Nostr Web Client

PrivacyTechPro tip: Using an always-on VPN is recommended good privacy practice. However, there are other ways of tracking your specific device on the internet.

For example, if you forget you logged into Google Chrome with your real account and real name or you forgot to log out of Gmail and you visit a website with Google tracking, the site (and Google) may still be able to identify it is you browsing their site based on your device and browser fingerprints (screen resolution, installed fonts etc) and your Google login, even though you are using a VPN to obscure your IP address.

Here are a few ways this could happen:

Websites using Google sign-in - Some sites offer "Sign in with Google" as an option. If you use this to log into a site in Chrome, the site will know your Google account and can associate your activity with that account.

Cookies from Google services - As you browse the web logged into your Google account, Google may place cookies on sites you visit that could identify you to those sites. For example, if a site has integration with Google AdSense or Analytics.

Browser fingerprinting - Through techniques like collecting information about your browser, plugins, system fonts and other details, sites may be able to uniquely "fingerprint" you and track you across browsing sessions. Being logged into Google could be one detail contributing to a fingerprint.

Using a paid always-on VPN (#IVPN, #Mullvad VPN, #Proton VPN) while using Tor helps mitigate this risk when you need extra privacy by going beyond just obscuring your IP. It has anti-fingerprinting technology that makes you look the same as other users on the network.

Do a side by side test with VPN + privacy browser (#Mullvad, #Librewolf) only, VPN + regular bowser, and VPN while using Tor to see the difference with what can be known about your device here:

https://www.deviceinfo.me/

#cybersecgirl #privacytechpro #tor #vpn #privacy

Reply to this note

Please Login to reply.

Discussion

acronym 1y ago

Hot tips:

Don't use gmail

Don't log into Google anything ever

☠️ 𝕯𝖗𝖊𝖆𝖉 𝕻𝖎𝖗𝖆𝖙𝖊 ☠️ 1y ago

Unless you want to trick them into believing you have this whole other life going on when you're not high.

MrShroom🍄 1y ago

I admire the work you're doing here.

Spreading those informations is important now more than ever.

Ava 1y ago

thank you. yes it is.

Camillo≋ 1y ago

Better off Google services while running NoScript add-on behind Windscribe vpn.

ETT 1y ago

Great info. What's your opinion of Brace for anti stinger printing? It gives me the best results on coveryourtracks compared to for browser and mullvad

ETT 1y ago

Brave not Brace.

ETT 1y ago

Antifingerprinting not anti stinger. dammit autocorrect why

Ava 1y ago

hello again. new npub? yup. i was about to go into a stinger protection rant. jk. i don't recommend them. i'm not a fan of the bat crypto thing, the company's history of questionable decisions or the ceo, and more importantly, imo there are better options like tor browser, mullvad, and hardened firefox (arkenfox, librewolf).

node 1y ago

nostr:npub1j8vhn4d503rrxxj04kqmm54yn2vu2axgznsls0nhy5ml75ssjzaq45u06v one of the reasons why I need to get rid of my google account ASAP 😬

Obi-₿it Koinobi 1y ago

What are your thoughts on this? He says you're just asking for more attention by connecting to tor through vpn:

https://www.youtube.com/watch?v=y8bIt4K_Kfo

Ava 1y ago

his argument is that it's more "obvious" to use vpn with tor. i usually like mental outlaw's videos, but i disagree with his point of "don't use a vpn with tor because it makes you more obvious."

yes, there are some times it doesn't make sense to use both tor and a vpn but that's a nuanced discussion for later.

what is important is not exposing your ip to the internet whenever possible.

splittunneling or using multiple vpn qubes (on qubesos) and having a direct connection not routed through the vpn traffic work for those "other times" when you do have to expose your ip to an app or website.

keeping an always-on vpn, not disconnecting, then connecting to tor, then forgetting to reconnect the vpn and exposing your ip is far more risky.

just leave it on.

the fact is, your isp will likely hand over your personal data faster with less resistance than a respectable vpn would

if there is no account or email with your actual identity attached (like mullvad vpn) and you were using a fingerprint resistant browser with a vpn on when you signed up, or signed up over tor and paid with non kyc or cash, what can they hand over?

Ava 1y ago

tldr, yes you are trusting a 3rd party with your ip, but it makes more sense to trust a privacy-first open source vpn company (who's reputation depends on them not logging user ip) like mullvad, who stores this info in temporary ram, not to permanant hard disk...and who has post-quantum safe resistant vpn tunnels...to not log my ip (they have been tested) than any isp when using tor.

it's a silly argument imo. i think it was a filler video.

hit with a hint of s 1y ago

What is “post-quantum safe resistant”?

Ava 1y ago

"The encryption used by WireGuard has no known vulnerabilities. However, the current establishment of a shared secret to use for the encryption is known to be crackable with a strong enough quantum computer.

Although strong enough quantum computers have yet to be demonstrated, having post-quantum secure tunnels today protect against attackers that record encrypted traffic with the hope of decrypting it with a future quantum computer."

https://mullvad.net/en/blog/stable-quantum-resistant-tunnels-in-the-app

hit with a hint of s 1y ago

Thanks. I guess I should not expect to understand. Unfortunately i use mostly a wireguard connection. Maybe it’s time to rethink this approach.

boston wine 1y ago

Okay, as a relative newbie, here are my takeaways from these threads. Am I indeed getting the right picture?

1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord

2. Running Tor - for any viable usage - through a VPN is fine, because you’re really just evaluating whether your VPN provider or your ISP knows you’re using Tor, and while neither can see the activity, you’d rather a quality VPN service be aware of Tor usage than a “definitely captured” ISP like Verizon or Spectrum

3. If you’re aiming to cover the lowest-hanging fruit, but aren’t ready (or feel it’s currently necessary) to make the full shift to a de-googled Graphene phone and TailsOS, then simply running an always-on VPN like Mullvad for benign web activity should gain a significant amount of privacy with minimal inconvenience.

For the tech-familiar and privacy-conscious beginner, would you say the above is a decent start? Any glaring holes?

Ava 1y ago

1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord

-- i don't recommend nord, but i do also recommend proton vpn. if you only want a vpn, mullvad is where it's at.

-- basically yes. tor over vpn (tor through vpn). there is more to evaluate, but it is riskier to turn off your vpn, then connect to tor, forget to reenable then expose your ip or trust your isp over a respected no log vpn provider.

also, if you don't have a vpn enabled, surfing http (unsecured sites) on tor can be used to deanonymise you by a malicious tor exit node etc (same with clearnet). this was a rebuttal to the argument made in the video.

yes i recommend using an always-on vpn as i outlined. it's a basic first step re: the post, and yes to grapheneos, but with qubesos with whonix for a daily driver os. tails is awesome for what it is but it is not a daily driver per se, it's more for one and done stuff (this depends on your threat model).

tl;dr: use tor over (through) vpn. keep your vpn always-on (except for banking and other sites/apps that don't play nicely with it...you can use splittunneling to bypass vpn traffic for those). also, fyi amethyst allows you to connect through a tor proxy via orbot.

Orange Crush 1y ago

This is why QubesOS rocks. Breaking applications, different sites, and different activities apart from each other with app specific qubes will increase your focus by removing highly personalized and well designed attacks on your attention. I could care less about hiding, I want the freedom to drive my own experience.

67af7c7a... 1y ago

Please be careful with recommendations of this girl.

She's perhaps a girl who seeks attention or is paid/controlled by official entities or both.

1. Sweden(Mullvad) has one of the worst privacy laws in the world. For instance police can enter your home w/o warrant, they can hack your devices and they use facial recognition.

Try to avoid services located in Sweden.

Remember Libera.Chat is located in Sweden too.

2. Using Tor over VPN - you can be easier fingerprinted, time-correlated. If in your country Tor isn't forbidden just connect directly to Tor. Perfectly make Tor run 24/7.

3. Do not use GrapheneOS which builds a walled garden and forces users to use their server (updates, clock sync etc). Using GOS you're like a beacon. If you want to have GOS for sure do not follow their recommendations for instance do not use web installer, disable their Store, disable auto-updates, don't install Google services. Disable all known connections to GOS' servers like supl, connectivity checks etc.

Do not listen to this lady. Even banks, not all of course accept Tor connections.

This girl's recommendations are dangerous.

#security #privacy

boston wine 1y ago

Thanks for the thorough feedback, Ava 🤙

I’ve found mixed feedback on Nord (the first VPN I had tried). Mostly benign and then the occasional word of caution - how come?

My threat model is minimal - reducing the number of companies and aggregators that have my data, and telling my ISP to mind their own business, are my primary goals.

My bank seems to have no issue with VPN. I had to “train” my mobile banking app to accept traffic from my vpn servers until it stopped giving me errors, but now it works fine.

Appreciate it 🙏