cedric's bazaar

User Tools

Site Tools

Trace:
security:privacy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
security:privacy [2015/05/07 11:50] cedricsecurity:privacy [2016/11/17 14:57] cedric
Line 8: Line 8:
     * [[https://www.eff.org/https-everywhere |HTTPS Everywhere]];     * [[https://www.eff.org/https-everywhere |HTTPS Everywhere]];
     * [[https://www.eff.org/privacybadger | Privacy Badger]];     * [[https://www.eff.org/privacybadger | Privacy Badger]];
-    * [[https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ Adblock Plus]]; +    * [[https://addons.mozilla.org/en-US/firefox/addon/ublock-origin uBlock Origin]]; 
-    * [[https://addons.mozilla.org/en-US/firefox/addon/noscript| NoScript]] (only enable JavaScript on sites you trust, else enable temporally); +    * [[https://addons.mozilla.org/en-US/firefox/addon/noscript | NoScript]] (only enable JavaScript on sites you trust, else enable temporally); 
-    * [[https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard| FoxyProxy]]; +    * [[https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard | FoxyProxy]]; 
-    * [[https://addons.mozilla.org/en-US/firefox/addon/donottrackplus/ DoNotTrackMe]]; +    * [[https://addons.mozilla.org/en-US/firefox/addon/geolocater Geolocater]]. 
-    * [[https://addons.mozilla.org/en-US/firefox/addon/geolocater/ | Geolocater]]+  * [[https://gist.github.com/cedricbonhomme/de05a2413273b8a3b7de configurations]] in //about:config// with the file ''user.js'':
-  * configurations in //about:config//+
-    * set the value of //browser.search.suggest.enabled// to //false//; +
-    * set the value of //network.http.sendRefererHeader// to //0// (you may experience some problems with CSRF); +
-    * set the value of //geo.enabled// to //false//; +
-    * set the value of //browser.urlbar.trimURLs// to //false//; +
-    * set the value of //browser.urlbar.formatting.enabled// to //false//; +
-    * set the value of //javascript.enabled// to //false// (in this case no need to install NoScript).+
   * Firefox preferences:   * Firefox preferences:
     * in the privacy tab precise that you do not want to be tracked by sites;     * in the privacy tab precise that you do not want to be tracked by sites;
-    * do not accept cookies from sites and allow (for session only) sites you trust ([[http://blog.cedricbonhomme.org/2013/08/04/nouvelle-attaque-sur-les-utilisateurs-de-tor| example]]);+    * do not accept cookies from sites and allow (for session only) sites you trust ([[http://blog.cedricbonhomme.org/2013/08/04/nouvelle-attaque-sur-les-utilisateurs-de-tor | example]]);
   * install [[https://www.torproject.org/ | Tor]]/Privoxy and use FoxyProxy to switch faster between Tor and the "no proxy" mode;   * install [[https://www.torproject.org/ | Tor]]/Privoxy and use FoxyProxy to switch faster between Tor and the "no proxy" mode;
   * do not use Tor without HTTPS on sensible sites;   * do not use Tor without HTTPS on sensible sites;
-  * if you are not already using all Google services you can use Google'DNS (8.8.8.8 and 8.8.4.4).+  * avoid using Google DNS (even if they are fast and reliable)Prefer [[https://www.fdn.fr/actions/dns/ | French Data Network]] DNS resolvers (80.67.169.12, 80.67.169.40).
  
 Another good solution is to use the [[https://www.torproject.org/projects/torbrowser.html.en | Tor Browser]] which is based on Firefox and pre-configured  with the best settings for your privacy and uses the Tor network by default. No technical knowledge is required. Another good solution is to use the [[https://www.torproject.org/projects/torbrowser.html.en | Tor Browser]] which is based on Firefox and pre-configured  with the best settings for your privacy and uses the Tor network by default. No technical knowledge is required.
  
 If you are using a public computer I recommend you [[https://tails.boum.org/ | Tails]]. If you are using a public computer I recommend you [[https://tails.boum.org/ | Tails]].
 +
 +==== Firefox preferences ====
 +
 +=== User preferences ===
 +
 +<html><script src="https://gist.github.com/cedricbonhomme/de05a2413273b8a3b7de.js"></script></html>
 +
 +=== Privacy ===
 +
 +{{ :security:firefox_configuration.png |}}
 +
  
 ===== Browsing advices ===== ===== Browsing advices =====
Line 65: Line 69:
   * DukGo or another Jabber/XMPP service. Use [[https://otr.cypherpunks.ca/ | Off-the-Record]] (OTR), easy with Pidgin or Kopete;   * DukGo or another Jabber/XMPP service. Use [[https://otr.cypherpunks.ca/ | Off-the-Record]] (OTR), easy with Pidgin or Kopete;
   * a worth watching project: [[https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB | TIMB]];   * a worth watching project: [[https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB | TIMB]];
 +  * another interesting project: [[https://ricochet.im | Ricochet]];
   * IRC.   * IRC.
  
Line 75: Line 80:
  
 Of course, this list is not exhaustive. Of course, this list is not exhaustive.
 +
 +===== /etc/hosts =====
 +
 +The content of my ''/etc/hosts'' file is based on [[http://someonewhocares.org/hosts/ | this very good example]].
 +
 +
  
 ===== DNS ===== ===== DNS =====
Line 85: Line 96:
  
 //resolvconf// is a set of scripts and hooks managing DNS resolution.\\ //resolvconf// is a set of scripts and hooks managing DNS resolution.\\
-The configuration of the internet connection is specified in the file ''/etc/resolvconf''.\\ It is possible to edit this file, but any change manually done will be lost as it gets overwritten next time something triggers resolvconf.\\ +The configuration of the internet connection is specified in the file ''/etc/resolvconf''. It is possible to edit this file, but any change manually done will be lost as it gets overwritten next time something triggers resolvconf.\\ 
-An solution is to use the file ''/etc/resolvconf/resolv.conf.d/head'' in order to ensure a DNS server is always the first one in the list.+solution is to use the file ''/etc/resolvconf/resolv.conf.d/head'' in order to ensure a DNS server is always the first one in the list.
  
 <code bash> <code bash>
Line 94: Line 105:
 # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
 #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
-nameserver 8.8.8.8 +# French Data Network DNS resolvers 
-nameserver 8.8.4.4+nameserver 80.67.169.12 
 +nameserver 80.67.169.40
  
 # resolvconf -u # resolvconf -u
Line 115: Line 127:
 netmask 255.255.255.0 netmask 255.255.255.0
 gateway 192.168.1.1 gateway 192.168.1.1
-dns-nameservers 8.8.8.8 8.8.4.4+dns-nameservers 80.67.169.12 80.67.169.40
 </code> </code>
  
Line 125: Line 137:
 # exit # exit
 $ nslookup cedricbonhomme.org $ nslookup cedricbonhomme.org
-Server:         8.8.8.8 +Server:         80.67.169.40 
-Address:        8.8.8.8#53+Address:        80.67.169.40#53
 </code> </code>
  
security/privacy.txt · Last modified: 2017/11/24 22:52 by cedric