Someone needs to make one that is called Total Container that blocks everything! 
4 Likes
Not if you need to access something facebook related. It blocks them outside the facebook container but not inside the facebook container. It basically lets nothing facebook related live outside the container and also provides visual notifications.
3 Likes
I do not know how it is with you boys and girls, but a thread just for privacy might be something?
Unfortunately, I’m too bad at English to create it.
But there seem to be many like-minded people here who think about privacy. Gather everything in one thread with each other’s tips and knowledge.
4 Likes
I believe it would be very wise to propose a Privacy & Security category, which is obviously in a great demand (something in a style of Gaming category we have).
Few core threads for:
- Important headsup
- News of interesting tools / solutions
- Browsers
- VPNs
and rest of threads should be created if someone have some very specific question / solution
We could merge some of existing threads there
4 Likes
We need a “post your tin foil hat pics” thread too, just to keep it light 
4 Likes
I made my own hat when I was into Apple gadgets a few years ago.
It was warm and comfortable! Not so much aluminum foil. But I didn’t see anything with it on! 
I’m still in the IRC on that site. Been there since 2013 
I don’t have any Apple stuff left!
3 Likes
The first video doesn’t have much applicability in real life though. Someone needs physical access to your system to do that… and they aren’t going to only set up a way to log your keys and get remote access to them if they do.
You’re going to have to point me to a rough time stamp in the 2nd video for a relevant part. Don’t particularly feel like scrolling through the whole hour to find it lol.
There are enterprise examples of this, but it involves installing the appropriate certs on people’s machines so browsers don’t freak out about MiTM. If you could give me an idea of how this could realistically happen in a public wifi environment, for example, I’ll take your point.
I know FF has the minimum requirement of tls 1.2 now. Not sure how that would be circumvented.
Sure, but how much of that traffic is even worthwhile to someone?
I agree, but then we shift the burden of trust onto the VPN provider. Not that it’s necessarily a bad thing, because I certainly use a VPN, but it’s important to think about.
Inbound IDS/IPS solutions are an example of this. They break inbound https so they can inspect it.
Again, it depends on how much you care about privacy. If you don’t care about that traffic, then it is nothing to worry about. On the other hand, others may care. It is fairly analogous to the telemetry conversation. Some people find telemetry to be intrusive and others don’t think it is a big deal. Neither group is wrong, it is just a matter of perspective.
This is true, it all depends on who you trust more. I certainly trust my VPN provider more than a public wifi connection or my ISP.
A VPN is not a silver bullet. It is just a tool in the toolbox.
Right, which is what I was talking about with certs. I talk about this because I work on the InfoSec team for my company one of our duties is setting up SSL decryption, and for browsers to not freak out about MiTM’ing they need to have a proper certificate chain installed, which is not something that a random external actor can do. Example from PaloAlto on how to set up SSL decrypt.
Snort, for example, pretty much ignores SSL/TLS by default.
Not trying to be combative at all, hope you don’t think so at least.
But I agree with you on the rest of your points.
1 Like
That makes sense for outbound ssl traffic but that is not how the solutions that break inbound traffic work. It can’t, you don’t have control of the external endpoints. I didn’t think it was possible either, but we demo’d one of the solutions and it was able to give us analytics on inbound https traffic including the stuff that was encrypted. We didn’t make any other changes to our network or servers. I don’t remember the name of the solution off the top of my head. I will try to remember to ask the guy who set it up tomorrow.
Huh, damn! I’d be very curious to learn more about that.
That was just a quick search of similar technique maybe not the relevant one, but no, what i was talking about is the fact that there are nasty ways this days to hijack keys from transmission and decipher https traffic without any physical access.
Oh come on, i did set a timestamp.
Look up SolarWinds hack if you’re too lazy for few minutes 
Beats me how the hell they get keys to sign the packages to upload them…Which in return have some question on stuff like https encryption 
Hey ho,
i want to use a vpn solution which uses WireGuard as protocol. Do you recommend NordVPN?
You should be able to use WireGuard with pretty much any provider (at least as far as I have seen, check their website to be sure though), so the question really goes back to which provider and there is no simple answer to that, sadly. NordVPN has very solid reviews and is well regarded as far as I know, so that should be a pretty good choice in general.
1 Like
The only issue with nord is that they don’t offer port forwarding which has some negative implications.
Personally I would investigate mullvad over nord if I wanted wireguard.
As I use openvpn I’ve been happy with Air.
1 Like
The solarwinds attack is something very different. What they did there is basically a supply chain compromise. They hacked a security/management vendor undetected. Then they modified the software and distributed the compromised code through the normal update mechanism. Since that code was trusted downstream, they were able to compromise all kinds of things.
NordVPN is very inexpensive. That is really about all it has going for it. I use it as a secondary VPN because it costs so little. The performance is…not very good.
2 Likes
Yep, point is - it’s many times harder than sniff & decrypt https - which is very scary for the rest of us i’d guess… 
To me that was mind blowing 
1 Like
Ah, well I use Privacy Redirect, which converts youtube links to invidious and apparently the timestamp gets lost in the process.
2 Likes