Items tagged with: proxy
HN Discussion: https://news.ycombinator.com/item?id=19883647
Posted by reimertz (karma: 3406)
Post stats: Points: 66 - Comments: 56 - 2019-05-11T00:41:28Z
#HackerNews #dependency #next #now #packaging #proxy #standard
HackerNewsBot debug: Calculated post rank: 62 - Loop: 140 - Rank min: 60 - Author rank: 63
Diaspora has a design problem. Podmins can block users on their own pods, but there's no mechanism for blocking the content of users of other pods from ending up on their own. For example, a podmin cab block a racist troll from their pod, but they can't block that racist troll's public posts from another pod appearing on their own. Also, users who are banned from any given pod can just create a new account on a different pod and continue to plague the network.
I know that adding a feature to block external users to the diaspora codebase is unlikely to happen quickly, if at all. There may even be philosophical objections to "breaking" federation like this. So, for those who want this feature now, I started tinkering with a workaround solution: a small proxy server that sits between D* and its front-end web server which discards incoming posts from users on a blacklist. All a podmin need do is add the user's diaspora ID to their list, and henceforth none of that user's posts or comments will make it on to their pod. All that will be necessary to run it is to change a single port number in the web server configuration.
If you'd like to have a look, or maybe try it out for yourself, the project is hosted here. However, in its current state it should be considered highly experimental.
Before I conclude, I'd like to anticipate a couple of responses and address them:
First, it may be pointed out that you can accomplish the same effect by corrupting the user's public key on the local database. This is correct, but that might be both difficult and intimidating for inexperienced podmins. Also, it's not easily reversible. I think this solution is much more podmin-friendly.
Second, what ever happened to, like, free speech, man? I know some people will be strongly against the very idea of this on principal. To that, I say we must agree to disagree. D* already has mechanisms for podmins to silence and ban users, this is just expanding the scope. That, and it's totally voluntary.
Third, yes, this is a specific targeted attempt to de-platform Nazis. I don't apologize for that. I guess it would work just as well for paedophiles too. I'm not going to lose any sleep.
PS - I apologize to all of the Friendicans, SocialHomers, Hubzilloids, et al for the Diaspora-centric language in this post. Don't take it personally. Unless you're a Nazi. Then fuck you.
#diaspora #federation #podmins #censorship #abuse #trolling #racism #nazis #proxy #dreipfeil
dotproxy (Github) is a robust, high-performance DNS-over-TLS proxy. It is intended to sit at the edge of a private network between clients speaking plaintext DNS and remote TLS-enabled upstream server(s) across an untrusted channel. dotproxy performs TLS origination on egress but listens for plaintext DNS on ingress, allowing it to be completely transparent to querying clients. By encrypting all outgoing DNS traffic, dotproxy protects against malicious eavesdropping and man-in-the-middle attacks.#dns #security #tls #dotproxy #proxy #foss
Windscribe CLI - easy and quick install
Binaries, repositories, addons for browsers, .apk, etc.
- IKEv2 - Default connection mode, usually the fastest, but can be easily blocked.
- UDP - This mode uses OpenVPN protocol. UDP is usually the fastest protocol to run OpenVPN on, but can also be blocked quite easily.
- TCP - Use this if UDP fails to connect. Much more resilient to bad network conditions, but could be slower.
- Stealth - Encapsulates OpenVPN in a TLS tunnel via Stunnel. Only use this if all other methods fail. May be handy in China.
- Wstunnel - Encapsulates OpenVPN in a WebSocket. Only use this if all other methods fail. May also be handy in China.
In our desktop applications we use AES-256 cipher with SHA512 auth and a 4096-bit RSA key. We also support perfect forward secrecy.INSTALL
In our browser extensions we use TLS 1.2, ECDHE_RSA with P-256 key exchange and AES_128_GCM cipher.
Fedora 22 +n...
Create a free account if you don't have one already.
Download and install the repo as root
wget [url=https://repo.windscribe.com/fedora/windscribe.repo]https://repo.windscribe.com/fedora/windscribe.repo[/url] -O /etc/yum.repos.d/windscribe.repo
Update yum / dnf
yum update dnf update
yum install windscribe-cli dnf install windscribe-cli
Switch to NON-root user
Ubuntu (14.04 - 18.04)
Create a free account if you don't have one already.
Add the Windscribe signing key to apt
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key FDC247B7
Add the repository to your sources.list, for example:
echo 'deb [url=https://repo.windscribe.com/ubuntu]https://repo.windscribe.com/ubuntu[/url] zesty main' | sudo tee /etc/apt/sources.list.d/windscribe-repo.list
echo 'deb [url=https://repo.windscribe.com/ubuntu]https://repo.windscribe.com/ubuntu[/url] xenial main' | sudo tee /etc/apt/sources.list.d/windscribe-repo.list
Run apt-get update
sudo apt-get update
sudo apt-get install windscribe-cli
The simple and the best way (binaries):
# cd /home/user/distro/windscribe # ls /home/user/distro/windscribe -rw-r--r--. 1 13K 2019-03-13 20:09 windscribe.txt -rw-rw-r--. 1 16M 2019-03-13 20:05 Windscribe2-130.apk -rw-rw-r--. 1 9,1M 2019-03-13 20:04 windscribe-cli_1.3-19_amd64.deb -rw-rw-r--. 1 6,9M 2019-03-13 20:02 windscribe-cli-1.3-19.amd64.rpm -rw-rw-r--. 1 6,1M 2019-03-13 20:03 windscribe-cli_1.3-19_i386.deb -rw-rw-r--. 1 7,0M 2019-03-13 18:30 windscribe-cli-1.3-19.i386.rpm -rw-rw-r--. 1 17M 2019-03-13 18:45 Windscribe.exe
For example, my beloved 😀 RPM-based distro:
# rpm -Uvh windscribe-cli-1.3-19.i386.rpm 1:windscribe-cli-1.3-19 ################################# [100%] Created symlink from /etc/systemd/system/windscribe to /usr/lib/systemd/system/windscribe.service. Created symlink from /etc/systemd/system/default.target.wants/windscribe.service to /usr/lib/systemd/system/windscribe.service.
$ windscribe [<options>] <command> [<args>]...
$ windscribe --help Show this message and exit.
status Check status of Windscribe and connection account Output current account details connect Connect to Windscribe disconnect Disconnect examples Show usage examples firewall View/Modify Firewall mode lanbypass View/Modify Firewall LAN bypass locations Output list of all available server locations login Login to Windscribe account logout Logout and disconnect port View/Modify default Port protocol View/Modify default Protocol proxy View/Modify Proxy Settings sendlog Send the debug log to Support speedtest Test the connection speed viewlog View the debug log
Connect to best locations:
windscribe connect best
Connect to specific location:
windscribe connect IL
Connect to previous location:
Disabled the firewall:
windscribe firewall off
Change connection protocol:
windscribe protocol TCP
$ windscribe connect Connecting to Israel Jerusalem Zion (UDP:443) Firewall Enabled Connected to Israel Jerusalem Zion Your IP changed from 100.00.00.000 to 220.127.116.11
$ windscribe status windscribe -- pid: 23511, status: running, uptime: 6m, %cpu: 0.0, %mem: 1.8 IP: 18.104.22.168 CONNECTED -- IL UDP (443)
$ windscribe account Username: YOUR_NAME Data Usage: 33.78 MB / 10 GB Plan: 10 GB Free
$ windscribe locations
#windscribe #security #privacy #www #internet #web #tcp #udp #gnu #linux #fedora #centos #redhat #ubuntu #windows #android #macos #encryption #crypto #AES-256 #vpn #openvpn #SHA-512 #RSA-4096 #firewall #proxy #hotspot
Which websites featured on the Federation have the worst privacy?
My last post highlighted how ticking the OEmbed box to add a website picture to a post can compromise Federation users if it contains a tracker.
I also mentioned tools, like Disconnect, we could use to detect websites which track their users. In this post I reveal some of the most popular reference websites on the Federation with low privacy and high tracking rates.
I believe Federation users should consider not embedding, or at least warning their readers about the surveillance techniques carried out by these sites.
A Princeton University study identified almost a million websites that track their users. Here are just 5 examples of websites whose stories are commonly quoted on the Federation:
Wired is a popular website referenced on the Federation by many users because it publishes great tech-based stories. But how private is it?
Although it offers an ‘ad-free’ version for subscribers, normal visitors are ruthlessly fleeced for their data.
WIRED has embed deals (agreements to embed tracking codes into their pages for money or gain) with a staggering 171 third parties including Google, Amazon, Facebook, Vogue, GQ, Golf Digest, Bonappetit and Vanity Fair.
Some tracking beacons embedded on WIRED and captured by Ublock Origin
151 of these third parties are known tracking or advertising companies like Google, Amazon, Facebook, Turn, Add This, Scorecard Research, Adobe, Twitter Analytics, Typekit, Criteo and Quantserve. Aggressive trackers like Google Tag Manager (GTM), Add This and Turn are present here.
Below is a screengrab of the many scripts NoScript has blocked from the WIRED website, the 33 scripts, gifs and beacons blocked by Ublock Origin and a couple by Disconnect.
WIRED sets 25 short-term and 28 long-term cookies itself, while allowing its third party partners (including 69 tracking companies) to set 26 short-term and 133 long-term cookies.
It uses Google Analytics without the anonymization feature enabled, so user details are sent to Google servers.
All WIRED servers are based in the US so GDPR privacy rules can be ignored.
Websites loading this many scripts/cookies are usually blacklisted by most users, not least because they drain a device’s battery.
WIRED claims that subscribing with them will mean an ad free experience, but I find it hard to believe that a subscription to WIRED will suddenly load a clean page without a single tracker retrieving data. But then I am not a WIRED subscriber. Please comment if you are and have no trackers.
Seen by some as a safe pro-privacy resource celebrating Free and Open Source Software, FOSSPOST lets its users down by digitally fingerprinting their devices and loading 19 trackers into a browser.
FOSSPOST has embed deals with 27 third parties, making its embed renting in the ‘low’ category, including Google, Amazon, Creative Commons and WordPress.
13 of these are known tracking or advertising companies like Google, Amazon, Mailerlite, One Signal and the data-hungry caterpillar that is WordPress.
FOSSPOST sets 2 short-term and 2 long-term cookies itself while allowing its third party partners (including 3 tracking companies) to set 4 long-term cookies.
It uses Google Analytics without the anonymization feature so user details are sent to Google servers. All FOSSPOST servers are based in the US so GDPR privacy rules can be ignored.
Acquired by Yahoo’s parent company, Oath (a company that includes AOL), under the Verizon umbrella, in 2010, this is a popular reference source for researchers and Federation users.
Historically, Yahoo deserves some kudos as they were one of the few big tech companies that objected to sharing their users’ details with the PRISM
The Bush administration threatened them with $250k a day fines until they complied. Verizon bought them in 2017. Yahoo suffered the largest data breach in history in 2018.
The link to this NYT story is not embedded (consider blocking the GTM tracker on the site)
TECHCRUNCH.com fingerprints the user’s device and dumps 2-7 Yahoo trackers in their browser, depending on the page loaded.
TECHCRUNCH.com has embed deals with 27 third parties, including Google, Facebook, Yahoo and WordPress.
15 of these are known tracking or advertising companies like Google, Facebook, Yahoo, WordPress, Atwola, Typekit, AOL and Scorecard Research.
TECHCRUNCH.com sets 4 short-term and 5 long-term cookies itself while allowing its third party partners (including 4 tracking companies) to set 1 short-term and 7 long-term cookies.
It uses Google Analytics but interestingly enables the anonymization feature so some user details are not sent to Google servers.
All servers are based in the US so forget about GDPR privacy rules.
THE REGISTER .co.uk
Although a great resource with well-written and groundbreaking stories, it isn’t as private as I’d hoped.
There is no obvious digital fingerprinting but it seems to have gathered more Google syndication in the last couple of years, (9 of its 16 embed deals are with the Big G). 12 known tracking or advertising companies like Google, Admedo and the Amp Project gather data.
THE REGISTER sets 3 short-term and 4 long-term cookies itself while allowing its third party partners (including 2 tracking companies) to set 7 long-term cookies.
It uses Google Analytics without enabling the anonymization feature so user details are sent to Google servers. Although THE REGISTER’s domain is in the UK, both its data and email servers are based in the US so GDPR privacy rules could be compromised here, though I am not a lawyer.
The Guardian .com
I’ve been sitting on this for a few years now but it’s about time I blew the whistle.
I first noticed the Guardian newspaper’s website was digitally fingerprinting its users’ devices when they published an article on, um, Canvas Fingerprinting.
That page has been removed since, but they still continued doing it, long before Facebook, though not before Google.
I’ve kept quiet about this surveillance because I admire the paper for its incredible journalism, especially exclusives like the Snowdon revelations, and its general championing of freedom issues across many sectors of society. But the hypocrisy has started to wear me down.
Some tracking items & widgets embedded on Guardian .com and captured by Ublock Origin
The Guardian has embed deals with a privacy-sapping 142 third parties, including Google, Amazon, Bing, Twitter, and, despite being one of its main critics, Facebook. 132 of these third party partners are known tracking or advertising companies like Google, Amazon, Facebook, Turn, AddThis, Scorecard Research, Blue Kai, Twitter Analytics, Rubicon, Criteo and Quantserve.
Some of the most aggressive trackers like GTM, AddThis and Turn are present here.
The Guardian also sets 3 short-term and 5 long-term cookies itself, while allowing its third party partners (including 51 tracking companies) to set 10 short-term and 131 long-term cookies.
Yes, we NEED the Guardian’s continued existence, but castigating Facebook et al while allowing them to track its users doesn’t sit well with me.
The website uses Google Analytics but at least enables the anonymization feature, so some user details are not sent to Google servers.
Although The Guardian’s data servers are in Germany, their email servers are based in the US so GDPR privacy rules could be compromised here, though, again, I am not a lawyer.
In conclusion, I’ve given just 5 examples of popular sites Federation users quote in their posts.
I am NOT advocating a boycott of these sites but politely suggest we don’t OEmbed them, just feature a hyperlink and give readers the heads-up about these privacy concerns.
Alternatively, look for other sources featuring the same story. It’s also worth highlighting which websites do NOT add a tracker when we OEmbed a story, or have a low level of surveillance. Please promote those guys.
#news #fakenews #journalism #FreePress #PressFreedom #theguardian
#privacy #tracking #trackers #facebook #social #mass-surveillance #gdpr #google #location #user #device #setup #private #secure #internet #tips #tricks #online #os #windows #apple #ios #advertising #ad #revenue #streams #developers #media #data #corporations #telemetry #consent #spyware #surveillancecapitalism #humanrights, #anonymity #cookies #surveillance #browser #proxy #relay #network #www #leaks #fingerprint #activity #activitytrackers #thefederation #pods #federation #fediverse #friendica #mastodon #pleroma #socialhome # #Gnusocial #Funkwhale #Peertube #pixelfed #hubzilla #Diaspora
How can Federation users post more safely?
You know how it goes. We find a great story online and we want to share it with our supporters or feature it in our feed with appropriate hashtags for maximum reach.
But do we check the website featuring the story for privacy before we post?
When we embed a link by selecting the OEmbed box (often ticked by default) this displays an image or video on our post from the website we’ve featured.
They may look cool, but these images can contain beacons or other trackers. Embedded trackers also load into the browsers of any user who scrolls down the public feeds.
Should we ensure the website is safe before linking to it?
Actually some do. Posts that don’t feature a website’s images (with the OEmbed box unchecked as below) can actually protect Federation users from a serious amount of surveillance.
Some thoughtful users actually reproduce the article’s main points in their post, to protect their readers from visiting the site itself. They usually supply a link to the original content if one wants more detail and perhaps is protected with tracker blockers. So how do we know a site we recommend is safe?
Here are some privacy tips:
• Consider checking the page’s security/privacy before linking to it.
Using Tor, or a beefed-up Firefox fork or version (for detecting digital fingerprinting), and/or Disconnect, NoScript or Ublock Origin add-ons to reveal a multitude of trackers.
• There is usually more than one website featuring the same story. Consider picking the website with the least trackers and digital fingerprinting.
• Issue a warning in your post about any of the site’s surveillance methods and privacy issues you’ve detected.
• Embedding a picture/video could also make users vulnerable. Consider unchecking the OEmbed box.
In the next post I’ll give examples of a number of websites with low privacy and excessive trackers, commonly featured in the public feeds.
#secure #internet #windows #apple #revenue #streams #developers #Social #media #data #corporations #tracking #trackers #facebook #social #mass-surveillance #gdpr #google #alphabet #location #user #device #setup #private #secure #internet #chrome #tips #tricks #online #os #mobile #ie #safari #apple #ios #ad #revenue #streams #developers #telemetry #consent #windows10 #windows7 #windows81 #microsoft #linux #debian #ubuntu #mate #gnome #grub #iphone #firefox #advertising #android #chrome #browser #browsers #phone #phones #device #Tor #privacy, #humanrights, #anonymity #internet #security #cookies #surveillance #browser #web #onion #router #torbrowser #bridge #proxy #relay #leaks #fingerprint #activity #activitytrackers #spyware #surveillancecapitalism
Tor fingerprints thousands of users who download its phone apps to Android
This is shocking and depressing.
Tor’s Android app download pages are laden with Google trackers!
As we can see by these screen grabs of the Guardian Project’s secure apps page, their syndication deal with the Big G means there are two Google tracker requests on this page (from 2 Google embeds, Gstatic and GoogleAPIs)
Google APIs tends to employ different Google bits like fonts and can be made safe if tweaked by the website's developers, but Gstatic is a collector.
I haven’t checked the HTML but these are probably loaded by the Google widget, bottom left on the page. More worrying is the big fat Canvas Fingerprint set by the site, which sneakily records a user’s device – flagged, ironically, by my Tor browser.
On the Orbot page, where android users have the chance to download a browser that doesn’t track them, 6-7 Google tracking requests load up, while the Guardian Project sets 4 short-term cookies and its Canvas Fingerprint records every privacy-loving user’s device.
Okay, I understand business. Tor want to put a private browser in a massive market, and Google Play users probably want it too, but in return, privacy advocates are tracked and logged by the Big G on Guardian Project’s webpages. And their devices are fingerprinted. I don't know if the Guardian Project share fingerprint data with Google, but this is a case of the private suffering to benefit those without privacy, while those in power record EVERYBODY!
#Tor #privacy, #humanrights, #anonymity #internet #security #cookies #browser #web #onion #router #torbrowser #bridge #proxy #relay #network #www #leaks #fingerprint #activity #activitytrackers #apps #mobile #android #Google #Alphabet #guardianproject #mozilla #torproject #fdroid
"World Wide Web Offline Explorer
The wwwoffled program is a simple proxy server with special features for use with intermittent internet links. This means that it is possible to browse web pages and read them without having to remain connected. "
#proxy #floss #tools #internet