How do you protect yourself online?

21

I PM’d gnome about this issue and wanted to share the result.

From the Lagrange capsule:

Prior to version 1.8, Lagrange’s font library was harcoded and all the fonts were bundled together with the binaries. The number of fonts was limited by needing to keep the packages suitably small for distribution.

gemini://skyjake.fi/fonts/classic/

In our private thread, I was able to demonstrate searching with Japanese characters because I inherited the classic font pack from Lagrange v1.7 and earlier. And gnome fixed the issue by installing the CJK font set.

If you have an issue with input or missing characters, visit the URL above and try the ‘Classic set’ of fonts.

Lagrange manages these fonts via

about:fonts

Mike

2 Likes
22

sorry, i can’t post more than 2 links so i’ll add them as code…

if one cares about privacy, that eliminates Windows, Google services, Facebook, Twitter, Instagram, YouTube and all the other mainstream platforms i’m forgetting

at the PC level i personally moved to Manjaro or, as i affectionately call it, Arch for Dummies! - it’s a rolling release that’s easy to install

mobile i no longer use, though if i did, it’d have to be an open-source phone like PINE64, Librem, WiPhone or something along those lines - the baseband needs to be isolated else i don’t think there can be any expectation of privacy regardless of the user-facing OS/ROM

at the browser level i use the normal Firefox release version with a “few” tweaks https://12bytes.org/articles/tech/firefox/ - in my personal opinion there is (unfortunately) no other mainstream browser that is as well suited for privacy tweaking - if you want to keep it a little simpler, check out LibreWolf https://librewolf.net/

email is Thunderbird, again with a “few” tweaks https://12bytes.org/articles/tech/the-thunderbird-privacy-guide-for-dummies/ - i want my mail stored locally where i have control over it, so no web-only services and certainly no “free” services such as hotmail, gmail, etc. - personally i use runbox https://runbox.com/ primarily - there are better providers if privacy/security is paramount, but runbox has a decent privacy policy, they’re cheap and the service has been stellar for me

@mike - if you want you can dump all of the add-ons you mentioned by using the arkenfox https://github.com/arkenfox/user.js user.js and uBlock Origin - some additional privacy add-ons may very well decrease privacy - for example, with the newer versions of Firefox, Privacy Badger is not needed, nor are container add-ons

absent arkenfox, i might suggest installing uBO, enabling Strict Enhanced Tracking Protection in Firefox settings, and resist fingerprinting ( privacy.resistFingerprinting in about:config ), OR you could simply go with LibreWolf which does all this for you, and much more, including installing uBO

also see personal-security-checklist, Privacy Guides and my site, https://12bytes.org/articles/tech/, which also has Firefox privacy and uBO setup guides

2 Likes
23

To avoid personalizations, I try to do search engine evaluations in a disposable Whonix VM. I disable JIT compilation, WebGL, WebRTC, the Battery and Peripherals API, Graphite rendering, and a bunch of other stuff in my “main” non-anonymous browsers for security; I stick to defaults in the Tor Browser’s “safest” setting when possible for anonymity.

I’ve written some bubblewrap scripts to provide rudimentary sandboxing. Unfortunately, I’ve been using the Firefox bwrap script less often because it breaks screen reader support.

I keep my addon/extension usage to a minimum since even the best-intentioned addons significantly weaken the isolation-based browser security model. I make JavaScript, cookies, and localstorage disabled by default in my day-to-day browsers.

Since Linux doesn’t provide robust sandboxing of its own (you’d have to rebuild userspace a la Android to do it properly), I’ve been experimenting with ways to run programs like the browser in little disposable VMs. Qubes-lite, if you will.

2 Likes
24

I have amended your trust level so that this one shouldn’t be a problem anymore. We’ve kept it pretty similar to the initial setup in that respect, but wherever anyone flags it’s an issue for them I’m more than happy to adjust it. Most of the earlier parts of that are to protect against bots (I believe) which you patently are not :smile:

25

good to know - i was starting to worry about myself :slight_smile:

off-topic - i didn’t see any Mojeek beta test stuff on the forum - i was invited to test the next beta and i’m wondering if there’s a place where that’s being discussed

thanks Josh!

26

This is 100% on the way, and a good part of the reason behind setting this up. In terms of the when I don’t have any specific date, but we are working on it. I’m also eager to hear your thoughts.

27

DivestOS (divestos.org) is an interesting looking replacement for GrapheneOS for non-Pixel devices. DivestOS applies as much of the GrapheneOS patches as it can to abunch of devices from Lineage. But the Murena phone is not currently supported :frowning:

In related news, I was using OPNSense on a 4-port Protectli (protectli.com) box for my in-home router, but am switching that back to a bare-bones OpenBSD setup. I’m a tech-control freak (strong GUIs make weak minds).

1 Like
28

I have actually used this on my testing phone (Pixel 4a) and it works well. If I’m honest I haven’t dug into it too much, the device is currently only used to have a way of checking things on Android/another AOSP operating system and was purchased at a sizeable discount due to its broken SIM slot. As you say, there are a lot of non-Pixel supported devices: Devices - DivestOS Mobile

29

Yes, I saw that. I like their site, it is full of great information even if you don’t have a supported device.

I don’t plan on getting any of the supported devices in the future though.

30

ProPublica published some basic tips for protecting yourself online. The complete story has additional details like how to check your privacy settings on iOS and Android.

Note: In the United States, you will likely also need to unfreeze your credit reports if you are applying for a job.

  • Stop reusing passwords
  • Delete unused accounts
  • Add an additional layer of security (MFA)
  • Manage your apps’ privacy settings
  • Think before you click
  • Keep your software up to date
  • Limit what you’re sharing online
  • Secure your SIM
  • Freeze your credit reports
  • Back up your data
2 Likes
31

Naomi Brockwell

Home | Avoid the Hack (avoidthehack!)

Dig Deeper

GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

GitHub - HorlogeSkynet/thunderbird-user.js: Thunderbird privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening

GitHub - Lissy93/awesome-privacy: :unicorn: A curated list of privacy & security-focused software and services

GitHub - Lissy93/personal-security-checklist: :lock: A compiled checklist of 300+ tips for protecting digital security and privacy in 2023

Opt out of global data surveillance programs like PRISM, XKeyscore, and Tempora - PRISM Break - PRISM Break

Raptor Computing Systems::Talos™ II

Libre Silicon

Home » Open Compute Project

Beautiful, Secure, Privacy-Respecting Devices - Purism

Vikings Store

coreboot

Libreboot - Libreboot project

1 Like
32

Would not recommend Dig Deeper. The author is a conspiracy theorist, not an expert.

RYF hardware with Libreboot and the Linux-Libre kernel will hurt your security, as this involves disabling microcode security updates (!!). microcode is a proprietary black box whether or not you update it. I’ve written about why FOSS != Secure before. Secure and insecure FOSS exists; Libreboot and the Linux-Libre kernel fall into the latter category.

2 Likes
33

that term carries with it negative connotations that were attached to it by the CIA, despite the fact that conspiracies happen every day, and it gets bandied around constantly in an attempt to discredit creditable people

granted, the author of Dig Deeper may not have all his ducks in a row, but to simply discredit all of his work by applying the “conspiracy theorist” label is rather disingenuous in my respectful opinion

regarding “experts”, none should be blindly trusted

that said, i’m a bit familiar with your work and do regard you as very knoweledgable

1 Like