Advanced Security oldschool's surfing laptop configuration

Last updated
Nov 20, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Default | ASR rules | Platform & Engine Beta channel updates
All system-wide Exploit Protections enabled, plus these for Edge & Chrome.
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
NPE
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Chrome | Privacy Badger | Brave Search
Edge | Privacy Badger | Brave Search | Surf profile & secure profile
Chrome flags | Edge flags
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Aomei Backupper Pro Lifetime - Primary
Wiindows Backup & Restore- Secondary image backup
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 16GB RAM 500GB SSD 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
5.7.24 Performed a repair installation via Windows Update. Nice & easy!
6.10.24 Updated to 24H2 OS build 26100.1882
10.10.24 Rolled back to 23H2 due to bugs & performance
16.10.24 Added Chrome browser. Privacy Badger listed as main extension, but I also keep µBO, JShelter and Local CDN installed, not enabled.
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 97327

@oldschool you knew I would be tempted to try JShelter when you asked me 😉 so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project. I tried three websites Ikea.com Youtube and CNN and the FingerPrint Detector warining did reflect the degree of fingerprinting of these websites (I had read it somewhere, don't have the link anymore, but the warning level fitted what I thought I had read about those websites).

1679215420914.png
 
Last edited by a moderator:

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
you knew I would be tempted to try JShelter when you asked me 😉 so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project...

Because the wrapping comes with the cost of performance loss, I tried to lower the settings a little (disabling or lowering settings of tracking mechanisms not commonly used). ... I am happy to report that the warning levels still worked OK. I posted a screen shot of these (compatible mode) settings and the results of the webpages with lowered protection levels.
I created a custom Relaxed Level courtesy of @Kees1958, I believe. I just started using it today:
1679175005183.png1679175091425.png
 
F

ForgottenSeer 97327

@oldschool thanks for your feedback, I changed my mode to litlle lies mode using some oy your settings. I tried how good the FingerPrintDetector is with Javascript Shield OFF and it seems to work OK, without the feedback of the wrappers. Therefore I am running it with JavaShield OFF and a custom level protection called "Little lies mode" for websites with medium risk of fingerprinting and i Use "Recommended mode" for high risk of fingerprinting. This seems (for me) the best balance for no website breakage with protection.

I had a look on JShelter related threads on MT and on Github and can't really understand why Kees1958 was so critical against the authors. For what I understand of the issues on github, they implemented most of critic (only not data base with video cards like Trace and paid version of Cydec Anti_Fingerprinting). The authors even started an evaluation of their protection mechanisms after his critism (see spolier), so I don't understand why Kees1958 stayed so critical in his responses on github and MT.

1679216309229.png

 
Last edited by a moderator:

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
to me I don;t understand why Kees1958 stayed so critical in his responses on github and MT
If I remenber well, Kees 1958 critised the faked elements in the fingerprint spoofing. Nevertheless he used this extension. View Update - JShelter - JavaScript Restrictor
My concern is that JShelter isn't developed anymore.
 
Last edited:
F

ForgottenSeer 97327

@Jan Willy You are correct the EU funding stopped, so probably the development also :( I looked on GitHub, but it seems asleep now (to say it nicely), it uses WebRequest API, so as far as I understand it works okay as long as MV2 is supported.

@oldschool I have blocked access to Motion and Light Sensors in Edge (an option in site permission in all Chomium browsers). And when a website tries to access this API you get a sign in the address bar. I did some testing and it seems that websites trying to fingerprint visitors use this option most of the time (8 out of 10 times when JShelter FingerPrint protector judged that this website tried to track me with fingerprinting, Edge also showed the "this site has been blocked using motion sensors"). So I thank you for attending me on this extension, but I think I will go for the 80% percent next best solution, by using indicator of build-in Edge, because JShelter uses quite some CPU (see spoiler). Nevertheless I learned a lot from using JShelter, so an explicit thank you (y)

1679239918540.png
 
Last edited by a moderator:
F

ForgottenSeer 97327

@oldschool, I have promised myself that I would not change filters for a month, but ... when you would PM of the small privacy filter I would be grateful :)
 
Last edited by a moderator:
  • Like
Reactions: Sorrento

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Some Google services may need whitelisting. Don't know about Chrome updates but I'll keep my eye on this. Here's the link for the No Google fitler list GitHub - nickspaargaren/no-google: Completely block Google and its services He maintains this and has links to other maintainers for:
View attachment 273714
You can leverage these massive corporations without them controlling you. Joining the privacy panic is mind control as well (I know you to be a very reasonable person, just a minor post whiskey point).
 
F

ForgottenSeer 97327

Switched from Quad9 to NextDNS due to it possibly causing slowdown.
Have a look at browserleaks, IP address, DNS leaktest. Resoving from the Netherlands shows some strange Quad9 behavior. It's IPv6 servers are located in France, while its Ipv4 servers are located in the Netherlands. I had some issues with NextDNS (servers in Netherlands sometime felt back to servers in Germany). So I deciced to disable IPv6 in my router and switched to Quad9 (NextDns has one server, Quad has six or seven).

Although IPv6 has some advantages over IPv4 (no NAT, build-in IPSsec and QoS), when you don't have devices requiring IPv6, IPv4 still functions great. In act it is better to use IPv4 only, when you use a VPN for privacy, since most VPN services leak your IPv6 device address.
 
  • Thanks
Reactions: oldschool

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Fanboy's Enhanced Tracking List has some false positives and it hasn't been updated in 2 years.
Thanks, I failed to notice that, but I haven't encountered any issues with it. I'll remove it in any case.
Any specific reason you are using those filter?

I'm asking out of curiosity :)
It's a "light" list setup mostly for annoyances, paywalls, etc. because I use medium mode. This is a spin-off of @Kees1958 method of using minimal lists to minimize problems and easily ID any blockages that need correction. I'm using mostly tracker blocking like @TairikuOkami , which has eliminated virtually all ads.
Here're the reconfigured lists.
1679946721036.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top