Advanced Security oldschool's surfing laptop configuration

Last updated
Jun 2, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Network firewall
About WiFi router
Provided by ISP
Real-time security
Windows Security | Configured via GPO
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine Beta channel updates
Smart App Control
Exploit Protection settings
SRP - basic disallowed setup
Firewall Hardening
Windows Spy Blocker
Periodic malware scanners
Malware sample testing
I do not participate in malware testing
Environment for malware testing
Browser(s) and extensions
Firefox I µBO | Brave Search
Brave | Brave Search | My settings
Edge | Privacy Badger | Brave Search
Secure DNS
Quad9 DNS
Desktop VPN
Password manager
Maintenance tools
Windows built-in
File and Photo backup
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
7.5.24 Performed a repair installation via Windows Update. Nice & easy!
What I'm looking for?

Looking for minimum feedback.


ForgottenSeer 97327

@oldschool you knew I would be tempted to try JShelter when you asked me 😉 so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project. I tried three websites Youtube and CNN and the FingerPrint Detector warining did reflect the degree of fingerprinting of these websites (I had read it somewhere, don't have the link anymore, but the warning level fitted what I thought I had read about those websites).

Last edited by a moderator:


Level 82
Thread author
Top Poster
Mar 29, 2018


Level 82
Thread author
Top Poster
Mar 29, 2018
you knew I would be tempted to try JShelter when you asked me 😉 so I installed and tried to figure out of what it does. Using recommended with network boundery shield and fingerprint detector ON are the settings advised by the author(s) of this project...

Because the wrapping comes with the cost of performance loss, I tried to lower the settings a little (disabling or lowering settings of tracking mechanisms not commonly used). ... I am happy to report that the warning levels still worked OK. I posted a screen shot of these (compatible mode) settings and the results of the webpages with lowered protection levels.
I created a custom Relaxed Level courtesy of @Kees1958, I believe. I just started using it today:

ForgottenSeer 97327

@oldschool thanks for your feedback, I changed my mode to litlle lies mode using some oy your settings. I tried how good the FingerPrintDetector is with Javascript Shield OFF and it seems to work OK, without the feedback of the wrappers. Therefore I am running it with JavaShield OFF and a custom level protection called "Little lies mode" for websites with medium risk of fingerprinting and i Use "Recommended mode" for high risk of fingerprinting. This seems (for me) the best balance for no website breakage with protection.

I had a look on JShelter related threads on MT and on Github and can't really understand why Kees1958 was so critical against the authors. For what I understand of the issues on github, they implemented most of critic (only not data base with video cards like Trace and paid version of Cydec Anti_Fingerprinting). The authors even started an evaluation of their protection mechanisms after his critism (see spolier), so I don't understand why Kees1958 stayed so critical in his responses on github and MT.


Last edited by a moderator:

Jan Willy

Level 12
Top Poster
Jul 5, 2019
to me I don;t understand why Kees1958 stayed so critical in his responses on github and MT
If I remenber well, Kees 1958 critised the faked elements in the fingerprint spoofing. Nevertheless he used this extension. View Update - JShelter - JavaScript Restrictor
My concern is that JShelter isn't developed anymore.
Last edited:

ForgottenSeer 97327

@Jan Willy You are correct the EU funding stopped, so probably the development also :( I looked on GitHub, but it seems asleep now (to say it nicely), it uses WebRequest API, so as far as I understand it works okay as long as MV2 is supported.

@oldschool I have blocked access to Motion and Light Sensors in Edge (an option in site permission in all Chomium browsers). And when a website tries to access this API you get a sign in the address bar. I did some testing and it seems that websites trying to fingerprint visitors use this option most of the time (8 out of 10 times when JShelter FingerPrint protector judged that this website tried to track me with fingerprinting, Edge also showed the "this site has been blocked using motion sensors"). So I thank you for attending me on this extension, but I think I will go for the 80% percent next best solution, by using indicator of build-in Edge, because JShelter uses quite some CPU (see spoiler). Nevertheless I learned a lot from using JShelter, so an explicit thank you (y)

Last edited by a moderator:

ForgottenSeer 97327

@oldschool, I have promised myself that I would not change filters for a month, but ... when you would PM of the small privacy filter I would be grateful :)
Last edited by a moderator:
  • Like
Reactions: Sorrento


Level 39
Top Poster
Apr 1, 2019
Some Google services may need whitelisting. Don't know about Chrome updates but I'll keep my eye on this. Here's the link for the No Google fitler list GitHub - nickspaargaren/no-google: Completely block Google and its services He maintains this and has links to other maintainers for:
View attachment 273714
You can leverage these massive corporations without them controlling you. Joining the privacy panic is mind control as well (I know you to be a very reasonable person, just a minor post whiskey point).

ForgottenSeer 97327

Switched from Quad9 to NextDNS due to it possibly causing slowdown.
Have a look at browserleaks, IP address, DNS leaktest. Resoving from the Netherlands shows some strange Quad9 behavior. It's IPv6 servers are located in France, while its Ipv4 servers are located in the Netherlands. I had some issues with NextDNS (servers in Netherlands sometime felt back to servers in Germany). So I deciced to disable IPv6 in my router and switched to Quad9 (NextDns has one server, Quad has six or seven).

Although IPv6 has some advantages over IPv4 (no NAT, build-in IPSsec and QoS), when you don't have devices requiring IPv6, IPv4 still functions great. In act it is better to use IPv4 only, when you use a VPN for privacy, since most VPN services leak your IPv6 device address.
  • Thanks
Reactions: oldschool


Level 82
Thread author
Top Poster
Mar 29, 2018
Fanboy's Enhanced Tracking List has some false positives and it hasn't been updated in 2 years.
Thanks, I failed to notice that, but I haven't encountered any issues with it. I'll remove it in any case.
Any specific reason you are using those filter?

I'm asking out of curiosity :)
It's a "light" list setup mostly for annoyances, paywalls, etc. because I use medium mode. This is a spin-off of @Kees1958 method of using minimal lists to minimize problems and easily ID any blockages that need correction. I'm using mostly tracker blocking like @TairikuOkami , which has eliminated virtually all ads.
Here're the reconfigured lists.
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.