Privacy vs Linux ??

[Mike-Linux-Mint]

I realize it's a lot of questions but maybe some of you are computer experts

We know that Windows 10 sends a lot of data to third parties and to Microsoft
so what about privacy in Linux? I know it's open source but is there any data being collected, too?

I've been using Opera + duckduckgo to browse the web so far and I've been satisfied ever since but I'm not sure what really happens behind the scene in terms of privacy even though they officially state that they do not collect any data. I don't think there's any way for the average guy to really know.
Knowing that Opera is not Open source, it's difficult to trust what they say, maybe there's an open source browser doing the same job I'm not aware of?

Since I've been using Opera for years now, I wouldn't really want to change my browser, yet, I'm sure quite a lot of data must be collected either by Opera or third parties or even Google but maybe there are some effective ways to limit the data leakage, I don't really know if it's possible to leave no trace whatsoever, I mean no trace that could identify my location or my online activities and then sold to third parties or used to display customised ads.
Is it truly possible to have a system 100% dataproof?

There have some extensions you can use in your browser but the same question applies here,
how can I be sure that those don't collect anything? and how prevent it?
if the extension is not open source, the people behind it must receive some money somehow to keep it updated and everything.
So do you know which extension can you trust regarding privacy?

Since I'm using Nordvpn on Linux, is there any data a VPN cannot protect?
Similarly, I've been speeding up my internet connection by changing the DNS servers in my settings so I've been using the Google servers for IPV4 and IPV6. The connection has been increased but I was wondering whether these other servers could be used to infiltrate my system or spy on my online activities?

[Lord Boltar]

"Linux Mint 19 "Tara" won't collect or send personal or system data"

Another interesting thing in Linux Mint 19 "Tara" is that it won't collect or send any personal or system data as Clement Lefebvre confirmed the operating system would not include the "ubuntu-report" that Canonical implemented in Ubuntu 18.04 LTS (Bionic Beaver) to allow users to optionally send their data.

Full article is here
https://news.softpedia.com/news/linux-m ... 0915.shtml

There is no 100% way to surf the net completely without trace as far as I know the only thing you can do is limit it

Hope this helps

[majpooper]

Someone could write a book on this topic and probably has. Sometimes privacy and security get conflated but from purely a privacy perspective the OS, browser, and search engine you have chosen seem like a pretty good start. I have a browser extension Ghostery that shows the trackers on each web site that you access - 9 or 10 trackers are not unusual and I have seen way more, 17 - 20. I probably have to many extensions on Firefox but Ublock Origin and HTTPEverywhere are two browser extensions that seem to be recommended here and other places when privacy arises.

It is hard to say though who to trust . . . Can you really trust DuckDuckGo not to track you? They seem to have a good reputation by all accounts by I guess you never really know. I use Startpage.com for my search engine - I looked around and so far I have not read anything about them that worries me.

I am not a Google fan for anything but that is just me - I use 1.1.1.1 and 1.0.0.1 which is CloudFlare that I really like and trust. They block dangerous sites which I like. I heard about them on a podcast I follow every week, Security Now, and researched them as well so I am OK with them.

[SnuffGear]

Opera is now owned by the Chinese.
It's always been known to be one of the worst browsers with regard to privacy/security.

[SnuffGear]

A good place to start your privacy/security knowledge quest is privacytools.io.

[carum carvi]

1
We know that Windows 10 sends a lot of data to third parties and to Microsoft
so what about privacy in Linux? I know it's open source but is there any data being collected, too?

No.

2
Knowing that Opera is not Open source, it's difficult to trust what they say, maybe there's an open source browser doing the same job I'm not aware of?

Firefox


3
Is it truly possible to have a system 100% dataproof?

No, but you can get close, although a lot of websites probably wont function properly anymore.


4
So do you know which extension can you trust regarding privacy?

I would advice you to look at those add ons that are used by many people. The more people use a particular add on, the better the chances are that software is being critized/researched when it fails in doing what it promises.


5
is there any data a VPN cannot protect?

A VPN can make an user anonymous, unless he breaks the law. Any law enforcement agency can acces every vpn network no matter what those VPN networks claim in being untraceable. As far as being anonymous for advertisers, collecting your personal data, any VPN works perfectly fine as far as I know.

[gm10]

It is hard to say though who to trust . . . Can you really trust DuckDuckGo not to track you? They seem to have a good reputation by all accounts by I guess you never really know. I use Startpage.com for my search engine - I looked around and so far I have not read anything about them that worries me.

I showed in another thread a little while ago that DDG uses tracking images. If you're not the customer you are the product, simple rule of thumb that's usually correct. They have to make a living somehow. Likely true for startpage.com as well for the same reason but I haven't looked at them.

1
We know that Windows 10 sends a lot of data to third parties and to Microsoft
so what about privacy in Linux? I know it's open source but is there any data being collected, too?
No.

Nothing by Mint at least. Ubuntu knows about you and depending on your applications so do their developers.

2
Knowing that Opera is not Open source, it's difficult to trust what they say, maybe there's an open source browser doing the same job I'm not aware of?

Firefox

Very cute. Never seen https://telemetry.mozilla.org/ ?

5
is there any data a VPN cannot protect?

A VPN can make an user anonymous, unless he breaks the law. Any law enforcement agency can acces every vpn network no matter what those VPN networks claim in being untraceable. As far as being anonymous for advertisers, collecting your personal data, any VPN works perfectly fine as far as I know.

A VPN has little impact on advertisers collecting your data. They won't easily get the IP-based data but they'll still track you the same using all the other available methods.

[1.618]

2
Knowing that Opera is not Open source, it's difficult to trust what they say, maybe there's an open source browser doing the same job I'm not aware of?

Firefox

Very cute. Never seen https://telemetry.mozilla.org/ ?

You can disable telemetry in firefox with ease, and a few other tips

http://forums.linuxmint.com/viewtopic.php?f=42&t=210616

[carum carvi]

Gm10, I appreciate your detailed knowledge about all the ins and outs about what gets tracked and recorded. Ofcourse it is impossible to be online and to not leave any trail. But I wanna use software that still works for the average user. Firefox is according to what I know the best well known popular opensource browser out there that isnt selling out like Google or Microsoft are doing. The telemetry in Firefox is anonymized, according to the link you posted.

I did forget however about the 1 pixel tracking method, or something similar you once explained to me. It is great to know that there really is no 100% data protection method, and for that very reason I wanna find out what gives the best possible privacy security without losing useability. Being anonymous online is always a compromise for me, but I want to support opensource AND I want a user friendly browser. Firefox is the best offer in fulfulling those 2 wishes for me personally.

A link to know more about 1 tracking pixels, what it does and what can be done about it:
https://en.ryte.com/wiki/Tracking_Pixel

[gm10]

Ofcourse it is impossible to be online and to not leave any trail. But I wanna use software that still works for the average user. Firefox is according to what I know the best well known popular opensource browser out there that isnt selling out like Google or Microsoft are doing. The telemetry in Firefox is anonymized, according to the link you posted.

Exactly, it's impossible. Regarding browser tracking, it's anonymous everywhere, everybody tracks you with an id, not your name, as required by law. The valid concern is that it's easy enough to identify you based on that. Your basic profile in Firefox looks like this (and this gets sent even if you disable telemetry as suggested in the post above yours), you can see how detailed it is, anonymous or not:

Code: Select all

root
 |-- id: string (nullable = true)
 |-- client_id: string (nullable = true)
 |-- metadata: struct (nullable = true)
 |    |-- timestamp: long (nullable = true)
 |    |-- date: string (nullable = true)
 |    |-- normalized_channel: string (nullable = true)
 |    |-- geo_country: string (nullable = true)
 |    |-- geo_city: string (nullable = true)
 |    |-- geo_subdivision1: string (nullable = true)
 |    |-- geo_subdivision2: string (nullable = true)
 |    |-- creation_timestamp: long (nullable = true)
 |    |-- x_ping_sender_version: string (nullable = true)
 |-- environment: struct (nullable = true)
 |    |-- build: struct (nullable = true)
 |    |    |-- application_name: string (nullable = true)
 |    |    |-- architecture: string (nullable = true)
 |    |    |-- version: string (nullable = true)
 |    |    |-- build_id: string (nullable = true)
 |    |    |-- vendor: string (nullable = true)
 |    |    |-- hotfix_version: string (nullable = true)
 |    |-- partner: struct (nullable = true)
 |    |    |-- distribution_id: string (nullable = true)
 |    |    |-- distribution_version: string (nullable = true)
 |    |    |-- partner_id: string (nullable = true)
 |    |    |-- distributor: string (nullable = true)
 |    |    |-- distributor_channel: string (nullable = true)
 |    |    |-- partner_names: array (nullable = true)
 |    |    |    |-- element: string (containsNull = true)
 |    |-- settings: struct (nullable = true)
 |    |    |-- is_default_browser: boolean (nullable = true)
 |    |    |-- default_search_engine: string (nullable = true)
 |    |    |-- default_search_engine_data: struct (nullable = true)
 |    |    |    |-- name: string (nullable = true)
 |    |    |    |-- load_path: string (nullable = true)
 |    |    |    |-- origin: string (nullable = true)
 |    |    |    |-- submission_url: string (nullable = true)
 |    |    |-- telemetry_enabled: boolean (nullable = true)
 |    |    |-- locale: string (nullable = true)
 |    |    |-- attribution: struct (nullable = true)
 |    |    |    |-- source: string (nullable = true)
 |    |    |    |-- medium: string (nullable = true)
 |    |    |    |-- campaign: string (nullable = true)
 |    |    |    |-- content: string (nullable = true)
 |    |    |-- update: struct (nullable = true)
 |    |    |    |-- channel: string (nullable = true)
 |    |    |    |-- enabled: boolean (nullable = true)
 |    |    |    |-- auto_download: boolean (nullable = true)
 |    |-- system: struct (nullable = true)
 |    |    |-- os: struct (nullable = true)
 |    |    |    |-- name: string (nullable = true)
 |    |    |    |-- version: string (nullable = true)
 |    |    |    |-- locale: string (nullable = true)
 |    |-- profile: struct (nullable = true)
 |    |    |-- creation_date: long (nullable = true)
 |-- payload: struct (nullable = true)
 |    |-- reason: string (nullable = true)
 |-- submission: string (nullable = true)

You can, of course, block the URLs of the tracking servers (usually done via /etc/hosts, although Firefox specifically also gives you some control via about:config) for any of the browsers you use. But out of the box most browsers will track you.

[carum carvi]

I think your detailed explanation is valuabe Gm10, because it prevents people, myself included, from believing into the illusion that one can be 100% protected against data collection when being online.

I dont particularly mind about data collection personally. But I dont want to support it either IF I have a choice, WITHOUT losing useability of my browser. Noscript enhances security too, but it can give some headaches as well, when certain websites dont function well anymore. For those who do want to go that extra mile in doing everything to protect themselves from data collection I copied some advice out of the link I posted above.

"Possible measures to restrict the use of tracking pixels:

The tracking pixel can be used as an alternative to the cookie as its use cannot be blocked by a normal browser. Even so, several browser extensions, plugins, and programs that enable blocking of tracking pixels and hence prevent a log file analysis exist.

1 Set browser and email settings to be as restrictive as possible such that external graphics are only supported after permission, and HTML emails are not supported. Appropriate firewall settings can also be used to do this.

2 Some browser extensions can be used to make tracking pixels visible.


3 Anonymous surfing with the Tor Browser or use of proxy servers to prevent the download of tracking pixels.

4 In order to prevent the collection of additional user data such as browser type or operating system, the support of scripts in the browser can be deactivated. However, this can restrict other functions on the internet under certain circumstances"

[gm10]

4 In order to prevent the collection of additional user data such as browser type or operating system, the support of scripts in the browser can be deactivated. However, this can restrict other functions on the internet under certain circumstances"

Not correct by the way. Your browser still sends this data with scripting disabled, it's part of the User-Agent header getting sent with every request as per the HTTP spec. In Firefox, you can define a custom user agent by creating the string general.useragent.override in about:config, but if you put nothing or some unique value there you'll become even more identifiable since you'll stand out.

[Pierre]

you can actually "harden" an operating system - including the Windows System:
- but the more you do 'harden' an system - the less useful it then becomes.
so, it's always a trade-off between user-ability & user-security.

the basic Linux System, in it's Default State, as-supplied, is thus quite secure & robust,
than obviously how the Windows System comes as an Default.

[Mike-Linux-Mint]

Thanks everybody.

Yes, I guess you can only restrict the data that is being collected. Actually, I don't expect to be 100% anonymous but I want to have a certain privacy. For example, when I'm consulting Amazon, the news or any other website, I don't expect to be spied on in order to display customised ads or to know what I read or watch when I'm browsing because I feel like I'm being tracked.

I don't mind if they collect some minor data on me, I mean, it's okay if they know the size of my screen or what my browser is since those are not hurting me, but I don't want them to use it to try to manipulate me somehow into buying one of their products or to sell my data behind my back, you know. I just don't want them to use my online activity for their own profit so I'm pretty much inclined into erasing cookies, protect my privacy as much as I can because this business is bound to increase and people will have to double their efforts to keep some kind of private life in the future.

I just don't want any website to know where I live, what I'm doing, how I behave, what I'm interested in or to be able to read the content of my emails (having a gmail address, I don't know about their privacy policy regarding my emails), that's none of their business so I'm trying to find the best ways to prevent it.

I'm using a paid vpn and some extensions like noscript, https everywhere, ghostery, adblock, adguard, badger, ublock, disable cookies, but I must say It would be great if they could make just one application that could offer a full online protection without having to install 10 or 15 apps.
but in the end, I'm not sure these extensions aren't doing the same. I mean, how can you offer these addons, keep them updated and fully functional if you aren't making any money so they must get paid somehow just like free vpns, and I think the best way to do that is to sell the data you collect on the users, right? which would be sot of ironic for apps that pretend to protect your privacy but I suppose it's a risk we take. Thanks for all of your answers, they have been extremely useful.

[carum carvi]

I just don't want any website to know where I live, what I'm doing, how I behave, what I'm interested in or to be able to read the content of my emails (having a gmail address, I don't know about their privacy policy regarding my emails), that's none of their business so I'm trying to find the best ways to prevent it.

I understand your wories and way of thinking about security Mike, but you mentioned that you have all these security addons installed and are using a vpn network, but you are still using Gmail, which is known for its lack of privacy. You might wanna check out the link below for an alternative for Gmail if you are interested in privacy with your email.

https://protonmail.com/blog/protonmail- ... -security/

[trytip]

the question should be is why can't i test my browser's fingerprint with this site https://panopticlick.eff.org/ while using privacy tools?

seems in order to test your privacy you must first disable your privacy. the EFF are leaches just like the rest of the internet that wants a piece of you.

[Rocky Bennett]

Opera has a very bad reputation for data collection. In fact, of all of the browsers that I have read about Opera seems to have the worse privacy reputation of all. I use Firefox.

[trytip]

anyone thinking they use Firefox because of privacy is false sense of security. which is why i bypass all the "use our browser for more privacy" hoopla and go straight with chrome, but know what to block. having a /etc/hosts file prepared as a fallback and along with privacy extensions, chrome is much safer than any browser claiming to not collect data

firefox gets instructions from google. (i usually delete the strings and make it blank where it says value unless it's for a local file, but i don't use FF i only keep it for comparison)

[gm10]

the question should be is why can't i test my browser's fingerprint with this site https://panopticlick.eff.org/ while using privacy tools?

seems in order to test your privacy you must first disable your privacy. the EFF are leaches just like the rest of the internet that wants a piece of you.

Tried that site and seems a bit of a joke, no? How on earth does it give you green for ignoring the "acceptable ads" whitelist but red for ignoring their stupid DNT policy? This is clearly a political site, nothing more. Also the fingerprinting part never finished:

panolol.png

[xenopeek]

I showed in another thread a little while ago that DDG uses tracking images. If you're not the customer you are the product, simple rule of thumb that's usually correct. They have to make a living somehow. Likely true for startpage.com as well for the same reason but I haven't looked at them.

For anyone else wondering: the one pixel image DDG uses is for improving DDG. See https://improving.duckduckgo.com/ and the detailed explanation at https://duck.co/help/privacy/atb linked from there.

How DDG makes money is simple: when you search for something, they show you ads in the results based on those search keywords. Not based on stalking like Google, Facebook and Microsoft among others do.

I don't think I saw your other post gm10 so perhaps I repeated what you already said. I'm pretty happy with how DDG spells out how their business makes money and how they go about improving their product.

anyone thinking they use Firefox because of privacy is false sense of security. which is why i bypass all the "use our browser for more privacy" hoopla and go straight with chrome

If you're referring to Firefox using the Google Safe Browsing list, as explained on https://support.mozilla.org/en-US/kb/ho ... re-enabled no data is sent to Google Safe Browsing service except in instances where you visit a website marked as bad or you download certain executable files. The Google Safe Browsing list is otherwise just downloaded and Firefox locally checks websites you visit against entries on the list.

Anyway, everybody should use whatever web browser makes them happy

Actually, I don't expect to be 100% anonymous but I want to have a certain privacy. For example, when I'm consulting Amazon, the news or any other website, I don't expect to be spied on in order to display customised ads or to know what I read or watch when I'm browsing because I feel like I'm being tracked.

Most such websites will in fact be tracking you to display customised ads, but only within the context of the website itself. Like Amazon shows you recommendations based on what you visited on their website (and if you have an account, on what your purchased of course).

having a gmail address

As others have implied, that statement is a bit funny from somebody saying they care about privacy Gmail is a as bad as Facebook. See for example: https://www.independent.co.uk/life-styl ... 48941.html.