Hello there! Im looking for increased privacy when it comes to my network connections. So far I know of TOR as an almost absolute bastion of security, but how do I ensure the remaining network traffic is encrypted and private? I know of signal for communication, and I’m aware of VPN’s. However I’m not sure whether to trust most providers regarding government interference as their software often isn’t open source. Is there a federated VPN of sorts, similar to how lemmy and other fediverse apps work?
https://www.privacyguides.org/en/
You should start reading this website. It’s going to answer a lot of questions.
Tor is not the absolute bastion of security! It is a tool with trade-offs both good and bad. It is not a panacea
Check the privacy guide to VPNs. They’ll give you the trade-offs
I’ll just throw another tool to the mix: https://prism-break.org/en/
PrivacyGuides is VERY valuable and respected resource. OP, trust comment above 😃
I like privacy guides, OP you can trust Farline99
It’s important to distinguish privacy, anonimity and security.
I’m pretty much also a beginner when it comes to privacy so I’d be gladly corrected, but if you read the Tor manual you’ll see it works best on its own. VPNs offer very limited protection and if you’re looking to reinforce Tor, you might want to look into Tails instead, since Tor is meant to work on its own.
A good first point to make is your operating system. Ditching proprietary software is a must there as well since they have back doors from which they can steal most of your data anyway. Use a Linux distro, preferably not Ubuntu based, however it might be a little harder to use and the difference is not that big afaik. Ubuntu hasn’t given us reason to worry other than that it’s developed by a for profit company, in addition to some additions that were not considered ideal by the open source Linux users. I am typing from memory of some videos I watched though, so if you’re looking for a distro you best do your own research.
One additional necessity is encryption. Use it everywhere you can. Proton mail and other such providers encrypt your emails and allow only the recipient to read them. You can also encrypt your hard drives to protect the information inside them. De-google your devices and use as much open source software as you can. Newpipe or YouTube revanced should be installed instead of the official yt app, Lemmy(as you know lol) instead of reddit, Instagram or any other social media, however this can be hard to execute so what you might want to do instead is delete the apps from your phone and log in to your accounts from a browser that isn’t Tor, since logging in with Tor defeats it’s purpose completely. Alternatively you can use clients for some like frost for Facebook and, as previously mentioned, newpipe or yt revanced.
Finally, you might want to set up a Tor network server in your residence, as it helps hide your own traffic among the others using it. Additionally, the more wide the Tor network is, the more efficient blending in the crowd becomes. In fact, this is tor’s biggest strength. Using any extensions and add-ons to the browser can help make you stand out from the other users and allow others to track you.
Sorry for the long response not necessarily explaining what you were originally asking for, network privacy. But if you are to make your online computing private you must shield yourself from all directions and not leave back doors open at all. It’s not all or nothing but it certainly isn’t a one click wonder either.
TL DR: Leave Tor as is with the strongest default privacy and security settings, replace closed source apps with open source ones(like clients) and get a privacy respecting OS for both phone and PC.
deleted by creator
tor has it’s place. you can’t use tor as your only browser (unless your life depends on your anonymity). There’s mull (hardened firefox) for daily needs or mullvad browser on desktop.
what os are you on?
if you’re on android: I no longer use it, but blokada is simple enough to start with and learn about dns, ip &c. I thought trackerControl too was instructive but you won’t stop there either.
if you’re on a desktop, try piHole instead.
on Mac i’ve found Vallum to be the most efficient. With piHole it becomes redundant.
on windows the best solution was to install linux instead 😅
don’t use your ISPs DNS server, neither google.
read other threads on this community, then follow the links to read from sources instead.
good luck
If you want a VPN I would recommended Mullvad and pay with with Crypto
It depends on what you want to achieve.
Encryption (if done right) will protect you against people eavesdropping on your connection, but not against tracking by cookies, device fingerprinting or similar technologies. I.e Google, Facebook etc. will still be able to track your every move. A web browser with good ad/tracking blocking will go a long way here, but if technically feasible you’ll also probably want something like Pi-Hole to complement your browser’s ad blocker and also catch network traffic from other apps.
For better recommendations you’ll probably need to tell us about what exactly it is that you want to protect yourself against.
Isn’t a secure operating system essential anyway though? Like, can any decent privacy level be achieved on a windows computer?
The first question is always: what’s the threat model?
Maybe but at the end, user data is bought and sold by corporations, so if you avoid a few collecting them that doesn’t mean you’ll be private.
I agree in principle - on Windows it’s a bit of a cat-and-mouse thing between people building tools to disable Windows telemetry and Microsoft building ‘better’ telemetry. And don’t get me started on Edge. It really is time for the courts to force Microsoft to allow consumer choice once more.
Having said that, it does depend on what your objective (resp. threat model) is whether or not you consider Windows telemetry a problem. Microsoft will know that you’ve used this web browser for that much time, but not what websites you’ve visited (unless it’s Edge of course). It’s up to you whether that bothers you.
I never bothered checking edge’s TOS and data collection since I never considered using it in the first place so idk how bad it is :p.
But also can’t the person you’re hiding from also buy your data from Microsoft anyway? I mean, they collect them to sell, not only store. Your metadata are the ones they go after first right? Easy to store and analyze, usually betray behavior patterns etc.
Having said that, I do get your point and maybe it does depend on who you want to protect yourself against. But I’m just asking to verify my own knowledge.
TOR is the closest thing you will see to a “federated VPN”. You should always trust your VPN more than your ISP. There are open source VPNs like IVPN and Mullvad.
Lots of good responses in here already. Any VPN that is reliant on the use of others resources, federated or not, will require some level of trust.
You can “roll your own” and spin up a personal VPN that you host yourself that may remove some of the trust concerns, but if you aren’t building it from scratch or don’t audit any source code you use from others, whether foss or not, you are right back to the issue of trust.
Everything has a tradeoff, just like people have pointed out about Tor in this thread.
My advice is to try to balance your needs and concerns by doing research and ask around until you can narrow things down to specific products or services and then dig in anf ask pointed questions about them until you reach a level of comfort and trust that satisfies you.
I know you guys are technical and smart. Can you explain to me how secure https is in terms of privacy. I heard that isps can track which domain you’re hitting but not the exact endpoint, is this true ? Where can I read more about this sort of thing?
Some more info and helpful blogs from mullvad https://mullvad.net/en/help/all-about-dns-servers-and-privacy/
You can use quad9 or mullvad DNS resolvers for free to prevent DNS leaks
Https is based on the web of trust. You’re trusting each of the central certificate authorities not to issue a certificate incorrectly.
So if you’re doing something sensitive enough that somebody might compromise their certificate authority for then HTTPS is not the be all end all.
There was a fun program that the Great firewall of China was running, they would look at where you were sending traffic, and then do a man in the middle attack giving you a different certificate so that they can see what you were actually saying unencrypted.
No all of your packets will have a destination IP address. Meta data isn’t encrypted for an HTTPS.