Re: [DNG] OT: firefox, privacy etc.

2018-09-06 Thread Martin Steigerwald 
mad.scientist.at.la...@tutanota.com - 06.09.18, 03:34:
> how an i possibly get local storage of login information to work again
> in firefox?  Can't find any configs in about:config to enable a
> master passord or learning of new login data without "sync", 
> "pocket", etc.  should i just switch to a browser with any respect
> for privacy and user preference, or is it time to just shoot my
> gigabit ethernet because every one is a whore?  Yes, i specifically
> mean mozilla and google.

I still use Firefox with its own built in Software Security Device or 
whatever is called and a master password just fine. Version 61.0.1-1.

My Firefox never forced me to use Pocket or Sync or anything. The start 
page had some Pocket recommendations after some update, but I just 
disabled those. You can even configure the start page after starting 
Firefox or opening a new tab to be completely empty.

Also in Firefox settings there is a page about privacy settings. Right 
at the beginning I have the master password thing. And I can open the 
saved passwords, view and delete them. And they are all stored locally, 
cause I do not have any Firefox account except with their bugzilla. So 
there is not even a need to go to about:config. You can just configure 
password storage in privacy settings page in settings.

Thus I really do not know what Firefox you are using. Your error report 
was not very detailed. You did not even state version and installation 
source of Firefox you are using.

There are a lot of issues with Firefox, but the ones you describe are no 
issues here.

Also which browser would that be with more respect for privacy and user 
preference? I use Chromium for some things, but in my eyes its worse, 
not better when it comes to privacy and respecting user preferences. 
While Google may not be as bad as Facebook, for a long time most of them 
do not care about their former "don´t be evil" mantra. Up to a point 
where some employees sometimes even protest internally about some 
practices regarding data collection like the buyout of data from 
Mastercard *without* consent of Mastercard owners.

Anyway, I recommend to install Firefox and Chromium by package, never 
install it yourself. Why? Debian maintainers patch out some of the 
privacy issues. Like telemetry for technical details and user 
interactions. The Debian/Devuan packaged browser simply does not support 
it. Of course I also recommend to use a version of Firefox of at least I 
think it was 57 or higher. One with the new quantum engine. It really 
makes a difference.

In addition to that I use Firefox and Chromium with uBlock Origin and 
strict settings for it. And by default I do not allow *any* cookies. I 
really whitelist websites for cookies. And found out that many websites 
are pure and utter crap when it comes to report to the user that they 
require cookies. Some even just open as a blank white or black page 
without displaying anything and I can guess at whether uBlock Origin 
blocked an external content deliver network (often "cdn" in domain name) 
or its cause I do not allow cookies. Others simply forget logins or fail 
at login, without telling why that is. On a quite large part of all 
websites I used there is no error checking and reporting in case cookies 
are disabled. If you are on unstable/testing, you can also install 
uBlock Origin as package again. You may choose to install the addon 
directly to receive updates earlier.

I also use some other privacy related addons. I learned a lot from an 
excellent blog article series by Mike Kuketz¹. Its in German language 
however, so you´d need a translation service in case you cannot read 
German. Except Privacy Settings, which allows to configure (advanced) 
privacy related settings, that you otherwise have to configure via 
user.js or about:config, all plugins I´d like are available in 
WebExtension format. Mike Kuketz does not recommend PrivacySettings 
anymore. The new version has limited functionality (due to WebExtension 
API) and another issue I forgot.

[1] 
https://www.kuketz-blog.de/firefox-ein-browser-fuer-datenschutzbewusste-firefox-kompendium-teil1/

Thanks,
-- 
Martin


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: firefox, privacy etc.

2018-09-06 Thread Martin Steigerwald 
terryc - 06.09.18, 05:46:
> On Thu, 6 Sep 2018 03:34:27 +0200 (CEST)
> 
>  wrote:
[…]
> >  Can't find any configs in about:config to enable a 
> > master passord or learning of new login data without "sync",
> > "pocket", etc. 
> 
> A web search suggests the relevant files are in
> ~.mozilla/firefox/"profile" in keys* and sone sqllite files.

Guys and gals, no need to fiddle with some obscure semi-hidden settings. 
It all is openly in privacy settings page in any recent enough Firefox.

> > or is it time to just shoot my
> > gigabit ethernet because every one is a whore?  Yes, i specifically
> > mean mozilla and google.
> 
> I think they are widely spread on which ever 'internet' you
> use. I use privacybadger to alert me to their fangs
> (https://www.eff.org/privacybadger).

I used it as well.

I read several times recommendations not to use Privacy Badger. Why? It 
learns. And thus its very individual on every browser. Thus web pages 
may track you by testing out what requests your browser blocks and 
create an unique profile about the behavior of your ad blocking addon.

Maybe that finger printing issue is overrated, I don´t know. But from 
what I read ad and tracking people use any tricks they can.

Thus I now use uBlock Origin. I think it is the only plugin needed for 
that case. Its very efficient. Uses a configurable set of standard 
filter lists and can be configured easily to just block *any* accesses 
to third party domains by default, which I did. There is also uMatrix as 
an alternative but its really way more complex and does not really come 
with a set of default rules I think. But its way more powerful and 
flexible as far as I read.

Thanks,
-- 
Martin


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Dng Digest, Vol 48, Issue 12

2018-09-06 Thread mad.scientist.at.large 
Thank you.  Please note that everything i've found with search engines points 
to mozila help pages which are now completely wrong.  In the "normal" firefox 
preferences there is a formerly working before update to V62.0 out today, to 
let you use a masterpassword for logon information storage, as well as a greyed 
out 'ask to save passwords and logins for websites" both under security and 
privacy. also on the "general" it won't even let you turn off it's testing of 
the operating systems prefered browser, always scanning your configuration 
files.
so now it's hidden in firefox's database files, that certainly obfuscation and 
openly removing privacy options.
Just to make clear, I'd like to, ideally, remove all chrome and other google 
code, which consistenly has huge bugs allowing one's system to be totally 
Owned.  I haven't used any "flash"fire extensions for a long time because, 
along with all other adobe product, they are consistently as insecure window.

--Democracy now!


6. Sep 2018 04:00 by dng-requ...@lists.dyne.org 
:


> Send Dng mailing list submissions to
>   > dng@lists.dyne.org 
>
> To subscribe or unsubscribe via the World Wide Web, visit
>   > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 
> 
> or, via email, send a message with subject or body 'help' to
>   > dng-requ...@lists.dyne.org 
>
> You can reach the person managing the list at
>   > dng-ow...@lists.dyne.org 
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dng digest..."
>
>
> Today's Topics:
>
>1. Re: OT: firefox, privacy etc. (Martin Steigerwald)
>
>
> --
>
> Message: 1
> Date: Thu, 06 Sep 2018 09:28:00 +0200
> From: Martin Steigerwald <> mar...@lichtvoll.de > 
> >
> To: > dng@lists.dyne.org 
> Subject: Re: [DNG] OT: firefox, privacy etc.
> Message-ID: <10821223.3qB5zmidkj@merkaba>
> Content-Type: text/plain; charset="UTF-8"
>
> terryc - 06.09.18, 05:46:
>> On Thu, 6 Sep 2018 03:34:27 +0200 (CEST)
>>
>> <>> mad.scientist.at.la...@tutanota.com 
>> >> > wrote:
> […]
>> >  Can't find any configs in about:config to enable a 
>> > master passord or learning of new login data without "sync",
>> > "pocket", etc. 
>>
>> A web search suggests the relevant files are in
>> ~.mozilla/firefox/"profile" in keys* and sone sqllite files.
>
> Guys and gals, no need to fiddle with some obscure semi-hidden settings. 
> It all is openly in privacy settings page in any recent enough Firefox.
>
>> > or is it time to just shoot my
>> > gigabit ethernet because every one is a whore?  Yes, i specifically
>> > mean mozilla and google.
>>
>> I think they are widely spread on which ever 'internet' you
>> use. I use privacybadger to alert me to their fangs
>> (>> https://www.eff.org/privacybadger >> 
>> ).
>
> I used it as well.
>
> I read several times recommendations not to use Privacy Badger. Why? It 
> learns. And thus its very individual on every browser. Thus web pages 
> may track you by testing out what requests your browser blocks and 
> create an unique profile about the behavior of your ad blocking addon.
>
> Maybe that finger printing issue is overrated, I don´t know. But from 
> what I read ad and tracking people use any tricks they can.
>
> Thus I now use uBlock Origin. I think it is the only plugin needed for 
> that case. Its very efficient. Uses a configurable set of standard 
> filter lists and can be configured easily to just block *any* accesses 
> to third party domains by default, which I did. There is also uMatrix as 
> an alternative but its really way more complex and does not really come 
> with a set of default rules I think. But its way more powerful and 
> flexible as far as I read.
>
> Thanks,
> -- 
> Martin
>
>
>
>
> --
>
> Subject: Digest Footer
>
> ___
> Dng mailing list
> Dng@lists.dyne.org 
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 
> 
>
>
> --
>
> End of Dng Digest, Vol 48, Issue 12
> ***___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: firefox, privacy etc.

2018-09-06 Thread mad.scientist.at.large 
p.s. Sorry i forgot to change the "Re:"I have also used all those application 
you mention for security, The only workable, to block this spying is in the 
dedicated hardware firewall(s) i'll be deploying, very soon.
Note my main issue with this version of firefox is it's refusal to let you 
store passwords locally, and aggressive resistance to not using or using 
anything other than google's Cloud.  

I want local control, I shouldn't have to learn about firefox's/chrome's 
database contents, and i am already somewhat familiar with profiles.  I have 
created multiple profiles and restored them after playing with about:config, 
which was previously THE place for these configuration, which are now largely 
irrelavent to actual implementation.  Even the Sites I've don't have any 
information about most of those constants that no longer have meaning or many, 
many whole sections in about:config.  I understand how complicated browsers 
have always been, but firefox was previously well documented on mozilla.org 
etc., where as now nearly all the information they do supply ignores user's 
question and brings up pages of obsolete and long incorrect information while 
providing NO on these privacy issues and how to address them. 

--Democracy now!


6. Sep 2018 04:00 by dng-requ...@lists.dyne.org 
:


> Send Dng mailing list submissions to
>   > dng@lists.dyne.org 
>
> To subscribe or unsubscribe via the World Wide Web, visit
>   > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 
> 
> or, via email, send a message with subject or body 'help' to
>   > dng-requ...@lists.dyne.org 
>
> You can reach the person managing the list at
>   > dng-ow...@lists.dyne.org 
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dng digest..."
>
>
> Today's Topics:
>
>1. Re: OT: firefox, privacy etc. (Martin Steigerwald)
>
>
> --
>
> Message: 1
> Date: Thu, 06 Sep 2018 09:28:00 +0200
> From: Martin Steigerwald <> mar...@lichtvoll.de > 
> >
> To: > dng@lists.dyne.org 
> Subject: Re: [DNG] OT: firefox, privacy etc.
> Message-ID: <10821223.3qB5zmidkj@merkaba>
> Content-Type: text/plain; charset="UTF-8"
>
> terryc - 06.09.18, 05:46:
>> On Thu, 6 Sep 2018 03:34:27 +0200 (CEST)
>>
>> <>> mad.scientist.at.la...@tutanota.com 
>> >> > wrote:
> […]
>> >  Can't find any configs in about:config to enable a 
>> > master passord or learning of new login data without "sync",
>> > "pocket", etc. 
>>
>> A web search suggests the relevant files are in
>> ~.mozilla/firefox/"profile" in keys* and sone sqllite files.
>
> Guys and gals, no need to fiddle with some obscure semi-hidden settings. 
> It all is openly in privacy settings page in any recent enough Firefox.
>
>> > or is it time to just shoot my
>> > gigabit ethernet because every one is a whore?  Yes, i specifically
>> > mean mozilla and google.
>>
>> I think they are widely spread on which ever 'internet' you
>> use. I use privacybadger to alert me to their fangs
>> (>> https://www.eff.org/privacybadger >> 
>> ).
>
> I used it as well.
>
> I read several times recommendations not to use Privacy Badger. Why? It 
> learns. And thus its very individual on every browser. Thus web pages 
> may track you by testing out what requests your browser blocks and 
> create an unique profile about the behavior of your ad blocking addon.
>
> Maybe that finger printing issue is overrated, I don´t know. But from 
> what I read ad and tracking people use any tricks they can.
>
> Thus I now use uBlock Origin. I think it is the only plugin needed for 
> that case. Its very efficient. Uses a configurable set of standard 
> filter lists and can be configured easily to just block *any* accesses 
> to third party domains by default, which I did. There is also uMatrix as 
> an alternative but its really way more complex and does not really come 
> with a set of default rules I think. But its way more powerful and 
> flexible as far as I read.
>
> Thanks,
> -- 
> Martin
>
>
>
>
> --
>
> Subject: Digest Footer
>
> ___
> Dng mailing list
> Dng@lists.dyne.org 
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 
> 
>
>
> --
>
> End of Dng Digest, Vol 48, Issue 12
> ***___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: firefox, privacy etc.

2018-09-06 Thread Adam Borowski 
On Thu, Sep 06, 2018 at 01:46:34PM +1000, terryc wrote:
> On Thu, 6 Sep 2018 03:34:27 +0200 (CEST)
>  wrote:
> 
> > how an i possibly get local storage of login information to work
> > again in firefox?
> A history of what changes you made/have occurred might give people a
> clue to give you information that is a bit more useful than change your
> hair part.
> 
> In my case, I lost all those stored pw/logins when I tried out gnome
> keyring. Removing it didn't bring them/the option back either. I've had
> to revert to the dead tree storage for many, or continual "recover my
> pw options". YMMV

Can't you just restore from backup to a state when it worked?

That allows you at least conveniently pulling the logins out, and then, you
can search which of your backups contains a change that broke them.  It'd be
limited to an entire day or whatever your backup frequency is (especially
more if it already rolled over to weeklies/10days/whatever you use), but at
least you have a shot at finding the problem.

Such restores are much, much easier with btrfs snapshots, but doable even
with plain rsync.  Obviously, you need to actually have backups, but you do
have them, right?

> >  Can't find any configs in about:config to enable a
> > master passord or learning of new login data without "sync",
> > "pocket", etc. 
> A web search suggests the relevant files are in
> ~.mozilla/firefox/"profile" in keys* and sone sqllite files.

Rolling back/forward just the ~/.mozilla/ dir instead of the whole system
would be far less work -- I'd suggest trying that first.  It'd tell you if
it's some change to Firefox's config or to stuff in /usr/ and friends.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ What Would Jesus Do, MUD/MMORPG edition:
⣾⠁⢰⠒⠀⣿⡁ • multiplay with an admin char to benefit your mortal [Mt3:16-17]
⢿⡄⠘⠷⠚⠋⠀ • abuse item cloning bugs [Mt14:17-20, Mt15:34-37]
⠈⠳⣄ • use glitches to walk on water [Mt14:25-26]
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Unbound details: was Mozilla and cloudflare to hijack all your DNS requests - for your own good of course

2018-09-06 Thread Steve Litt 
I've found the way for Unbound itself to do simple on-subnet auth
without a separate auth server, and will reveal them tomorrow.

Thanks.

SteveT

On Sun, 19 Aug 2018 21:22:40 -0400
Steve Litt  wrote:

> On Tue, 7 Aug 2018 13:27:25 -0700
> Rick Moen  wrote:
> 
> 
> > Most highly rated comment:
> > 
> >   I run my own local recursive nameservers even on my portable
> >   devices. Totally not interested in using anyone's resolvers but my
> > own.
> > 
> > Ding!
> > 
> > 1. apt-get install unbound
> > 2. sed -i '1s;^;nameserver 127.0.0.1\n;' /etc/resolv.conf  
> 
> So it's been about 2 weeks I've been using unbound, and subjectively,
> my web browsing has slowed, compared to the straight 8.8.8.8 and
> 8.8.4.4 I used before. Sometimes the browser's status bar says
> "resolving" during those delays, and sometimes it doesn't. 
> 
> It's been about 4 or 5 years since I last used djbdns,  but IIRC I
> didn't have such delays with djbdns.
> 
> So there may come a time when I'll be asking you for the name of a
> different caching DNS server. But first, I just five minutes ago read
> the info on:
> 
> https://nlnetlabs.nl/documentation/unbound/howto-optimise/
> 
> and based on that configured my 2 core, 16gRAM Daily Driver Desktop as
> follows:
> 
> 
> ### BE SURE to use unbound-checkconf
> ###  before enabling a changed conf file!
> 
> 
> # FORWARD-ZONE SECTION
> # The following is how you query google DNS instead of root servers
> # I chose to query the root servers and commented it out.
> #forward-zone:
>   #name: "."
>   #forward-addr: 8.8.8.8
>   #forward-addr: 8.8.4.4
> 
> 
> # REMOTE-CONTROL SECTION!!
> # Enable use of unbound-control
> # Remote control is very, very useful
> # Use judgement re security
> # Use doublequotes on filenames, unbound should read them
> #  from /etc/unbound
> # Create keys and certs by running unbound-control-setup
> remote-control:
>   control-enable: yes
>   control-use-cert: yes
>   server-key-file: "unbound_server.key"
>   server-cert-file: "unbound_server.pem"
>   control-key-file: "unbound_control.key"
>   control-cert-file: "unbound_control.pem"
> 
>   
> 
> # SERVER SECTION!!
> server:
>   use-syslog: yes
> 
>   # Guard against future default changes: no systemd ever!
>   use-systemd: no
> 
>   # Speed UDP
>   so-reuseport: yes
> 
>   # use all CPU cores, I have 1 CPU with 2 cores
>   num-threads: 2
> 
>   # power of 2 close to num-threads
>   msg-cache-slabs: 2
>   rrset-cache-slabs: 2
>   infra-cache-slabs: 2
>   key-cache-slabs: 2
> 
>   # more cache memory, rrset=msg*2
>   rrset-cache-size: 100m
>   msg-cache-size: 50m
> 
>   # more outgoing connections
>   # depends on number of cores: 1024/cores - 50
>   outgoing-range: 450
> 
>   # Larger socket buffer. 
>   # OS may need config, so I don't use it
>   #so-rcvbuf: 4m
>   #so-sndbuf: 4m
> 
>   # Faster UDP with multithreading (only on Linux).
>   so-reuseport: yes
> 
>   # Other stuff, see
>   #  https://www.tecmint.com/setup-dns-cache-server-in-centos-7/
>   # Enable dig command with allow_snoop
>   access-control: 0.0.0.0/0 allow_snoop
> 
> 
> The preceding assumes you have quite a bit of RAM, and it's based on
> having 2 cores.
> 
> Subjectively, the preceding configuration improved my lookup speed.
> 
> Everyone please understand that as far as I know, there's no automatic
> storage of cache to disk before a reboot or before downing, restarting
> or reloading unbound. Do any of those things and you lose all cache,
> so web browsing will be slow when hitting any website, including ones
> that came right up before your action. For debugging purposes, I
> created the following shellscript:
> 
> ==
> #!/bin/sh
> rm temp.cache
> unbound-control dump_cache > temp.cache
> #unbound-control reload
> unbound-control stop
> unbound-control start
> unbound-control load_cache < temp.cache
> ==
> 
> In the preceding, users of runit should substitute "sv stop unbound"
> and "sv start unbound" for the equivalent unbound-control commands:
> Works much better and really dumps cache before the cache reload.
> 
> The preceding completely restarts unbound without a significant loss
> of cache (but with a full reread of /etc/unbound/unbound.conf. Notice
> that unbound seems to poll its config file, because changes you make
> to /etc/unbound/unbound.conf *sometimes* produce changed behavior
> immediately, without rereading, restarting hupping, etc. By the way, I
> couldn't find anywhere documentation on what it does when receiving a
> hup. I do know from runit that hupping doesn't stop and restart,
> because the uptime doesn't change.
> 
> Lookup speed is very important when web browsing because modern
> websites access many, many domains. For instance, when I bro

Re: [DNG] OT: firefox, privacy etc.

2018-09-06 Thread mad.scientist.at.large 
Sorry about that, I had managed to blow things up in ways i didn't see, usually 
i'm smart enough to consider that.  All replies are appreciate and will be 
read.  Thank you.



6. Sep 2018 01:24 by dng-requ...@lists.dyne.org 
:


> Send Dng mailing list submissions to
>   > dng@lists.dyne.org 
>
> To subscribe or unsubscribe via the World Wide Web, visit
>   > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 
> 
> or, via email, send a message with subject or body 'help' to
>   > dng-requ...@lists.dyne.org 
>
> You can reach the person managing the list at
>   > dng-ow...@lists.dyne.org 
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dng digest..."
>
>
> Today's Topics:
>
>1. Re: Discussion and bug report on Soylent News (David Dušanić)
>2. misc bugs (william moss)
>3. Re: misc bugs (Harald Arnesen)
>4. OT: firefox, privacy etc. (> mad.scientist.at.la...@tutanota.com 
> > )
>5. Re: OT: firefox, privacy etc. (terryc)
>6. Re: OT: firefox, privacy etc. (Martin Steigerwald)
>
>
> --
>
> Message: 1
> Date: Wed, 5 Sep 2018 18:08:16 +0200
> From: David Dušanić <> ivanovne...@gmail.com > >
> To: > hend...@topoi.pooq.com 
> Cc: > dng@lists.dyne.org 
> Subject: Re: [DNG] Discussion and bug report on Soylent News
> Message-ID:
>   <> caljrp27n7ebi-w4todrc-+mrmsxkhhprhp4kjoy04p12bmt...@mail.gmail.com 
> > >
> Content-Type: text/plain; charset="UTF-8"
>
>> It seems there's a problem with icons in MATE that doesn't happen in Debian.
>
> True. I can confirm that bug.
> I think it is time to send a bug report.
>
>
>
>___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Unbound details: was Mozilla and cloudflare to hijack all your DNS requests - for your own good of course

2018-09-06 Thread Rick Moen 
Quoting Steve Litt (sl...@troubleshooters.com):

> I've found the way for Unbound itself to do simple on-subnet auth
> without a separate auth server, and will reveal them tomorrow.

That is doubtless the 'stub zone' functionality I mentioned in
http://linuxmafia.com/faq/Network_Other/dns-servers.html#unbound ,
after seeing it in the documentation.  (I've never needed it, so never
read up on how it works.)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] ..torbrowser-launcher fails with torbrowser 8.0, fix is coming.

2018-09-06 Thread Arnt Karlsen 
Hi,

..torbrowser-launcher fails with torbrowser 8.0, fix is coming:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908068
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908068#10

..meanwhile, delay your torbrowser upgrade to 8.0 until bugfix
(8.0.1?) is out, or, find another way to start it.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng