Author

Topic: Deleted (Read 413 times)

legendary
Activity: 2268
Merit: 18748
April 24, 2019, 06:26:31 PM
#21
MozillaWiki and mozillaZine are usually good places to start for anything Firefox related. Unfortunately some of the pages can be quite out dated, particularly on mozillaZine. Relevant pages from these sites would be https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks and http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries.

There are plenty of other sources out there that will discuss the same things that I have, and Google or Duckduckgo are your friends for this. Here are a couple of other good sites that may be of some help: https://wiki.archlinux.org/index.php/Firefox/Privacy and https://gist.github.com/0XDE57/fbd302cef7693e62c769.

There are plenty of other about:config tweaks you can make to improve your privacy which you can read about on the sites I've linked, but many of them (such as disabling all cookies, which will break any site you need to log in to, or disabling phishing and malware prevention because it sends every URL you visit to Google to be checked) don't appeal to the average user, which is why I didn't mention them in my last post.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
April 24, 2019, 11:36:49 AM
#20
snip

Thanks alot for the reply. Just wondering, where to read up about these things? When you said DYOR, which sources do you commonly refer too? Thanks.
legendary
Activity: 2268
Merit: 18748
April 24, 2019, 10:46:17 AM
#19
Thanks for the reply o_e_l_e_o. Never used Firefox for regular browsing just downloaded it for the purpose of testing the link. Tried what you said, it was set to "false" as a default option. After turning it to "true" then it shows up as "https://www.xn--80ak6aa92e.com/". Good stuff.
It seems you are right. Looking in to a bit more, it seems that this is defaulted to "false", and now needs to be set to "true" for it to take effect. I have no idea why or when Firefox made this change, but it seems rather backwards to me.


Would you happen to know of other manual tweeks that are required to make Firefox safer? Such as the one you mentioned. Would like to read more about it. Thanks.
Disclaimer: Do your own research. Don't just go tinkering about in your browser based on the word of an anonymous internet user without understanding what you are doing. Some of these changes could affect or even break the functionality of add-ons or websites that you use. In this case, you can always revert your changes, but I cannot be held responsible for any consequences.

Code:
privacy.firstparty.isolate
Set to "true". This isolates any identifying browser information to the first party domain, so as to prevent tracking across multiple domains.

Code:
privacy.trackingprotection.enabled
Set to "true". Built in tracking protection.

Code:
privacy.resistFingerprinting
Set to "true". Tries to prevent identifying browser information being accessed.

Code:
privacy.trackingprotection.fingerprinting.enabled
Set to "true". Same as previous.

Code:
privacy.trackingprotection.cryptomining.enabled
Set to "true". Self explanatory. Prevent crypto mining websites.

Code:
network.http.referer.trimmingPolicy
Code:
network.http.referer.XOriginPolicy
Code:
network.http.referer.XOriginTrimmingPolicy
Set all of these to "2". These have the combined effect of cutting down what is included in the "Referer header", which lets websites see which other sites you just visited and were linked/redirected from. Anti-tracking measure.

Code:
network.cookie.cookieBehavior
Set to "1". This will only accept cookies from the first party site, and block any third party cookies.

Code:
dom.battery.enabled
Set to "false". Prevents websites seeing your battery status/charge.

Code:
dom.event.clipboardevents.enabled
Set to "false". Prevents websites seeing what you copy from their site to your clipboard.

Code:
geo.enabled
Set to "false". Prevents geolocation.

Code:
webgl.disabled
Set to "true". WebGL is a JavaScript application, and like all things Java, a security risk.

Code:
media.navigator.enabled
Set to "false". Prevents websites accessing your microphone or camera.

Code:
media.peerconnection.enabled
Set to "false". Allows for voice and video communications through your browser, but will leak your real IP address, even if behind a VPN.
legendary
Activity: 1624
Merit: 2481
April 24, 2019, 02:10:32 AM
#18
Generally, these tips are good, but there are still some things which need some improvement / are not completely correct.



For a smart approach, Keep a Capital Letter, a small letter, a special character, and a numeric value in your password.

You don't need a complex password, if it is long enough.



Anti-Viruses are crucial to keep your Computer System Safe & Secured.

This is true, but only for windows and android / iOS.
I wouldn't call it crucial for MacOS / Linux.



So, make sure the website you’re visiting has the URL starting with HTTPS ‘hyper-text transfer protocol secured’. It adds up an extra layer of security and prevents cybercriminals to attack your personal data.

HTTPS alone doesn't secure you too much.
You need to make sure that you are on the correct site (and theoretically that the certificate has been signed by the correct CA if the website owner doesn't use certificate pinning (to be on the very safe side)).

A small typo can lead you to a website which looks like the original one and is using HTTPS. But i'd call that the fault of the user.

But yes.. HTTPS over HTTP. Always.



While we click on any link, it takes time to load and during those seconds, the server requests generate small text files and codes that get saved in the PC as cookies. These files contain complete information about the things that you’ve performed during Internet Surfing.

The hackers can easily find out the data which you have received and sent while using those browsers. So, it would be wise to keep your history data and cookies information clean.

To be more precise:
The server 'sends the cookie' to the client (Set-Cookie header in the HTTP response).
And the cookie doesn't contain any information about what you have done. It is simply an identifier (which can be used to track you across several site (by the site admins) / replace login information).

The only way a hacker can read the data you are receiving / sending to / from your browser is when you either don't use HTTPS or your browser / computer is compromised.
In the second case, deleting cookies / history doesn't help you. It only helps you if your computer gets compromised afterwards. In this case the attacker won't be able to reconstruct what you did in the past, but will still be able to read your future traffic.



Public Computers & Wi-Fi are the easiest ways for hackers to get into your private lives and destroy it.
If you need to share any confidential information over the Internet, then avoid using Public Computers and WiFi at that time. Such precious information can be stolen by the Hackers and you may suffer great loose.

Computers of which you don't control the hardware are always risky.
But using an open Wifi is absolutely fine if you encrypt and route your whole traffic via a trustworthy server (e.g. a small VPN server at your home).
sr. member
Activity: 826
Merit: 265
April 23, 2019, 10:59:04 PM
#17

I think this thread in which tackles about phishing scam sites can also help

https://bitcointalksearch.org/topic/crypto-scam-howto-protect-yourself-4264404

And also this one whos about Scam websites though the threads aren’t active these days but still there are some posts than considered helpful

https://bitcointalksearch.org/topic/how-to-know-if-the-website-is-a-scam-there-you-find-it-4456502

To OP thanks for this interesting and helpful topic Bookmarked now so i can share also in future
legendary
Activity: 2170
Merit: 1789
April 23, 2019, 10:25:03 PM
#16
Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.

Hacking Linux with virus or something similar might a bit harder as some of the programs might need some library that is not available on the victim computer. On top of that, the majority of users don't love Linux as it requires some 'more advanced tech' knowledge compared to Windows where you can use simple click to do this and that.

Brave is also a good alternative for web browser.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
April 23, 2019, 10:23:37 PM
#15
How strange. On my same version of Firefox, it shows up as "https://www.xn--80ak6aa92e.com/".

Wikipedia states that his has been a feature of Firefox since version 22. You can see the relevant bug report here, which confirms it was solved in Mozilla 22, which was around 6-7 years ago.

Have you (or perhaps a browser add-on) modified your Firefox to turn this feature off, for some reason? You can check by opening a new tab, typing "about:config" (without quotes) in the URL bar, and then searching for "network.IDN_show_punycode". This should be set to "true".

Thanks for the reply o_e_l_e_o. Never used Firefox for regular browsing just downloaded it for the purpose of testing the link. Tried what you said, it was set to "false" as a default option. After turning it to "true" then it shows up as "https://www.xn--80ak6aa92e.com/". Good stuff.

Would you happen to know of other manual tweeks that are required to make Firefox safer? Such as the one you mentioned. Would like to read more about it. Thanks.
legendary
Activity: 2268
Merit: 18748
April 23, 2019, 10:11:00 PM
#14
Downloaded the latest Firefox version on their website to produce the screenshots in the post above. Are you sure about that?
How strange. On my same version of Firefox, it shows up as "https://www.xn--80ak6aa92e.com/".

Wikipedia states that his has been a feature of Firefox since version 22. You can see the relevant bug report here, which confirms it was solved in Mozilla 22, which was around 6-7 years ago.

Is it possible you (or perhaps a browser add-on) modified your Firefox to turn this feature off, for some reason? You can check by opening a new tab, typing "about:config" (without quotes) in the URL bar, and then searching for "network.IDN_show_punycode". This should be set to "true".
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
April 23, 2019, 09:34:08 PM
#13
Firefox does indeed guard against this kind of attack, and has done for many versions now. You must be using a very outdated version.

Downloaded the latest Firefox version on their website to produce the screenshots in the post above. Are you sure about that?

Here is a screenshot of the version that was used.



Recommend that anybody use Chrome is poor advice - it is a terrible browser for all things privacy and security related.

Yes, Chrome isn't best for privacy/security but with users can download relevant add-ons eg. duckduckgo, privacy badger.
legendary
Activity: 2268
Merit: 18748
April 23, 2019, 03:54:13 PM
#12
It's never a guard against phishing.
Exactly. Using HTTPS isn't a defense against phishing because it's not meant to be.


-snip-
Firefox does indeed guard against this kind of attack, and has done for many versions now. You must be using a very outdated version. Recommend that anybody use Chrome is poor advice - it is a terrible browser for all things privacy and security related.

legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
April 23, 2019, 03:48:21 PM
#11
"Tips for a Secured Net Surfing and Hacking Prevention (Guide)"


It happens to implement all those suggestions already:

never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing
Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.
So it's better you have an AV in there.

The same thing you could say to someone who never bothers to lock the front door of his home, or in the case of windows, not bothering with doors in the first place... Of course the thief is at fault, but he will go to the "easy" prey first, if only for speed. That should give you a hint.
hero member
Activity: 1680
Merit: 655
April 23, 2019, 10:30:18 AM
#10
I think that you have mentioned a lot of things about on the protection of their data and passwords but you only have provided them with only one solution with regards to their browsing habits. Looking for https certified websites as of the present isn't an enough thing to guarantee that you are on a safe website now since website owners can esily obtain it now. Before entering even anything and that includes your credit card numbers you must observe safety features such as “safe” certificate badges from known anti-virus softwares such as McAfee and Norton to see if the website is clean from any kind of trackers and can be trusted with your information.
copper member
Activity: 2170
Merit: 1827
Top Crypto Casino
April 23, 2019, 08:33:19 AM
#9
Quote
2. Keep your Anti-Virus Version Upgraded!
never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing
Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.
So it's better you have an AV in there.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
April 23, 2019, 07:55:09 AM
#8
Also, get a browser that guards against IDN Homograph attacks. Certainly not a new thing but am sure it still pops up around the internet.

What is it?

To illustrate, click this link (totally safe): https://www.xn--80ak6aa92e.com/

For browsers that have not been patched eg. Firefox, this would show. Take note of what appears in the address bar:


For browsers that have been patched eg. Chrome this would show. Once again, take note of what appears in the address bar. Also note the presence of the lock and the HTTPS once again reminding us that their presence do not indicate a safe website.


How does this happen?

This can happen where a scammer uses "unicode characters that look the same as the appropriate ASCII characters for the site impersonated".

What to do?

Get a browser that guards against it like Chrome. Honestly think it is very easy to fall for this. For example, if a scammer masks the scam link behind a URL shortener like bitly, upon clicking it users would be directed almost immediately to the scam website which shows Apple.com without even having the opportunity to see that ugly looking link with dashes and numbers that could have alerted them that something was wrong.

Source 1: https://www.xudongz.com/blog/2017/idn-phishing/
Source 2: https://9to5mac.com/2017/04/20/how-to-spot-a-phishing-attempt-fake-apple-site/
full member
Activity: 519
Merit: 197
April 23, 2019, 07:28:26 AM
#7
Quote
2. Keep your Anti-Virus Version Upgraded!
never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
April 23, 2019, 07:20:52 AM
#6
Of course HTTPS Everywhere won't help one if they visit a phishing website and lately most phishing websites run using secure certificates but in instances when one visits a website that is not secure. HTTPS everywhere will try to avoid a scenario where a user's unencrypted data gets leaked in case there is a security attack on the website at a given time due to the weak security protocol on the website.

It's never a guard against phishing.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
April 23, 2019, 06:57:02 AM
#5
But don't rely on the HTTPS and the green lock too much. If I remember correctly the well known bitcointalk phishing site .to (I will not post the link here) is also a HTTPS but if you enter your login details there you are likely to get your account stolen.

^This. https helps a lot for privacy and security, but take note that it literally doesn't cost anything to have a website with https. You can easily get a free SSL certificate on sites like letsencrypt and cloudflare. Not because a website has https it doesn't mean that the website owner can't have malicious intents.
legendary
Activity: 2730
Merit: 7065
April 23, 2019, 04:38:50 AM
#4
But don't rely on the HTTPS and the green lock too much. If I remember correctly the well known bitcointalk phishing site .to (I will not post the link here) is also a HTTPS but if you enter your login details there you are likely to get your account stolen.
legendary
Activity: 2268
Merit: 18748
April 22, 2019, 12:24:27 PM
#3
A reputable addon like HTTPS Everywhere can be quite resourceful in this case
HTTPS Everywhere should be a must-have for everyone. Download links can be found on the Electronic Frontier Foundation website here: https://www.eff.org/https-everywhere. If you are interested in security and privacy in general, then check out some of the other tools and add-ons on their website, particularly Privacy Badger.

There are many other great browser add-ons which will achieve some of the other things on OP's list. There are various cookie auto-deleters which you can customize to let you stay logged in to your favorite websites, whilst simultaneously nuking any tracking or privacy invading cookies. Ad blocking and javascript blocking is a must.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
April 22, 2019, 12:00:35 PM
#2
3. Use https:// for Safe Surfing!

The URL’s which start with https:// rather than http:// indicates the authenticity. So, make sure the website you’re visiting has the URL starting with HTTPS ‘hyper-text transfer protocol secured’. It adds up an extra layer of security and prevents cybercriminals to attack your personal data.
A reputable addon like HTTPS Everywhere can be quite resourceful in this case

Also, another important point you missed out is to avoid downloading and installing random software and addons without doing some background checks.
If the addon/software is brand new, hosted on a third party website, has fake reviews, has very few reviews and downloads etc do not download and install.

"Prevention is better than cure"
hero member
Activity: 2268
Merit: 588
You own the pen
April 22, 2019, 09:11:37 AM
#1
Deleted, we have a good guide than this one. please remove this mods.
Jump to: