| 1 |
On 170115-14:23+0100, Meino.Cramer@×××.de wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> while trying to setup a better environment for online banking, |
| 5 |
> I wanted to make my daily Linux environment also more secure (in the |
| 6 |
> sense of keeping my digital footprint as small as possible). |
| 7 |
> |
| 8 |
> I read some informations on the internet. |
| 9 |
> Conclusion: Its more private to hide in the mass as |
| 10 |
> to be the only one, who is able to keep all information |
| 11 |
> off the internet -- which is remarkable unique -- |
| 12 |
> you are putting a label with your name right onto |
| 13 |
> your fronthead just before entering the digital world |
| 14 |
> of surveillance. |
| 15 |
> |
| 16 |
> I did not tried to do the same with PaleMoon which |
| 17 |
> I did with Firefox since the amount of compatible plugins/extensions |
| 18 |
> for PaleMoon is quite small and I still cant use NoScript with PaleMoon. |
| 19 |
True, quite small, still. And growing slowly. But just wait to learn |
| 20 |
more... |
| 21 |
|
| 22 |
> Two sites I found on the internet, which are quite handy to |
| 23 |
> check what the current browser is submitting: |
| 24 |
> |
| 25 |
> https://panopticlick.eff.org/ |
| 26 |
> and for more detailed results: |
| 27 |
|
| 28 |
Didn't know about the this one: |
| 29 |
> https://anonymous-proxy-servers.net/en/help/security_test.html |
| 30 |
> (the presented results on that page are examples. Click |
| 31 |
> "Check it!" on the upper right corner of that page. If a |
| 32 |
> authetication dialog pops up, click it away and click |
| 33 |
> "Start test" on the page.) |
| 34 |
> |
| 35 |
> The results of the modification and addons I added |
| 36 |
> are shown in the attached images. |
| 37 |
> |
| 38 |
> I removed the informations of my ISP and IP-address. |
| 39 |
> |
| 40 |
> If there is an interest of what I did I would be happy |
| 41 |
> to describe it...but there is a problem of the memory |
| 42 |
> footprint... |
| 43 |
I don't understand what you mean by the "problem of the memory |
| 44 |
footprint". |
| 45 |
|
| 46 |
I've limited time to delve into this issue, but I suggested to you that |
| 47 |
you "just wait to learn more". |
| 48 |
|
| 49 |
Here's a post in reply to my long standing query, which is just |
| 50 |
abounding with information I'm sure you'll find you don't want to miss: |
| 51 |
|
| 52 |
Tracking protection and NSS SSL secrets logging (two security |
| 53 |
questions)? |
| 54 |
https://forum.palemoon.org/viewtopic.php?f=26&t=12544&p=103747#p103695 |
| 55 |
|
| 56 |
Just two of the links (they're really several links there, most all |
| 57 |
relevant, none mentioned yet in gentoo-user ML, and I've been |
| 58 |
reading/skimming pretty much faithfully)... |
| 59 |
|
| 60 |
[Just two of the links] (that may even be linked from some of the links |
| 61 |
therefrom), first: |
| 62 |
http://www.ghacks.net/2017/01/05/browser-autofill-data-may-be-phished/ |
| 63 |
(yes, it's kind of a referred link, it's from: |
| 64 |
Autofill vulnerability |
| 65 |
https://forum.palemoon.org/viewtopic.php?f=4&t=14425 ) |
| 66 |
|
| 67 |
And second... |
| 68 |
|
| 69 |
Which is also something related to memory, but it's not about memory |
| 70 |
footprint that is not clear what you mean above. |
| 71 |
|
| 72 |
Latest Tor Browser Exploit Shows Firefox's Urgent Need To Increase |
| 73 |
Security |
| 74 |
http://www.tomshardware.com/news/tor-browser-firefox-security-defenses,33117.html |
| 75 |
which somebody should tell the author that it's not "user-after-free", |
| 76 |
the bug, but the bug is "use-after-free" bug. Just the kind of bug that |
| 77 |
was strongly suspected, either that or some race condition, by probably |
| 78 |
the top world expert on security in this Gentoo bug: |
| 79 |
=sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM |
| 80 |
guests |
| 81 |
https://bugs.gentoo.org/show_bug.cgi?id=597554#c16 |
| 82 |
(in the end it appears to me, the bug shows how virtualization people |
| 83 |
want unfettered use of sysfs pseudo filesystem... Be sure to read also |
| 84 |
why sysfs should not protected: |
| 85 |
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction |
| 86 |
Good luck with anonimity using virt stuff!... To myself I wish good luck |
| 87 |
too, because I have no option either... |
| 88 |
) |
| 89 |
|
| 90 |
I remember you said you had Secret Agent Spoofer[1] addon installed in |
| 91 |
Palemoon. I'm checking the traces (which is arduous and very |
| 92 |
time-consuming work), as it appears that one was _the_ bad addon, to me. |
| 93 |
|
| 94 |
And it might be what spoofed you from Palemoon... |
| 95 |
|
| 96 |
I can say that I was finally able to log into Palemoon forums (I posted |
| 97 |
in the link "...NSS SSL..." above) right after I removed that addon, and |
| 98 |
also I was able to subscribe right away to: |
| 99 |
https://lists.gnu.org/mailman/listinfo/bug-wget |
| 100 |
which I had tried quite a few times previously, with Secret Agent |
| 101 |
Spoofer installed, to no avail. |
| 102 |
|
| 103 |
Took me long time to write this... Pls. see if I needed to correct, esp. |
| 104 |
any links, in the possible errata follow-ups of mine, sooner, or |
| 105 |
not-too-soon. |
| 106 |
|
| 107 |
Regards! |
| 108 |
|
| 109 |
-- |
| 110 |
[1] You wrote in Message-ID: <20170109163721.GB4970@solfire>: |
| 111 |
> Furthermore I installed SecretAgent, Encrypted web (replacement for |
| 112 |
> HTTPsEverywhere), Decentraleyes, CrushThoseCookies, CleanLinks and |
| 113 |
> Adblock Latitude |
| 114 |
(or: https://lists.gt.net/gentoo/user/321711#321711 ), where |
| 115 |
"SecretAgent" can only stand for Secret Agent Spoofer. |
| 116 |
|
| 117 |
-- |
| 118 |
Miroslav Rovis |
| 119 |
Zagreb, Croatia |
| 120 |
http://www.CroatiaFidelis.hr |
Archives