Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It works fine on some sites and not so well with others. Some sites gives error messages and plugins like flash is uninstalled even if it is installed.
I tried to login to LQ while in the tor network but LQ seems not to allow tor proxies.
Overall, using tor proxies or networks is not worthwhile at least on behalf of myself. But if you like it, then happy anonymous surfing to you.
Last edited by Addicted2linux; 01-20-2014 at 02:44 PM.
You know you shouldn't install flash for anonymous surfing, right?
The reason so many websites don't work is probably due to the noscript addon that disables javascript by default. And a good thing too, cause a lot of websites use it to fngerprint your computer, or possibly run some exploits. I use noscript on regular basis, and it so happens that I have the same problems as you, even without using tor. You need to allow these websites to browse them properly, but imo a website that doesn't need javascript to work, but doesn't work without it is broken. Most of the trouble I find in those navigation menus that don't open up w/o js.
My reason for using tor is because we are being tracked for targeted ads and spam from google and everybody.
I do have flash installed already but some sites report that I don't have it installed. I just ignore the error message because I am using the tor network.
I did use no-script for awhile, but I uninstalled it because it made surfing websites a hassle at times, I did followed some of the suggestions on the web for no-script but it was still a hassle because some scripts called on other scripts from other sites and I have to continue going to the no-script menu settings and click allow this site temporary this and that and it became too tedious.
There are plenty of firefox extensions to deal with tracking. There's also DuckDuck Go. Many e-mail providers have good (or very good) spam filters. No need for Tor for targeted ads and spam and tracking.
I'm not talking about Chrome extensions, I'm talking about Firefox extensions, and you should also choose them wisely. I recommend:
Adblock Edge
Ghostery
NoScript (there are so many settings that you can get it to work exactly as you want with no hassle, you just need to set it up right)
User Agent Switcher (helpful in some cases)
Note that Tor's typical use is from people doing things they are not supposed to be doing and foolishly thinking that the NSA or even CIA is not watching. See the links I posted in the other thread.
Last edited by metaschima; 01-21-2014 at 11:43 AM.
Note that Tor's typical use is from people doing things they are not supposed to be doing and foolishly thinking that the NSA or even CIA is not watching. See the links I posted in the other thread.
Yes, I am aware of that even before I saw the links you provided. Anyway, I'm not using tor anymore because I don't like it.
It's a losing battle anyway, they'll always find ways to track us and sell our browsing habits to advertisers and spammers.
Thanks for the suggested extensions, I'll give them a try, I mean, we'll still be tracked eventually but hopefully on a limited basis.
For sites that you trust, just enable scripts permanently from that specific site, enough that it will work. I personally never enable scripts from google anything, especially google-analytics. That's how they track you, and with NoScript you can see that most sites you visit have google-analytics scripts running. It should tell you something.
XSS protection may also break some sites, but you can add exceptions to make them work again. Some exceptions are already there.
It is a battle, but you can't win it by just blindly using tools. You have to make an effort to learn about them and make them work properly.
I would personally avoid Tor, as it has known weaknesses, is associated with shady people and bot nets, and is patrolled/controlled by three letter agencies. You don't really want that, and if you do, then be prepared for the consequences. Let's say that it may have its place and use, but it should be avoided most of the time. That's not to say that you should just give in and let third parties track and monitor and spam you. But, there are other and better ways to solve this.
I routinely use http://www.duckduckgo.com, not only because it claims not to track you, but because it frankly gives me better results.
Occasionally, I will use "anonymouse" to surf to a particular non-secure site, but that's comparatively rare.
And of course, I couldn't function without ad-blockers.
I don't have anything in particular to "hide." I just tire of feeding the Internet marketroid 'droids. Basically, "unless I choose to reveal myself to you, because I maybe want to buy something from you, it's none of your business, and you're annoying me." (Which is actually not the right way to sell anything to me.) That's quite fair, I think.
I don't own a TV, either; haven't owned one in thirty years and I never missed it. I buy commercial-free TV programs online, and pay for them, on-demand.
Last edited by sundialsvcs; 01-22-2014 at 09:15 AM.
Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit (PDF). 'Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP.
Here's a good article that is in line with my thinking: http://threatpost.com/the-internet-i...rdingly/104141
Basically, on the internet, assume that everything you do is monitored all the time. This may not be true, but is a good assumption just in case it is.
Such is the concern about Tor that even visitors to Tor sites -- whether or not they use the program -- have their details recorded:
not only long-term users of this encryption software become targets for the [US] secret service. Anyone who wants to visit the official Tor Web site simply for information is highlighted.
The source code also gives the lie to the oft-repeated claim that only metadata, not content, is gathered:
With the source code can be proven beyond reasonable doubt for the first time that the NSA is reading not only so-called metadata, that is, connection data. If emails are sent using the Tor network, then programming code shows that the contents -- the so-called email-body -- are evaluated and stored.
So, have you ever gone to the tor site ? Well, you are an extremist according to the NSA, and they are watching you.
There is always a sacrifice of privacy for the benefits of usability. If you want total privacy, chuck your pcs and mobile phone into the bin. I don't personally trust DDG all that much either, considering that its founder used to own the names database, which sold its info to advertisers. Don't expect privacy on the internet, just don't do anything on there you wouldn't want the world to know about. That's the only way.
While I don't expect total privacy, which would be impossible anyway, I certainly also don't expect mass warrant-less surveillance, hacking, malware, deliberately undermining security and accusations of extremism for no reason at all. The article also says that Linux forums and users are also extremists. Of course, we must believe them.
While I don't expect total privacy, which would be impossible anyway, I certainly also don't expect mass warrant-less surveillance, hacking, malware, deliberately undermining security and accusations of extremism for no reason at all...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.