Yeah it's very sad the current state of privacy, only 1 solution left. Sad
Can we talk about online privacy and anonymity again?
- Thread starter Kongo
- Start date
- Featured
Please provide comments and solutions that are helpful to the author of this topic.
There are more but Graphene is the easiest to implement. The others are Ad-HocYeah it's very sad the current state of privacy, only 1 solution left. Sad
I personally do sufficient opsec to be a difficult but not impossible target. You don't want to hand your information on a golden platter but you also don't want to become a hermit since both ends of the spectrum are not good. 3rd party companies have lost US identities endless of times to a point where anyone can be anyone if you have the $$$. So I am not going to pull my hair out masking my every move. I will just mask sufficient amount that I won't be an easy script kiddie target.
send me a DM and I'll tell you the other two if you want to freeze those nasty ones too.
Blocking the most common trackers is all I really care about, and I don't mind some ads. Either µBO, UBOL, Privacy Badger or just the browser's built-in anti-tracking are enough for me.
I took a step or two down that rabbit hole some years ago and came back up. Smooth, simple sailing since then.
I have no idea (as a European) what you wrote. BUT it seems to me that everything that you wrote is illegal in the EU.semi-related longer than usual story. I was shopping for a car, had a good experience and decided yes at the dealership. My FICO (credit score) is excellent, but of course I have THE 3 credit agency reports (CRA) frozen (combo security and privacy). Dealer uses 1 bank nationwide (call it Bank A), very low rate, dealer submits short form application, me forgetting my credit reports are frozen.Bank A is stymied. I manage to unfreeze Equifax over the phone at the dealer, but it took about 30 mins. All good, dealer says please take the car home this afternoon. Later that night I re-freeze my credit reports. One month later, I get a letter from Bank Z, we could not get a score from Equifax, so we contacted fallback 2d-tier credit agency (not one of the three everyone knows) in a city 1000 miles away which has no credit history for you, and gave you the lowest score possible, loan declined. I'm thinking WTF, how did Bank Z get involved, and is someone impersonating me, same transction / different transaction (identity theft), and is my credit score now all mucked up??? Apparently car loans and perhaps other financial products, car dealer uses a 3d-party agency to process the car loan, and in addition to the primary bank, they do some sort of shotgun approach and submit it to other banks undisclosed to you the buyer. So if you have your big 3 credit reports frozen, the money men can bypass the normal sources of info. So digging deeper, I understand there are two other secondary fallback agencies that nobody ever hears about absent this type of experience, and now I have those two 2d-tier CRA frozen too. Federal law (US) gives you the right to freeze your credit reports to help protect against identity theft. So I like my new car, I have my low interest loan at Bank A since day 1, now have 5 credit reports frozen, and it appears the big 3 CRA have no record of this funky transaction. (side story -- about 3 years ago, someone sucked $8000 from my brother's bank account and he's a Ludite, doesn't even have smart phone! __it happens! (can happen).
On the computer, I use a vpn about half the time, ubo, standard stuff...
Last edited:
It may not be the case elsewhere, but an FTC investigation found that American ISPs collect more comprehensive data about our personal, digital lives than ad platforms and casually monetize it all through third parties: Internet Service Providers Are Collecting — And Sharing — Vast Amounts Of Information About Customers, FTC Report Finds
- FTC Chair Lina Khan stated that internet service providers are collecting a “staggering” amount of data about consumers, enabled by their expansion into cable services and entertainment content production.
- The FTC found that some providers engaged in “several troubling” data collection practices, including categorizing consumers by race and sexual orientation for targeted advertisements, and sharing real-time location data with third parties.
- Khan noted, "The report found that even in instances where internet service providers purported to offer customers some choice with respect to how their data was collected or used, in practice users were often thwarted by design decisions that made it complicated, difficult or near impossible to actually escape persistent tracking."
This thread highlights a common fundamental error in cybersecurity discussions, the conflation of Privacy (nobody sees what I do) with Anonymity (nobody knows who I am).
Analysis of the Discussion
The thread indicates a spectrum of approaches, ranging from nihilism to tool-reliance.
Recommended "Sanity" Strategy
You cannot fix a behavioral problem with a software solution. Define your Threat Model first.
1. Compartmentalization (The Browser Strategy)
Use one browser (e.g., Firefox/LibreWolf) strictly for "Anonymity" (Browsing without login).
Use a separate browser (e.g., Chrome/Edge) strictly for "Identity" (Banking, Social Media, Email). Never cross the streams.
2. Network Hygiene
Use a VPN to blind your ISP, but assume the VPN provider can see your traffic.
Use `DNS over HTTPS (DoH)` to prevent local eavesdropping.
3. Sanity Check
Run a fingerprinting test. If your configuration makes you "Unique among 250,000 users," your privacy extensions are actually serving as a tracking beacon.
Closing
User @cartaphilus summarized the realistic SOC analyst approach best, "I personally do sufficient opsec to be a difficult but not impossible target." Perfection is the enemy of good security. Do not try to disappear, just don't be the lowest hanging fruit.
Analysis of the Discussion
The thread indicates a spectrum of approaches, ranging from nihilism to tool-reliance.
Recommended "Sanity" Strategy
You cannot fix a behavioral problem with a software solution. Define your Threat Model first.
1. Compartmentalization (The Browser Strategy)
Use one browser (e.g., Firefox/LibreWolf) strictly for "Anonymity" (Browsing without login).
Use a separate browser (e.g., Chrome/Edge) strictly for "Identity" (Banking, Social Media, Email). Never cross the streams.
2. Network Hygiene
Use a VPN to blind your ISP, but assume the VPN provider can see your traffic.
Use `DNS over HTTPS (DoH)` to prevent local eavesdropping.
3. Sanity Check
Run a fingerprinting test. If your configuration makes you "Unique among 250,000 users," your privacy extensions are actually serving as a tracking beacon.
Closing
User @cartaphilus summarized the realistic SOC analyst approach best, "I personally do sufficient opsec to be a difficult but not impossible target." Perfection is the enemy of good security. Do not try to disappear, just don't be the lowest hanging fruit.
I votes for 'I use the bare minimum of extensions and third-party software to preserve my security!' - Now In the physical realm of life I'm 6 feet 5 ins tall, so i know all about not being able to blend in as its simply not possible, I also know because of that unalterable fact its also possible not to make a fuss, & if I have to make a point to someone I usually sit down & or back away so as not to intimidate - Adding that info into the internet, if I make every effort on the net to conceal myself that itself shows me up as being there, so I use wise practice, I don't use any so called social media, I use a good (i think VPN) & keep a low profile thereby not attracting attention, looking around at others around me I do feel I'm probably on the right track, & likely not the first target for anyone - I use a minimum of extensions as I never know the honestly of each writer, it seems to work so far but I'm always open to change as that is the only constant of life, change...
Last edited:
I have no idea about EU law, but it is technically not illegal for the "agent" working with car dealership to shotgun the application, (my limited understanding US law) although it is lame and not transparent. In US everyone is a consumer/product.
At least now, if you ask for a credit freeze CRA have to compy at no cost to consumer.For security: update and stick to official repo's (and when older versions keep security updates I don't mind lagging a few versions).
For privacy: implement the easy tweaks, run with minimal extensions (open source from reputable developers only) and most important don't provide your data to one company, e.g when using android disable personal add ID, remove or disable Google related stuff as much as possible, use another browser and search engine, disable location tracking don't use Google maps but maps.me etcetera (there is really a lot you can do without sacrificing convience).
So minimize your digital footprint as far as the point of convenience allows and don't provide your data to 1 company is what works best for me.
As an example I do use Google mail too bridge email and sync agenda's in thunderbird because it is convenient.
But having an Android phone I opted for Linux on a decent more expensive laptop in stead of buying a Chromebook. No matter how great, secure, easy and cheap they are.
EDIT: reworded my explanation because the member I am ignoring is more convergent OS-wise and might be triggered by my divergent OS-approach
For privacy: implement the easy tweaks, run with minimal extensions (open source from reputable developers only) and most important don't provide your data to one company, e.g when using android disable personal add ID, remove or disable Google related stuff as much as possible, use another browser and search engine, disable location tracking don't use Google maps but maps.me etcetera (there is really a lot you can do without sacrificing convience).
So minimize your digital footprint as far as the point of convenience allows and don't provide your data to 1 company is what works best for me.
As an example I do use Google mail too bridge email and sync agenda's in thunderbird because it is convenient.
But having an Android phone I opted for Linux on a decent more expensive laptop in stead of buying a Chromebook. No matter how great, secure, easy and cheap they are.
EDIT: reworded my explanation because the member I am ignoring is more convergent OS-wise and might be triggered by my divergent OS-approach
Last edited:
Just for one second, think about what you just wrote here. The same company that governs one does so with the other. The amount of privacy is the same for either, so if you already have one...
See where I'm going with that. Then let's be serious about privacy as if it actually exists. Maybe if you air gap your device and play solitaire all night while sipping margaritas.
Last edited:
Given "eyes nations",
and the point that anti-fingerprinting features, etc., might entail monthly charges and/or browsing slowdown, etc., that I need to give info in some sites to buy or pay for things or do business, that hardening the system might cause it not to function properly, and that several apps I need and want don't run or run well in other systems, I decided to use the ff. for Win 11 Pro:
Hellzerg and Sparkle Optimizers
Adguard (got the cheap lifetime sub deal), and if it doesn't work in some cases, disable it and enable uBlock Origin in the browser
Firefox with multi-account containers
DNSJumper to switch to whatever free DNS is fast, with Cloudlfare Warp used for some sites that don't load (a problem with the local ISP).
and the point that anti-fingerprinting features, etc., might entail monthly charges and/or browsing slowdown, etc., that I need to give info in some sites to buy or pay for things or do business, that hardening the system might cause it not to function properly, and that several apps I need and want don't run or run well in other systems, I decided to use the ff. for Win 11 Pro:
Hellzerg and Sparkle Optimizers
Adguard (got the cheap lifetime sub deal), and if it doesn't work in some cases, disable it and enable uBlock Origin in the browser
Firefox with multi-account containers
DNSJumper to switch to whatever free DNS is fast, with Cloudlfare Warp used for some sites that don't load (a problem with the local ISP).
i am glad i haven't fell in the pi-hole or adguard home rabbit hole yet! But i still find myself watching YouTube video's about them! Feel the time might be coming soon...
It "expectedly" works against Firefox and Edge, unfortunately. It doesn't work against Tor.
I wonder if Brave (in its default configuration) and Firefox with its new anti-fingerprinting feature (with some implementations likely taken from Tor) would do any better.
Firefox doesn't really have a "new" anti-fingerprinting protection. At least it's not as innovative as it sounds. It's just easier to apply within the browser now, without playing around with about:config. Firefox has most of the Tor protections for multiple years now, but they can only be applied in about:config. Not in the standard settings tab. So yea, it's new for standard users and the protection is just easier to apply.
Thanks for making me try harder. It turns out that even my ESR default config (Enhanced Tracking Protection on) in private windows works against this if I change the IP via the VPN. It doesn't work if I’m not using a private windows and doesn’t work if I don't change the IP. I guess Tor's implementations at work!
You may also like...
-
Are there any apps that assist with automatic identity and privacy management?- Started by AyushSarvr47
- Replies: 1
-
Moxie Marlinspike has a privacy-conscious alternative to ChatGPT- Started by Miravi
- Replies: 3
-
🕯️ Privacy Is Dead. Do We Mourn It or Clone It? Digital rites for a post-secret age- Started by Halp2001
- Replies: 31
-
Is Paid VPN Still Worth It in 2025 – Or Are We Wasting Money?- Started by Bot
- Replies: 17
