HACKER Q&A
📣 thretgreegre

How to take your privacy back?


As we saw in the recent discussions https://news.ycombinator.com/item?id=22236106 or https://news.ycombinator.com/item?id=20794937, all browsers do kinky stuff in the background that the user has not initiated nor is aware of. It is one thing to ping home to see if there is an update available but that is not even close to what is happening. And it does not matter if you are using firefox or brave. They all do it.

Then there is the Windows, the big daddy of spyware, that sends everything about you directly to Microsoft. They just rebranded spying on its users as "telemetry" to brainwash people into thinking it is not as bad as they think it is.

Anyhow, it looks like it is impossible to simply sit in front of Wireshark and try to manually blacklist everything you see. There are millions of domains and sub-domains these companies use to spy on you one way or the other so it is a fools errand.

Hence the question arises - is it even possible to get your privacy back? Are there tools would that allow you to do that or should we just forfeit our privacy altogether and forget it even existed in the first place?

  👤 rglullis Accepted Answer ✓
One project I started but stopped due to some (in my view) limitation of IPFS is https://bitbucket.org/lullis/nofollow.

It started as a "read-it-later" service that would extract the content and bookmark any page you wanted but afterwards the idea that it could be used as a distributed, curated, web of "clean" and tracker-free html documents. Basically, every web page you saved on your instance would be saved on your IPFS server as well and it wouldn't be hard to write an extension to check if any url you want to open has already a cleaned version on IPFS.

So, with more people installing/using this system, the more the different instances would collect pages and more people with the extension could go on without needing to visit any site that could actually track you. What pulled me off this (besides "regular" work and family) was the fact that IPFS does not have yet any sort of ACL for your pinned content. As it is now, your node will serve anyone that asks for content that you have. If you are pinning content from different websites it would be quick to make you a target for copyright lawsuits.

I still use my own instance, but at the moment it is just something that does more or less the same as Wallabag. I do wish I get some time to make it more useful for more people though.

👤 vearwhershuh
In increasing level of commitment/difficulty:

- Use brave as your browser

- Use a VPN w/ tracker blocking DNS

- Move to protonmail or fastmail

- Start using Signal for your instant messsaging

- Start using Tor (but that might get you on the list)

- Stop buying everything through Amazon

- Install and use piHole (and marvel at how much traffic your wifi router sends to home base)

- Suck it up and move to linux

You are still going to be tracked, but these are the things I can think of that might help.

👤 throwaway9d0291
It's relatively straightforward: where possible, stop using products and services that don't respect your privacy and instead use ones that do. Where you can, reduce their ability to compromise your privacy with ad-blockers, custom DNS or by disabling JavaScript.

Windows has telemetry? Use Linux. Firefox has tracking? Use IceWeasel. Every website wants to track you? Disable Javascript. Google tracks your every move? Stop using Google products.

Yes, in many cases this will lead to some degree of inconvenience or perhaps a service that meets a particular need doesn't exist. That's the price you have to pay in modern times but it is a price you're able to pay, if you value privacy sufficiently.

👤 ocdtrekkie
Pihole is still a really nice fire and forget solution for your network. It costs nearly nothing and you outsource the question about what to block to the lists they source. A network-based blocker will also block your OS’ bad behavior, such as calls to telemetry domains.

And then, you know, don’t use Chrome. A browser from an ad company will always be compromised by design.

👤 drKarl
You can use some of those crowdsourced lists of hosts files to ban trackers, ad networks, and the like, i.e. https://github.com/StevenBlack/hosts or https://github.com/notracking/hosts-blocklists, you can use pi-hole even as a docker container https://github.com/pi-hole/docker-pi-hole or install it in your router. You can use privacy plugins and extensions for browsers, like umatrix, etc. You can use Tails, which uses 2 VMs. You can use a VPN service (that's controversial since you then put your trust on the VPN provider), or roll your own with something like algo from trailofbits, or streisand. You can combine multiple VPNs an/or Tor, with VMs. Mirimir wrote some articles on that setup. If you want to go full in you can use QubesOS, although now Joanna Rutkowska left the team.

I'm sure there are other options...

👤 nostrapollo
If the assumption is that browsers track because it benefits the company commercially, it would be really cool if a company produced a browser at a premium that didn't do all of the above - this model must exist already? Privacy for a price sounds like a bad precedent to set though.
👤 mus1cfl0w
I can highly recommend the Privacy, Security & OSINT Show but it really depends on how far you want to go:

https://www.inteltechniques.com/podcast.html