As you might have seen in my introduction blog post, I mentioned that I am an Online Privacy Enthusiast. I don’t want some mighty corporation, or a government whose decisions I don’t agree with, or some random cyber-criminal to have access to what I do online. Corporations want to shove ‘personalized’ advertisements down my throat, governments agents want to have promotion in their jobs by arresting innocent citizens, and cyber-criminals just want to settle an old grudge.
Online Privacy starts from your web browser, the piece of software which enables you to access various websites. Most people only use a Web Browser on their computers these days, whether it is an actual web browser, or a slimmed-down web browser disguising a website as a desktop application…
Unfortunately, the web has been largely taken over by the ‘Big Tech’ who want to earn money at all costs. The World Wide Web, which was earlier simple and encouraged individuals to have their own piece of land on the internet, now is a highly centralized, complex, resource-intensive, non-private piece of garbage. As a reason, I can’t recommend a newcomer to technology the World Wide Web. There has been attempts for a better internet, like Gopher any the newer Gemini. Though, these attempts never took off as well as the WWW.
What needs to be done then?
The best option currently (until alternative internet projects become popular) is to fix the internet on your machine. It can be done with web browser addons, like ad blockers, content blockers, hosts files, VPNs, Tor, etc. In this article, I’ll tell you about my setup to access the internet.
As I said, Online Privacy starts from your web browser. That’s why, you need a good web browser. I personally keep four browsers:
Hardened.js: This is for my hardened profile, which I use for browsing the web on sites which: a) I have no account in, and b) which do not require JavaScript for functioning. JavaScript and a variety of functions you would expect from a web browser are disabled in this profile, so use only for websites which do nor require JavaScript.
Relaxed.js: This is for my profile which I use for accessing websites in which I have an account. The settings are relaxed, JavaScript and various other modern features are enabled.
I also use Enterprise Policies, which are given for enterprises using
Firefox. The policies are typically stored in
/usr/lib/firefox/distribution/policies.json. My Policies disable app update (not
required when using a package manager), FF Accounts, Pocket, EME,
Telemetry, DNSOverHTTPS, Default Browser Checking, Network Prediction,
Auto-downloads, Search Suggestions, Captive Portal and Firefox
Studies.
Brave Web Browser: A backup browser. Earlier it was ungoogled-chromium, but I left it due to it not having proper updates in the Debian repository, and Brave having better Fingerprinting Protection, and has a built-in ad blocker which is not dependent on the soon-to-be-removed ad blocking functionalities of Google Chromium. I don’t use their crypto-bait Brave Rewards, and disable several tracking domains which Brave connects to automatically on startup using the hosts files.
Tor Browser: A browser which I use for running JavaScript on random websites, due to it being the gold standard of privacy and security on the World Wide Web. If it wasn’t painfully slow, I would use it instead of having a hardened Firefox profile.
links: The browser I use for websites which don’t
require either CSS or JS, and which I am not logged into as well. It is
a very slim command-line web browser with mouse support.
uBlock Origin is currently the best content blocker according to me. It works on lists, and also has the option to manually disable domains. My dynamic filtering rules for my hardened profile can be found here.
I also use LocalCDN, which makes the browser use locally downloaded frameworks instead of remote ones, to prevent the big tech from tracking.
Lastly, uMatrix is an advanced form of uBlock’s Dynamic filtering. This addons is no longer in development, but I still use it because why not?
The hosts file (/etc/hosts on GNU/Linux) allow changing the IP linked to a domain. For example, I can make google.com to redirect to searx.space using the hosts file. Similarly, I can make google-analytics.com to redirect to 0.0.0.0, which essentially means redirecting it to localhost. This can be used as a domain-blocking mechanism. However, you need to add every domain and subdomain separately, which is a huge pain. To bypass this, you can use a hosts file created by others, like Steven Black’s hosts (Stay particularly vigilant with hosts files got from random people however. hosts file serves the purpose of providing the IP addresses for domains. You can also say that google-analytics.com goes to evil-tracking-domain.com’s IP address by replacing 0.0.0.0 with another IP address. A malicious hosts file can contain other IP addresses instead of 0.0.0.0 as well.)
I generally use EnergizedProtection instead, as it covers a lot more potentially harmful domains, which can be a boon or bane according to your taste (a lot of sites may not work correctly).