/watch?v=KV4XnvE2p34#t=54m24s

I assume it shows if someone has opened your laptop (because the nail polish will be scuffed perhaps).

Presumably it allows you to detect when they've been removed and your hardware has been compromised?

a in depth explanation is here:

https://www.wired.com/2013/12/better-data-security-nail-poli...

It only protects you against SSH fingerprinting done by hostile servers.

> I don't see how this makes sense.

Just imagine that somebody can request from you the ssh key to just one of the services you access. Then he gets the access to all of them.

Of course doing constant code reviews for every single piece of software you use is preposterous. I have trouble keeping up with my employees' code reviews.

Self Destructing cookies plugin will delete them even more quickly

I'd recommend this as well. When I did my big migration to LastPass about a year ago (i.e. logged in to every site I ever remember having used and changing the password to a randomly generated one), I thought I was all set. But the site has reminded me at least three times that I registered to alot of BBS-style message boards and maybe only made one or two posts before abandoning them forever and forgetting I ever registered.

Those are concerning, because I'm positive that something I registered for in 2006 and never used again probably used a weak, re-used password.

Why has this been downvoted? Is it because of a known issue with the mentioned site?

It was interesting when I found my name there the first time on service I did not even remember using. But I did and I just forgot about it. Luckily at time when I was already using different passwords everywhere.

I am not trying to be sarcastic but the first thing that came up to my mind is that, "Mobile privacy" rather sounds like an oxymoron.

Perhaps, https://neo900.org/ should be enough as a first step ;)

CyanogenMod without Google apps (gapps) is good enough (for normal life, not a Snowden-style situation, obviously). microG is a great open source replacement for gapps.

If you do want Google apps, at least turn off all the creepy features like Google Now, location history, etc.

All modern CPUs have the AES instruction set, which makes the encryption almost transparent in terms of speed.

Do you have any links for actual measurements?

It's impossible to keep your house burglarproof, too, but I still lock my door.

A lot of people regualary take their laptop through American airport security, where there are multiple reported cases of laptops being messed with.

Regarding hibernation/locking: many people leave laptops unatteded in more risky situations than at home and at the office. As a trivial example, imagine somebody going around a university library, infecting any unatteded laptop with a virus.

Yet there are probably a fair few here for whom the risk of crossing borders with a laptop and suffering a similar attack is not unheard of.

It's not a strong argument against Yubikey. I don't reject a product based on whether its vendor hasn't open sourced all of its hard earned work.

NEOs are still good. Have one for my PGP key, works great to move files between computers/OSes.

I'm curious, do you run Skype on the same X server as your other software?

Personally I'd never trust any encryption provided by the OS - absolutely no one is in a better position to be compromised by bad guys (c.f. Recent Apple FBI scare).

Would rather use a third party solution that's not so easily coerced.

Given that virus checkers only catch about 50% of any malware and recently there have been zero days in some household name virus checkers anyway. It might be good advice.

Some people will click on exe's because they believe the virus checker will protect them.

Actively scanning for malware in the background doesn't sound like a good idea to me tbh. The only malware detection anyone ever needs is Google Safe Browsing. And not running random crap executables :)

Almost positive one of uMatrix or uBlock has that functionality, because I get redirected to https when available and those are two of my very few extensions.

People get their electronics stolen all the time. I use FDE despite knowing that if law enforcement ever seized my computer, they'd probably force me to unlock it or throw me in prison for contempt for the rest of my life. I use FDE simply because I don't want to worry about some asshole stealing my stuff and getting access to all my files.

This is not settled. Colin Percival, for instance, is firmly on the side of using RSA with many decades of cryptanalysis until EC solutions also have many decades of cryptanalysis.

Pencil. Paper.

You could run Firefox in a Docker container. It wouldn't protect between tabs, but would help isolate from the rest of the system.

UBlock for the ads, privacy badger for tracking cookies. They compliment each other nicely.

Tor is mentioned in the original article.

| Is it even possible to use the web nowadays without JS enabled?

Yes, but results may vary. I can do 99% of my daily browsing without JavaScript enabled, and for the sites where it's needed, NoScript can be told to always allow it (one specific script, or everything on the page). This is why you constantly see NoScript being recommended, it allows you to toggle JS on and off, as needed, which is invaluable.

I've been using NoScript for years and how much is blocked never ceases to amaze me. 99% of the script that most sites run has nothing to do with viewing content, or usability, and everything to do with tracking (there are usually multiple instances, sometimes dozens, on a single page; it's astounding).

Another nice feature in NoScript that I just picked up on is the shift+left-click option in the script list. This allows me to investigate what that particular script is for, and choose to permanently block/allow it. Very handy, and also eye-opening in regards to privacy.

There secured with tls, albeit with self signed certificates. But you can configure it to use a properly signed certificate.

it can be configured to use strong TLS, making it at least as good as a regular browser. That configuration isn't particularly straightforward, unfortunately.