You are probably familiar with the name 'Cloudflare' but are you aware of how much of the internet won't work without it.

Simplest way to explain what Cloudflare is can be done by sending you to an offsite link (https://www.howtogeek.com/730579/why-does-cloudflare-show-up-when-i-try-to-open-a-website/) that will explain far better than I could. In brief though, it is a security layer (amongst other things) to assist blocking automated DDOS attacks.


Cloudflare is one of the world's largest networks. Today, businesses, non-profits, bloggers, and anyone with an Internet presence boast faster, more secure websites and apps thanks to Cloudflare. Millions of Internet properties are on Cloudflare, and our network is growing by tens of thousands each day.

Well that's good, right? If that was all it did, yes.

Sadly, in order to get some sites to open you have to let Cloudflare run its scripts.
If you care about privacy you might be using some of the following extensions, for example....

uBlock Origin, NoScript, Privacy Badger, Canvas Blocker

I've underlined NoScript because it is my personal interaction tool that let's me decide whether the site (information) I am trying to access is relatively safe to do so. (Safe as in, how much of my data is going to be collected?)

I head off to a website that I know uses cloudflare, clicking NoScript icon in my browser bar I can see which scripts I need to run in order to try and load the page. The great thing at this point is I can click directly on the highlighted scripts and get a menu of options to check the safety of the scripts. If I ask NoScript to run cloudflare.com through Blacklight (https://themarkup.org/blacklight?url=cloudflare.com)

The results make for sobering reading.

6 Ad trackers found on this site
8 Third party cookies found on this site

This site allows Google Analytics to follow you across the internet.
(HotTip: Set Google Analytics to untrusted in NoScript)

Some of the ad-tech companies this website interacted with:

Adobe
Alphabet
Microsoft

Blacklight detected this website sending user data to Alphabet, the technology conglomerate that encompasses Google and associated companies like Nest. The Silicon Valley giant collects data from twice the number of websites as its closest competitor, Facebook. An Alphabet spokesperson told The Markup that internet users can go here if they want to opt out of the company showing them targeted ads based on their browsing history.

The site sent information to the following domains doubleclick.net, googleoptimize.com, googletagmanager.com.


If you use a VPN you will always encounter Cloudflare because it is most likely using a dynamic assignment for your ISP number, even your internet provider could be using that method though. I understand by getting a fixed IP address cloudflare will let you straight by on the assumption you are a solo user with a fixed ID (IP address). Quite a lot of VPN providers will supply you with a Fixed IP but it costs more than the regular subscription by a few Euros/Dollars/Pounds etc.

Some neat/valuable resources.


https://www.bleachbit.org/

Removes lots of tracking potentials left on your computer and cleans your system of temp files etc.

https://noscript.net/

Speaks for itself. Try it.

https://github.com/arantius/resurrect-pages

This one is a beauty, given up trying to get into a page? Copy the address and paste into a new window ADDRESS BAR, don't hit enter. Now click the Resurrect Pages add-on in your browser bar and a new link will open where you can search several sites for an archived copy.

https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/

Don't want to use Mozilla Firefox?

Try Libre Wolf (https://librewolf.net/)

A custom version of Firefox, focused on privacy, security and freedom.

Ewan/ thanks . this is one of those posts that I understand little to nothing about . And that kinda worries me .

Hello,

I use DuckDuckGO App Tracking blocker on my phone and by just using Spotify we have:
Google making 30 attempts for various information such as charging status, GPS, Network type, Boot Times, Device Name, email address, Gender, Last name etc etc
Branch Metrics 1471 attempts to collect information such as above
ComScore with 30 attempts to collect similar information.

Most mainstream websites has various advertisers data on it and amount of information it wants is off the charts

@Ewan- thanks for those links. Blacklight and Canvas look very good.

Curious, are you running Linux and if so what flavor? While there are many flavors of Linux, it seems to be the only platform where you have a chance of maintaining your privacy.

Hello,

I use DuckDuckGO App Tracking blocker on my phone and by just using Spotify we have:
Google making 30 attempts for various information such as charging status, GPS, Network type, Boot Times, Device Name, email address, Gender, Last name etc etc
Branch Metrics 1471 attempts to collect information such as above
ComScore with 30 attempts to collect similar information.

Most mainstream websites has various advertisers data on it and amount of information it wants is off the charts

Dude, that is astonishing information you just shared, revealing a level of naivity in myself!
I knew data collection was rampant but that is beyond even what I had realised.

I never use a smartphone other than for work, (work-related app and google maps), and I never liked them precisely because I couldn't see how I had any control over what was going on.
At least with a PC, despite Microsoft's best attempts, I still had an element of control.

What do they do with all that information? Well they would claim it was simply for directing appropriate advertisements. Hah!

Basically they think we (people) are sheep who can be led to whatever pasture they want us to graze from, Edward Bernays (https://en.wikipedia.org/wiki/Edward_Bernays) has a lot to answer for-

(BREAKING NEWS: Exterme Sadness reports that we may actually be sheep but have not yet realised it.)

-as does the concept of Capitalism, if it were not for the desire of profit how different might this world be.

As a Systems Engineer, I concur with everything. There are ways to get around the system. For some good tips check out Edward Snowden.

If you want an added anonymity when using the internet. You can try this.

Use the Tor network browser. Your connection will go through a few other ip addresses.

https://www.torproject.org/download/tor/

https://upload.wikimedia.org/wikipedia/commons/1/14/Wat_is_Tor_%28The_onion_routing%29%3F.png?20130505132358

You can check this using some online "What is my IP address" service and it will confirm that you are using another IP other than yourself.

You then connect to a free remote computer using Ubuntu or another Linux flavour. So this is like a RDP (remote desktop protocol). Below is a free service. I don't know why they do it, but looks free and it works.

https://www.onworks.net/os-distributions/ubuntu-based/free-ubuntu-online-version-20

So now you have accessed a remote computer, here you have two options. Either you can use the browser of this temporary remote computer that provides you with full access with SSH terminal. This free computer IP address is coming from somewhere in Germany, or you can then load up another TOR browser through this Ubuntu Linux computer and use that to surf the internet.

So in the end, your internet connection will go through 7 IP addresses before reaching its destination.

The connection will be a bit slow because of all those relays, but good luck to the person trying to backtrack the connection to its source.

I hope this makes sense.

Cheers,
Szymon

Hello,

We are the product and the more they know about who we are and what we view, is gold for them to sell our Digital ID onto other companies.

I don't believe there is any way to stop this 100% unless removing all electronic devices from your life.

Even with that, others devices are acting like scanners, CCTV etc, so to avoid them, we would have to go off grid.

Not conviced these days, there is any place left on Earth that is off grid.

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

EDIT:
I recommend these Youtube channels that covers everything from setting up personal firewalls, to using Linux and or customizing windows.

https://www.youtube.com/@davidbombal
https://www.youtube.com/@NetworkChuck/
https://www.youtube.com/@ChrisTitusTech/
https://www.youtube.com/@TroubleChute/

P.S To clairfy, not affiliated with anyone of the above.

Hello,

We are the product and the more they know about who we are and what we view, is gold for them to sell our Digital ID onto other companies.

I don't believe there is any way to stop this 100% unless removing all electronic devices from your life.

Even with that, others devices are acting like scanners, CCTV etc, so to avoid them, we would have to go off grid.

Not conviced these days, there is any place left on Earth that is off grid.

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

I 100% agree.

As soon as you enter your credentials to any system in the world the systems web server will log that into file. Then however the system is programmed it will record that into its database. So yes, everything is traceable.

Only for browsing, hacking systems and deploying scripts.

The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

Hello,

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

@Hamish- please correct me if I am wrong. The VPN hides your original IP address from the world and prevents your ISP from snooping on your traffic. However, a government agency (3LA) can request the logs of a VPN provider (and thereby unmask you), if they claim "suspicious activity". Running Tor on top of a VPN, makes the VPN provider's logs useless, since your exit node is elsewhere. Now, if you are doing research on "verboten" topics, Tor over a VPN would be great for browsing and accessing totally anonymous web services.

However, I've read that some of the Tor exit nodes have been compromised, meaning 3LA could unmask your IP address. If you were using Tor over a VPN and the exit node was comprised, then a 3LA would first get your VPN provided IP address, and then they would request the VPN provider's logs, unmasking you.

So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?

[QUOTE=Hamish;1555342]
The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

@Szymon, @Bill Ryan-
In Project Camelot interview with Arthur Neumann (aka Henry Deacon) linked here (https://projectcamelotportal.com/2016/09/22/henry-deacon-a-livermore-physicist/), Henry says the following:

OK. This may interest you if you have a physics background. You know what signal non-locality is, right? When two particles in different parts of the universe can apparently communicate with each other simultaneously, no matter what the distance. Communications devices have been made for communicating across vast distances and also locally using a methodology that‟s impossible to eavesdrop on, because there's nothing traveling between the two devices that can be intercepted. It‟s impossible to crack or codebreak or eavesdrop because no signal travels anywhere, so there‟s no signal to be intercepted or decoded. It just doesn‟t work like that.
The beauty of it is that the devices are actually so simple to build. You can create two chaotic circuits, on a couple of small breadboards using cheap components which anyone can buy, and they communicate with each other in this way. You can build these if you know how.

In the May 2007 update he elaborated:

Chaotic resonating circuits
Henry elaborated on the chaotic resonating circuits he mentioned in our first interview. He confirmed that they were relatively cheap and easy to make, and that the information, in segmented pieces, had been fairly widely available in a certain academic community in the 1970s. He had retained no records of the circuit diagrams, but intriguingly he said he was 80% confident that he would be able to locate them if he spent time searching public domain records in a particular university library. We know the location but for understandable reasons are not revealing it at this time.

And then there is this recent article from ZeroHedge:
Amazon Partners With De Beers To Grow Fake Diamonds For Quantum Computing- April 6, 2023 | ZeroHedge (https://www.zerohedge.com/technology/amazon-partners-de-beers-grow-fake-diamonds-quantum-computing)

First, understand that "Fake" diamonds are as the commenter <Barnyard animal on the tax farm> described, “synthetic diamonds, grown to a perfection the natural diamonds can not match.” Quoting from the ZeroHedge article:

Element Six will work with Amazon Web Services' Center for Quantum Networking to develop next-generation data transmitting technology over long distances.

The transmission of data in quantum networking will be on the subatomic level and goes beyond today's fiber-optic network. The lab-grown diamonds will be integrated into network components that allow data to travel longer distances without degradation.

"We want to make these networks [quantum networks] for AWS, said Antia Lamas-Linares, who heads the Center for Quantum Networking. She believes the technology could be in use in a matter of years rather than decade

Okay, this sounds like they are growing diamonds in a specific geometry to inject data into the "quantum field" (aka instantaneous communication over very large distances). If you have examined Marcel Vogel's work on crystals, you know that his crystals enabled communication with the quantum field or consciousness field. Ask yourself, how do the pilots on UFOs communicate? Are they using Hertzian electromagnetic waves to send signals? No way. ETs use "sub-space" communications which allow instantaneous communications at long distances, just as described in every Sci-Fi TV show since the 1970s.

Hey Bill, is it time to reveal the library where Henry Deacon said we could find information on "chaotic resonating circuits"?

Ewan/ thanks . this is one of those posts that I understand little to nothing about . And that kinda worries me .

.
Ha i was lost at "You are probably familiar with the name cloudflare"......... i have no clue what this involves........it makes my head go :boom:.........................RRR

[QUOTE=Hamish;1555342]
The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

@Szymon, @Bill Ryan-
In Project Camelot interview with Arthur Neumann (aka Henry Deacon) linked here (https://projectcamelotportal.com/2016/09/22/henry-deacon-a-livermore-physicist/), Henry says the following:

OK. This may interest you if you have a physics background. You know what signal non-locality is, right? When two particles in different parts of the universe can apparently communicate with each other simultaneously, no matter what the distance. Communications devices have been made for communicating across vast distances and also locally using a methodology that‟s impossible to eavesdrop on, because there's nothing traveling between the two devices that can be intercepted. It‟s impossible to crack or codebreak or eavesdrop because no signal travels anywhere, so there‟s no signal to be intercepted or decoded. It just doesn‟t work like that.
The beauty of it is that the devices are actually so simple to build. You can create two chaotic circuits, on a couple of small breadboards using cheap components which anyone can buy, and they communicate with each other in this way. You can build these if you know how.

In the May 2007 update he elaborated:

Chaotic resonating circuits
Henry elaborated on the chaotic resonating circuits he mentioned in our first interview. He confirmed that they were relatively cheap and easy to make, and that the information, in segmented pieces, had been fairly widely available in a certain academic community in the 1970s. He had retained no records of the circuit diagrams, but intriguingly he said he was 80% confident that he would be able to locate them if he spent time searching public domain records in a particular university library. We know the location but for understandable reasons are not revealing it at this time.

And then there is this recent article from ZeroHedge:
Amazon Partners With De Beers To Grow Fake Diamonds For Quantum Computing- April 6, 2023 | ZeroHedge (https://www.zerohedge.com/technology/amazon-partners-de-beers-grow-fake-diamonds-quantum-computing)

First, understand that "Fake" diamonds are as the commenter <Barnyard animal on the tax farm> described, “synthetic diamonds, grown to a perfection the natural diamonds can not match.” Quoting from the ZeroHedge article:

Element Six will work with Amazon Web Services' Center for Quantum Networking to develop next-generation data transmitting technology over long distances.

The transmission of data in quantum networking will be on the subatomic level and goes beyond today's fiber-optic network. The lab-grown diamonds will be integrated into network components that allow data to travel longer distances without degradation.

"We want to make these networks [quantum networks] for AWS, said Antia Lamas-Linares, who heads the Center for Quantum Networking. She believes the technology could be in use in a matter of years rather than decade

Okay, this sounds like they are growing diamonds in a specific geometry to inject data into the "quantum field" (aka instantaneous communication over very large distances). If you have examined Marcel Vogel's work on crystals, you know that his crystals enabled communication with the quantum field or consciousness field. Ask yourself, how do the pilots on UFOs communicate? Are they using Hertzian electromagnetic waves to send signals? No way. ETs use "sub-space" communications which allow instantaneous communications at long distances, just as described in every Sci-Fi TV show since the 1970s.

Hey Bill, is it time to reveal the library where Henry Deacon said we could find information on "chaotic resonating circuits"?

Thanks, Kuperkai well said.

I watched Marcel Vogel's videos, a very interesting guy. He studied the Billy Meier crystals too.

Regarding the chaotic resonating circuits did he provide a circuit diagram or a schematic (block diagram)?

Cheers,
Szymon

@Hamish- please correct me if I am wrong. The VPN hides your original IP address from the world and prevents your ISP from snooping on your traffic. However, a government agency (3LA) can request the logs of a VPN provider (and thereby unmask you), if they claim "suspicious activity". Running Tor on top of a VPN, makes the VPN provider's logs useless, since your exit node is elsewhere. Now, if you are doing research on "verboten" topics, Tor over a VPN would be great for browsing and accessing totally anonymous web services.

However, I've read that some of the Tor exit nodes have been compromised, meaning 3LA could unmask your IP address. If you were using Tor over a VPN and the exit node was comprised, then a 3LA would first get your VPN provided IP address, and then they would request the VPN provider's logs, unmasking you.

So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?

Hello,

There is various scenarios when it comes to VPN/Tor.

If you use a VPN, you need to be satisfied about their log retention, and if they say they don't log, well you will have to trust them.

If then using the VPN for standard browsing, i.e visiting websites in which you are not logged into i.e. Avalon, Facebook, etc and not using the VPN for nefarious reasons, you should be fine.

If logging in Facebook with the VPN. May has well give up as Facebook will note that your original log in or account when created was from Holland but now showing as UK. They might also block your account until your verify who you are.

Tor is a VPN with the only difference is that is can acccess Onions websites i.e DarkWeb. If Tor is not configured with a bridge, your ISP can see your using Tor but not the websites (I think) unless exit nodes are compromised.

The main issue some forgot, is browising the web with Tor/VPN might hide your IP but if Tor/Your Browser is not configured, then downloading files, or acccessing sites that might have injected javascripts etc, could unmask your IP. Noscript is one everyone should have at least on their browser.

You also need to be aware, that the operating system you using needs to be set up also. If the OS system is compromised, using a VPN or Tor wont help.

Thanks Ewan for this thread.

It is important to bring this subject up, Cloudflare is root evil, it is definitely a front company, unfortunately most people in the tech field can't think for themselves anymore, but I don't think this scenario is going to change anytime soon, it is just getting worse and worse, because since I first met Cloudflare and it was just a small company and I see where it is right now.. wow!!!
Google captcha is another unnecessary evil that comes to mind.

how to script things to use Tor (for those who likes hand on sort of things).

http://mf34jlghauz5pxjcmdymdqbe5pva4v24logeys446tdrgd5lpsrocmqd.onion/tutorials/to_russia_with_love.html


Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup, let's say a laptop. I forgot the name of those ones (If someone knows please pinch in).. DELL was building these hardware for the public, but they dropped the production line and now it is only for private contracts only, these machines does not use Intel or AMD.





..
So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?



Hi Kuperkai

It is possible to install your own exit node in case you don't trust the public ones you are using, you can also use *proxychain but you gonna need a few vps in order to make that works (in both cases you need a vps), best way is to have full control of all servers you are connecting to. period.

I am quoting the following sentence:

"The Tor anonymity network allows clients to build anonymous connections by
establishing nested, encrypted tunnels through circuits of three relays, chosen
at random from a list of several thousand volunteer-operated hosts around the
world. The entry relay knows the client and a middle relay; the middle relay
knows an entry and an exit relay, and the exit relay knows the destination(s)
visited through the circuit, but can only associate them with the middle relay.
However, it is generally accepted that if an adversary controls both the entry
and exit relays, then a timing attack that correlates the traffic on each end will
allow this adversary to link clients with their destinations."

In other words, became a relay and join the Tor project. I myself don't trust every relay node out there either, I used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k). Get a cheap vps that allows Tor relay (be sure they allow it in their policies, otherwise they can just shut it down without warning), and preferable pay it with Monero or hire someone to pay for you (a proxy person lol).

Here is how to setup your own exit node
http://xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2ioyd.onion/relay/setup/exit/

Once it is up and running, you can watch traffic on that relay and you can connect through it as well. Get a vps for that, never mix personal traffic with Tor relays.

* you can find `proxychain` with security oriented linux like parrot os, whonix, openbsd, kali and a few others, also distros like Arch and Debian has it available in repositories, but it does not come installed by default.

it basically will do it:

your_pc <-> proxy 1 <-> proxy 2 <-> proxy 3 <-> proxy 4 <-> proxy N... <-> target

More proxies connected in chain, slower it gets. Also many programs won't hid your ip if you don't manually "proxify" them, which require sometimes scripts or at least modifying the program configurations, also some programs has no proxy option available, had that in mind, the connection will go through your ISP IP address in that case..

Hello,

I try and not comment on technology mentioned about people like Henry Deacon. I focus on consumer technology as that is what is available to most.

I do believe however, there is Technology which is available, used by companies/military and such which is beyond my understanding, and which likley can view your private life, with you using any technology yourself.

I work for a Major company, and they have put all their eggs in a basket, they used to have their own servers and technology, but for costs reasons, they have moved all to Microsoft / Amazon.

Company website is Sharepoint.
Company VPN is Cisco.
Company communication is Microsoft version of Twitter called Yammer.
Secondary communications is via Teams and storing files on Teams.
Company moving away from Shared Network drives, all wanting files on OneDrive or Teams.

Have seen during lockdown MS having issues and then employees not being able to work.

Then we see most companies are using Amason AWS services and servers and as mentioned on this thread, Cloudflare.

Seems to be a common trend with companies. In effort to maximum costs.

Scary to think, one misconfiguaration and or hostile act, can likley take all systems down in a beat.

Thanks, Kuperkai well said.

I watched Marcel Vogel's videos, a very interesting guy. He studied the Billy Meier crystals too.

Regarding the chaotic resonating circuits did he provide a circuit diagram or a schematic (block diagram)?

Cheers,

@Szymo- nope, no circuit diagrams. He just commented simple components on couple small breadboards.

As an aside, Otis T. Carr's OTC-1 had a large crystal in the center of the craft and supposedly jumped to a destination using conscious thought. In the link I posted to Henry Deacon's interviews [in the May 2007 Update), he described two types of exotic propulsion systems. One creates a gravity well in front of the craft (this is part of the dynamics of the Fluxliner described by Mark McCandlish) and

Other technologies require pilot(s) who interface consciously with the craft, as was reported by Col. Philip Corso in his book The Day After Roswell. Remotely similar to system control in the Montauk Projects...

If the OTC-1 actually worked as Ralph Ring described (I am not completely convinced of that), I'm guessing that the crystal allows the pilot to access to the conscious field/dimension and when the pilot focuses on the target destination the crafts entire "vibratory bubble" moves to the destination in an instant. Wild stuff.

@Ewon- my apologies for posting off-thread. The Cloudflare issue is very problematic for those of us in the freedom community. Figuring out how to get around them will be necessary for us.

@palehorse

used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k)
Wow, for everyday Joes that's a lot of bandwidth- $$$$.


Get a cheap vps that allows Tor relay
By vps, do you mean setting up a hosted server (virtually) that allow Tor relays and then setting up an exit node on this server?


never mix personal traffic with Tor relays
I'm assuming that is because this connects your data to the Tor relay, thereby defeating any anonymity?

Now, with proxychain you need several vps, each to host a separate proxy server, right? All paid with an anonymous Monero account...

Privacy is not cheap, nor straightforward, eh?

If you use a good VPN (no logs) then Browser fingerprinting seems to be main issue. I found this page from the RestorePrivacy.com on Browser fingerprinting, any thoughts?
Browser Fingerprinting Protection: How to Stay Private (https://restoreprivacy.com/browser-fingerprinting/)


Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup
In terms of compromised hardware, I believe you are referencing Intel's "Intel ME" firmware (and AMD's equivalent) which creates a CPU within a CPU that has full disk and network access as well as remote management, even when the computer is off. I recently came across a site advertising the ability to disable "Intel ME".
Introducing the ‘Intel ME disabling’ feature by NovaCustom (https://configurelaptop.eu/intel-me-disabling-feature/)

Apparently, NovaCustom created an open source firmware, called "coreboot" that disables "Intel ME" using the HAP disabling method described in the above link. "Coreboot" is apparently a part of the Dasharo ecosystem for distributing open source firmware. More on Dasharo here (https://docs.dasharo.com/osf-trivia-list/dasharo/).

NovaCustom (EU company) is selling a "coreboot" firmware, 14 inch laptop for just under $1k US. Link here (https://configurelaptop.eu/nv40-series/). 3mdeb is the creator of the Dasharo firmware ecosystem and they are selling Qubes OS Certified computers that support Dasharo open firmware. Link here (https://3mdeb.com/shop/open-source-hardware/dasharo-fidelisguard-z690-qubes-os-certified/). Have you looked at these systems, and do you have any thoughts on the HAP disabling method?

To eliminate any possibility of 3LA backdoors, how about running Linux on a Raspberry Pi? Disable the wireless antenna and go hardwired only. Tunnel through a good VPN service and use either Tor or a Browser like Libre Wolf with a bunch of add-ons to block fingerprinting? Thoughts, suggestions?

If I wanted to browse the internet securely and anonymously I would probably use one of these Linux-based OS.

https://www.qubes-os.org/

https://tails.boum.org/

There would be other stuff incorporated, it all depends what you are trying to achieve.

@palehorse

used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k)
Wow, for everyday Joes that's a lot of bandwidth- $$$$.


you can't have a fast exit relay at home, unless you got a lot of bandwidth to spare, you also need a dedicated ipv4 at least, good if have ipv6 as well. A fast VPS (at least 2 cores, 1.5gb ram, and 300mb disk) is the best way to go without breaking the bank, so to speak, of course bandwidth policy can be defined with the exit relay.



Get a cheap vps that allows Tor relay
By vps, do you mean setting up a hosted server (virtually) that allow Tor relays and then setting up an exit node on this server?


Exactly.



never mix personal traffic with Tor relays
I'm assuming that is because this connects your data to the Tor relay, thereby defeating any anonymity?


I meant, if you got a super fast speed at home and decide to setup a tor relay with in the same network you use to your personal life, that fixed IP will be used for the relay as well for whatever you are doing beside the relay. Tor exit nodes IP get blacklisted pretty often, it is easy to check if an IP is an exit node, and many companies in the mainstream block them all by default in their networks, there is also Tor bridge popping up all the time, which make it a bit harder for these companies to keep up blocking all access coming from Tor network. If someone using your Tor relay decide to screw up with something online, it will get back to you, the owner of that relay.


Now, with proxychain you need several vps, each to host a separate proxy server, right? All paid with an anonymous Monero account...

Privacy is not cheap, nor straightforward, eh?


It depends on each one strategy, a cheap VPS cost around 5 bucks, I used a company in east EU that charged me 3 bucks per server with root access and I could upload my own image, big deal but they are not online anymore, but the good thing there is many others out there, I have a list if anyone need, I would not mind in sharing it. With $30 /mo you can have a pretty decent setup, an average VPN will charge around $15 /mo.


If you use a good VPN (no logs) then Browser fingerprinting seems to be main issue. I found this page from the RestorePrivacy.com on Browser fingerprinting, any thoughts?
Browser Fingerprinting Protection: How to Stay Private (https://restoreprivacy.com/browser-fingerprinting/)


The problem with VPN (no logs), it is based on a promise and nothing else. They would not risk going out of business to protect the user anonymity for $15 would they?

I did tests with different browsers and they all leaked fingerprints, the only one that passed was the Tor browser but you have to configure it with security level as "Safest", it will block most of the canvas API which, draws graphics via JS and HTML5 canvas image data and use it to tracking because it is rendered differently on each browser/OS and it creates a digital fingerprint of the user. Tor browser default installation allows to all users look exactly the same.

Here you have more information about almost everything that is involved on fingerprinting users.
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting

However, the Canvas Permission Prompt is not the only thing that Fingerprinting Protection is doing. Fingerprinting Detection changes how you are detected online:

Your timezone is reported to be UTC
Not all fonts installed on your computer are available to webpages
The browser window prefers to be set to a specific size
Your browser reports a specific, common version number and operating system
Your keyboard layout and language is disguised
Your webcam and microphone capabilities are disguised
The Media Statistics Web API reports misleading information
Any Site-Specific Zoom settings are not applied
The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled

This is not an exhaustive list - other features may be altered or disabled.


Another browser that full respect user privacy is GNU IceCat.

Both Tor browser and GNU IceCat does not work properly for the mainstream modern web of today. I think it is important to say that.





Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup
In terms of compromised hardware, I believe you are referencing Intel's "Intel ME" firmware (and AMD's equivalent) which creates a CPU within a CPU that has full disk and network access as well as remote management, even when the computer is off. I recently came across a site advertising the ability to disable "Intel ME".
Introducing the ‘Intel ME disabling’ feature by NovaCustom (https://configurelaptop.eu/intel-me-disabling-feature/)


I meant hardware that does not make use of Intel and AMD chipset.

Here is a list of open hardware
https://en.wikipedia.org/wiki/List_of_open-source_hardware

My apologies about the mistake above, I meant to get a full hardware for that price tag, a hardware completely built from scratch using open hardware, open source software (GNU), it won't work with windows or mac. I know people in US building their own router and devices using these open hardware, there is a small niche business out there and it is growing by the day :)

The IME issue can be mitigated but Intel firmware is proprietary and closed source, the ME issue is only 1 of the issues that is public now, there is many concernment about it.
I once went through this process to flash the bios and disable it with my thinkpad T400 (you need a device called programmer), which was a huge pain in the ass and in the end I gave up, because I was probably going to brick the laptop.. However I have another thinkpad X230 that someone removed it for me, the whole process involves soldering and physical removal of tiny parts in the motherboard, which is not really my thing, I just understand the basics of it and to avoid bricking the laptop I handled to someone who did a great service for me.. it is just a mitigation though.


Apparently, NovaCustom created an open source firmware, called "coreboot" that disables "Intel ME" using the HAP disabling method described in the above link. "Coreboot" is apparently a part of the Dasharo ecosystem for distributing open source firmware. More on Dasharo here (https://docs.dasharo.com/osf-trivia-list/dasharo/).


Thanks for the link, I didn't know about Dasharo :)


NovaCustom (EU company) is selling a "coreboot" firmware, 14 inch laptop for just under $1k US. Link here (https://configurelaptop.eu/nv40-series/). 3mdeb is the creator of the Dasharo firmware ecosystem and they are selling Qubes OS Certified computers that support Dasharo open firmware. Link here (https://3mdeb.com/shop/open-source-hardware/dasharo-fidelisguard-z690-qubes-os-certified/). Have you looked at these systems, and do you have any thoughts on the HAP disabling method?


Once again thanks for the links, I didn't know them.
As far as I know the bit HAP must be disabled directly in the flash descriptor, but as you mentioned about the links above, Dasharo seem to had done that job already and added the option directly in the BIOS (Intel Managment Engine Options) where anyone can disable the bit HAP manually.

More here
https://docs.dasharo.com/dasharo-menu-docs/dasharo-system-features/#chipset-configuration



To eliminate any possibility of 3LA backdoors, how about running Linux on a Raspberry Pi? Disable the wireless antenna and go hardwired only. Tunnel through a good VPN service and use either Tor or a Browser like Libre Wolf with a bunch of add-ons to block fingerprinting? Thoughts, suggestions?


as far as I know not all components of Rasp is free/open. But it probably would work well, I never used it for anything, I can't comment on that.

About the fingerprinting my take is to use open source software not proprietary as much as possible, if you can't block the canvas API then the add-ons won't prevent fingerprinting, unless you get some add-on that promises that, but would have to test and verify if it really block the damn thing, so far as I said only Tor browser and GNU IceCat passed the test to me.



I answered in blue color. :handshake:

I answered in blue color. :handshake:

Now I am feeling exactly like 'ThePainterDoug' after he read my opening post. You guys have completely lost me, but I am fascinated and a little jealous of your combined knowledge. :sun:

I answered in blue color. :handshake:

Now I am feeling exactly like 'ThePainterDoug' after he read my opening post. You guys have completely lost me, but I am fascinated and a little jealous of your combined knowledge. :sun:


Well, I am not an expert on these issues either haha
I usually try to do most things on my own, my computers/network/radios/bicycle/refrigerator/etc I always fixed myself, but this IME issue took me lots of time to look into and in the end I needed some assistance of someone with specific knowledge on it. No shame, can't do on your own ask for help lol

~~~ here some more ~~~

I used this document https://libreboot.org/docs/hardware/t400.html to understand how to disable IME on my hardware, Libreboot provide many others documents for different hardware as well.

for those who wish to get into it, it is recommended to buy from specialized companies that are doing it for years or ask help for that old nerd friend :ROFL:, there is some info in this thread already posted previously and here I will post another source to buy *Libreboot preinstalled.

https://minifree.org/ (it is based in UK)

Libreboot is based on coreboot, if anyone is interested to know more about it, here is one interview with the founder Leah Rowe.

https://archive.fosdem.org/2017/interviews/leah-rowe/

One alternative is IBM Power Systems, see POWER8 / POWER9 servers.

on eBay there is available the old POWER8 model S822LC for 5.500 EUR (claimed to be new -shipped from Germany). I found POWER6 too a while ago.

https://www.ebay.com/itm/334533931804?hash=item4de3c6b31c:g:zBwAAOSwyP5i-3ai

Here from OpenPower Foundation on wikipedia:
"IBM is looking to offer the POWER8 chip technology and other future iterations under the OpenPOWER initiative[6] but they are also making previous designs available for licensing.[12] Partners are required to contribute intellectual property to the OpenPOWER Foundation to be able to gain high level status."

Partners includes Google, NVIDEA, SAMSUMG, etc.. the whole crew HA


RAPTOR Computing systems are offering IBM POWER9 CPUs on their website, here is one model : https://www.raptorcs.com/content/TL2WK2/intro.html

unfortunately there is nothing 100% secure, OpenPower Foundation seems to be just another technocratic club, we can see for ourselves those who are onboard.

One way to have some privacy is to reduce the digital footprint, and use open source software, free software, and mitigate the issues that can be mitigated, building yourself tiny computers with open components/firmwares is one option too, as I said before there is a niche business going on.

Since this thread is about Cloudflare I don't want to go off-topic completely, this rabbit hole is quite deep, and would be better to create an specific thread for that.

I may have some material on Cloudflare to share, the other day Cloudflare asked me to play a captcha in order to access a website, very similar to Google captcha.. it is data collection, steer away from it.

Here links of interest
https://en.wikipedia.org/wiki/OpenPOWER_Foundation
https://en.wikipedia.org/wiki/POWER9

DELL Latitude E6400 - the article explains how to flash without disassembling the laptop, doing so entirely by software directly from DELL BIOS to Libreboot (Very similar to the Thinkpad T400 - but no need to open the can)
https://libreboot.org/news/e6400.html

@palehorse- Thanks for the detailed answers! @Ewan- the complexity of the tech today puts us at great disadvantage. As someone who grew up using computers in college, the constant maintenance required to operate safely is tiresome.

The following discussion on Tor project forum was banned by its moderators, the subject was "Cloudflare" and it was discussed in 2017/2018.


"#18361 and its comments adequately summarize the general problem with Cloudflare’s MITM attack on the Internet. I need not repeat, save to emphasize that when Tor Browser alleges it has a secure (TLS) connection, it is lying to the user if the connection runs through a known MITM.

A reasonable workaround is for Tor Browser to block all Cloudflare sites loaded through HTTPS, or at least warn the user when such a site is loaded. This can be done by detecting the non-standard CF-Ray: HTTP header.

I suggest that this security enhancement should be tied to the Security Slider. On High, all HTTPS connections which receive said response header should immediately terminate, with an error message given to the user. On Medium, the user should be warned and asked whether Tor Browser should proceed. On Low, where all manner of mischief is allowed by default (even non-TLS-loaded Javascript!), Cloudflare page loads may be permitted without warning. Users who run on the Low setting are begging to be pwned, anyway.

As an ancillary benefit, this feature will also obviate the specious reasoning behind demands to bundle untrusted third-party software with Tor Browser. See #24321.

Perhaps most visibly from a user experience and support perspective, this feature will also save users much wasted time solving pointless CAPTCHAs to visit sites which are mostly idiotic, anyway. This should result in reduced user complaints about network breakage deliberately caused by third parties outside the Tor Project’s control."
..

Cloudflare is a MITM, by design

"Cloudflare is a MITM, by design. That is the primary (only?) service they offer. It does not matter what the site’s service level with them is. From the connecting user-agent’s perspective (here apropos), it does not even matter if the site uses its ​so-called “keyless SSL” service to preserve secrecy of its long-term private keys. Cloudflare always, always has the symmetric key to the session; and within the ostensibly encrypted session, Cloudflare is by definition a Man-In-The-Middle which decrypts, modifies, and proxies the plaintext.

Why, it is exactly as if Cloudflare were designed as a mass surveillance tool! So, what rationalizations could be supposed for those who use their services, or ignore them as a global threat?

“But Cloudflare is a trustworthy provider of Internet infrastructure.” Then, why do we need TLS at all? Just make peering arrangements with trustworthy networks who agree to pass your packets only through trustworthy routers! TLS eliminates trust in the network: By design, TLS promises end-to-end encryption. Meaning, with the endpoint. By design, Cloudflare makes a mockery of this promise."
..

"In sum, “CAPTCHA madness” is the smallest problem with Cloudflare. Their design, their business model, their very existence is a threat to the privacy, security, and freedom of the Internet. Blocking Cloudflare is an eminently reasonable mitigation strategy for a web browser which bears the name, “Tor Browser”. Bug re-opened."

source: https://web.archive.org/web/20200301013104/https://trac.torproject.org/projects/tor/ticket/24351



Cloudflare back then (UNSPAM)
https://web.archive.org/web/20200301175843/http://www.unspam.com/


Also folks keep an eye with another ****ty ones here (same business tactics)
- incapsula.com
- Akamai
- Google Cloud



MikePerry (Tor member) wrote a piece about cloudflare with the Tor blog back in 2016, it is an old issue, cloudflare is one of too big to fail and they can put their stink finger where they like..
source: https://web.archive.org/web/20200115212613/https://blog.torproject.org/trouble-cloudflare


Website owners that decided to use cloudflare (because they were influenced) are the problem, most of these people just goes with the trend, they literally has no knowledge of what they are doing, they were told to do that way, and we the users pay the price for that, because after all what we are talking is the perfect setup to collect data from the people, and they do that with the help of the businesses out there. And since there is a "consent" of the website owner doing it, it seems CF just extend that consent to collect data from everybody accessing that website.

The typical case: "Give Them A Finger And They Demand The Whole Arm."

MITM Cloudflare is a reverse proxy, it decrypts data at their gates, backup the raw data and encrypt back. The RAY ID proves that every single connection is been recorded.

..

"Let's say you're working at the NSA, and you want every citizen's internet profile. You know most of them are blindly trusting Cloudflare and using it - only one centralized gateway - to proxy their company server connection(SSH/RDP), emails, personal website, chat website, forum website, bank website, insurance website, search engine, secret member-only website, auction website, shopping, video website, game website, NSFW website, and illegal website. You also know they use Cloudflare's DNS service ("1.1.1.1") and VPN service ("Cloudflare Warp") for "Secure! Faster! Better!" internet experience. Combining them with user's IP address, browser fingerprint, cookies and RAY-ID will be useful to build target's online profile."

..

"Cloudflare is the world's largest MITM proxy(reverse proxy). Cloudflare owns more than 80% of CDN market share and the number of cloudflare users are growing each day. They have expanded their network to more than 100 countries. Cloudflare serves more web traffic than Twitter, Amazon, Apple, Instagram, Bing & Wikipedia combined. Cloudflare is offering free plan and many people are using it instead of configuring their servers properly. They traded privacy over convenience."

source: https://gitea.slowb.ro/dCF/deCloudflare/src/branch/master/readme/en.md/ <----- Great article here, read if you can.



This article says a lot about browsers.
source: https://digdeeper.neocities.org/articles/browsers


As always I don't pick sides, I just try to evaluate the best option available at the moment and keep going that way. For me I have no reason to stop using Tor browser, IceCat and PaleMoon, despite some people seems to really hate them and point out so many issues with all of them, but that is because everything got issues, there is no perfect solution. In my perception, every 6 months or so, have to dig deeper to find out "new old" issues with browsers and that take a bit of time, but it worth the time learning in my opinion.

Internet fully controlled by the elites. The people have to realize that they are not welcome in the elite's club. period. wake the hell up, stop supporting them, I don't know a better way to say that. Sorry for the little rant HA

Cloudflare and the likes since their working is no different of a border patrol sort of thing, allowing/denying traffic IN and OUT. I think of companies to implement the ZERO TRUST protocol (Digital ID), ISP for instance, nowadays I still thinking where it would make more sense to be implemented on a combined way at different points of failure (would they be so stupid to have a single point failure to things like ZT ???), would that be the ISP hold responsible to verify ALL users authentication against a global system, but doing so on their own??? I don't think so, sounds too silly and simple.
It is the great wall of China example filtering users what they can or not see or interact with. Cloudflare possesses great power. In a sense, they control what the end user ultimately sees. You are prevented from browsing the website because of Cloudflare and it can be used for censorship.



[Update]
"UPDATE March 2023: Pale Moon addons store is now Cloudflared, and you cannot install extensions through TOR." <------- That's pretty nasty.

Update 2
A bunch of browser reviews here (first section Web Browsers)
https://spyware.neocities.org/articles/



BadWolf [deutsch]
Brave [Русский]
Google Chrome [Español] [Polski] [Português (Brasil)]
Dissenter
Internet Explorer
Falkon
Mozilla Firefox [Español] [Mitigation Guide] [Guía de Mitigación]
GNU IceCat [Español] [Italiano]
Iridium Browser [Mitigation Guide]
Librewolf
Lynx [Polski] [Русский]
NetSurf [Polski] [Mitigation Guide] [Poradnik Mitygacji]
Opera
Otter Browser
Pale Moon [Español] [Mitigation Guide] [Guía de Mitigación]
Qutebrowser [Русский]
SeaMonkey [Mitigation Guide]
Slimjet [Polski]
Sphere Browser
SRWare Iron [Polski]
Surf [Francais] [Polski] [Русский]
Tor Browser [Mitigation Guide]
Ungoogled Chromium
Vivaldi
Waterfox Classic
Web Browser
WebDiscover


https://gitea.slowb.ro/dCF/deCloudflare/media/branch/master/image/fbi_on_cloudflare.jpg

Well that certainly puts 50 lb's of prime steak on the bones of my original post.

The only solution, as mentioned above, would be to block any cloudflare script ever running on your browser but in addition, let the website employing it know exactly why you will never be able to access their site again as long as they are employing cloudflare. Waste of time probably but might make the user feel marginally better for a while.

Well that certainly puts 50 lb's of prime steak on the bones of my original post.

The only solution, as mentioned above, would be to block any cloudflare script ever running on your browser but in addition, let the website employing it know exactly why you will never be able to access their site again as long as they are employing cloudflare. Waste of time probably but might make the user feel marginally better for a while.


The idea is to bring awareness to people, let them know what it is. the truth. they will make decisions after knowing it.

Ewan, I don't think it is a waste of time, sounds like I know, but that is how things come to change, I mean even if cloudflare is pretty much used everywhere, we are the ones who can speak out about it. We have a good example, Paypal lost quite a lot of their customers, people are aware how evil they are, but it took a long time.

I always proudly confronted these clowns and will keep that way. :muscle:

I hate the ****ty corpo culture mindset. :facepalm:

A humble person living their entire life in the boonies has more know-how (life skills) than all these corp clowns pushers pussies combined.

I guess I just left another rant, I have to control myself lol

:Avalon:

Hello,

Appreciate this thread was mainly about cloudfare but since we discussed other issues, the following might of interest as to the dangers to privacy of DNS leaks, causing others to be able to see sites you visit and suggestions on hardware/software you might want to look into.

Worth a watch.

xAo61IaXun8

Hello,

Appreciate this thread was mainly about cloudfare but since we discussed other issues, the following might of interest as to the dangers to privacy of DNS leaks, causing others to be able to see sites you visit and suggestions on hardware/software you might want to look into.

Worth a watch.

xAo61IaXun8

Thanks Hamish, personally I was already aware of DNS leaks (https://dnsleaktest.com/how-to-fix-a-dns-leak.html) but they really should be brought to the attention of everyone.

That said, however, the attention this thread gets should tell you most people just don't care. That to me is the saddest part. Project Avalon, one of the last bastions of sanity yet seemingly a large percentage of posters pay scant attention to what should be obviously bad for everyone, collectively - thanks to convenience?

They literally feed the machine intent on consuming them.

I guess I just left another rant, I have to control myself lol

Please don't :)

I enjoy them, I vent with you just reading them.

I guess I just left another rant, I have to control myself lol

Please don't :)

I enjoy them, I vent with you just reading them.


Thanks haha very kind of you Ewan.

Found a post today, now I have no idea why Cara is on sabbatical but there is absolutely nothing wrong with this post (https://projectavalon.net/forum4/showthread.php?108226-Cloudflare-drops-8chan&p=1308823&viewfull=1#post1308823) from 2019 concerning Cloudflare.

The people who ignore the information on this thread, with the assumption, well there's nothing I can do about it, are the same as the people who freely use their mobile phones for everything with scant regard for the invasion of privacy that they permit.

Effectively enabling the future - like sleepwalkers heading to their own dystopian nightmares. Sadly they take the rest of us with them, well, most of us.

I will be one of the others, I'll be living on the fringes getting by best I can for as long as I draw breath. These bastards have captured the whole system through a long drawn out carefully considered plan. If you are not aware you are in this game how can you possibly make a move.

Wade Frazier is right when he wonders if the human species is even sentient, and yet I think we once were. The more we moved away from nature and abrogated our responsibilities to government the more we became like livestock, waiting to be fed and cared for.

Freely, bit by bit, becoming helpless.