TAILS

[Rex A. Butcher]

What ho one and all,

Owing to recent stuff in the UK press regarding a proposed new law that ISPs must keep a record of everyone's browsing history for one year, I thought I would investigate ways around this.

The result was formatting a USB as bootable and installing TAILS. Do I need it? Not at all. Am I interested? Yes. So I have been checking around the Dark Web; very interesting!

However, if I am to 'carry' this USB with me as a web browsers, I would like to have all my bookmarks in place but am unable to find out how to do so. May be it is not possible? Can it be done?

On the other hand, I can just make do with FireFox portable, which does the same.

Thanks

Rex

[HAN]

In my mind, the issue is how much can we really be anonymous? I argue very little. Or at least much less than we think we can be at first glance. Even TOR (arguably, one of the most anonymous browsing concepts yet deployed) was cracked by law enforcement. http://www.forbes.com/sites/kashmirh...ent-break-tor/ Beyond TOR being breakable, there are only around 900 to 1000 exit nodes. IMO, certainly with in the NSA's or GCHQ's means to monitor. https://torstatus.blutmagie.de/ (When you emerge from a TOR exit node, your traffic is not encrypted.) And I'm sure you know that TAILS uses TOR.

The Electronic Frontier Foundation (EFF) are champions of internet privacy. They have a page that lets visitors know how much info they are allowing to be "leaked" when visiting a web page. And this has nothing to do with cookies. https://panopticlick.eff.org/ This page kind of invalidates the theory that if you close down the info leaks, you're safer. What it really means is the less you leak, the more you are unique and probably easier to track.

A good example of being unique is TAILS. How many users are using it? Not many I would argue. Plus, you can't hide the IP address trail (at least not perfectly) when surfing.

Should you do nothing? I can't answer that. I certainly use some information blocking solutions. But I must admit they might not really be all that effective.

A good site for privacy is at https://www.privacytools.io/ Lots of information!

[Rex A. Butcher]

Wow: awesome! Thanks.

I don't understand turning off Java. If I have it off, some many sites (inc. my home page, BBC.co.uk) will not play any video newsreel.

There is certainly quite a lot of fingerprint info coming from my computer, but it is mainly Java related and fonts. As for the ISP address, that was blank.

In the past, I have played with GRC Leak test and I always come up as in 'Stealth' mode with a page of green boxes. I assume this is pretty good?

[HAN]

Some followup...

Java (NOT JavaScript/script which is different) and Flash are browser plugins that can be set to only work on sites you, as the user, dictate. You do not have to run Java or Flash all the time. See this link on how to accomplish this http://www.howtogeek.com/188059/how-...y-web-browser/ And as I noted above, making yourself more private (browsing with Flash and Java turned off) makes one more unique than not. Because most people run with both on, full time. But it is also worth noting that due to misuse of Java and Flash by bad people, you can be infected by just visiting a website. So turning them off for most sites is probably worth giving up some anonymity. As I mentioned above, there is no exact, correct answer with this stuff!!

Under typical circumstances, determining your IP address or the ISP that you are connecting through is easy. Using something like TOR or an anonymizing service can help but if someone (like an agency with 3 or 4 letters in its name) wants to find you bad enough, they can probably do so.

IMO, the GRC LeakTest is not the same thing we're talking about here. LeakTest is meant to simulate malware that is bypassing a firewall (if you have one) by stealing personal or financial info and conveying it to the creator's collection points on the web. What Tails/TOR/any privacy related measures does is to attempt to limit ANY trackable information that a user leaks through incidental use of the internet. We're not talking your government ID or bank card numbers. We're talking about what websites you shop at, what you buy while there, where you connected to the internet, was it on your phone or PC, what brand of phone or PC are you using and on and on. LeakTest does not test anything at all related to this type of info.

[fink]

Perhaps worth mentioning is that Java (not Javascript) and Silverlight (used as an illustration in HAN's link above) may not even be needed by many/most people.

I uninstalled Java a few years ago and have had very few instances where I've needed it on my computer and none of those were show stoppers... just websites with things like speed tests of which there are many others that don't need Java or interactive games which I don't play anyway.

I don't think I've ever visited a website that required Silverlight.

[Rex A. Butcher]

Again, many thanks.

I do use AdBlock and NoScript and notice that for many sites, I have to active NoScript.

On the anonymity front, seems to me there are two sides. If I use TOR, then I am pretty hidden, but if I then sign up to Ashley Madison (for example)or buy something off eBay (for example) although no-one knows because of TOR, if AshMad don't have full security in place, then my anonymity is pretty much a waste of time. Is this correct?

[HAN]

If any website you have registered with is compromised, your data could be exposed. Using any anonymized browsing service can't and won't protect you from that problem. All that TOR and other decent anonymous providers do is to (mostly) obscure the path between yourself and the website you're connected to.