I want this post to focus on browsing the web anonymously more-so then
pointing out which browsers you should be using, or which VPN provider is the
best, etc. I will go into a few small details about browsers, but how you use
them usually has the most positive vs negative effect on privacy and
anonymity.
I believe being anonymous on the web should be viewed from a human
perspective, and not from a technology one. If you are posting personal
information, photos, and everything about your daily life and activities,
changing web browsers won't fix your privacy or anonymity issues. You need to
stop posting personal information, and use different usernames and passwords
for various services.
Using various web services and staying anonymous is very difficult. You will
need at least two browsers available, one to use for various services where
you are known (banking and such), and one for everything else. You will also
need to not login to services, don't "Remember This Device", and be extremely
mindful of what you install, write, submit, post, tweet, reply to social
media and the internet as a whole.
:: Operating System
I want to make something clear, I do not care what Operating System you run.
It does not matter if your running Linux, Windows, Mac, or FreeBSD. Anyone
using any OS has the right to privacy and anonymity. If somebody is using
Linux and posts daily about personal details, they are far more targetable
then somebody running Windows and not doing such activities.
I highly suggest the use of container Virtual Machines for various tasks
though, such as one for secure, private web browsing, one for general testing
of software and other small tasks and another for specific work tasks. There
are a good amount of free or open-source VM hypervisor applications you can
install on any Operating System.
I also suggest a good software firewall to control what applications are
talking to the network. The firewall should be installed on your computer as
well as any and all VMs that are talking to the network or internet.
Along with a software firewall controlling which applications are allowed to
talk to the network and/or Internet, you should have a hardware firewall
protecting the incoming and outgoing traffic for the network as well.
:: Virtual Machines (VMs)
The correct use of a VM to do tasks, is that these actions are not performed
directly on your computer which is referred to as the "host" in VM terms.
Anything done in a VM is contained inside that VM as far as disk activity,
files, and hardware. Networking on the other hand, depending how you set it
up can still have issues, not so much with privacy but protections if your
testing public software or binaries that may contain malicious code.
I will make an article in the future on installing some VM applications and
then the installation of various Operating Systems within them. For now the
following list can help you get started.
VirtualBox
::https://www.virtualbox.org/
VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for
enterprise as well as home use.
VMware Workstation Player
::https://www.vmware.com/products/workstation-player.html
Easily run multiple operating systems as virtual machines on your Windows or
Linux PC with VMware Workstation Player.
Hyper-V
Hyper-V requires a Education, Professional, or Enterprise version of Windows
10 and allows you to create VMs directly via Windows. I don't recommend
Hyper-V as it requires some special setups in some cases and is very tightly
integrated into the base host Operating System.
Others
There are many other projects that provide virtual machine functions or
similar that still achieve the desired goal of containerization.
Bochs, QEMU, Xen, Windows Sandbox, Sandboxie
:: Software Firewall
I'm not talking about your hardware firewall, router, or internet gateway
here. I'm speaking about a software firewall. One that you can install on
your computer and inside your various Virtual Machines. I personally use
TinyWall on all my Windows hosts and VMs. This allows me to pick and choose
very specific programs that are allowed to speak to the network and
internet. It's extremely small and generally stays out of my way until I
need it.
If you are using an anti-virus solution on your machine, you might already
have one.
Which ever firewall you choose, including one with AV or not, just give it a
look and check the settings. Block any programs that don't need to use the
internet. Most programs do not need internet connectivity to correctly
operate. You might also find one or two programs that are communicating
non-stop submitting data for some unknown reason that is unnecessary.
While installing the firewall software might be easy, tweaking and setting up
the firewall will take a little more time. Some firewalls might automatically
unblock "system files" for you, something you might not want unblocked if you
wish to block Windows reaching out to random Microsoft servers. I recommend
starting from a blank state, unblock your browsers and then watch the logs
the firewall makes. Unblock only specific applications, and services.
You will also want to keep an eye on the firewall settings and how your OS
updates itself, as well as any programs throwing errors that you wish to
allow internet access to, then allow those specific programs as well.
:: VPN
It seems everywhere on the internet you read, watch or listen has an
advertisement for some VPN service. They are everywhere. Lets ignore the fact
for the moment that almost all VPN services are owned by the same five parent
companies.
When you use a VPN, you are indeed protecting your traffic from your ISP and
in-turn the local coffee shop wireless connection. But remember that your
traffic passes through servers owned by one of the VPN companies above. If
your goal is hiding traffic from your ISP that's great, but your traffic is
now (mostly) viewable by the VPN provider and they may or may not have more
or less strict controls as your ISP.
This is where TOR comes into the scene. Your ISP will know you are using TOR
without a VPN. You also don't want your VPN provider seeing any traffic
either. So you use a VPN and use the TOR Browser (or binary if you are in
need of a SOCKS5 proxy). Mixing both a VPN and TOR will prevent the above
situation.
In my opinion you should never use TOR without a VPN because of the statement
above. Which VPN you use does not matter, you could even run your own VPN
service as long as the IP you are connecting to TOR with, is not yours.
The only use I have for a VPN provider is P2P traffic (Torrents) and using
TOR. To me there is no other reason to use a VPN. Every VPN provider will
scream privacy and security, but the reality is that they themselves have the
ability to view your traffic flowing across their infrastructure. When using a
VPN for web browsing, always use TOR.
As an aside I will note that if you are going for extreme privacy, you don't
want to ever use your own self-hosted VPN servers. The more random traffic
(other users) leaving a server containing your traffic is much harder to
observe. You need to blend into the 'normal' as much as possible. This
prevents you being singled out as the only user with
$specific_identifiable_property coming from a specific server/address.
If you are using VMs, you should install your VPN client inside of the VM.
This will allow you to control traffic easier, but may be dependent on how you
setup your VM networking.
:: Email Providers
Which ever provider you use is your choice. Do note that there are some
exceptions to the privacy rule with many providers. If your reading this,
you probably already know how bad Google is at information gathering. This is
not limited with their Chrome browser or Google search engine. They also read
every email you receive and send.
Google is not the only provider doing this, I'm sure that Hotmail/Live
(Outlook.com) by Microsoft is doing this as well. How deep this goes with
their business/enterprise products is to be seen, but there is a high
probability they are being read as well. (Welcome to the cloud...)
When it comes to email, many people flock to services like Protonmail and such
which is probably better then using other public mail services. At the end of
the day, email is used for so much personal data that the only result I can
come to is self-hosting your email services, but this is not always a simple
task and will require it's own post in the future.
:: Fake Email Generators
Giving out your email to various services simply to download a file, or
continue through some process that is not permanent is something that really
gets to me. Why do you need my email address to download a file? It's purely
for marketing purposes.
This issue has already been addressed with simple fake email generators. My
current go-to is EmailGenerator.org as you do not need to give a forwarding
address to get the email. The page is dynamic and nothing more is needed.
There are many fake email generator services out there, just throw the search
in your favorite search engine and give it a go.
Do note that there are many sites and services that block these fake email
generator links, instead wanting specific email domains. If you can, find a
different service and don't give them the pleasure of spamming your mailbox.
:: Browsers
My thoughts on browsers to use when you need to go private, or generally don't
want to leak information.
- Brave
Brave does offer a built in TOR private browsing mode which is a nice touch.
But there are already faults with the Brave TOR browsing mode, such as the
previous link showing a DNS leak of Onion addresses. If you already use Brave
as a non-anonymous browser and still want to use TOR, just use the TOR Browser
Bundle.
That being said, using Brave with Brave Rewards enabled would not be very
anonymous or private. So if you are using the Brave Rewards system, I
recommend using a different browser when you wish to be "anonymous". The real
issue regarding Brave and the BAT system is Uphold, the company that works
with the BAT cryptocurrency. Just let us get Ethereum, Bitcoin, or something
anonymously.
- Chrome
Chrome is built and distributed by Google. Google is a marketing and search
company. Google loves data. The fact is that Chrome collects more data than
any of the other browsers and I do not suggest using Chrome for any private
browsing needs or even daily driver needs. There are many other browsers using
the Chromium (Chromium is not Chrome...Mostly) source code like Brave, Edge,
and Vivaldi. These may also present their own privacy issues.
I don't need to continue telling you how much personal data Chrome reports to
Google. This would be the one browser I would stay away from.
- Chromium
Chromium is the free and open-source code base that serves as the initial
build for a wide variety of browsers such as Vivaldi, Edge, Opera, and Brave.
Chromium is sometimes called "de-bloated Chrome". The browser is still
dependent on Google pushing the source code, updates, patches, etc. There are
also multiple reports of Chromium "calling home" to Google servers.
I would not use Chromium directly instead use one of its' modified forks;
Ungoogled Chromium, Brave, or others. But remember, these all share the base
source code with Chromium, if Google changes to block addons, or other
features these browsers may have to just suck it up.
- Firefox
Firefox is the open-source browser from Mozilla. It's very popular right next
to Chrome for most people. As far as privacy goes, we already know it leaks
data to Mozilla. This setting can be disabled by choosing Disable
"Contextual suggestions" and "Include occasional sponsored suggestions" in the
settings to stop Firefox from sending data to Mozilla. (Possible there are
more settings needed, or it might not be possible to stop all data.)
On the topic of being private, the Mozilla team has done some odd things (why
are they getting political?), Firefox is still highly touted as being a
privacy respecting browser. That being said, Firefox includes a unique
download token in downloads from Mozilla's website and uses telemetry in
Firefox to send the token. The token is not included in releases from the
Mozilla FTP server.
- TOR Browser
TOR Browser uses the TOR network, bouncing your connection around a series of
"hops" before leaving an "exit node" so your data cannot be tracked back to
your machine. This process is not entirely perfect as your ISP can see you are
using TOR, but cannot see the traffic inside its' tunnels. I recommend using a
VPN with the TOR Browser to get a more complete solution.
This is the second browser you should use for private, anonymous browsing.
While you can use it for everything if you can deal with slower loading pages,
most banking and other secure sites will probably reject connections via TOR.
Also remember how to you use the TOR Browser matters. You cannot load every
Javascript file that comes across, every HTML5 applet, etc.
- Waterfox
Waterfox is currently my go to for everyday banking, and secure sites. Being a
fork of Firefox the browser can load any addons for Firefox and specific
versions of Waterfox can still load all the older Firefox addons as well.
The issue I have with Waterfox now is that it is owned by System1, an
advertising company. I don't believe anything has been added to the browser as
far as tracking, adware, spyware or telemetry. I will be keeping an eye on
updates.
:: Browser Plugins
Most browsers allow a multitude of plugins to be installed. These can help us
with privacy and keeping as anonymous as possible while browsing the web.
Remember that while most plugins are good, there are some that could make your
situation worse by leaking data or being outright malicious by sending your
browsing habits or browser fingerprints to remote servers operated by various
plugin developers, usually owned by advertising companies.
- uBlock Origin
uBlock Origin is a free and open-source, cross-platform browser extension for
content filtering primarily aimed at neutralizing privacy invasion in an
efficient, user-friendly method. It is available for Chrome, Firefox (and
forks) Browsers, Edge, and Opera.
- HTTPS Everywhere
HTTPS Everywhere is a plugin that attempts to force HTTPS connections on all
websites you visit. I don't think this plugin is really needed anymore, most
browsers that I have tested already have this built in. They will all attempt
an HTTPS connection first, and then show a warning when you attempt to connect
to a non-secure server. It is still available for Chrome, Firefox (and forks)
Browsers, Edge, and Opera. Apparently it is already "included" in Brave and
TOR Browser. Waterfox has this built-in as well as a setting called
"HTTPS-Only Mode".
- Privacy Badger
If you are already using uBlock Origin, there is no benefit in using Privacy
Badger alongside it (If I am incorrect in this, let me know). Privacy Badger
seems to co-exist nicely with uBlock Origin but again, I see no benefit.
If your looking to improve your privacy while using uBlock Origin, give
Privacy Possum a try.
- Privacy Possum
Privacy Possum produces false (fake) data that gets offered up to tracking
companies when pages load advertising scripts. It does not block anything,
instead it gives this fake data which is perfect for throwing random garbage
at advertising and tracking companies. Available for Chrome and Firefox.
- SponsorBlock
SponsorBlock is an open-source crowdsourced browser extension and open API
for skipping sponsor segments in YouTube videos. Users submit when a sponsor
happens from the extension, and the extension automatically skips sponsors it
knows about using a privacy preserving query system. It also supports skipping
other categories, such as intros, outros and reminders to subscribe, and
skipping to the point with highlight.
SponsorBlock is great if you are directly viewing videos on YouTube. It does
not seem to work on videos viewed through 3rd party services or proxies to
YouTube like Invidious instances sadly.
I highly recommend SponsorBlock if you are viewing anything on YouTube even if
you are using a redirection addon like Libredirect, as you might have to view
the real YouTube at times.
- Libredirect
Libredirect is an addon that redirects YouTube, Twitter, Instagram, TikTok,
Imgur, and Reddit requests to alternative privacy friendly frontends and
backends.
In one hand I see this as a good thing, on the other your not loading an
official site and some instances could possibly be less privacy focused,
keeping logs and such. The software used by these instances is open-source and
available freely, but can also be modified on the destination server.
Using services other than Reddit, Facebook, Twitter, YouTube, and Google is
always a great way to keep the Internet to its' true intent and keep traffic
away from these companies.
gemini://bbs.archaicbinary.net/blog/internet/2022.04.18-Web Browsing Anonymously.txt