Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Eh isn't that how most linux distros work? You download your stuff from trusted and signed repositories
Yes - but this simple method seems to be evolving.
With a web browser: add-ons are 3rd-party apps which bypass the scrutiny of the linux distro's repository.
It was widely known that some popular add-ons for FF could include spyware. So you had to be wary about which add-on you use. And the fewer - the better.
In this sense, installing a web-browser add-on has become similar to installing an app onto a smartphone.
Just recently, FF 60.6.2esr has said it has changed add-on rules so that add-ons now have fewer privileges.
Even so - it seems add-ons can still be installed via your own repo.
For example Wikipedia says 'In January 2016, uBlock Origin was added to the repositories for Debian 9 and Ubuntu 16.04.'
Does anyone know which other add-ons can be installed by your distros repo?
Incidentally, if you want to install Opera web-browser onto Debian - you need to add the Opera repo onto your
Code:
/etc/apt/sources.list
Debian says you then have to trust the Opera repo.
So this is a clear example of Debian going outside of its ecosystem to offer users 'choice'.
This may become a worrying trend.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by carlito386
You demonstrate my point impeccably.
You need to ask yourself why you don't want the laws in your country to protect you.
You need to ask yourself why you don't trust your country.
And you've clearly missed mine...
I don't need to "ask myself" anything. I make sure I do everything I can to protect my system... MYSELF, without relying on anyone else, let alone the government. So I don't know what world you live in, but it clearly isn't this one...
The Ghostery add-on protects users. But it does not get paid for doing this.
Of its 19 million users, 8 million have chosen to have their data used by 'website operators' and 'ad companies'.
For 'website operators', Ghostery helps them find out which unknown companies are leeching info from their site.
For 'ad companies', Ghostery shows which is the most popular tracking code on the net.
This does NOT mean Ghostery is doing anything bad for the ordinary user.
It means Ghostery stops companies from tracking your browsing habits. It gives you this privacy for FREE.
But Ghostery also uses the add-on to provide useful info to companies. It does this for money.
And the user can even opt-out of any of his data being used.
Add-ons need to survive by earning money.
They're not like linux distros where they're supported by volunteers and donations.
As long as the profit-making add-on is trustworthy - then there is nothing to worry about.
Your link shows Ghostery add-on is speaking honestly, is involved in giving free privacy and is able to do that by having a workable business model.
Ghostery is no longer owned by Evidon as stated by your link dated 2013!
It's owned by the German privacy-minded web-browser Cliqz.
Development started forking from the codebase of HTTP Switchboard along with another blocking extension called uMatrix
Both uBlock Origin and uMatrix are forks of Switchboard. So are they really so different?
Both add-ons have been written by the same guy.
uBlock Origin is an ad blocker. uMatrix is the same thing - but it makes you feel you're more clever.
At the end of the day, web-browsers and add-ons can be played with like apps on a smartphone.
But a trusted paid VPN is the most effective method of obtaining privacy.
I don't need to "ask myself" anything. I make sure I do everything I can to protect my system... MYSELF, without relying on anyone else, let alone the government. So I don't know what world you live in, but it clearly isn't this one...
Your situation would be improved substantially if you got yourself a paid VPN.
I think someone has even opened a thread on this forum about finding a good vpn.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by carlito386
Your situation would be improved substantially if you got yourself a paid VPN.
I think someone has even opened a thread on this forum about finding a good vpn.
Hmmmm, don't remember saying anything about my "situation", don't remember even being the OP here...
I don't think I'll be taking your advice when you can't even quote Wikipedia correctly. Since you're telling someone you don't even know to spend THEIR money, it seems to confirm what I was thinking about you before. I think I'll just add you to my Ignore List... carlito386 added.
Security and privacy should be guaranteed by your country (i.e. your own laws).
I'm not referring to regulatory policy, although that is only one aspect of infosec I'm referring to the bigger picture that can be easily understood among all countries. It's 101 level understanding that the weakest link in cybersecurity is the human, and that should be planned for accordingly. I believe I've already stated, even the most secure browsers won't protect you if you're not cautious.
There's no possible way to guarantee via local law that the user of a platform is not being a giant skin cactus.
I'm not referring to regulatory policy, although that is only one aspect of infosec I'm referring to the bigger picture that can be easily understood among all countries. It's 101 level understanding that the weakest link in cybersecurity is the human, and that should be planned for accordingly. I believe I've already stated, even the most secure browsers won't protect you if you're not cautious.
There's no possible way to guarantee via local law that the user of a platform is not being a giant skin cactus.
A country has laws to protect its people. This means people don't get killed all over the place.
These are laws for security.
A country has laws to protect people's identity and personal information. This means people don't get defrauded and defamed.
These are laws for privacy.
These laws also exist on the internet.
But we know due to mass surveillance that the laws are very weak.
We also know that the laws should not be very weak.
This thread is not a competition to find the cleverest person. Only stupid people think like that.
There will come a time when there will be stronger legislation against this unfairness on the net.
But this will not be brought about by little people or stupid people.
The idea of browser fingerprinting (Wikipedia) shows a user can be identified by various info held on their web-browser.
Web-browser fingerprinting could be used by a bank for example to make sure it's you making a transaction from your PC at home - and not someone else.
But it can also show your browsing history.
To avoid this we can turn off javascript (i.e. use NoScript) and use anti-tracking add-ons (e.g. uBlock Origin, Ghostery).
The above Wikipedia link says:
'Firefox provides a feature to protect against browser fingerprinting... but as of July 2018 it is still experimental and disabled by default.'
This 'resist fingerprinting' feature can be enabled by following this Mozilla page.
A country has laws to protect its people. This means people don't get killed all over the place.
These are laws for security.
As we all well know, information security and loss of life are not the same thing - nor should they be treated as such.
Quote:
Originally Posted by carlito386
These laws also exist on the internet.
But we know due to mass surveillance that the laws are very weak.
We also know that the laws should not be very weak.
Okay Carlito, but laws can only do so much, as I'm sure you're aware by the presence of said mass surveillance. And the real issue, moreover, is that data is bound by the laws of the country in which it is stored. You can't seriously be implying that you want a country which you've already as much as said is the spawn of Satan to not only create more laws but to push them on every other part of the world in the name of protecting computer users. Have fun trying to order a Chinese malware creator to stop under threat of arrest and extradition.
Quote:
Originally Posted by carlito386
This thread is not a competition to find the cleverest person. Only stupid people think like that.
Of course it's not that. No one ever claimed it was. However, in a serious discussion about serious topics it's generally expected that all parties have some idea of the subject matter at hand.
As we all well know, information security and loss of life are not the same thing - nor should they be treated as such.
You need to ask yourself why there is a stepladder to different human rights.
Human rights are all equal.
Why does your brain put them in a hierarchy (stepladder)?
You need to ask yourself why people who have their 'information security' compromised then end up hurt or even worse.
The internet teaches us this - if we are willing to learn.
Why does your brain not know that?
Quote:
You can't seriously be implying that you want a country which you've already as much as said is the spawn of Satan to not only create more laws but to push them on every other part of the world in the name of protecting computer users.
Spawn of Satan? You are revealing your culture.
Quote:
Have fun trying to order a Chinese malware creator to stop under threat of arrest and extradition.
You are revealing your culture.
You are not showing the credibility of your twisted and tragic thought.
I'll only say cognitive bias...
There's also a saying along these lines: if you engage in prolonged conversation with an idiot you will look & feel like an idiot yourself eventually.
I'm getting on my high meta horse now. Nothing I can say will help this thread. It has shuffled off its mortal coil. It is an Ex-thread.
Interesting, though, how certain buzzwords (the vaguer the better) seem to bring out the same hatters and the same pointless conversations again and again. Go back to post #1, read it.
I'll only say cognitive bias...
There's also a saying along these lines: if you engage in prolonged conversation with an idiot you will look & feel like an idiot yourself eventually.
I'm getting on my high meta horse now. Nothing I can say will help this thread. It has shuffled off its mortal coil. It is an Ex-thread.
Interesting, though, how certain buzzwords (the vaguer the better) seem to bring out the same hatters and the same pointless conversations again and again. Go back to post #1, read it.
This thread is in the Web Archive now.
Your post is simply saying 'you are intelligent'.
Your post is also saying you are 'weak' (intellectually).
Why can't you see that? Read your post. It's so obvious!
Prove you're intelligent.
Make a post about web browser privacy.
That's what this thread is about.
Nothing you say makes me feel weak.
No more clues, friend.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.