5 Ways to Lock Down Your Privacy
-
Our friends at DuckDuckGo, the search-engine that doesnβt track you, give their top tips on how to secure your privacy online.
Click here to see the full blog post
-
Using Tor within Vivaldi would be awesome !
-
I would not trust my passwords with an online password manager, they are a company and they need to generate money, you should read the privacy parts in their Terms and Privacy Notice very closely on how they generate money, but I still think an offline password manager is more secure and private.
An alternative to Tor is I2P, I2P is kind of like a second internet. Unlike Tor β which is more just like a router to the web β, it supports any service and protocol like Torrent which is even recommended by them to help the network.
-
That make two of us. Don't even think of keeping my passwd in a online service.
Both Tor and I2P are good options, depends on your needs.
I tried to change the Login\ Data path to USB flash drive. -
If you don't want other people to have all your passwords:
use a password manager like KeePass/KeePassX/MacPass/... (all based on the same code source and (mostly) compatible with each other, available for Win/Linux/Mac/Android/iOS) which encrypts all your passwords locally.
For my part, I sync my passwords via my own NextCloud server. Everything put on that server is encrypted in the first place, and no passwords are stored on that server.
As long as you use a strong + long master password, your passwords are as safe as it gets for all practical considerations.
-
Most of the (cross site) tracking in the Interwebs is done with the help of JavaScript and, as a side note, most of the security threads in the web are at least triggered with the help of JS.
I have set up a browser instance without any plugins or JavaScript and some other stuff disabled about 2 years ago and noticed, that a great part of the net (at least the part I am interested in) works just fine as long as you only want to read, but not interact in other ways with web pages.@ Daniel Davis
Did you visit the https://duckduckgo.com/app page with JS switched off? I didn't see much info about the App there when I did.
Luckily the main DDG search page works just fine in pure HTML mode and does not contain those pesky redirect links like e.g. Google in pure HTML moe -
So far I am enjoying a refreshing change of search results found with DuckDuckGo as my default search engine.
I already had a Channel for my videos on Vimeo, which I find gives better quality results than YouTube.
openstreetmap.org does not look as good as Google Maps, but I have added it to my search engines.
-
@pesala OpenStreetMap does have the advantage that you can see individual buildings and what functions they serve...
Edit: off-topic, but is this utterly, UTTERLY stupid (+) button now appearing in my phone's edit box a result of changes in the forum or in chrome for android? It obscures what you're %:+&ing writing!!! Aarrgggghhh! How to turn this cr@p off?
-
@an_dz:
"they are a company and they need to generate money"
most password managers charge money for their service. are you talking about free password managers or something? i definitely wouldnt recommend a free online password manager if there are any since they would probably have to find some less desirable ways to make money.i think if your passwords are completely offline (ie never go outside your network) then you could say that its more secure, but some people that use keepass or whatever just end up storing their password database on some cloud service which may end up making things less secure.
companies like lastpass or 1password have one job to do which is to keep your passwords secure. companies like dropbox are concerned with security but also with lots of other things so you might be getting a worse deal security wiseeven if everything stays on your home network, most people arent technical enough to having things set up that they know there are intruders snooping around while most online services would have a much better chance of detecting things like that
-
@mackrevinack said in 5 Ways to Lock Down Your Privacy:
but some people that use keepass or whatever just end up storing their password database on some cloud service which may end up making things less secure.
Sorry to contradict - but with a proper encryption (which you can check with OSS password managers) and a good master password chosen by yourself, all the security is right there and will not be lessened by anyone.
I would be curious which ways you see for cloud services to make my data ("things") less secure. Can you elaborate?
companies like lastpass or 1password have one job to do which is to keep your passwords secure.
Which they haven't done they way they should have, if I correctly remember the last months' press reports...
companies like dropbox are concerned with security but also with lots of other things so you might be getting a worse deal security wise
If you only store encrypted content in Dropbox, they can't do anything about it. Or do you seriously want to imply Dropbox tries to decrypt random data?
But for other reasons I wouldn't recommend Dropbox... -
@mossman Zoom out with Ctrl+Minus, or using the buttons/slider in the Status Bar.
-
@pesala said in 5 Ways to Lock Down Your Privacy:
@mossman Zoom out with Ctrl+Minus, or using the buttons/slider in the Status Bar.
In Chrome in Android?!?
-
@mossman Probably some bug with our style sheet, this button shows up on desktop so you can click on it and "hide" it for a while so you can continue your reply later.
-
@morg42: i just mean they would be less secure mainly because security is not their top priority.
other things are being focused on like making it easy and convenient for most people to use which means they allow things like resetting your password from your email. theres no end to end encryption since most people wouldnt want that hassle. basically things seems like they are designed to be more convenient than secure. it seems pretty much the same thing in the end, you have your passwords in an encrypted container, but at least with something like lastpass the walls would be a lot harder to breach.im not sure if i heard the reports you mentioned, but ive yet to hear anything yet that has made me flinch. i would bet if security researchers were looking into the security of dropbox as much as they are with lastpass or whatever then they would find just as many weaknesses.
-
I make my words as @morg42's words. Once you have a good master password and encrypt the file this file is automatically secure. I could upload the file here on the forums or send it directly to the NSA and my passwords would not be discovered because nobody would be able to decrypt it or find out my master password.
Also I'm sure that the file is incredibly secure because it's open-source and has been verified and audited by security experts all around the globe. With online services all you have is their word that it's secure and that they were audited, you are just accepting their word.
So even in the case my computer is hacked, or whatever cloud service I use to upload/sync my password file is hacked, it does not matter because my encrypted file is absolutely secure, nobody will be able to do anything useful with it.
even if everything stays on your home network, most people arent technical enough to having things set up that they know there are intruders snooping around while most online services would have a much better chance of detecting things like that
If your device is compromised you are completely fucked no matter which option you choose. The intruder will know what you are opening and what you are typing, the intruder will know your master password and what password manager you use. If it's online it's even easier because this intruder won't even need to download your password file, though not that hard to download either.
Also, when you use an online service you are exposing yourself to more attack vectors, like MITM (like if you install a malicious extension). One just needs to compromise your browser or even a single site.
i definitely wouldnt recommend a free online password manager
companies like lastpass
Contradictory, LastPass is free, paid services only add extras.
-
@an_dz: An update.
I've read the privacy policy of both 1password and LastPass.
Don't use LastPass, 1password is good.
-
@mackrevinack said in 5 Ways to Lock Down Your Privacy:
@morg42: i just mean they would be less secure mainly because security is not their top priority.
As an_dz has said already, all security in password managers lies in the local encryption. Post the encrypted file on reddit for all I care... any online service can not make your encrypted data "more unsafe" than it is. (and also, no online service can make it "more secure")
other things are being focused on like making it easy and convenient for most people to use which means they allow things like resetting your password from your email.
Sure, this seems necessary anyway. I wouldn't want to give my home phone for password reset (at least not to most companies).
And unencrypted information isn't only unsecure on any cloud service - it's good as gone the moment you send it over the internet without encryption, no matter what happens with it afterwards.
theres no end to end encryption since most people wouldnt want that hassle.
There ist, fortunately. It's called TLS and implemented in your browser. But this only protects the transfer. The cloud service still has your unencrypted data.
So encrypt everything locally before you store it online. There was a program for Dropbox sometimes, I think it's called boxcryptor. It encrypts your data on your PC and then syncs it to Dropbox. Just the way to go, if you need to store data online.
And btw - that's exactly what proper password managers do
I tried and decided against 1password - not because they offer bad service or have bad encryption, but because (when I tried it out) they stored each password in a different file which was named for the respective service. While this doesn't lessen the strength of the encryption, syncing these files via Dropbox does give away which services I use. I didn't want that then (and still don't want it today).
it seems pretty much the same thing in the end, you have your passwords in an encrypted container, but at least with something like lastpass the walls would be a lot harder to breach.
No. The walls of my encrypted password container are as hard to breach as it comes (and is practical). But lastpass or 1password offer comparable strength encryption and with that, basically the same security.
i would bet if security researchers were looking into the security of dropbox
Why should they? Dropbox makes no (credible) attempt as to securing your files. They just store them, not more.
-
I am sorry, but it is kind of ridiculous that you are not able to see this exact blog post without turning tor off or javascript on. Sorry, but I really dislike that [especially since my feed reader basically can never fetch the feeds without me manually disabling the TOR SOCKS].
-
@cqoicebordel: Haven't tried it, but it should be possible already.
-
I must disagree regarding using a VPN.
You give your information to your ISP, who is probably regulated by your government.
Why would you turn around and give it an unknown VPN owner whose business model you are not familiar with?
There are a couple of reputable VPNs out there, but not many I would trust.
Wanting security/privacy/anonymity would (IMHO) requires a combination environment like TAILS (Secure OS, privacy oriented browser, etc).
Steve Gibson (grc.com) has a couple of neat utilities to generate passwords (look under the Services menu). After that a good Manger may be required but I store mine in an encrypted spreadsheet on the machine and a USB drive.