Online security/privacy

All off topic conversation held here. Have fun and play nice. =)

Moderators: Bookworm, starkruzr, MrFireDragon, PrettyPrincess, Wapsi

Post Reply
User avatar
lake_wrangler
Posts: 4300
Joined: Sun Aug 05, 2012 8:16 am
Location: Laval, Québec, Canada

Online security/privacy

Post by lake_wrangler »

I will lay the groundwork in this post, and post my questions in the following post, to make things more clear.



I've been using gmail for many, many years. It was convenient, at the time (I used to use Hotmail, before, and I now forget why I switched). Over the years, I heard about how Google "reads" your emails to give you targeted ads. At the time, I was mostly using a local email client software program, so I figured it didn't matter much.

At one point in time, I also moved from using Internet Explorer to using Google Chrome as my browser. At the time, it was the best browser being recommended, if I recall.

But over time, I began to be more concerned about all the tracking Google did. I once watched a video about someone trying to de-Google his life (on YouTube, ironically, which he addressed in the video as well...) In the comments, someone mentioned the Brave browser, which blocked ads and third party trackers right off the bat, before even needing to add an ad blocker extension to the browser. I read up a bit about it, but soon enough switched over to Brave. It has been a few years, now.

Of course, I still use gmail, and for a long time used it mostly in a local email client, but also still kept one tab open to the gmail page, mostly for its searching email capabilities (i.e. when searching for an email in particular, it was easier to search for it directly in the web version of gmail.) Currently, I am using the web interface exclusively, because I have not yet completed the process of fixing my computer and multi-boot configuration (see my I'm about to nuke my hard drive(s) thread for more details...)

I also use Facebook, mostly as a way to connect with friends and family more easily (whether through their FB page, or through FB Messenger). I didn't use to write much on my page, no memes, no cutesy stuff. My photo albums are sparse. A few albums with photos from an event, but I don't keep a log of my life by posting on FB. But in the last year or so, I have also started sharing posts/articles of interest to me on my FB page. I also use WhatsApp (which is now also a FB property), but only to communicate with a few groups that use it as their main form of communication. I used to "Like" comments on other platforms, but not anymore. I have never used my FB credentials to sign in to another website, always preferring to create a personal login ID and a gibberish password with the help of a password manager (Lastpass, in my case). Keep your grubby hands off me, you Facebook animal! (To quote/paraphrase a certain, much older movie...)

So I suppose that no matter how good Brave was at blocking trackers, I was still being tracked to a certain degree. I was hoping to find ways to improve my getting untracked, so any time I found an article or a video on the subject, I went through them. Not that I have anything to hide, but it's the principle of the thing. Besides, as we are now seeing, the big tech companies are starting to flex their muscles more, as well as their political biases, by reducing the visibility of things/news/opinions they don't agree with, and even suspending accounts because of it, all without much recourse for the user. (And seeing the type of things I have posted on FB in the last year or two, I have definitely outed myself as a conservative, on that platform...)



More recently, I have run across a YouTuber by the name of Rob Braxman, who seems to specialize in privacy. I have warcted a number of his videos by now, and he seems to present some fairly cogent points.


One thing that surprised me, was how how the Brave browser being good at anonymizing people may just be a way to identify that a Brave browser was being used.



Another video which I found quite interesting was one about browser isolation:



Of course, no matter what you do in the browser world on your PC, in order to avoid getting tracked, it all becomes moot, if you use a cell phone with all the integrated "conveniences" that come with them. Spying comes standard...


To get around that, one option would be to de-google a phone (or buy one from someone who sells them, Rob Braxman being one, or course...)



But there have been work on other types of phones for years. I have been keeping abreast of work on Linux phones for a while, on and off. But so far, the options were either expensive, or underpowered... and also not as "convenient", in that many of the apps you would be used to use on Android would not be available on those. But things are starting to change on that front, and Linux phones are constantly improving. Privacy is enhenced, here. But...



He also explained his home network configuration, which is pretty interesting, if I do say so myself...
User avatar
lake_wrangler
Posts: 4300
Joined: Sun Aug 05, 2012 8:16 am
Location: Laval, Québec, Canada

Re: Online security/privacy -- Question: browsers

Post by lake_wrangler »

So, I recently watched Rob Braxman's video on browser isolation, and started considering implementing the strategy. I would use the Google Chrome browser for my Google "needs" (gmail, Google maps, YouTube). I would use Brave (for now) as my Facebook/Messenger/WhatsApp browser (just because), and would consider using Vivaldi as the browser for the rest (just because I have been considering trying it out, so why not...)

But is that really necessary? Are third-party tracker blockers, combined with ad blockers, sufficient to prevent Google and Facebook from knowing where you surf the internet, or not?

I can see that browser isolation would definitely change browsing habits significantly: for instance, instead of just clicking on a YouTube link on this very forum, I would need to copy the URL, and either open, or go to, the Google Chrome browser in order to paste it in and view it. Inversely, while checking my emails on the gmail web interface, if I want to follow a link from an email, I would need to again copy the URL, and this time go into my all-purpose browser (Vivaldi, in the example named above) and paste the URL into it to go and read the web page. As for the Facebook browser (Brave, in my example above), I can't help but think that even if I wanted to follow up on a link from a post into the "all-purpose" browser, FB would still track things, because of the way the URL is constituted. Well, I'm looking for examples of links that point to outside FB, but can only find some that point to other FB pages. I do seem to remember (or misremember?) links that would take you outside of FB, and if you clicked on them, you would get an intermediary page which asked if you really wanted to leave FB, before taking you to the page in question, if you clicked yes... I'm pretty sure there's a form of tracking involved there, and it would not matter whether I clicked on the link, or copied it and pasted it into a different browser, I am convinced I would still be tracked.



So, do you think browser isolation would work? Would it be worth the hassle of learning new habits? Or are third party tracker blockers sufficient to keep your browsing from becoming tracked by Google, Facebook, et al.?
User avatar
lake_wrangler
Posts: 4300
Joined: Sun Aug 05, 2012 8:16 am
Location: Laval, Québec, Canada

Re: Online security/privacy -- Question: phones

Post by lake_wrangler »

What about phones? Would having an Android phone downright invalidate any effort you make on your desktop/laptop to keep your privacy?

What if you barely use the phone's browsers for internet surfing? I have followed links from my workers' union before (sent from text messages). I have gone on a college website for their COVID questionnaire, which would then send me a confirmation via email that I was allowed to get into the school that day (which I needed in order to go to the bathroom, as the school was where the bus line ended...). I have done a web search to look for something a co-worker was telling me about. But other than that, I don't generally use the phone for internet browsing. I find the small screen to be too inconvenient for that purpose. I prefer to go online at home, or at least use a laptop or my Dell tablet (comparable to an MS Surface device), if going online while not at home.

I hardly use gmail on the phone, and only if I need to check on a confirmation email about something. Incidentally, I do find it unsettling to go into the gmail app, and find a notification at the top saying that I had not opened any email from such and such in over a month, and asking if I wanted to unsubscribe...

I do use my phone with apps such as PayPal make regular payments to someone (but no other online payments through the phone), I use my bank's Android app to check on my bank account balance and sometimes transfer funds between accounts. I use my credit card's app to check on my balance there, too.

I also use Google maps when looking for something/some store, but I do not use it for GPS driving.

I do not use the FB app, I only check FB on my computer. But I do use the FB Messenger and WhatsApp.



I do like the idea of Linux phones, as well as the de-Googled phones, which I had known about for a while. But would they be worth switching over? What would I have to give up in order to do so?
Last edited by lake_wrangler on Sat Feb 20, 2021 7:12 pm, edited 1 time in total.
User avatar
lake_wrangler
Posts: 4300
Joined: Sun Aug 05, 2012 8:16 am
Location: Laval, Québec, Canada

Re: Online security/privacy -- Question: home network

Post by lake_wrangler »

This year, I hope to be able to somehow make myself a NAS for my home network, which would allow me to stream media across multiple platforms across the house, as well as give me a second copy of my data (i.e. my main computer and the NAS would be separate, so I would have a backup of my data.) Until now, I have kept my data copied on two separate drives on the same computer, but not on a separate computer. Ideally, I would love to have another computer at a friend's place, with yet another copy of my data there. But budget constraints will make it a while before I can do so. I could also use either the NAS or the computer at my friend's place (if I ever manage to get one there) as a cloud server, possibly using NextCloud, or at the very least, use Syncthing (something which was also suggested in these very forums, actually.)

I do use a VPN on my computers, but at the computer level. And sometimes, Netflix would work just fine, while at other times, I had to suspend the VPN in order to start a movie, and then I would be able to connect to the VPN again, while the movie would continue to play all along. So far, there are only three devices at home that use the VPN: my computer, my tablet, and my phone, each with its own VPN client and connection. My router itself is un-VPN'ed. It is, in fact, a router provided for free by my internet provider.

I may, at some point, get one or more devices like Raspberry Pi computers in the house, one of which (or a model similar and perhaps more powerful) would serve as a home theater unit in the living room.


Would I end up with sufficient number of devices that I would need the router to host the VPN connection? (Most VPN companies limit the number of devices allowed per subscription level) If I get too many devices for my VPN account, I can see that I would be needing it on the router. If so, would it be worth adding Pi-hole to such a router at the same time? Has anyone here used Pi-hole before? Anyone know how difficult it is to install and configure?

Are Powerline units the best way to get network coverage throughout the house? How difficult would it be to get network cable to different places in the house? How destructive would that process be? (I.e. how much remodeling/wall repair would be necessary once it was done?)

Would a Mesh Network be more efficient? Is wi-fi nowadays fast enough to allow streaming seamlessly on a sufficiently powerful device, or is wired access still preferable?

Are there other concerns I should have, if wanting to improve the network coverage across the house?
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: Online security/privacy -- Question: home network

Post by Dave »

lake_wrangler wrote: Sat Feb 20, 2021 7:12 pm Would I end up with sufficient number of devices that I would need the router to host the VPN connection? (Most VPN companies limit the number of devices allowed per subscription level)
That's going to depend on the provider, I imagine.

The disadvantage to having the router run the VPN, is that you may end up with a VPN-management problem on the router. Depending on what you're trying to access, you may find that you need different VPN settings (or a bypass-the-VPN switch) on a per-client basis. That might be harder to control than what you're doing now.
Are Powerline units the best way to get network coverage throughout the house? How difficult would it be to get network cable to different places in the house? How destructive would that process be? (I.e. how much remodeling/wall repair would be necessary once it was done?)
I think you have at least three options for wired in-house connections: Ethernet (Cat-5 or -6), powerline, or 75-ohm coax.
  • Adding Ethernet could range from pretty-easy, to horrendous-and-damaging, depending largely on your home's construction style and on access to crawl spaces and attics and so forth, and on whether you want the installation to be mostly-hidden or are comfortable with having visible wires and holes. You'd need to add outlet boxes (either in-wall or surface-mounted), drill holes to run the wires through the floor or walls or ceiling, and bring wires from the various rooms back to a central location where you can install an Ethernet switch. It's possible to daisy-chain switches e.g. one small switch per room, with a cable between rooms.
  • Powerline - mostly plug-in-and-play. Range and dependability may vary based on electrical interference on the power line.
  • Coax - if you home has antenna wiring to the various rooms, and these wires go to a central distribution point, then this could be a good approach. The technology is called MoCa - MoCa adapters are basically Ethernet-to-RF-on-the-cable bridges. You'd need one MoCa adapter per device (including the router). Some MoCa systems can co-exist with cable-TV or satellite-TV signals on the same cables.
Would a Mesh Network be more efficient? Is wi-fi nowadays fast enough to allow streaming seamlessly on a sufficiently powerful device, or is wired access still preferable?
It's probably worth trying, although in general I believe the reliability and robustness are not as good as a wired solution. Each packet has to go over the air twice, and thus there's additional latency and more opportunity for interference. You can probably figure that meshing cuts your bandwidth in half, or worse. I'd recommend a wired system (with two or more WiFi access points if you want full-house coverage) over a purely-wireless solution.

As it happens, I just helped a friend set up a simple mesh at his property today. He has two houses a hundred feet or so apart and wanted to extend WiFi to the new (larger) house, and hasn't had time to trench and run a proper cable yet. At my suggestion he bought a couple of TP-Link wireless routers, which do support WDS. We set up one (in the older "little house") where his Internet feed comes in - it's configured normally. The other, in the "big house", I set up in WDS mode. The two routers do seem to "see" each other with decent signal quality.

Once it was set up properly, it seems to work nicely - the two form a single WiFi network, devices roam back and forth seamlessly. The good news is that a speed test from the "big house" gave results just about as good as in the "little house" - the extra wireless hop isn't hurting things. However, this isn't a difficult test of the system, as his Internet feed is only giving about 6 megabits. Good enough to browse; we'll have to see if it's good enough to stream.

At my house, I use a wired system - Internet termination (fiber) and a Linux-based router/firewall/server in the garage, Ethernet cables strung along various eaves and under the house (drilled up into the walls to install outlets in a couple of places), and two WiFi routers in "access point" mode to provide good overall coverage.

As far as VPNs go, I do use 'em somewhat - mostly to provide secure access to my home system and servers when I'm "out and about" using public or convenience access. I don't use a commercial VPN provider - I have both OpenVPN and WireGuard running on my home-router gateway, and on a couple of virtual personal servers I have hosted in data centers.
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: Online security/privacy

Post by Dave »

Slight followup to the above, on the subject of Pi-Hole for ad and malware and tracker blocking...

I haven't used it. Hadn't even heard of it before you asked. I investigated, and find that it's based on a fairly straight-forward extension to the usual DNS name-server systems (such as the ISC Bind package used on most Linux systems). The zone files themselves can be downloaded independently from Pi-Hole itself, and so can be used on any nameserver.

It took only a few minutes to download a set, set up a script to update it weekly, and configure my home network's DNS server to use the black-hole list in addition to the other zones I've set up. Voila... DNS blacklisting/blocking, with no additional hardware expense.

I'll have to play with it for a few days to see if there are any unexpected side effects (i.e. zones that I need to whitelist for one reason or another).
Post Reply