dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8957
share rss forum feed


Oregonian
Premium
join:2000-12-21
West Linn, OR
Reviews:
·Comcast
reply to Name Game

Re: Is it possible to quit Google?

No one quits Google...

»www.youtube.com/watch?v=jwlYo8EYTWI


Adrik Ivanov

@reserver.ru
reply to Frodo
said by Frodo:

I've been using this search engine:
»startpage.com/do/metasearch.pl
"Enhanced by Google"

"Startpage offers you Web search results from Google in complete privacy!

When you search with Startpage, we remove all identifying information from your query and submit it anonymously to Google ourselves. We get the results and return them to you in total privacy".

So they say.

Startpage is good, but isn't anyone curious as to why Google allows them to scrap their servers when they generate revenue based on knowing what people are searching? I'm not sure I fully trust them.

The HTTPS version of Duckduckgo on the other hand, appears trustworthy. Each time anyone discovers a 'potential' flaw in DDG the owner makes adjustments to fix the potential loopholes. For example Amazon-Cloud hosts his search indexers, and one person discovered that in theory - Amazon could scrap the searches. So Gabriel at DDG developed a system that uses proxy servers in the basement of his home to redirect your searches through the indexer. Gab is extremely privacy aware..

»www.gabrielweinberg.com/blog/201···ous.html
I have now solved this problem by setting up a reverse proxy between me and S3. This costs me more bandwidth and server resources, but it is worth it to solve the privacy problem for you. Additionally, it actually improves usability because a) I set up a cache on my end and b) I can now turn off https to S3. Furthermore, it is even more private than simply dropping the Referer string. Since you are no longer making the request on your side, your IP address isn't being sent to them at all. I can also explicitly set the Referer string (using the nginx more headers module), which I set to '»duckduckgo.com/';

I haven't used Google in quite some time, and if I do I ensure I am on an overseas proxy before I do. There are a few major contenders for videos that are up and coming that will challenge Youtube. Unfortunately one of the big players was MegaUpload, they had an amazing video service but the feds didn't like them challenging the cartel corporations. I would never, ever, install or log into anything google, ever. Chrome is privacy suspicious, Iron is much better in this regard, but I think Opera is probably the safest to use.

Frodo

join:2006-05-05
kudos:1
said by Adrik Ivanov :

Startpage is good, but isn't anyone curious as to why Google allows them to scrap their servers when they generate revenue based on knowing what people are searching? I'm not sure I fully trust them.

They're quick. The other sister site is »ixquick.com/
No mention of Google on that site. I've tried Duckduckgo but the results didn't seem "google" like. Haven't tried them lately.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Frodo
If you use Fx, then use Google Sharing extension. It is much better than Startpage.

»www.googlesharing.net/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Adrik Ivanov
Duckduckgo has terrible search results. Plus, that is Amazon. I hate Amazon as much, if not more, than Google.

The best current solution (since the demise of Scroogle) is Google Sharing extension for Fx.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Adrik Ivanov

@reserver.ru
said by Mele20:

Duckduckgo has terrible search results. Plus, that is Amazon. I hate Amazon as much, if not more, than Google.

The best current solution (since the demise of Scroogle) is Google Sharing extension for Fx.

Actually DDG has the most relevant search results. Why? They only robot actual links to other links, rather than all web content. This means the searches are always going to result in valid working links, that lead somewhere important. Google spiders trawl the entire internet, offering really stupid results. Also Google tampers with results to convey their desired end-result - untrustworthy.

Do you even read? I already posted how doing DDG searches doesn't even expose you to Amazon because DDG uses a reverse proxy to protect user searches. Have you checked the privacy policy on that search proxy you are recommending? Might want to.. Not to m ention Firefox is crap anyone. DDG has one of the best privacy policies in the industry. DDG has no affiliation whatsoever with Amazon, they merely contact some of their server architecture, then install additional privacy protection over that. Why? DDG used to run on servers in Gabriels basement, but it has become so popular he needed to leverage much much more server power to maintain speed and accuracy. The indexers I believe are still housed in his basement, along with the reverse proxy that protects users IP from being sniffed.

Once again - read the links: »www.gabrielweinberg.com/blog/201···ous.html

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
I don't need to be spoon-fed. I like to make my own decisions about what web sites are "important". Why would I do a search in the first place if I did not want ALL WEB CONTENT for my search terms returned? Duckduckgo is trying to control MY search. I don't want that! The same thing happens with Startpage and don't like it either.

Yes, I have read the privacy policy for Abine. Yeah, I have to trust that they are telling the truth. Just as I would have to trust that what you say about Duckduckgo search is the truth and just as I had to trust Scroogle was telling the truth. If I liked puny search results like I get with Duckduckgo then I might decide to trust its privacy policy but I think Duckduckgo has horrible search results so I don't need to decide whether or not to trust its privacy policy. Same with Startpage...crappy search results and Startpage uses an SSL provider that I have as untrusted in my browsers and it makes for lots of difficulty (except on Opera) when trying to make a trust exception for Startpage SSL cert.

I use the Proxomitron with Sidki's 12/2011 configs. It protects me with Google and Google Sharing extension simply provides another layer of protection. I hope to see Google Sharing extended to Sea Monkey and Opera in the near future as I have seen Ghostery get extended to them.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Adrik Ivanov
said by Adrik Ivanov :

Chrome is privacy suspicious, Iron is much better in this regard, but I think Opera is probably the safest to use.

There is no difference in Iron and Chromium. I saw an article where a guy got the Iron source code and diff'ed it against the Chromium codebase. He found that the only difference is they deleted a few lines of code related to the RLZ tracking and a couple of other things that can be easily turned off in Chrome.

In any case, Chromium (the development version of Chrome) has none of these tracking features by default. (No RLZ, no usage statistics, and no auto-updates). Even in regular Chrome, all of them can be turned off.

So you might as well use Chromium and not a project ran by amateurs such as Iron.

EDIT:

I would also like to add that those of you looking for a privacy enhanced search engine (with better results than DDG), take a look at privatelee.

»privatelee.qrobe.it
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

OZO
Premium
join:2003-01-17
kudos:2
said by KodiacZiller:

There is no difference in Iron and Chromium.
...
In any case, Chromium (the development version of Chrome) has none of these tracking features by default.

Do you actually run it (Iron and/or Chromium) or you are just guessing about all of that?

I'm asking because I do (in fact, I type this post in the latest developer's version right now - v22.0.1203.0) and I know for sure, that Chromium always try to snoop my browsing via permanently set secure connection (TLSv1.1 - 443)) to clients4.google.com. I don't see that happen with Iron... Do you know how to turn it off in Chromium's settings without putting that host in hosts file (as I do)?
--
Keep it simple, it'll become complex by itself...

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to KodiacZiller
You are wrong. With Chrome you get Flash updates force fed and you cannot have Chrome without Flash nor can you allow Flash but control updates for it. You also get ALL UPDATES OF ANY SORT for Chrome FORCE FED to you. You have NO choices if you use Chrome. With Iron, YOU the user decide IF and WHEN you wish to update Iron.

Chrome is FULL of privacy invasion crap that is NOT in Iron. As for Flash, you want it for Iron you, the user, have to download Flash and you, the user, decides when it will be updated, etc.

With Chrome you have married Google and you always are naked in a glass house. That is not true for any other browser including Iron.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

3 recommendations

reply to Name Game
I like this thread..most of the people posting all the stuff they are concerned about Google ruining their day..have an ISP that spies on them..tracks them and not just by generic info..but rather real name/IP number and credentials.


aadsfs

@threembb.ie
reply to Mele20
Third time I have posted this (or similar link) in reply to you Mele20

Turning Off Auto Updates in Google Chrome »dev.chromium.org/administrators/···-updates


Kir Vasiliy

@reserver.ru
reply to Name Game
said by Name Game:

I like this thread..most of the people posting all the stuff they are concerned about Google ruining their day..have an ISP that spies on them..tracks them and not just by generic info..but rather real name/IP number and credentials.

Really? I think most of us encrypt our connection, or use proxies. My ISP has no clue what I do because everything I do is encrypted beyond the capacity for them to extract what it is I am doing. Between constant SSL usage, and 2048-Bit VPN's, they are rather clueless.

But why would anyone 'consent' to further intrusion by simply throwing up their arms and saying "Oh well we're already being tracked anyway!", then start using a browser that will simply add another level of intrusion into their lives? Why not just let the feds install cameras in your home and be done with it? When do you draw the line and say enough is enough?

Bottom Line: Chrome is a trojan horse, it was developed SOLELY for the reason of spying on people, to gather more data by a company that earns it's money from knowing as much as possible about people. Use of Chrome supports this agenda. While Chromium is a 'bit' better than Chrome, it still opens that background connectivity with Google. Iron does not, and offers an enhanced level of privacy.

One can modify a bunch of nice things in Iron/Chrome/Chromium in chrome://flags that most people don't know about. Including TURNING OFF IPv6, turning off additional tracking, enabling hardware acceleration over various aspects, and dramatically speeding up the browser. So you can really dig under the hood if you want, but without accessing the code of Chrome, and re-compiling it, you cannot remove the most intrusive aspects of it. Even if Iron only removed a few lines of code, they removed a few lines of very very intrusive code!


Kir Vasiliy

@reserver.ru
reply to aadsfs
Here are some privacy tips I wrote up for Windows7+Browsing.

First disable/uncheck ALL of them except QoS and IPv4.. It's safe, and won't change anything except making your system more secure/faster: (unless you run a shared windows network of course) »tothepc.com/img/2010/02/disable-ipv6.png

Next select IPv6 then advanced, to disable LMHosts and Netbios via this method:
»www.techrepublic.com/article/get···/1059485

Now you need to disable Teredo and ISATAP. From the start menu/run command type; Basically hit start, then in the box at the bottom type in CMD to open command prompt.

Open a cmd prompt
Type the following commands one line at a time;
netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 set teredo disable
netsh interface ipv6 isatap set state state=disabled

Next go download SRware Iron: (secure Chrome Browser)
»www.srware.net/en/software_srwar···load.php

Once installed load it up and in the address bar type: chrome://flags

Scroll down and ENABLE:
Override software rendering list
GPU compositing on all pages
Threaded compositing
GPU Accelerated SVG and CSS Filters
Disable GPU VSync
HTTP Pipelining
Built-in Asynchronous DNS
Preload Instant Search
Disable hyperlink auditing

The last one increases privacy because it disables the constant 'auditing' of links through various servers, and it also speeds up processing. Right click the ICON for IRON go to properties, then on the command line to execute it add a space, then --incognito and this will launch it always in higher privacy mode. »www.blogcdn.com/downloadsquad.sw···asdf.jpg

CLOSE the browser, shut down the system (full shutdown), then turn everything back on, go into the browser, and see what you find.

What you will LIKELY find is a significant improvement in browsing speed/page rendering in Windows Vista/7.


Kir Vasiliy

@reserver.ru
reply to KodiacZiller
Thats a cool search engine, thanks!

One way to enhance privacy with Startpage is to 'force' the IP to use their off-shore servers + encryption, thereby bypassing any US-Based storage of your searches on any potential server clusters. Spreading yourself over multiple jurisdictions. For example to enforce a search to a Netherlands based, higher security Startpage server, you'd merely enter:

»eu3.startpage.com/

alternatively;

85.17.181.230

I think I was one of the first people to figure this out, then research it. I have dozens of IP's for Startpage over multiple jurisdictions outside of the USA, and toggle between them as necessary, spreading my searches out, reducing potential tracking. Enhancing privacy.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to Kir Vasiliy
Yes really and you are dreaming..start a poll even at this site and ask how many peps encrypt..use a proxy or vpn. Yes we know what privacy exprt does..

Appeal to fear

Either P or Q is true.
Q is frightening.
Therefore, P is true.

What About Encryption?

ISPs can't see what you encrypt, it's true. It's one of the reasons VPNs and https and encrypted email are and should be in widespread use: no one who can see the traffic can read its contents. Many file sharing protocols have begun to do exactly that: encrypt.

However.

The port number that defines what it is you are sending is not encrypted. It may change (25 is email, 465 is typically encrypted email), but it still defines what it is you are sending. They can't see the contents, but your ISP can still see:

The IP address of where the data is being sent. (That must be in the clear so that internet routers know where to send the data.)
The IP address of where the data came from. (That must be in the clear for the TCP/IP protocol transmission acknowledgements to work.)
The port that identifies what the data is ... email, web, etc. ... which is also not encrypted.
They can't examine the data, but they can still see where the data is coming and going, and what kind of data it is.

So even encrypted your ISP could still say "hey, you're running peer-to-peer file sharing software, and we don't allow that: knock it off".

Yes, there are attempts to further obfuscate peer-to-peer file sharing traffic, but you get the idea - for the most part even if the ISP can't see what you're sharing, they can see that you're sharing.

And for many, that's enough.

»ask-leo.com/how_can_my_isp_tell_···les.html

And if what you are doing on the internet attracts the Feds...you are toast no matter what you do with all those privacy tricks.


Hazeleyze

join:2003-05-09
Wauseon, OH
reply to Name Game
I noticed a connection to port 443 through my firewall when clicking on addons in PaleMoon one day. Checked out the IP address and it came back to ocsp.startssl.com.
It also shows up when clicking on sites even when you're not using the search. They are obviously collecting some kind of information.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by Hazeleyze:

I noticed a connection to port 443 through my firewall when clicking on addons in PaleMoon one day. Checked out the IP address and it came back to ocsp.startssl.com.
It also shows up when clicking on sites even when you're not using the search. They are obviously collecting some kind of information.

Perhaps the link below might clear up the mystery?

»en.wikipedia.org/wiki/Online_Cer···Protocol
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

1 recommendation

reply to Kir Vasiliy
said by Kir Vasiliy :

Really? I think most of us encrypt our connection, or use proxies. My ISP has no clue what I do because everything I do is encrypted beyond the capacity for them to extract what it is I am doing.

someone somewhere is resolving your network requests.
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

1 recommendation

reply to Kir Vasiliy
said by Kir Vasiliy :

Here are some privacy tips I wrote up for Windows7+Browsing.

my tips:

a) reformat
b) install linux
c) profit
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.

OZO
Premium
join:2003-01-17
kudos:2
reply to Mele20
said by Mele20:

You are wrong. With Chrome ...

He was talking about Chromium, not Chrome. They're different animals.
--
Keep it simple, it'll become complex by itself...


Jamar Beard

@switchvpn.com
reply to Name Game
said by Name Game:

And if what you are doing on the internet attracts the Feds...you are toast no matter what you do with all those privacy tricks.

That's actually not true. There are documented cases where the feds couldn't break encryption then tried to get a court order to have the owner reveal their keys. The court ruled that the 5th protects owners from providing this information.

There are many layers of protection one can put into place. As a former computer forensics engineer, I can tell you it would likely take years to break the layers on my computers - if ever. I love the fact I don't provide easy violation of my privacy and security, even if I don't really have anything to hide I love keeping them guessing.

ISP's, even with federal tools, aren't going to get through 2048-Bit encrypted connections, but 128-Bit PPTP or 256SSL? Most likely they can quite easily defeat those. I think most people agree those provide at best - baseline protection. Nothing more. Then consider, if you are using a 2048-Bit VPN, stacked inside of that 256-Bit SSL, then stacked within that files using Shyfile 6144-Bit encryption? You can forget anyone getting through that. Many of us are moving to fully encrypted work with everything we do, and 256-Bit is considered baseline, but are beginning to stack up multiple layers of much more substantial encryption.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
Cool..keep on trucking and so glad many of you..BTW how many you never say..are hiding so much with nothing to hide in the first place as you say. I think you..that is you singular..just like to fool around with the stuff..knowing on the net you are never truly hidden..and now with the advent of everything being done with smaller devices than lappies and netbook..you don't really have a chance to be "not there" and doing "nothing".

I doubt "they are out there guessing" .

BTW what you read they can't do..trust me ..they can.

Here is one of your encrypted thingie and how the judge ruled.
»www.massdataprivacylaw.com/2012/01/

--
Gladiator Security Forum
»www.gladiator-antivirus.com/

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
said by Name Game:

Here is one of your encrypted thingie and how the judge ruled.
»www.massdataprivacylaw.com/2012/01/

That's what the truecrypt hidden partition functions are for.
--
...Who, What, When, Where, How... Why? Why Not?


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Yup..and they might even be safe until the The Stellar Wind begins to blow at the mammoth Bluffdale center know to many as the UDC.

»www.ufppc.org/us-a-world-news-ma···ord.html


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Jamar Beard
said by Jamar Beard :

ISP's, even with federal tools, aren't going to get through 2048-Bit encrypted connections, but 128-Bit PPTP or 256SSL? Most likely they can quite easily defeat those.

If you were a security professional (especially a forensics specialist) you would know the difference in asymmetric and symmetric encryption schemes. No one is going to come anywhere close to defeating a 256 bit SSL session. (256 bit symmetric keys are many orders of magnitude stronger than 2048 bit asymmetric keys).

I think most people agree those provide at best - baseline protection. Nothing more. Then consider, if you are using a 2048-Bit VPN, stacked inside of that 256-Bit SSL, then stacked within that files using Shyfile 6144-Bit encryption?

What exactly is Shyfile "6144 bit" encryption? Sounds like snake oil to me. Just google'd it, and yep, it is definitely snake oil and probably highly insecure since it uses a "proprietary" algorithm. This means the algorithm has not been peer reviewed and is likely a piece of shit.

You can forget anyone getting through that. Many of us are moving to fully encrypted work with everything we do, and 256-Bit is considered baseline, but are beginning to stack up multiple layers of much more substantial encryption.

You should do some reading on symmetric and asymmetric encryption schemes and learn the differences.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Mele20
said by Mele20:

You are wrong. With Chrome you get Flash updates force fed and you cannot have Chrome without Flash nor can you allow Flash but control updates for it.

That is true in Chrome but absolutely not true with Chromium. Chromium does not bundle flash.

You also get ALL UPDATES OF ANY SORT for Chrome FORCE FED to you. You have NO choices if you use Chrome.

Not true. Auto-updating can be turned off in Chrome (and is not present at all in Chromium).

Chrome is FULL of privacy invasion crap that is NOT in Iron.

Can you read source code? I am doubting it. Let's listen to those who can. There is absolutely zero difference in Iron and Chrome outside of Iron deleting the code related to RLZ and auto-update. Zero, zilch, nada. No difference. And RLZ and auto-update can be turned off in Chrome.

With Chrome you have married Google and you always are naked in a glass house. That is not true for any other browser including Iron.

IE perhaps?
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to Name Game
said by Name Game:

BTW what you read they can't do..trust me ..they can.

Here is one of your encrypted thingie and how the judge ruled.
»www.massdataprivacylaw.com/2012/01/

If that blog is referring to the case that I think it is (I was too lazy this evening to try to track it down), then the judge's ruling turned out to be moot. I seem to recall that her co-defendent (husband) supplied the feds with the encryption key as part of a plea bargain before the deadline.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Could be..did not follow it to the conclusion. Also recall at one point her lawyer said she might have forgotten the password/key


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Mele20
Good chart at this first link Mele20..

ChromiumBrowserVsGoogleChrome
Differences between Google Chrome and Linux distro Chromium

»code.google.com/p/chromium/wiki/···leChrome

_______________________________________________

Chromium is the open source web browser project from which Google Chrome draws its source code.[3]
The Chromium Project takes its name from the element chromium, the metal from which chrome is made.[4] Google's intention, as expressed in the developer documentation, was that Chromium would be the name of the open source project and that the final product name would be Chrome.[5] However, other developers have taken the Chromium code and released versions under the Chromium name and these are listed at community builds.
One of the major aims of the project is for Chrome to be a tabbed window manager, or shell for the web, as opposed to it being a traditional browser application. The application is designed specifically to have a minimalist user interface. The developers state that it "should feel lightweight (cognitively and physically) and fast".[6]

Differences from Google Chrome

Chromium is the name given to the open source project and the browser source code released and maintained by the Chromium Project.[7] It is possible to download the source code and build it manually on many platforms. Google takes this source code and adds:[8]
integrated Flash Player[9]
built-in PDF viewer[10]
built-in print preview and print system
the Google name and more colorful logo
auto-update system called GoogleUpdate
an opt-in option for users to send Google their usage statistics and crash reports
RLZ tracking when Chrome is downloaded as part of marketing promotions and distribution partnerships. This transmits information in encoded form to Google, e.g., when and from where Chrome has been downloaded. In June 2010, Google confirmed that the RLZ tracking token is not present in versions of Chrome downloaded from the Google website directly or in any version of Chromium. The RLZ source code was also made open source at the same time so that developers can confirm what it is and how it works.[11]
By default, Chromium only supports Vorbis, Theora and WebM codecs for the HTML5 audio and video tags; whereas Google Chrome supports these, plus AAC and MP3. On 11 January 2011, the Chrome Product manager, Mike Jazayeri, announced that Chrome will no longer support the H.264 video format for its HTML5 player, equally as Chromium does not.[12] As of June 2012, however, Chrome still supports H.264. Certain Linux distributions may add support for other codecs to their customized versions of Chromium.[13]

Chromium is officially ported to run on Android (4.0 and later), Chrome OS, Linux, Mac OS X (Intel only) and Windows.[75] As of 2012, 32-bit and 64-bit Linux builds are possible, with only 32-bit builds possible for Mac OS X and Windows.[76]

»en.wikipedia.org/wiki/Chromium_(···e_Chrome
--
Gladiator Security Forum
»www.gladiator-antivirus.com/