If you don't use an adblocker, you should start. Unlike television advertising, Internet ad networks are designed to track you across the web. One big way you can defend yourself against this is to install a good adblocker, like uBlock Origin (but not that uBlock shit. uBlock Origin ).
That's a good first step, but we can upgrade the blocking experience. If you want to really only get the essential traffic needed to get around on websites, learn to use "medium mode" ("Advanced Filtering"). This way you can block 3rd party JavaScript (code which executes in your web browser) and frames from being loaded. This filters out an amazing amount of junk, BUT it does require you to learn how to use the blocking feature better. It is not a "set-and-forget" option.
If you go into uBlock Origin's settings, check "I am an advanced user" to get access to these additional options, which you can read about here: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide
Screenshots for reference are in the link I posted, so the general guidance is like this: You want to globally block 3rd party JS and 3rd party frames. Press the "Lock" icon to save this preference. When you go to websites you will likely find things are broken, to varying levels of acceptance. If the website is broken and you cannot use it, you will want to find the domains which likely help serve the content you're trying to access (common domains include CloudFlare, Fastly, and CDNs generally). You can set the rule to neutral to follow normal uBlock rules (i.e. if it's loading something on the ad-list it will block it, otherwise allow it). If you're very lazy you can set the rules to neutral for all 3rd party JS/frames on the current site you're browsing. Remember, if you find the settings you want to keep press the lock.
That's it. Stay safe from surveillance capitalism!
Also you can buy a raspberry pi computer for like 30$ and install pihole on it. This will let you block adds for every device on your network at home, including your phones and shitty “smart” TVs.
https://pi-hole.net/
While it'd require more care and some knowledge of what you're doing, you can upgrade the experience further by setting up a personal VPN so that you may get the DNS protection even while away from home. I use WireGuard for this purpose, since it's been mainlined into the Linux kernel, is 10000x easier to configure than OpenVPN, and performs faster since it doesn't run in userspace.
I think something like https://www.pivpn.io/ helps make this setup even more streamlined, but I don't run a raspberry pi for this sort of thing, and can't comment further on it.
Yea it’s worth noting that pihole or a vpn server will run on basically any old computer. You can buy an old laptop with a broken screen on Craigslist and use that. If anyone needs help setting this shit up or has questions send me a pm and I can try to help.
It's stupidly easy to get WireGuard or OpenVPN working with PiVPN. If you've never done it before it'll almost be harder to learn how to forward a port through your router.
This works great for like 99% of websites, you still get ads on youtube which are a bit annoying, but you can get an adblocker if you're in a browser or youtube vanced if you're on android.
Or if you make <300k queries a month and don't want to set up hardware yourself, use NextDNS. Paid plans are very cheap too and worth it imo. Easier to set up and use even when you're on the move.
Only if you want to trust a a third party with your browsing data.
You're already trusting your ISP with DNS queries. If your ISP doesn't provide their own DNS then they're likely sending your data to Google or Cloudflare, in which case NextDNS is significantly better. Sure, this is an extra party but it depends on your threat model I guess.
IMO the less parties involved the better. I use DoH so the only parties are me and Cloudflare.
How is
the less parties involved the better
consistent with
only if you want to trust a third party with your browsing data
if you're using Cloudflare?
In a DoH situation the only two parties involved aren't you and your DoH provider. Your ISP still knows the IPs of the sites you eventually visit after your DNS provider returns them. Reverse DNS lookups are fairly trivial for anyone inclined to set them up. So, again, depends on your threat model.
NextDNS offers DoH and DoT too, and is at par with or better than Cloudflare insomuch that they offer host-based blocking as well, let you choose whether you want logging enabled, and also let you choose whether you want to tunnel your queries through servers in jurisdictions that respect privacy. I'll admit that I also have reservations against Cloudflare because of their boner for centralizing the net and general hostility towards Tor users etc etc. but even objectively, aside from the fact that Cloudflare have ridiculous levels of infrastructure available to them, they offer no other net benefit over any other DoH provider, and might actively be counterproductive to the internet at large. It's not like any of the largeish DNS providers have a lot of downtime either that you would need the infrastructure advantage.
How is consistent with
I was assuming that NextDNS was doing something like PiHole where it just forwards any DNS request it doesn't block to Cloudflare or something. If they are an alternative to Cloudflare then it might be a good idea. Guess I gotta find out if I can trust them more than Cloudflare.
Ah, fair. Yeah they're a DNS provider themselves, and just happen to have the sinkhole functionality that PiHole provides.
What exactly is Nano Defender? From what I've gathered it blocks websites from knowing you're using an adblocker, or something of that sort?
To explain further - uMatrix is much more advanced, but it lets you do something uBlock cannot do: filter content by type as well as domain. So for instance, you can use uMatrix to block all images from a domain, while allowing images from another domain. And more. It's a great tool that takes getting used to, but the combination of uBlock Origin and uMatrix is :OK hand:
I decided to settle on uBlock medium mode + JS off by default. Typically I was using uMatrix only to enable and disable scripts and no other media so it works fine for me.
hey man you forgot to post links to make sure people go to the right pages, but dont worry i got you
Ublock orgin for:
firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en-GB
If you're in this thread and at all concerned about your data don't fucking use chrome
Oh, and one other bonus: Do consider disabling JavaScript globally from uBlock Origin, and enabling it as needed per-page. It's a hassle to work on the web like this but it can be a surprisingly clean experience, too.
This, absolutely. Shit loads incredibly fast and 90% of the web doesn't need JS.
That said, it's always a good idea to have a separate browser or browser profile without uBlock for your non-general browsing needs so that you don't have to go through the hassle of granularly enabling things again
Instead of whole profiles, I rely on Firefox Containers. Gmail in one container, bank in another, and so forth.
I didn't know you could have different extension settings for different containers? My main reason for separating profiles is that. Well that and I have the different profiles mapped to different keybindings so launching them is super easy.
Oh, no. I just mean the containers where the adblocker rules are either relaxed or disabled are at least not dumping tracking cookies which can be read from my other containers. I still manually jockey the blocking rules, but once you've done it enough you 1) get used to it and 2) the sites you've saved don't need updating so you don't notice it.
Ad Nauseam is also pretty cool if you want to incur marketing costs and obfuscate your traffic somewhat. It's based on uBlock Origin.
A slightly different thing but if you would like to control what apps can access the internet on Android, try NetGuard, which doesn't need root access, although it won't work together with a VPN and falls foul of some bugs in some Android/LineageOS/phone combinations, or AFWall+ if you do have root. They can also help you save data, because you can for example let everything use WiFi, but only let the essentials loose on mobile internet. I'm sure there are other apps like those too.
Now you can stop your shitting headphones knowing about everything you do.
I would also look into De-Ampifier for Amp links because fuck Google and their attempt at trying to be the first stop for all webpages: https://www.daniel.priv.no/web-extensions/amp2html.html
Also if you are using Firefox (And you should!) I would use the containers to help isolate sites from trying to pull info from your browsing behavior.
Relatedly, there's this extension https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/ which stops Google search results from being converted into tracking URL links when you click them. For Chrome users, you won't notice this behavior on the URLs, because they already know :)
If you like Chrome I'd recommend switching to Brave browser , which is built on chromium code (most chrome extensions are compatible, base functionality is essentially the same), but is open-source and focused on privacy and blocking trackers.
(They have a thing that pays websites via some cryptocurrency (BAT) in exchange for blocking ads, but I don't fully understand it and turn it off.)
IMO Brave is not worth it. I don't trust Brendan Eich, and they've already pulled off trust-shattering moves before e.g. https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes/
For MS Windows users, I don't know what modifications Microsoft made to Chromium, but assuming they did in fact remove Google's tracking and didn't just put their own instead (doubtful), Chromium Edge (with uBlock Origin) may in fact be a superior choice, with the benefit of it being pre-installed.
macOS users have it a little tougher because Safari runs great but you can't run actually decent extensions, Firefox runs like ass, and Chrom(e/ium) runs nicely but comes from Google.
I try to run Firefox wherever I can.
You're going to assume Microsoft, which puts trackers into the local search didn't pu tracking into Edge but Brave did?
Afaik Firefox has gotten better on Mac since around v76 but don't quote me on that
Pale Moon is a decent browser too.
Yeah, I heard. Unfortunate, but Google is big brother, Microsoft are trash and now power ICE, Brave is run by an anti-rights crusader, and Mozilla had that guy as their CEO. Firefox is probably still the most ethical (and functional) alternative out there but anything we use is likely going to end up on the wrong side of the ethical consumption argument.
Pale Moon devs do seem to be neckbeard assholes, but it is a decent browser.
Interesting, I did not know that about Brave was doing undisclosed affiliate code injection (probably because I have uBlock installed in Brave).
Personally, the whole ad-replacement cryptocurrency thing is something I prefer to not concern myself with, and just use Brave for the privacy blocking.
Will also look into chromium edge
I can't comment much further on it because I've jumped ship from Windows, so I can only hope it's better (but honestly, it's Microsoft, so that's probably foolish). One place Edge has a use, I guess, is for Netflix, since they force 720p on Chrome/Firefox users and only allow 1080p for Edge/Safari users.
Perhaps some clever mix of extensions can provide adequate privacy on it, might be worth it on my surface go since that thing isn't super powerful and chromium edge might be better optimized.
That's a lot of speculation, hence the need for more research
