quandyalaterreux

Reply to comment by quandyalaterreux in Ad Block on Tor? by rot

quandyalaterreux wrote

In general, regardless of your choices, assume Tor Browser activity on clearnet sites (hidden services less so) is easily discernible by a concerted law enforcement surveillance inquiry (correlation attacks), and is also subject to a lot of corporate surveillance (through the ad networks, etc).

Bad advice, the Tor Browser already offers the strongest first-party isolation and anti-fingerprinting defenses that you can hope for.

1

Reply to Ad Block on Tor? by rot

quandyalaterreux wrote

Ad Block on Tor?

Are you talking about the Tor Browser? If so, then please avoid that. Any change that makes you deviate from the standard Tor Browser will make you an easier target of browser fingerprinting.

4

quandyalaterreux wrote

First of all are you in a country where usage of Tor is prohibited? (There are easy to use techniques already embedded in the Tor Browser to deal with such cases that's why I'm asking about that.) If you can specify a country (PM me if you don't want it public) should be great for that.

1

Reply to comment by quandyalaterreux in by pretzel_logic

quandyalaterreux wrote

I admit I haven't done it, but if I were to use a VPN I would rent a virtual server with cheap bandwidth and run the VPN software on it myself. An interested government snoop could track down my data, but they would have to target me personally to do that.

What about the case when your VPS provider snoops on you? (Again this doesn't address the first-party isolation side and even the fingerprinting one)

1

Reply to by pretzel_logic

quandyalaterreux wrote

A VPN doesn't provide first-party isolation (different IP for different website basically) unlike with the Tor Browser. Even FF+Tor alone won't do that. Also if you want a very secure setup try Qubes+Whonix.

2

quandyalaterreux wrote

If the point of DuckDuckGo is to remain more private while searching the web, it doesn’t make sense to have your search terms visible to anyone with access to your computer (or your network).

  1. The claim "or your network" is absolutely false as DDG uses HTTPS.

  2. It's not even a problem, just don't record your history, or delete all duckduckgo.com/* urls from your history.

  3. Never use DuckDuckGo nor this "SearchEncrypt" instead use Tor if you want privacy by design with whatever search engine or website you want.

4

quandyalaterreux wrote (edited )

How much more? Your ISP won't know that you visited gmail but if you are using https then the local ISP would not know your account name anyway. And if you are not using https then the exit node would know your account name and that is a lot less private.

The Tor Browser includes HTTPS Everywhere and in fact gmail is preloaded in the HSTS preload list so HTTPS should be forced. In the first case the ISP will know that you visited gmail, whereas in the second the ISP won't know that - which is a net gain in privacy terms.

1

quandyalaterreux wrote

Surfing yes. Checking e-mail, no. They even talk about this in their docs. If you use an account that is tied to you you aren't getting the same kind of protection that TOR was designed for.

You can sign-up using the Tor Browser with a web email service that allows Tor (such as tutanota.com) and hence your identity won't be tied to that email (unless you leave personally identifiable information, email is unencrypted by default so don't forget about that).

1