This may be related
After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding."
@QuHno said in Worrying news about Startpage and DuckDuckGo:
@Dr-Flay I wonder why hidemysearches doesn't use POST but GET in their search form at the top of the about page and on their homepage ...
All search engine I use are put in POST, Startpage too
Yes, but this is just one app. no extra apps to add to make this work and is built by TOR.
Also sometimes Orbot is not supported. For instance on my Kindle I can download and install DDG safe browser however it needed Orbot which would not install...
And it is another option for Android users.
@lonm said in Private mode != incognito mode:
If you need multiple contexts active at once for your workflow
Or (possibly inflammatory) use only one private/incognito window but open others in different browsers
@steffie no warries. Indeed I'm not using social too, that's why I'm try to find something that cuold be useful for many of my friends that use it. Also I guess here in italy there's lot of bloggers and popular social account that are interested for an alternative. My though is to investigate a bit and then offer some hints for those people.
Thank you for sharing
Yes this is the unfortunate situation. Just like all the other now standard security features of the net, nobody uses them until the option is no longer an option, or a disaster happened.
When you look at the small list of correctly configured sites, one company stands out as being rather important, and that is Verisign.
Yes, it would seem to be a good idea that a site that serves certificates has some ability to protect itself against spoofing.
As more and more attacks are aimed at the network infrastructure (inside and outside the home), rather than just hacking a site or PC, we may get to a point when even EV certificates cannot be trusted for authentication because you cannot tell if the domain is real or faked.
Users can opt for a DNSSEC resolver, but like you said nobody knows or cares about it so usually only accidentally have it, eg. if they swapped to a Google DNS.
People never care about something they don't know.
Privacy via HTTPS sites is made weaker if your requests for domains are not als encrypted with DNSSEC.
DNSCrypt is an extra feature that authenticates the DNS you use because a DNS can also be spoofed.
Sites should also use encryption and authentication when talking to DNS, or yet again the privacy is borked and it is possible to do a man in the middle attack.
Any site that serves an Operating System image or web browsers needs to be sure their downloads are not exchanged for something else.
As far as I know only 1 web browser comes with DNS spoofing protection, or at least it is the first to feature built-in DNSCrypt support.
Yandex. another chromium based project.
Shame most Vivaldi users are not as concerned about fake sites as they are about syncing and fancy icons.
I still use Firefox for trustability over other browsers due to the extensions available that Google do not allow.
Calomel lets you know if an otherwise good certificate is weak, and can override the browser security.
Perspectives checks the certificates of sites you visit against historical data from many geographically separate servers, so you can see if the "good" certificate you see is different than the one everyone else sees, and it can override the browser security settings.
HTTPS Everywhere for FF has extra features such as sending the certificate to the EFF observatory and options for overriding the browser security and encryption.
(spot the thing that Google don't allow)
Alternatively/additionally you could use an extension that does reverse DNS checks of all the sites you visit and pops up warnings if the domain does not match the registered IPs, but in an era of CDNs will show a lot of false-positives, so is best used by someone that knows what they are seeing.
Thanks for replicating the issue (let’s ignore simplemachines.com for now).
I’ve also tried manually forcing HTTPS with the “HTTPS Everywhere” extension, and still couldn’t get any extra HTTP resource to redirect to HTTPS.
I suspect there’s some STS bug in Chromium.
A hacked Wifi connection is not the problem. The problem is Open Wifi that uses a certificate to intercept and decrypt your traffic
The best option is to be using a VPN app from a reliable vendor with non-bloated apps, such as Disconnect.me or Avira.
I post all useful security or privacy addons I find here, but I can no longer update my collection post since link limits were imposed.
This one I wanted some feedback on, so posted it separately anyway.
There was a time I would have got some from the security geeks that used to be here.
Unfortunately since this half of the forums is constantly spammed by posts for the browser half of the forum, it has started to become useless for the original purpose.
Not really - but you can use the shortcut –incognito on your desktop shortcut. Of course that only works when you start from the shortcut, not if you open by any other means, such as a link from an outside source.