Jump to content

Sampei.Nihira

Member
  • Posts

    1,041
  • Joined

  • Last visited

  • Days Won

    30
  • Donations

    $0.00 
  • Country

    Italy

Everything posted by Sampei.Nihira

  1. Beyond the obvious privacy functionality, this feature in Firefox 94.x also fulfills a security task. Unfortunately it is not so in MS Edge (and probably also in other chrome-based browsers,I have not checked) where the feature has lower performance, and not only for the lack of an exceptions list. For the test I will use the malware database of URLhaus: An HTTP malware site blocked in Firefox and almost certainly, as I have verified several times, with download pop-up opening in MS Edge. I invite you to do a verification: On HTTPS websites (,insert the filter for a better and faster test) the download pop-up appears and the download succeeds without any warning of potentially harmful files for the user. In this case with MS Edge (and probably also in other chrome-based browsers) the download is blocked or the user is warned about the possible danger: I recommend users who use chrome-based browsers to insert in the browser itself a rule that blocks all javascripts in HTTP websites: HTTP://*
  2. Sometimes it happens,but most of the time it doesn't. I'm going to open a new thread to highlight just this aspect but in modern versions of browsers. I invite you to participate and maybe do some testing yourself.
  3. The browser is a critical component of the security configuration. As I've written many times I consider security as a primary objective compared to privacy. If we take Pale Moon that lacks the Google Safe Browsing feature present instead in Firefox, it is good practice to integrate this lack. Choosing protective DNS. Enabling in UBO the anti-malware + anti-phishing lists. Who instead uses Firefox 94.x especially in a Windows OS must work on the privacy side (as well as at the OS level) that as you have all pointed out is lacking by default.
  4. Personally, as I have written several times I am more interested in security than privacy. Second option is the comfort of use.
  5. I will not install, for now, W.11 on my new W.10 pc even if it is compatible.
  6. Total javascript blocking is impractical on websites where you need to interact, so you are registered and login. In that case your protection against fingerprint is left to the browser itself (in the best case scenario) + some extensions (less is more).
  7. @ArcticFoxie With chrome-based browsers, unless you use several extensions (and here the debate opens as to whether it's better not to install too many extensions), you can't privatize several aspects of the browser subject to fingerprinting. A few examples: https://audiofingerprint.openwpm.com/ https://armin.dev/apps/ping-spotter/ https://pazguille.github.io/demo-battery-api/
  8. Try it: https://phishtank.org/phish_search.php?valid=y&active=y&Search=Search
  9. Aside from Windows XP, the most profitable use of a browser depends on many factors. With Windows, security should be a priority. If one browser is intrinsically more secure than another, it doesn't mean that your security configuration will be any less efficient than the one who chooses the more intrinsically secure browser. If with Windows I choose to use a browser firefox-based I renounce to the protection of the IL level untrusted. To take a next example if you use a chrome-based browser other than MS Edge in an OS like W.10 you forgo the CFG Anti-Exploit protection. My point of view is, let's think about the security first and then we intervene on privacy.
  10. Forgive me I am using Firefox on a Linux OS, so I may be OT:
  11. I am perfectly capable of removing Telemetry,Pocket.......etc...... and whatnot in Firefox.
  12. This information is incorrect as you can see from the image below: Firefox is also not set to achieve maximum privacy, because my daughter does not like to maximize the browser window at the opening. Another example Android Opera without VPN: _________________________________________________________________________________________________ In non-legacy Firefox-based browsers it is better to replace Decentraleyes with LocalCDN.
  13. Usually a hard setting of the browser for privacy prevents you from taking full advantage of the websites, that are broken. The latest studies show that a compromise must be sought in normal browsing. It is also advisable to install few extensions in the browser. In the test below: https://coveryourtracks.eff.org/ the ideal is to get the block of tracking ads + block invisible trackers without any extension or at the limit with only one extension.
  14. Xubuntu 21.10 (PC my daughter) Strong password enabled Quad9 DNS UFW Firewall - enabled Mozilla Firefox (latest version) Changed the settings in about:config for best privacy and security. HTTPS-only-mode enabled DNS over HTTPS - Next DNS DuckDuckGo set as search engine and homepage. Extensions: UBO - Hard Mode - with TLD by Kees1958 LocalCDN Speed Dial [FVD] VideoDownloadHelper This is the security/privacy configuration I have set up. I also did a basic hardening of Thunderbird. For my daughter's needs it is more than sufficient. Xubuntu 21.10 is much lighter and more responsive than W.10 21H1.
  15. I have been using XP all my life, the last pc lasted 16 years but unfortunately it died a few months ago. At my age (I'm 58) it's time to move on.
  16. I had to change distro because my daughter's printer was not being recognized. Probably because her HP printer is too new. I have now installed Xubuntu 21.10. The printer is recognized.
  17. The pc my daughter uses is over 10 years old. On that pc is installed W.10 Home 21H1 which is starting to get overly heavy. I've done some heavy optimization work that probably improved the use of the pc but didn't solve the problem. I did some tests with Xubuntu, Lubuntu, LinuxLite. In my opinion LinuxLite has surpassed the other distros for lightness. In the next days I will install this distro in her pc. Without dual-boot of course. I hope the pc will be reborn to new life. My daughter has already used a Linux distro when she was still a student. But many years have passed since then.
  18. A big hello to all MSFN members. In an OS that is no longer supported, theoretically, it is essential to have an up-to-date browser. But it is possible to survive even with an outdated browser. Those who don't use Noscript but use UBO could block javascripts at a general level and allow those per site. It should be remembered that the advantages of the chrome-sandbox are partially cancelled in an OS such as Windows XP. Especially if your FS is FAT32. Using a limited account or starting the browser with limited-user privileges with PsExec may be more helpful.
  19. Why not also use Anti-Exploit software. The one in WD is very good. Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. Also using IL appcontainer apps helps a lot.
  20. They are usually rootkits. Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access. Malware usually exploits a vulnerability in the OS and/or some installed application. That is why it is important to use a specific Anti-Exploit software. If the malware that "carries" a possible rootkit is blocked, the rootkit is indirectly stopped as well. On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware. And often the OS is too badly damaged to need to be re-installed.
  21. https://webkit.org/perf/sunspider/sunspider.html SunSpider1.0.2 might be a good reference point. As Malwarebytes Labs analysis reports: https://blog.malwarebytes.com/reports/2021/08/edges-super-duper-secure-mode-benchmarked-how-much-speed-would-you-trade-for-security/ But I don't think anyone has tested it in non-Edge browsers.
  22. Interesting. I wonder if the JIT disabling of the V8 javascript is working with 360. Basically the enabling of "Super Duper Secure Mode" available in Edge. --js-flags=--jitless The problem will be to check if actually JIT is disabled.


×
×
  • Create New...