Advanced Security oldschool's 2023 surfing laptop configuration

Last updated
Oct 12, 2023
How it's used?
For home and private use
PC OS
Windows 11
Other PC OS
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
Windows UAC
Always notify
Windows 11 SAC
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Max | Platform & Engine updates - Beta channel
Smart App Control enabled manually
Exploit Protection settings
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I ĀµBO | Disroot
Chrome | ĀµBO | JShelter | Chrome flags | Disroot
Edge | ĀµBO | JShelter |Disroot
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
Mem Reduct
File and Photo backup
Copy/Paste
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
21-3-23 Changed Quad9 to NextDNS
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 97327

@oldschool you knew I would be tempted to try JShelter when you asked me šŸ˜‰ so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project. I tried three websites Ikea.com Youtube and CNN and the FingerPrint Detector warining did reflect the degree of fingerprinting of these websites (I had read it somewhere, don't have the link anymore, but the warning level fitted what I thought I had read about those websites).

1679215420914.png
 
Last edited by a moderator:

oldschool

Level 78
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,741

oldschool

Level 78
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,741
you knew I would be tempted to try JShelter when you asked me šŸ˜‰ so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project...

Because the wrapping comes with the cost of performance loss, I tried to lower the settings a little (disabling or lowering settings of tracking mechanisms not commonly used). ... I am happy to report that the warning levels still worked OK. I posted a screen shot of these (compatible mode) settings and the results of the webpages with lowered protection levels.
I created a custom Relaxed Level courtesy of @Kees1958, I believe. I just started using it today:
1679175005183.png1679175091425.png
 
F

ForgottenSeer 97327

@oldschool thanks for your feedback, I changed my mode to litlle lies mode using some oy your settings. I tried how good the FingerPrintDetector is with Javascript Shield OFF and it seems to work OK, without the feedback of the wrappers. Therefore I am running it with JavaShield OFF and a custom level protection called "Little lies mode" for websites with medium risk of fingerprinting and i Use "Recommended mode" for high risk of fingerprinting. This seems (for me) the best balance for no website breakage with protection.

I had a look on JShelter related threads on MT and on Github and can't really understand why Kees1958 was so critical against the authors. For what I understand of the issues on github, they implemented most of critic (only not data base with video cards like Trace and paid version of Cydec Anti_Fingerprinting). The authors even started an evaluation of their protection mechanisms after his critism (see spolier), so I don't understand why Kees1958 stayed so critical in his responses on github and MT.

1679216309229.png

 
Last edited by a moderator:

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
523
to me I don;t understand why Kees1958 stayed so critical in his responses on github and MT
If I remenber well, Kees 1958 critised the faked elements in the fingerprint spoofing. Nevertheless he used this extension. View Update - JShelter - JavaScript Restrictor
My concern is that JShelter isn't developed anymore.
 
Last edited:
F

ForgottenSeer 97327

@Jan Willy You are correct the EU funding stopped, so probably the development also :( I looked on GitHub, but it seems asleep now (to say it nicely), it uses WebRequest API, so as far as I understand it works okay as long as MV2 is supported.

@oldschool I have blocked access to Motion and Light Sensors in Edge (an option in site permission in all Chomium browsers). And when a website tries to access this API you get a sign in the address bar. I did some testing and it seems that websites trying to fingerprint visitors use this option most of the time (8 out of 10 times when JShelter FingerPrint protector judged that this website tried to track me with fingerprinting, Edge also showed the "this site has been blocked using motion sensors"). So I thank you for attending me on this extension, but I think I will go for the 80% percent next best solution, by using indicator of build-in Edge, because JShelter uses quite some CPU (see spoiler). Nevertheless I learned a lot from using JShelter, so an explicit thank you (y)

1679239918540.png
 
Last edited by a moderator:
F

ForgottenSeer 97327

@oldschool, I have promised myself that I would not change filters for a month, but ... when you would PM of the small privacy filter I would be grateful :)
 
Last edited by a moderator:
  • Like
Reactions: Sorrento

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,666
Some Google services may need whitelisting. Don't know about Chrome updates but I'll keep my eye on this. Here's the link for the No Google fitler list GitHub - nickspaargaren/no-google: Completely block Google and its services He maintains this and has links to other maintainers for:
View attachment 273714
You can leverage these massive corporations without them controlling you. Joining the privacy panic is mind control as well (I know you to be a very reasonable person, just a minor post whiskey point).
 
F

ForgottenSeer 97327

Switched from Quad9 to NextDNS due to it possibly causing slowdown.
Have a look at browserleaks, IP address, DNS leaktest. Resoving from the Netherlands shows some strange Quad9 behavior. It's IPv6 servers are located in France, while its Ipv4 servers are located in the Netherlands. I had some issues with NextDNS (servers in Netherlands sometime felt back to servers in Germany). So I deciced to disable IPv6 in my router and switched to Quad9 (NextDns has one server, Quad has six or seven).

Although IPv6 has some advantages over IPv4 (no NAT, build-in IPSsec and QoS), when you don't have devices requiring IPv6, IPv4 still functions great. In act it is better to use IPv4 only, when you use a VPN for privacy, since most VPN services leak your IPv6 device address.
 
  • Thanks
Reactions: oldschool

oldschool

Level 78
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,741
Fanboy's Enhanced Tracking List has some false positives and it hasn't been updated in 2 years.
Thanks, I failed to notice that, but I haven't encountered any issues with it. I'll remove it in any case.
Any specific reason you are using those filter?

I'm asking out of curiosity :)
It's a "light" list setup mostly for annoyances, paywalls, etc. because I use medium mode. This is a spin-off of @Kees1958 method of using minimal lists to minimize problems and easily ID any blockages that need correction. I'm using mostly tracker blocking like @TairikuOkami , which has eliminated virtually all ads.
Here're the reconfigured lists.
1679946721036.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top