gm10 wrote: ⤴Tue Dec 04, 2018 6:34 am
majpooper wrote: ⤴Mon Dec 03, 2018 10:17 pm
It is hard to say though who to trust . . . Can you really trust DuckDuckGo not to track you? They seem to have a good reputation by all accounts by I guess you never really know. I use Startpage.com for my search engine - I looked around and so far I have not read anything about them that worries me.
I showed in another thread a little while ago that DDG uses tracking images. If you're not the customer you are the product, simple rule of thumb that's usually correct. They have to make a living somehow. Likely true for startpage.com as well for the same reason but I haven't looked at them.
hi gm10!
Funny thing about online trust in this digital/information surveilence capitalism is all based on faith... and the big pie in the sky data collectors and sellers are raking in the dough, lsoing more of our faith-based trust everywhere we turn and leaving little to no other options.. Privacy policies are generally horrible to disect and when I find one that is simple, forthright and transparent
then I take note and startpage search is one of those services I trust. but how do they make money?!
Our Privacy Policy
How we keep Startpage.com free without using "personal data"
Without tracking ads - as we don’t share personal info with anyone.
Most online advertising today is personalized, meaning that online advertising services track what you do online and profile you in order to serve tailored ads., We don’t do that at Startpage.com. No tracking. No profiling!
Our search result pages may include a small number of clearly labeled "sponsored links", which generate revenue and cover our operational costs. Those links are retrieved from platforms such as Google Adwords. In order to enable the prevention of click fraud, some non-identifying system information is shared, but because we never share personal information or information that could uniquely identify you, the ads we display are not connected to any individual user.
It’s a myth that search engines need to profile you in order to earn decent money. Startpage.com serves strictly non-personalized ads. Sure, our ads make only a fraction of what other search engine ads make, but they pay all our bills.
That and whose jurisdiction they fall under gives me a feel good (reference my searches) especially since EU data protection laws went to effect.
cool thread, thanks for that work and for linking to it here!
Mike-Linux-Mint wrote: ⤴Mon Dec 03, 2018 11:25 am
Since I'm using Nordvpn on Linux,
is there any data a VPN cannot protect?
Similarly, I've been speeding up my internet connection by changing the DNS servers in my settings so I've been using the Google servers for IPV4 and IPV6. The connection has been increased but I was wondering
whether these other servers could be used to infiltrate my system or spy on my online activities?
hi Mike-Linux-Mint, great thread! I did want to mention VPN only encrypts your data in transport only to the VPN exit server, after that it is no longer their concern. Any unencrypted web traffic you have beyond them is susceptible to intercept, including by them if you are not using HTTPS (also SFTP or FTPS for secure ftp protocols). VPN may also leak DNS querries, if so then your ISP is able to see every website you go to (with the name resolve of DNS) in plain text although they will not know what you do on the website once that address is mapped. Also consider the VPN service provider can also see (including log, profile, sell, etc) every website you visit, by name, if they are also providing DNS service or you resolve using other unencrypted DNS...
Online privacy is a mess, if not a myth completely!
Other things I do besides good internet hygeine and due dilligence when possible is to not place all my eggs in one basket. Start by encrypting your DNS! which is difficult as only two public DNS providers offer DNS over HTTPS (DoH) which is really the only way to keep DNS querries out of hands and eyes that don't belong. see
dnscrypt-proxy for more info on what all that is and how to set it up on your system. There is an old(er) version in the main repos but I suggest very strongly you use the latest version from git as it is a huge improvement over version available through apt/synaptic. The two options you have for actual encrypted DNS/full DoH support are google (8.8.8.8,8.8.4.4) and cloudflare (1.1.1.1,1.0.0.1) and although I use gmail (deprecated;) and even google voice I do so knowing they use, abuse and sell my data to the lowest bidder- they don't need my trust it only interferes with their laughter enroute to the bank.. and since cloudflare has a privacy policy for it's public DNS offering that I like I prefer them- even more so since DNS querries are on average at least twice as fast as any other I test (to be fair though I live in Denver, we have a cloudflare DNS data center in Denver and my VPN providers (2 of 3 of them) have exits in Denver- friggin netflix still blocks me, but I'll save that for another rant!:D)
After dnscrypt-proxy (for DoH) and a trusted VPN provider for all traffic I tend to favor certain browsers and extentions and yes, how to trust comes into play, as does concerns about the overhead- what is it doing and can it be done better questions come to mind. Locking down firefox is similar to locking down chromium even though open-source is not really a vouch-safe for anything (how often is that much code audited and what changes have occured since that specific code was looked at?
EFF seems to have taken a hit this thread, I trust them and find two of their extensions very useful HTTPS Everywhere and Privacy Badger. I'm also a fan of NoScript. I use uBlock Origin for ad-blocking of select lists the rest of the ad and bad site blocking I do using a blacklist in dnscrypt-proxy and find it perfect as an alternative to etc/hosts file which is still a way better option than a browser based ad-blocker simply due to less overhead the browser is taxed with. Blocking at the DNS resolve level on computer ensures nothing sneaks through the cracks (e.g. other than browser apps, etc). So to do this I disable IPv6 system wide and set 127.0.0.1 as DNS in wifi(also disabled), ethernet connections and VPN settings- so my system is actually DNS stupid if dnscrypt-proxy isn't functioning properly. If you want help setting dnscrypt-proxy and blacklist then give a shout!