1 |
On 170115-14:23+0100, Meino.Cramer@×××.de wrote: |
2 |
> Hi, |
3 |
> |
4 |
> while trying to setup a better environment for online banking, |
5 |
> I wanted to make my daily Linux environment also more secure (in the |
6 |
> sense of keeping my digital footprint as small as possible). |
7 |
> |
8 |
> I read some informations on the internet. |
9 |
> Conclusion: Its more private to hide in the mass as |
10 |
> to be the only one, who is able to keep all information |
11 |
> off the internet -- which is remarkable unique -- |
12 |
> you are putting a label with your name right onto |
13 |
> your fronthead just before entering the digital world |
14 |
> of surveillance. |
15 |
> |
16 |
> I did not tried to do the same with PaleMoon which |
17 |
> I did with Firefox since the amount of compatible plugins/extensions |
18 |
> for PaleMoon is quite small and I still cant use NoScript with PaleMoon. |
19 |
True, quite small, still. And growing slowly. But just wait to learn |
20 |
more... |
21 |
|
22 |
> Two sites I found on the internet, which are quite handy to |
23 |
> check what the current browser is submitting: |
24 |
> |
25 |
> https://panopticlick.eff.org/ |
26 |
> and for more detailed results: |
27 |
|
28 |
Didn't know about the this one: |
29 |
> https://anonymous-proxy-servers.net/en/help/security_test.html |
30 |
> (the presented results on that page are examples. Click |
31 |
> "Check it!" on the upper right corner of that page. If a |
32 |
> authetication dialog pops up, click it away and click |
33 |
> "Start test" on the page.) |
34 |
> |
35 |
> The results of the modification and addons I added |
36 |
> are shown in the attached images. |
37 |
> |
38 |
> I removed the informations of my ISP and IP-address. |
39 |
> |
40 |
> If there is an interest of what I did I would be happy |
41 |
> to describe it...but there is a problem of the memory |
42 |
> footprint... |
43 |
I don't understand what you mean by the "problem of the memory |
44 |
footprint". |
45 |
|
46 |
I've limited time to delve into this issue, but I suggested to you that |
47 |
you "just wait to learn more". |
48 |
|
49 |
Here's a post in reply to my long standing query, which is just |
50 |
abounding with information I'm sure you'll find you don't want to miss: |
51 |
|
52 |
Tracking protection and NSS SSL secrets logging (two security |
53 |
questions)? |
54 |
https://forum.palemoon.org/viewtopic.php?f=26&t=12544&p=103747#p103695 |
55 |
|
56 |
Just two of the links (they're really several links there, most all |
57 |
relevant, none mentioned yet in gentoo-user ML, and I've been |
58 |
reading/skimming pretty much faithfully)... |
59 |
|
60 |
[Just two of the links] (that may even be linked from some of the links |
61 |
therefrom), first: |
62 |
http://www.ghacks.net/2017/01/05/browser-autofill-data-may-be-phished/ |
63 |
(yes, it's kind of a referred link, it's from: |
64 |
Autofill vulnerability |
65 |
https://forum.palemoon.org/viewtopic.php?f=4&t=14425 ) |
66 |
|
67 |
And second... |
68 |
|
69 |
Which is also something related to memory, but it's not about memory |
70 |
footprint that is not clear what you mean above. |
71 |
|
72 |
Latest Tor Browser Exploit Shows Firefox's Urgent Need To Increase |
73 |
Security |
74 |
http://www.tomshardware.com/news/tor-browser-firefox-security-defenses,33117.html |
75 |
which somebody should tell the author that it's not "user-after-free", |
76 |
the bug, but the bug is "use-after-free" bug. Just the kind of bug that |
77 |
was strongly suspected, either that or some race condition, by probably |
78 |
the top world expert on security in this Gentoo bug: |
79 |
=sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM |
80 |
guests |
81 |
https://bugs.gentoo.org/show_bug.cgi?id=597554#c16 |
82 |
(in the end it appears to me, the bug shows how virtualization people |
83 |
want unfettered use of sysfs pseudo filesystem... Be sure to read also |
84 |
why sysfs should not protected: |
85 |
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction |
86 |
Good luck with anonimity using virt stuff!... To myself I wish good luck |
87 |
too, because I have no option either... |
88 |
) |
89 |
|
90 |
I remember you said you had Secret Agent Spoofer[1] addon installed in |
91 |
Palemoon. I'm checking the traces (which is arduous and very |
92 |
time-consuming work), as it appears that one was _the_ bad addon, to me. |
93 |
|
94 |
And it might be what spoofed you from Palemoon... |
95 |
|
96 |
I can say that I was finally able to log into Palemoon forums (I posted |
97 |
in the link "...NSS SSL..." above) right after I removed that addon, and |
98 |
also I was able to subscribe right away to: |
99 |
https://lists.gnu.org/mailman/listinfo/bug-wget |
100 |
which I had tried quite a few times previously, with Secret Agent |
101 |
Spoofer installed, to no avail. |
102 |
|
103 |
Took me long time to write this... Pls. see if I needed to correct, esp. |
104 |
any links, in the possible errata follow-ups of mine, sooner, or |
105 |
not-too-soon. |
106 |
|
107 |
Regards! |
108 |
|
109 |
-- |
110 |
[1] You wrote in Message-ID: <20170109163721.GB4970@solfire>: |
111 |
> Furthermore I installed SecretAgent, Encrypted web (replacement for |
112 |
> HTTPsEverywhere), Decentraleyes, CrushThoseCookies, CleanLinks and |
113 |
> Adblock Latitude |
114 |
(or: https://lists.gt.net/gentoo/user/321711#321711 ), where |
115 |
"SecretAgent" can only stand for Secret Agent Spoofer. |
116 |
|
117 |
-- |
118 |
Miroslav Rovis |
119 |
Zagreb, Croatia |
120 |
http://www.CroatiaFidelis.hr |