A bit out of date but still useful info — just do some research around things to ensure that nothing has since happened to render a recommendation obsolete [1].

I’d recommend AdNauseum over vanilla uBlock Origin myself, but that’s a matter of personal preference — you can’t use it with Google’s Chrome browser … but, if you’re using Chrome you’re probably a lost cause anyway [2].

They don’t mention LocationGuard or TrackMeNot either — which I also recommend.

If there’s one thing I don’t recommend, it’s a password manager — use a sensibly long passphrase and do the first-letter-of-each-word-with number-and-uppercase-substitution-and-punctuation thing and you’re not only good to go but, furthermore, don’t need to worry about what the software is doing behind your back … whether it’s been compromised in any way … whether its algorithms really are all that … what happens if the software/OEM gets sold/goes bankrupt … what to do when your harddrive goes for a Burton so that even if you’ve saved the database to an external storage device you can’t make use of it and are locked out anyway … what happens when you’re not home and can’t, for whatever reason, plug your USB key/CD/DVD/whatever into the only available system due to a hardware issue or OS incompatibility … you get the picture.

VeraCrypt … hmmmmm …

I’m dubious about any Windows based solution in the first place but, in the Past, there was doubt cast over VC’s provenance or even suitability for technical reasons. I can’t find any mention of outrageous faults or major issues in that regard today however, so, my recommendation would still be to use linux and plain dm-crypt (without LUKS) but, if you insist on using a Windows based solution then VC appears to be a halfway decent substitue for TrueCrypt but proceed with caution.

As for PeaZip — by all means use it to archive your files and encrypt them with a password when you do (as, indeed, you always should), but it is not an encryption solution … all archivers do this anyway anyway and what matters is the cryptotech they use, not how many different file formats you’ll never encounter that they can handle.

Right … here we go …

Tor

It’s the granddaddy of them all … an Internet within the Internet … and may have been compromised by the very people who designed it to begin with — to whit, the U.S. Intelligence services.

That aside, however, there’s always the caveat of the entry and exit nodes.

The entry node knows who you are and sees your raw requests — it knows who you are, where you’re going and …if you’re foolish enough to tell it by entering your search terms directly into your browser’s URI/URL bar rather than going to your search engine first and only then entering your search terms … quite possibly/probably what you’re looking for as well.

The exit node (theoretically) doesn’t know who you are, but it knows everything else — where you’re going and, if you’re foolish, why. It also knows how long you lingered on each page … which is just what the team running it need to know in order to identify your unique behavioural fingerprint.

It’s imperfect, may have been subverted … right from the start or, at least, quite early on … horribly slow, often in German and its use marks you out as someone to watch more closely than others — if you’re using it, you must have something to hide.

However, it has a long pedigree … which helps, to some extent, mitigate against it having been subverted at its core rather than simply worked around with clever IPSec, or similar, techniques … and there’s a large community of users, which means more services.

Is it safe?

Well … how long is a piece of string?

I2P

A relative newcomer and, admittedly, I haven’t really made use of it myself and can’t really comment. My non-usage was down to it … originally at least … providing no access to the clearnet and having too small a community for what was on offer to make it worth my while spending time on it. Moreover, constantly switching between it and standard clearnet services and/or Tor was … sooner or later … bound to lead to disaster as I accidentally transferred information from one to the other thus creating a link between me and one or more of the other two … defeating the purpose of the other two and, worse yet, if I didn’t notice, creating a false sense of security on my part — it just didn’t offer enough to outweigh that risk as far as I was concerned.

And a year ago at least, there still weren’t many outproxies on it providing clearnet access.

I2P was intended to be a self-contained darknet and not provide access to the clearnet, so, along with the fact that the low number of outproxies bottlenecks you through a limited number of checkpoints that are easy to monitor in comparison to Tor … even if garlic-routing does, ever so slightly, mitigate that … the focus is not on providing clearnet access in the first place … and I, for one, am somewhat concerned about how long the development cycle is on outproxy tech and how frequent QA testing is done to reveal bugs, flaws etc. [3].

See here for a detailed breakdown of the pros and cons of I2P versus Tor or Freenet — Note, however, that the page hasn’t been updated since November 2016 at this point.

Freenet

Again, I haven’t troubled myself about Freenet for the same reasons I haven’t about I2P — it’s closed and small and I’m not convinced it’s worth increasing the attack surface of my machine for what little it might add.

ZeroNet

Finally, there’s the upstart ZeroNet.

….

The Silk Road was shut down [5] and I never had any use for it myself, let alone would be an apologist for it, but why someone wishes to remain anonymous … or at least maintain greater privacy … whilst on the Internet/Web is not the issue here — as far as I’m concerned, if you have nothing to hide … it’s nobody else’s damn business.

So … although this was written for SR users the technical and security/privacy issue outlined here is as relevant to you or your grandmother as it is to an underworld ne’erdowell.

Diaspora would be my choice but there’s no point being concerned about privacy and then leaving all your data in the hands of someone else … you might as well stick to Facebook in that case … so you want to run your own Pod, not join someone else’s.

Friendica … I’ve yet to investigate it, so take my comments here with a huge pinch of salt at this stage but …

As soon as I see the words “Friendica users can integrate contacts from Facebook, Twitter, Diaspora, GNU social, App.net, Pump.io and other services in their social streams” my heart drops; it’s a bit like the successful pilot in this — he sounds the part but you can’t really be sure he’s not an accident waiting to happen and suspect that he will be.

DNSCrypt is a good idea but do keep an eye out for vulnerabilities — there were critical flaws in the implementation of DNSSec in four versions of Windows as recently as October last year (including Win10 and Server2016) and although the two are different, they are frequently used in tandem, so it’s an idea to keep up with the critical vulnerability announcements as some vulnerabilities only occur as the result of an interaction between different software.

OpenDNS is another alternative.

If you’re really concerned about privacy, you need to stop using Google’s DNS servers and switch to another — OpenDNS, for instance … or Comodo’s.

I don’t understand why Debian is in there.

Sure it’s Open Source and has a reputation for being secure but it isn’t specifically designed with Security and Privacy per se in mind … it’s just a reasonably secure OS in that it’s slow to update, so new flaws aren’t added very frequently and old ones get ironed out over time.

Qubes/Whonix would be my choice, followed by TAILS at a pinch — TAILS isn’t all it’s made out to be and its use on a USB defeats the whole point of it, but if you don’t have the processing grunt for Qubes/Whonix then it’s certainly better than any of the other solutions out there short of rolling up your sleeves and getting down and dirty with Arch/Gentoo and learning an awful lot about more than enough to make your head hurt along the way [6].

I’ve wanted to love Sailfish for so long but … it runs on barely anything … verging on nothing … the Android integration leaves a bit to be desired still … and you can’t expect much support or development from an all but non-existent community.

No idea about CopperheadOS.

LineageOS used to be CyanogenOS/CyanogenMod until the community got upset with Cyanogen Inc. and, if I replace an Android install with anything, it’s with this — although I was tempted by PAC-ROM and rather like the idea of Librem, it’s best to go with something that will have a lot of users and a lot d support, if you’re gonna mod your phone.

OpenWrt/LibreWrt, take your pick … maybe even add LibreMesh to OpenWrt … but, if you’re into hacking your router, you almost certainly don’t need any advice from me anyway ; )

[1] NoScript doesn’t work in Firefox Quantum, for instance.

[2] You probably have a Google account and log in to other services with it and/or, worse yet, you log in to everything with your Facebook ID.

[3] The reason that’s significant is that something as widely used and heavily developed as the Bash shell for linux [4] had a fundamental security flaw hidden in it for 20 years — now … how widely used is I2P again and how many people are there looking into outproxy tech to ensure it remains bug-free and secure … on a platform that was never intended to provide clearnet access in the first place?

[4] It’s the standard shell on almost all linuces and there isn’t an end user in the World who hasn’t, at some time, had to make use of it.

[5] By subverting the Tor network as it happens — by means that have not been idntified as yet, as far as I know … but it involved deanonymising users’ identities via a hidden service that was an FBI honeypot.

[6] Which, unlike me, you won’t do, so stick to Qubes/Whonix or TAILS [7]

[7] Actually, you should probably just opt for TAILS anyway — Qubes/Whonix also requires pretty serious understanding of a lot of low-level stuff that you won’t want to learn either and, if you misconfigure them, you’ll be in a world of hurt in no time … without even realising it until it’s too late and you discover you’ve maxed out all fifty of the Platinum Credit Cards someone kindly obtained in your name in the last six months or so, your home is being repossessed and even selling a lung, a kidney and an eye isn’t gonna begin to cover the costs [8]

[8] Just burn it to CD/DVD, never USB … and never install it to a machine, always run it as a LiveCD/DVD — ignore anyone who tells you it’s okay to install to USB … they’re either worryingly ignorant or, even more worryingly, cavalier about privacy from the start and gambling that the trade-off of security/privacy for convenience will never happen to them/you because … well … look, it just won’t, okay, don’t be paranoid [9].

[9] In which case, why do they even bother with TAILS in the first place?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store