-- Leo's gemini proxy
-- Connecting to gmi.noulin.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
date: 2023-02-27 10:58:36
categories: privacy
firstPublishDate: 2021-07-30 13:20:47
Opensnitch is an application level firewall, it shows connections made by applications and helps protecting privacy. It is clone of Littesnitch for macOS (paid app, there is a free alternative
that has about the same features).
It allows monitoring and blocking unnecessary or suspicious connections by creating firewall rules in the GUI. I use it to monitor firefox and change my configuration.
I don't use chrome in general but according to this article
, it also makes unwanted connections.
Install it with apt:
apt-get install opensnitch python3-opensnitch-ui
Download the prebuilt deb packages: daemon and GUI
Then run:
dpkg -i opensnitch_1.4.0.rc-1_amd64.deb dpkg -i python3-opensnitch-ui_1.4.0.rc-1_all.deb apt-get -f install opensnitch-ui
Opensnitch gave me a list of domains firefox is connecting to and I went to check how these domains are used and decided whether I want to block them.
content-signature-2.cdn.mozilla.net: This is used for securing firefox public services.
location.services.mozilla.com: Useless service for me
ocsp.digicert.com: Check certificate validity.
safebrowsing.googleapis.com: Used to flag malicious sites (disabled with the preference "Block dangerous and deceptive content")
push.services.mozilla.com: Push service
shavar.services.mozilla.com: is used to update the list of trackers that are getting blocked when tracking protection is turned on.
ocsp.pki.goog: Check certificate validity.
ocsp.godaddy.com: Check certificate validity
Then I changed my firefox configuration ('about:config') like this:
extensions.blocklist.enabled false: I don't need that after I have installed my extensions
in Preferences > Privacy & Security > Disable Block dangerous and deceptive content: I browse websites I trust.
app.normandy.enabled false: I don't want to test new features.
dom.push.enabled false: I don't need that
services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled false
services.sync.prefs.sync.privacy.trackingprotection.enabled false
services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled false
services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled false
Mozilla has a page showing
.
I block the OCSP servers because I browse to reliable and trustworthy websites and I think it is privacy invasion. I wish there was an alternative solution with the certificate validity checks done in the client.
hashtags: #privacy
-- Response ended
-- Page fetched on Tue May 21 14:09:20 2024