I recently tried to clean up my digital life. I switched to Linux and switched to GrapheneOS and made more use of my proton subscription to replace google. But I have a few questions :
I tried https://coveryourtracks.eff.org/ on Librewolf on my PC and Vanadium on my phone and it say I have a nearly unique fingerprint. Is the benefit of using a privacy focused browser neglected by the low userbase and unique fingerprint ?
I did not have a great digital hygiene before so I have a google account, meta… How do I clean this up ? Are services like Incogni any good or is it just marketing ?
Finally I wanted to use tails with persistent storage to use as a live system if I ever need to use a PC that is not my own to connect to my accounts. However, I don’t want the ISP to know I use Tor. I see it as a big “I have something to hide” flag for the ISP. But my understanding is if I install a VPN on tails it will be Tor over VPN (bad if I understand correctly) instead of VPN over Tor. Should I use something else than tails since I only want/need always on VPN with kill switch.
Thanks a lot for your help. I want to say the journey is much easier than what I anticipated. The hardest part is making people switch around me. The lobbying has started.
You’re not a noob, you’re a sprout.
NoScript will improve your privacy by a lot, and will make webpages load faster, since it stops stylish and tracker-ridden JS. If a webpage breaks, you can flick a few buttons to temporarily allow JS (or permanently if you’ll be visiting that site a lot).
Tor over VPN is a fine solution if you want to hide it from your ISP, but I don’t think you should install extra stuff on TailsOS. Consider using Tor Browser + UblockOrigin on your own PC over a VPN, it’s pretty much the same thing if you’ll just be browsing online.
Oh-- and one important thing to remember: Don’t expend more effort than necessary for your own threat model. Consider the extent of your privacy needs and act accordingly, going overboard will only leave you tired for not much in return.
P.S.: mander.xyz has a Tor-based onion frontpage ;)
Tails is probably an overkill for my threat model.
What I want is pretty simple, be able to reboot any computer (ex: work computer) on my USB live system and be able to access my files, my emails… Instead of having to connect to my proton account without VPN on a normal browser on Microsoft.
So I guess I only need an encrypted live system with any distro. Tails seemed to be the solution because it only writes to ram and purge ram before shutting down. I don’t know if it’s a nice to have or a must.
What I want is pretty simple, be able to reboot any computer (ex: work computer) on my USB live system and be able to access my files, my emails
Tails with persistent storage is absolutely a good solution for this specific usecase. It’s designed for it and provides a free and secure encrypted proxy solution (Tor). On top of that, your internet activity will likely help the activists who really need Tor by “mixing” your traffic with theirs.
Tails has thunderbird installed by default, you can connect it to your email account (but do take note that proton only seems to allow 3rd party client integration if you install their bridge app thingy)
If it is your own computer, in your home network, just install the necessary apps on any old distro. Doesn’t matter
I don’t know if it’s a nice to have or a must.
Personally, I’d say nice to have, but it’s not the end of the world if you decide to use something else
Thanks for all the answers! It helps a lot!
Mullvad Browser and LibreWolf have two completely different strategies to avoid fingerprinting. Mullvad Browser operates on everyone having the same configuration to blend in - if you want to use it, you need to avoid changing any of the settings. LibreWolf, on the other hand, works by spoofing a different fingerprint every session. It will look unique to Cover Your Tracks and the like, but it will be different every time you close and reopen it. Again, it works best if you don’t mess with the settings.
I believe both Mullvad Browser and LibreWolf come with uBlockOrigin pre-installed. Just about anything you want to do regarding blocking ads or scripts can be done in UBO’s settings; do NOT add extra “privacy” add-ons as you will only make yourself easier to fingerprint.
If you’re looking for something to use with actual accounts (like banking), use hardened Firefox (with arkenfox) or a hardened chromium browser. Neither Mullvad Browser nor LibreWolf (and especially NOT Tor) are designed for that use case.
As an aside, you can use multiple browsers for different use cases. I honestly think that’s best practices at this point, but you’d have to be good about not overlapping your browsing on them (i.e., not visiting/logging into the same website on multiple browsers).
Thank you ! It’s way more clear now.
Hardened browsers prioritize security over privacy right ? Vanadium is that kind of browser ?
“Browser hardening” is a somewhat nebulous term; I’ve seen it used for both privacy and security interchangeably. I continue to hear that Gecko-based browsers (i.e. Firefox and its forks) are less secure, but I do not know exactly how that plays out in the real world. Security and privacy are sometimes at odds, and your threat model should help you choose which to prioritize and when. If you don’t know how to weigh them, you may need to refine your threat model.
Vanadium is a hardened browser, yes. I don’t have personal experience with it so I can’t make any recommendations on its settings.
For the unique fingerprint, using a lot of privacy apps /extensions makes you stand out more, because you’re likely the only person to use that exact configuration. The best way to hide is by obfuscating the data and sending random garbage.
Obfuscating the data and sending random garbage. How do I do that ?
