Skip Navigation

N.E.P.T.R

@ Neptr @lemmy.blahaj.zone

Posts
8
Comments
498
Joined
1 yr. ago

I'm the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I'm nearly done with an IT Security degree.

TL;DR I am a nerd.

  • Minimising Browser Telemetry

    Jump

  • That is not what I was referring to. DoH is easy to access in the settings, but with a SOCKS5 proxy you want DNS from the provider to avoid fingerprinting of your location by using a network or DoH provider, which may be a geographically closer server because of your host IP.

    Under about:config, change "network.proxy.socks5_remote_dns" to true.

    I don't know definitively why they were fingerprinted to there local city, this is just a theoretical reason.

  • Dash to Panel maintainer quits after failed donations drive • The Register

    Jump

  • Sad but understandable. I saw the donation button but I don't have spare money atm.

  • Minimising Browser Telemetry

    Jump

  • It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.

    For best fingerprinting protection, use either:

    • Mullvad Browser with a VPN (prefer Mullvad VPN)
    • Tor Browser

    Avoid using Tor with a normal browser because you will stick out like a sore thumb.

  • Deleted

    Permanently Deleted

    Jump
  • Deleted

    Permanently Deleted

    Jump

  • I recommend Notesnook. It is open source, cross platform, and cloud synchronized E2E encrypted. I know cloud based wasn't something you wanted especially, but I thought it was worth mentioning because it is encrypted.

  • Locked

    Mutahar makes PewDiePie Linux switch video, Pewds shows up in the comments. ✋🏻🗿✋🏻

    Jump

  • Warhammer: Vermintide 2 gets an Easy Anti-Cheat upgrade - finally works properly on Linux

    Jump

  • Thank god. It is a fantastic game.

  • Can I ignore flatpak indefinitely?

    Jump

  • I personally like flatpak and its build system. Flatpak applications are sandboxed by default and don't require root during any part of installation, reducing the risk of malicious/broken software damaging the host. They also are available for basically any base distro, meaning i can use the same apps if a ever distrohop and i can even just copy over the config folders as if nothing happened.

  • Like many others, I’ve been looking into internet browsers lately. This guy has put together a pretty extensive comparison: pctips.com/best-browsers

    Jump

  • It's a panel of tests for browsers. It isn't the clearest what each mean (without doing a little research) and not all categories and subcategories have equal importance. I still like this website though just for the listed information.

  • The question of browsers

    Jump

  • I recommend Fedora or openSUSE Tumbleweed.

  • Security is a mess, and why a threat model is important

    Jump

  • Lol, understandable.

  • The question of browsers

    Jump

  • It seems like an interesting setup. I don't really have too much to say other than nitpicks.

    Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.

    Using Linux .desktop launcher scripts, you could:

    • Create a .desktop launcher (in ~/.local/share/applications/) for each profile
    • Edit default desktop launcher to always prompt to choice profile on start (using the launch option -P)
    • Edit the default launcher to offer a menu option for each profile.

    Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I'd like to know your reason for picking it. I don't dislike Debian and I still use it for different things (mostly VMs and some dev work).

  • Security is a mess, and why a threat model is important

    Jump

  • Thanks for the rant, I liked your write-up.

    I think it may also help some people to create simple decision flowcharts to help with acting consistent and avoid making simple mistakes with a complex threat model. Basically a scenario and the decision tree. Say for example someone is using QubesOS and needs to keep consistent what each qube is for and why.

    Of course creating charts that show your strategy and make your decision predictable is itself just even more privileged information you now need to protect.

    Also, any effective threat model also requires consistent reevaluation to assess the effectiveness of your methods and adjust with the evolution of threats.

  • Deleted

    Permanently Deleted

    Jump

  • Which would that be pulls out the deathray which terminates fun places on the internet?

  • Deleted

    Permanently Deleted

    Jump

  • It wont be a problem because from the Live USB you can mount the encrypted drive in the file explorer app (Dolphin on KDE) after supplying the encryption password.

  • Not incorrect.

    Jump

  • No

    /jk obvi I like Python

  • Exe in a bottle

    Jump

  • Firejail is a large SETUID binary which can (and has) aid in privilege escalation. It is recommended to avoid it for this reason.

    See: https://madaidans-insecurities.github.io/linux.html#firejail

    If you are relying on community sandboxing profiles and not making your own, i can understand why Firejail is interesting as a choice because of its large community.

    If you are making your own, consider checking out Bubblewrap (available on most Linux systems), Bubblejail), Crablock, and Sydbox, which all use unprivileged sandboxes.

  • Exe in a bottle

    Jump

  • It really isnt any defense. All a website can do is initiate a download, websites are sandboxed by default. You still have to run the executable, which doesnt really apply to Linux because the file will have no executable permission.

  • peak social engineering at the dallas airport bathroom rule

    Jump

  • This made me immediately think of how old American homes in the back of the mirror cabinet of the bathroom just had a slot that fed into the space between the drywall so you could through your razerblades away. Good luck to the renovators in 50 years when they need to remove that drywall and pick up a thousand rusty butterfly-style razerblades. Can't throw those suckers in a plastic trashbag either cus it'll cut right through.

  • Ironfox doesn't have privacy.resistfingerprinting set to true in about:config?

    Jump

  • Understandable, thank you for your (and contributor's) work on this project. I am happy that i dont need to compile Fennec with hardening from source for each update.