Sampei.Nihira

Forgive me I am using Firefox on a Linux OS, so I may be OT:

I am perfectly capable of removing Telemetry,Pocket.......etc...... and whatnot in Firefox.

This information is incorrect as you can see from the image below: Firefox is also not set to achieve maximum privacy, because my daughter does not like to maximize the browser window at the opening. Another example Android Opera without VPN: _________________________________________________________________________________________________ In non-legacy Firefox-based browsers it is better to replace Decentraleyes with LocalCDN.

Usually a hard setting of the browser for privacy prevents you from taking full advantage of the websites, that are broken. The latest studies show that a compromise must be sought in normal browsing. It is also advisable to install few extensions in the browser. In the test below: https://coveryourtracks.eff.org/ the ideal is to get the block of tracking ads + block invisible trackers without any extension or at the limit with only one extension.

Xubuntu 21.10 (PC my daughter) Strong password enabled Quad9 DNS UFW Firewall - enabled Mozilla Firefox (latest version) Changed the settings in about:config for best privacy and security. HTTPS-only-mode enabled DNS over HTTPS - Next DNS DuckDuckGo set as search engine and homepage. Extensions: UBO - Hard Mode - with TLD by Kees1958 LocalCDN Speed Dial [FVD] VideoDownloadHelper This is the security/privacy configuration I have set up. I also did a basic hardening of Thunderbird. For my daughter's needs it is more than sufficient. Xubuntu 21.10 is much lighter and more responsive than W.10 21H1.

I have been using XP all my life, the last pc lasted 16 years but unfortunately it died a few months ago. At my age (I'm 58) it's time to move on.

I had to change distro because my daughter's printer was not being recognized. Probably because her HP printer is too new. I have now installed Xubuntu 21.10. The printer is recognized.

The pc my daughter uses is over 10 years old. On that pc is installed W.10 Home 21H1 which is starting to get overly heavy. I've done some heavy optimization work that probably improved the use of the pc but didn't solve the problem. I did some tests with Xubuntu, Lubuntu, LinuxLite. In my opinion LinuxLite has surpassed the other distros for lightness. In the next days I will install this distro in her pc. Without dual-boot of course. I hope the pc will be reborn to new life. My daughter has already used a Linux distro when she was still a student. But many years have passed since then.

A big hello to all MSFN members. In an OS that is no longer supported, theoretically, it is essential to have an up-to-date browser. But it is possible to survive even with an outdated browser. Those who don't use Noscript but use UBO could block javascripts at a general level and allow those per site. It should be remembered that the advantages of the chrome-sandbox are partially cancelled in an OS such as Windows XP. Especially if your FS is FAT32. Using a limited account or starting the browser with limited-user privileges with PsExec may be more helpful.

Why not also use Anti-Exploit software. The one in WD is very good. Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. Also using IL appcontainer apps helps a lot.

They are usually rootkits. Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access. Malware usually exploits a vulnerability in the OS and/or some installed application. That is why it is important to use a specific Anti-Exploit software. If the malware that "carries" a possible rootkit is blocked, the rootkit is indirectly stopped as well. On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware. And often the OS is too badly damaged to need to be re-installed.

https://webkit.org/perf/sunspider/sunspider.html SunSpider1.0.2 might be a good reference point. As Malwarebytes Labs analysis reports: https://blog.malwarebytes.com/reports/2021/08/edges-super-duper-secure-mode-benchmarked-how-much-speed-would-you-trade-for-security/ But I don't think anyone has tested it in non-Edge browsers.

Interesting. I wonder if the JIT disabling of the V8 javascript is working with 360. Basically the enabling of "Super Duper Secure Mode" available in Edge. --js-flags=--jitless The problem will be to check if actually JIT is disabled.

What version of Javascript engine does 360 use? chrome://version

I don't speak about childs process and dll protection because it can be set at OS level. Regarding ACG unfortunately without a JIT shutdown the MS Edge exe will not start. Theoretically it would be possible with the flag: --js-flags=--jitless that you can find in the Peter Beverloo list to disable JIT. Unfortunately some flags although working in Chrome do not work with MS Edge. For example the flag to delete the Insecure Cipher Suites does not work with MS Edge. It would be interesting to check in other chromium based browsers if the above flag is well written, maybe it needs small adjustments, and if it actually disables JIT. Unfortunately it is not the purpose of this thread.

Microsoft Edge's Super Duper Secure Mode lands in Settings - gHacks Tech News Another interesting feature.

I read that some MSFN members have problems with Noscript. An interesting solution is to use UBO in Hard Mode: https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode For MSFN members who resent the inevitable fixes for broken websites an equally interesting solution is that proposed by Kees1958 + Lenny_Fox. Enter the rules below in "My rules": * com * noop * edu * noop * eu * noop * gov * noop * inf * noop * io * noop * it * noop * net * noop * org * noop change the "it" rule with the one of your Country. There will be very few broken websites that need fixing. The increase in protection of UBO with respect to blocking lists only, and even with respect to the Medium mode, will certainly be greater.

Contrary to my previous intervention, in the new pc, I have chosen as browser MS Edge. The possibility to add more Anti-Exploit rules than other browsers to IL "appcontainer" has greatly influenced my choice.

Although some android browsers are renowned for the ability to install extensions: Firefox Kiwi Browser Yandex Browser not all extensions can be installed in these browsers and especially some of these extensions even if installed do not work as they should. I tried to run a test with the extension: Video DownloadHelper And only with Yandex Browser has proper functionality. You can add more if your experience is different or you want to integrate these few info. TH.

You should see the list in "Privacy". But as you may have read I have no way to verify with UBO Legacy.

Forgive the delay in my response. Obviously I would recommend the lists I used to use as well,you can find them in this thread a few pages back. You might also consider the experimental list below: https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt

The Covid EU Digital Green Pass NOT in paper format (the one Jaclaz posted) in my opinion is also more respectful of your privacy. It can be shown to the operator without any paranoia. The check is based on 3 parameters. If the certification is valid,first and last name and date of birth. And of course you need an identity document to confirm the data. The operator can also not make any saving of the screen. I forced a screen through a photo:

The vulnerability described below affects uBlock Origin Legacy: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc https://github.com/gorhill/uBlock-for-firefox-legacy/issues/310#issuecomment-876323719