Tips for privacy and security

Tunafish · 2010-06-29 15:07:23

Below is a collection of tips & tricks to improve privacy and security on your system. I'm hoping to add more stuff. So please, post your tips for extra privacy and security.

For more recent information have a look at The sorcerer's_apprentice's paranoid #! Security Guide

Some more reading here: Howto Securing Debian

Privacy search engines
https://www.duckduckgo.com/ - view privacy policy: http://donttrack.us/
https://www.ixquick.com/ Metasearch engine (alltheweb, bing, digg, etc). Has an option to open search results via anonymous proxy
https://www.startpage.com/ (a mirror of ixquick)
https://privatelee.qrobe.it/ Bing and Google search results without the tracking
http://www.yauba.com/ Option to open search results via anonymous proxy

To add search engines to the firefox search bar have a look here: http://mycroft.mozdev.org/
I created a 'DDG crunchbang forum search plugin': http://mycroft.mozdev.org/search-engine … crunchbang

Addons for Firefox/Iceweasel
AdBlock Plus - Adblock Plus allows you to regain control of the internet and view the web the way you want to.
BCExplorer for Firefox - BrightCloud category and reputation info as you browse!
Beef Taco - Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks
BetterPrivacy - BetterPrivacy is a safeguard which protects from usually not deletable LSO's on Google, YouTube, Ebay...
BitDefender TrafficLight for Firefox - Adds a strong and non-intrusive layer of security to your browsing experience
CipherFox - Displays the current SSL/TLS cipher and certificate chain in the status bar.
CookieSafe - This extension will allow you to easily control cookie permissions.
Ghostery - Protect your privacy. See who's tracking your web browsing and block them with Ghostery.
GoogleSharing - GoogleSharing ultimately aims to provide a level of anonymity that will prevent google from tracking your searches, movements, and what websites you visit.
HTTPS Everywhere - It encrypts your communications with a number of major websites.
HTTPS Finder - HTTPS Finder automatically detects and alerts when SSL is available on a web page. It also provides one-click rule creation for HTTPS Everywhere. Other features include an ignore-domain list, and "auto-forward" to HTTPS.
Keylogger Beater - Use it to keep your username or password from being stolen by a keylogger.
LinkExtend - Provides meta-site-ratings for computer safety, child safety, company ethics, and popularity.
Master Password+ - Various enhancements for "master password"
Netcraft Toolbar - Blocks phishing sites, helping to protect users from online fraud...
NoScript - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
OptimizeGoole - Enhance Google search results and remove ads and spam
PhZilla - Firefox add-on to achieve anonymity in surfing, using web-based proxy
PrivacySuite - One place to protect your privacy when you go online.
RefControl - Control what gets sent as the HTTP Referer on a per-site basis.
RequestPolicy - Be in control of which cross-site requests are allowed.
TrackMeNot - Protects users against search data profiling...
Priv3 - Practical Third-Party Privacy for the Social Web (unnecessary when using adblock)
WOT - The WOT add-on is a safe surfing tool for your browser.
For Human Eyes Only - converts messages into images

Addons for Chrome/Chromiun
A Little Privacy - Prevents passing referrer to third parties, removes redirect trackers, resolves short URLs, and more.
Abine TACO - Opt-out of advertising networks
AdBlock - Blocks ads all over the web.
Adblock Plus for Google Chrome™ - Blocks ads using the Firefox AdBlock Plus filter engine. Kiss ads goodbye and browse in peace!
Block Mixed Content - This extension blocks loading of insecure active content in secure (HTTPS) pages.
Chrome BCExplorer BETA - BrightCloud category and reputation info as you browse!
Chromeblock - Stop secret tracking of your web browsing
Disconnect - Stop major third parties and search engines from tracking the webpages you go to and searches you do.
Ghostery - Protect your privacy. See who's tracking your web browsing with Ghostery.
KB SSL Enforcer - Automatic security, browse encrypted.
Keep My Opt-Outs - Permanently opts your browser out of online ad personalization via cookies.
NOREF - Suppress Referrer (referer) for Hyperlinks
NotScripts - A clever extension that provides a high degree of 'NoScript' like control of javascript, iframes, and plugins on Google Chrome.
SafeBrowser - Sends the url of the currently selected tab to Google Safe Browsing to retrieve some malware results of that domain
SaferChrome - SaferChrome makes browsing safer by identifying and preventing security and privacy breaches.
Signature Check - Allows users to check a certificate thumbprint against the SignatureCheck.org thumbprint to detect man-in-the-middle attacks that use valid signing certificates.
SiteAdvisor for Chrome - SiteAdvisor will give safety ratings for websites, this extension will warn you before you open threat sites.
TrafficLight (BETA) - Adds a strong and non-intrusive layer of security to your browsing experience
Unencrypted Password Warning - Helps to prevent you from sending unencrypted passwords or credit card numbers.
Vanilla Cookie Manager - A Cookie Whitelist Manager that helps protect your privacy. Automatically removes unwanted cookies.
WOT - The WOT add-on is a safe surfing tool for your browser.
Hide My IP – Anonymous browsing

Sandbox & AppArmor
Sandfox - run Firefox / Skype & other apps in a sandbox
Howto for Sandfox
AppArmor - Install AppArmor

Anonymity online
I2P Anonymous Network
JonDonym software
Tor Project Tor is also in the Debian repository. Installation guide is here.
Torbirdy plugin for Icedove/Thunderbird.

DNS services
ClearCloud DNS
Comodo Secure DNS
Norton DNS
OpenDNS More info: here.

DNScrypt (for OpenDNS) - more info

Anti-virus
avast! Linux Home Edition
AVG Anti-Virus Free Edition for Linux
Avira AntiVir Command Line Scanner ScanCL (Linux)
Chrootkit checks for signs of a rootkit on your linux machine. It's in the repos.
rkhunter - rootkit, backdoor, sniffer and exploit scanner is in the repos.
Clam AntiVirus is in the repos.
F-PROT Antivirus for Linux Workstations
There is no real need for anti-virus software on Linux, although there are some exceptions (e.g. mail forwarding to windows-users, wine-apps, running linux from usb on a windows machine to delete viruses).

Facebook
Facebook Beakon Blocker - addon for Firefox
No FB Tracking - addon for Firefox
http://www.reclaimprivacy.org/facebook - test your Facebook privacy settings
Facebook Connect® opt-out - Facebook filters for Adblock Plus

Firewall
There's a lot of discussions about firewalls for Linux. It seems that you don't need one if you're a home user and not running a server.
Arno-iptables-firewall - A secure stateful firewall for both single and multi-homed machine
gufw - An easy, intuitive way to manage your Linux firewall; its in the repos.
Shorewall - in the repo's.
Ubuntu firewall – A management tool for multiple ubuntu firewalls in the cloud
Firestarter – A firewall for Linux
You can test your internet vulnerability with Shields Up

Host file
http://www.mvps.org/winhelp2002/hosts.htm
Just add the entries to your /etc/hosts file to block these sites.
Take care: the bigger this file is, the slower your system might response. Best option is to restrict your host file interaction to the targets you have identified as malicious.

IP blocker (similar to PeerGuardian)
MoBlock

Passwords
KeepassX - for storing passwords in an encrypted database
more info

To find out what kind of passwords are weak or strong. Don't use the exact passwords you enter in these tests!
http://howsecureismypassword.net/
http://passwordadvisor.com/
http://www.passwordmeter.com/
http://www.unwrongest.com/projects/password-strength/

To generate secure passwords:
https://www.grc.com/passwords.htm
http://angel.net/~nic/passwd.html
http://strongpasswordgenerator.com/
http://www.passwordchart.com/

File, disk and mail encryption
Bcrypt (file encryption, is in the debian repository)
Ccrypt (file encryption, is in the debian repository)
Cryptsetup (encrypt your swap and home partition)
Enigmail is an addon for Thunderbird/Icedove to use pgp/gpg for sending/receiving emails. It's also in the Debian repository.
Gnupg official site (free pgp) - Gnupg is in the Debian repository
GPA (front-end for Gnupg, includes file decrytion: gpa --files)
Seahorse (front-end for gnupg keys)
Truecrypt - creates encrypted volumes
FreeOTFE - like Truecrypt, but works with standard linux encryption like LUKS

Secure file deletion (all in debian repository)
BleachBit - deletes unnecessary files and wipe free space
Secure-delete
Wipe

Secure mail services
Tormail
Lavabit

Temporarily and anonymous email addresses
http://10minutemail.com/
http://anonymouse.org/anonemail.html
http://www.dispostable.com/
http://www.sendanonymousemail.net/
https://www.silentsender.com/

Some interesting websites
Electronic Frontier Foundation
Eric Howes' Privacy & Security Page
Privacy International

Last edited by Tunafish (2013-06-26 17:45:40)

winotree · 2010-06-29 15:16:46

gufw is an easy to use firewall. It's in the repositories. You can see it here http://gufw.tuxfamily.org/

anonymous · 2010-06-29 15:26:35

IP blocker (similar to PeerGuardian):
MoBlock

Addons for Firefox/Iceweasel
Ghostery - Protect your privacy. See who's tracking your web browsing and block them with Ghostery.
NoScript - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
Beef Taco - Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks
RefControl - Control what gets sent as the HTTP Referer on a per-site basis.

Addons for Chrome/Chromium
Ghostery - Protect your privacy. See who's tracking your web browsing with Ghostery.
NOREF - Suppress Referrer (referer) for Hyperlinks

evilplaymobils · 2010-06-29 15:38:00

do these search engines that you stated provide a wide variety of results?

bozhkov · 2010-06-29 16:12:03

How come you do not mention Scroogle?

evilplaymobils · 2010-06-29 16:15:43

scroogle seems really good indeed,but i chose logless
goodbye google

Tunafish · 2010-06-29 16:23:38

bozhkov wrote:

How come you do not mention Scroogle?

Eh well... eh... what was it i didn't mention it? O yeah... i forgot!

Sector11 · 2010-06-29 22:51:30

This thread is BOOKMARKED!

Thanks TunaFish

Awebb · 2010-06-29 23:35:18

Firewall:
- Turn off unused listening servers on your machine
- Configure your daemons to be restricted to your local network or - even better - your machine, don't expose ports (by having listening servers on them). More important: refuse to use network related software unable to be configured that way. The less packages you need to filter, the less mistakes you make.
- Don't expose SSH to the WWW. Instead you should tunnel everything through - say - VPN.

Hostfile:
- Don't just put every ad-server into your host file. The bigger this file is, the slower your system might response (in a worst case scenario). Restrict your host file interaction to the targets you have identified as malicious.

Facebook:
- Don't use it. EOL

Linux in general:
- Don't trust every maintainer of a small spinn off distro with it's own repos to place malicious code in an update, so you won't... Hey, wait... what?

Sector11 · 2010-06-30 00:18:55

Awebb wrote:

Linux in general:
- Don't trust every maintainer of a small spinn off distro with it's own repos to place malicious code in an update, so you won't... Hey, wait... what?

Awwwwwwww, too late!

I promise I will NOT tell corenominal you said, pardon me, almost said that.

Tunafish · 2010-06-30 11:16:16

Awebb wrote:

Firewall:
- Turn off unused listening servers on your machine
- Configure your daemons to be restricted to your local network or - even better - your machine, don't expose ports (by having listening servers on them). More important: refuse to use network related software unable to be configured that way. The less packages you need to filter, the less mistakes you make.
- Don't expose SSH to the WWW. Instead you should tunnel everything through - say - VPN.

Awebb... can you tell me how to do these things? Do you have some links to howtos?
I really don't know what i have to do to achieve these things. Are they important for home users, or just when running a server, or.....?

Thanks,
tuna

Last edited by Tunafish (2010-06-30 11:18:45)

Tunafish · 2010-06-30 13:29:04

Has anyone tried Zfone? Alternative for Skype, from the creator of PGP.
http://zfoneproject.com/

Schadt91 · 2010-06-30 15:58:42

I would like to thank the contributors to this thread, I have some reading to do!

ninjaguardsheep · 2010-06-30 16:28:11

Google also has an ssl encrypted search page,

https://www.google.com/

no image search though.

anonymous · 2010-06-30 16:34:57

I think the privacy search engines are supposed to be alternatives to Google though.

machinebacon · 2010-06-30 19:06:56

Schadt91 wrote:

I would like to thank the contributors to this thread, I have some reading to do!

+1, especially Tunafish, big thanks!

Awebb · 2010-06-30 20:46:00

Sector11 wrote:

I promise I will NOT tell corenominal you said, pardon me, almost said that.

I work for a major ISP in my country at the moment, in the DSL fault clearing section. I KNOW about the worth of a promise...

Sector11 · 2010-06-30 22:36:41

^ ahhh, but I don't work there so therefore I don't.

Tunafish · 2010-07-01 08:22:07

I found a great way to test the security of your computer/network:

1. Join an IRC chat room with 250+ Linux gurus.
2. Call them all fags and proclaim that Bill Gates kicks Linus Torvald's ass.
3. Give them your IP address (Optional, since it's amazingly easy to get it on IRC).
If your machine is still running the next day, you're good.

found on http://digg.com/linux_unix/How_To_Test_ … x_Firewall

winotree · 2010-07-01 13:08:28

Now that's funny, Tunafish. That's genuinely humorous.

Sector11 · 2010-07-01 18:59:38

Tunafish wrote:

I found a great way to test the security of your computer/network:

With my luck I would probably get to

... proclaim that Bill Ga

and my computer would go blink!

Good find.

Last edited by Sector11 (2010-07-01 19:04:33)

Tunafish · 2010-07-24 21:27:42

Hey what's going on with the OP... it's getting bigger and bigger without editing by me!
Some nice stuff is added, so that's cool, but who did it?
And i would like to have a notification so i could check out these addons as well...
Tuna

anonymous · 2010-07-24 21:49:26

Sorry that would be me. Once I remembered I was mod, I figured it was easier to edit the post myself rather than making numerous posts with links

Tunafish · 2010-07-24 22:04:11

anonymous wrote:

Sorry that would be me. Once I remembered I was mod, I figured it was easier to edit the post myself rather than making numerous posts with links

No problem... i'm just curious....

captainhaggy · 2010-07-24 22:28:24

Under anonymity online, you should also add http://i2p2.de ... the i2p Network.

CrunchBang Linux

SEARCH

#1 2010-06-29 15:07:23

Tips for privacy and security

#2 2010-06-29 15:16:46

Re: Tips for privacy and security

#3 2010-06-29 15:26:35

Re: Tips for privacy and security

#4 2010-06-29 15:38:00

Re: Tips for privacy and security

#5 2010-06-29 16:12:03

Re: Tips for privacy and security

#6 2010-06-29 16:15:43

Re: Tips for privacy and security

#7 2010-06-29 16:23:38

Re: Tips for privacy and security

#8 2010-06-29 22:51:30

Re: Tips for privacy and security

#9 2010-06-29 23:35:18

Re: Tips for privacy and security

#10 2010-06-30 00:18:55

Re: Tips for privacy and security

#11 2010-06-30 11:16:16

Re: Tips for privacy and security

#12 2010-06-30 13:29:04

Re: Tips for privacy and security

#13 2010-06-30 15:58:42

Re: Tips for privacy and security

#14 2010-06-30 16:28:11

Re: Tips for privacy and security

#15 2010-06-30 16:34:57

Re: Tips for privacy and security

#16 2010-06-30 19:06:56

Re: Tips for privacy and security

#17 2010-06-30 20:46:00

Re: Tips for privacy and security

#18 2010-06-30 22:36:41

Re: Tips for privacy and security

#19 2010-07-01 08:22:07

Re: Tips for privacy and security

#20 2010-07-01 13:08:28

Re: Tips for privacy and security

#21 2010-07-01 18:59:38

Re: Tips for privacy and security

#22 2010-07-24 21:27:42

Re: Tips for privacy and security

#23 2010-07-24 21:49:26

Re: Tips for privacy and security

#24 2010-07-24 22:04:11

Re: Tips for privacy and security

#25 2010-07-24 22:28:24

Re: Tips for privacy and security

Board footer