I am a big fan of dnscrypt-proxy, but not for privacy reason. I use it because I hate DNS poisoning, MITM, and ads (I install Ublock Origin in every browser that I have, but it works just for the browser and not system-wide). Also censorship in my country isn't that strict, I can access most website and do torrenting simply by using encrypted DNS. I love dnscrypt-proxy because it works just like my favorite Android app: personaldnsfilter. Small size, low resources, but really useful. Basically a poor man's pi-hole, which is perfect for poor man like me.
The story of such shenanigans was thanx to CIA/NSA's Israeli subcontractors, who impersonated... Ach, never mind...
Interesting that you bring up Israeli sites, because I have a vague memory of running into some sort of oddity involving an Israeli site; but many years ago and I don't remember where that log might be archived on any of my units. And my thoughts about the most important tool for your safety on the Internet may have already been posted by another member --- it is your brain. You be smart and it goes a long way to keep you safe. And one style of "being smart" is watching your screen when your unit boots up the first time each day/session. Now this doesn't work with those little Android thingies, but with tower units, laptops, etc. where you have a screen to carefully watch, this is good advice. Most operating systems (maybe all) have a certain order of booting up and you can see that on your screen and if you always watch the first couple minutes, you can spot any oddities that could be a warning that something might be a problem. Of course, that only works with a unit you use frequently. Some units you may not use so often and so you might not remember all those little icons and how they show up and in what order. Most of the time down in the (or on the side) that --- what's it called? --- task bar. Sorry my old diseased brain forgets some basics. But I'm sure you know what I am referring to --- time shown down there, the browser thingy image, etc. And then up on the main screen above there might be a few items that always have the same order for showing up. You keep your eyes on how everything shows up as it boots up and you have just taken the first big step to good safety awareness. Problem is, though, many folks just hit that power button, if it is not in "Sleep" mode --- they hit the power button and then run off to the kitchen to check on the coffee machine. You have to make it a habit to sit out the first minute or so and --- well, a certain amount of discipline to do it as often as you can. Sometimes you will forget, but no biggie if you do (you hope) but next time do it and keep that safety awareness in your brain. The best --- the number one safety tool --- your own brain and how you train your brain to do what is right. And hope your computer doesn't learn how to think like you and start messing with you. Folks are all getting really concerned about AI thinking like a human, but the first time that happens it might be your own unit and not some research team exclusively looking for that. I am presently studying something that happened to me and whether AI stepped over that magic line into human style thinking. But back to that quote; I sure do remember something related to some Israeli company/site, that didn't set well with me. In fact, I am remembering (I'm rather sure) it was a company. But that sure isn't the only nation that has bad folks. Or borderline bad folks poking their digital noses into your Net activities. And that super big excuse, national security, doesn't always make sense. Or doesn't always excuse those top government folks poking around into your digital life. Well, maybe not so "top" sometimes. And you can see here with this long post I am an old man remembering the pre-Twitter days when long posts were okay. These days many Net Citizens don't care for this long post style. Take care, folks!
It's been a while but this is what I generally remembered from this story... https://www.hackread.com/wikileaks-vault-8-leaks-show-cia-impersonated-kaspersky-lab/ "The source code for Hive is certainly interesting, but the use of fake certificates relating to Kaspersky labs is particularly interesting. The discovery is certain to raise a few questions, such as whether the US government -- which has banned the use of Kaspersky software on its computers -- has been trying to use the Russia security firm as a scapegoat for some time."
The trick is, making a cascade of 3 different VPN Providers. Same as the Tor concept but with much better speed and for all devices etc.
There are a lot of possibilities out there, but in my case I did chose the very easiest way: 3 Router in a row, each with firmware that allows to import an OpenVPN Config file as client for connection to these providers. (for example OpenWRT) (Additional some of the devices supporting DNSCrypt, AdGuard Home and other useful stuff OoB, but those are expensive, most of all if you want huge bandwidth) Depending on countries and protocols I choose, idle ping is <100ms, bandwidth around 75% of max (in my case its a bit more complicated duo my ISP and hardware limitations, but the VPN providers supporting >100MBit) I'm glad to have a decent location in Europe to connect to good choices, if you are in the US, the latency will lower your online-gaming quality (>300ms), if you use it all as permanent solution. Next bigger project after several minor s**t in my life, is to bring that all in Intel NUC or similar small, it bothers me to have whole desk full of equipment... (not only network, same goes for audio and other) And yea, some VPN support hopping (or even Tor over VPN), so you can cascade the server even more, or using several accounts etc, but probably that will do not much more to privacy on top. Optionally dedicated (but static) IP can do things, but since the provider using mostly the same server-provider, it will keeps in range of these and some sites still block access or similar limitations. After all, they all logging everything anyway, so the Onion-concept is the only one what will really higher your privacy. - Recently I found out about some heavy fingerprint options some sites probably doing, what really worrying me. (same goes for hardware fingerprint as IMEI) There are some options to fake the hashes, but that also comes with limitations (or in case of IMEI its even illegal in most countries) So best is to separate private and "more private" into different hardware usage either, otherwise, it ending up, agencies looking up on amazon servers for your identity...
Wow, quite a setup, at least to me, an IT amateur... Not that I have that much to hide but the idea of separation (what one uses on which device, I suppose?) makes sense to me, esp. if HW ID-ing is taking place nowadays with ease(?)... From what little I know, it took quite a bit of time and sophistication - long ago - to nail your HW ID... Tor deletes all net traces, allegedly, once one exits, so that helps, too... I have a double-hop with a VPN provider, plus Tor (2 more proxies) if I want more privacy. Apparently, one can be traced IF an "agency" controls both the inbound/entry and exit node - which is not that simple, am I right? Overall, even if one doesn't have your knowledge and setup, this is more or less not too bad, am I right?
Exactly yes. It's never about "have nothing to hide" (unless it's things that f**ked up society makes people think to hide, be it their private interests, their health, their money, their beliefs, in this day and age even their identity. Towards their environment, the whole society, or even themselves. In part, it is also simply supposedly gray criminal areas, such as warez/p2p. A while ago people got warnings because they watched supposedly copyrighted Orange Youtube videos. Many have paid. Later it turned out it was unjustified and the warning lawyers were criminals). Ultimately, even whistleblowers are prevented from revealing state secrets. Mass surveillance leads to a lot of bad things, not only advertising trackers, or Google taking advantage of the content of your smartphone. The series "Black Mirror" shows well in which directions the whole thing can go even politically or has already gone in part. The danger is not only from the hardware and software. Keyword - social engineering. - To give a good example, yesterday I received a letter from my government (elections department) asking me to participate in a voluntary opinion poll. In other words, they are legally trying to find out my vote with indirect questions and the data from it. I am just speechless about it. If you know how, everything is pretty easy to get out. The IMEI, for example, can be found out via Settings-"About Phone". But only the least know that this is unique for the device and that dials into the next tower at any time, even if no SIM card is in it or even the phone is switched off. (Partly it makes sense, of course, to be able to make emergency calls, for example, but at the same time it is also possible to query the location of the phone meter-exactly in large cities. The possibilities for misuse are limitless). Yes. The problem with Tor is it's not quite as anonymous as always thought. Many petty criminals (or even bigger ones, such as organizers of ddos attacks, or operators of dark net forums) have been caught because the majority of Tor exit nodes (the last server in line, which has direct traffic - there are various obfuscation options for the entry, so entry is lesser a deal) are monitored or even operated by governments agencies. There is, of course, some privacy from companies and private individuals (besides the actual task of getting access to the Tor network, an Internet that moves freely, independently and uncensored from the surface), but if people really want to identify you for whatever reason, they still can. It is incredible what is possible and what is being done. But there is no fight lost, you can still protect yourself. Something is better than nothing. Therefore, I would always recommend to get the maximum out. Anyway, without VPN and adblocker I wouldn't go online anymore. The advertising alone is unbearable and people always want to piss you off. Social media shows the way, you are lynched for everything that does not correspond to the mindset of the collective.
OKI DOKIE... Here's what Euro-Nazis are planning... Official statement from Signal CEO: https://signal.org/blog/pdfs/upload-moderation.pdf "The new EU chat controls proposal for mass scanning is the same old surveillance with new branding. Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities..."
Yea its unbelievable.... They even came recently once again with Data Retention Plans over here. So many times, for 2 decades (!) they try ever and ever again. Even EU Court said "Nah" and they still trying. On the good side: They already got outvoted for their original plans with a backdoor in WhatsApp etc. Now they trying softer variants. Current plan is "only" to scan pictures and links. If you don't want that, you cannot use the services general. Whole progress is currently frozen duo the soccer EM. Its basically first time ever they do that instead of just forcing it quick as possible. - Wild. However.. EU-Parlament-Elections went out.. very alarming anyway to be fair..
Depends on your needs and budget.. - NordVPN is generally okay for several, mostly unlocking Netflix, pretty cheap (2-5€) - Proton is only completely free one from all, that is really useful, cant tell any about paid variant. I guess low security in free mode. - PerfectPrivacy is expensive (any 10€) but offers maximum security and services in every part. At least it was for long time. - Mullvad is 5€ and making pretty uncomplicated every part, claiming to offer maximum security either, extremely use-able. There are few more others but some of them logging and selling your data, and some other does not offer anonymous payment. I would recommend Mullvad paying via Mail, or consider cascade with several. (Not tested any unblocking Netflix with them yet, but I'm pretty sure it will work,) You can share with 6 people/device and with regularly IPS IP refreshing and decent browser setting, it should be good enough for every scenario.
Any pros here who can have a critical look into SurfShark, please? They are cheap, have multi-hop facilities, allow for unlimited number of devices, loadsa servers etc. But I have no idea where their capital came from... So, are they really safe or could they be in league with the powers that be, given their land of origin, its gov nasty nature, connections with US/UK security agencies, their move from NL to their "base" etc.? I just don't know, can't test it...
Nowadays more of a re-label of NordVPN. Would rather go for the original. Can't find anything really against it, nor anything for it. No personal experience with Surfshark especially made yet though. NordVPN allows 10 devices, enough for family, various mobiles or cascading in my opinion. Rest functions seems pretty the same. By the way, I am considering permanently switching to 2 different MullvadVPN accounts in cascade. The few euros could potentially save you thousands of euros or worse at some point.... If I lived in the USA, then definitely.
Update: Mullvad successfully unblock Netflix. Basically partially they using the same rented servers as Nord. (M247 and other), also having a lot of own ones. Love them. Everything working flawless like as Proton Free Email. Only downside: They share their servers IP lists to public, so services can detect its VPN sometimes.