Cloudflare

[Ewan]

You are probably familiar with the name 'Cloudflare' but are you aware of how much of the internet won't work without it.

Simplest way to explain what Cloudflare is can be done by sending you to an offsite link that will explain far better than I could. In brief though, it is a security layer (amongst other things) to assist blocking automated DDOS attacks.

Cloudflare is one of the world's largest networks. Today, businesses, non-profits, bloggers, and anyone with an Internet presence boast faster, more secure websites and apps thanks to Cloudflare. Millions of Internet properties are on Cloudflare, and our network is growing by tens of thousands each day.

Well that's good, right? If that was all it did, yes.

Sadly, in order to get some sites to open you have to let Cloudflare run its scripts.
If you care about privacy you might be using some of the following extensions, for example....

uBlock Origin, NoScript, Privacy Badger, Canvas Blocker

I've underlined NoScript because it is my personal interaction tool that let's me decide whether the site (information) I am trying to access is relatively safe to do so. (Safe as in, how much of my data is going to be collected?)

I head off to a website that I know uses cloudflare, clicking NoScript icon in my browser bar I can see which scripts I need to run in order to try and load the page. The great thing at this point is I can click directly on the highlighted scripts and get a menu of options to check the safety of the scripts. If I ask NoScript to run cloudflare.com through Blacklight

The results make for sobering reading.

6 Ad trackers found on this site
8 Third party cookies found on this site

This site allows Google Analytics to follow you across the internet.
(HotTip: Set Google Analytics to untrusted in NoScript)

Some of the ad-tech companies this website interacted with:

Adobe
Alphabet
Microsoft

Blacklight detected this website sending user data to Alphabet, the technology conglomerate that encompasses Google and associated companies like Nest. The Silicon Valley giant collects data from twice the number of websites as its closest competitor, Facebook. An Alphabet spokesperson told The Markup that internet users can go here if they want to opt out of the company showing them targeted ads based on their browsing history.

The site sent information to the following domains doubleclick.net, googleoptimize.com, googletagmanager.com.


If you use a VPN you will always encounter Cloudflare because it is most likely using a dynamic assignment for your ISP number, even your internet provider could be using that method though. I understand by getting a fixed IP address cloudflare will let you straight by on the assumption you are a solo user with a fixed ID (IP address). Quite a lot of VPN providers will supply you with a Fixed IP but it costs more than the regular subscription by a few Euros/Dollars/Pounds etc.

Some neat/valuable resources.


https://www.bleachbit.org/

Removes lots of tracking potentials left on your computer and cleans your system of temp files etc.

https://noscript.net/

Speaks for itself. Try it.

https://github.com/arantius/resurrect-pages

This one is a beauty, given up trying to get into a page? Copy the address and paste into a new window ADDRESS BAR, don't hit enter. Now click the Resurrect Pages add-on in your browser bar and a new link will open where you can search several sites for an archived copy.

https://addons.mozilla.org/en-US/fir...canvasblocker/

[Ewan]

Don't want to use Mozilla Firefox?

Try Libre Wolf

A custom version of Firefox, focused on privacy, security and freedom.

[thepainterdoug]

Ewan/ thanks . this is one of those posts that I understand little to nothing about . And that kinda worries me .

[Hamish]

Hello,

I use DuckDuckGO App Tracking blocker on my phone and by just using Spotify we have:
Google making 30 attempts for various information such as charging status, GPS, Network type, Boot Times, Device Name, email address, Gender, Last name etc etc
Branch Metrics 1471 attempts to collect information such as above
ComScore with 30 attempts to collect similar information.

Most mainstream websites has various advertisers data on it and amount of information it wants is off the charts

[Kuperkai]

@Ewan- thanks for those links. Blacklight and Canvas look very good.

Curious, are you running Linux and if so what flavor? While there are many flavors of Linux, it seems to be the only platform where you have a chance of maintaining your privacy.

[Ewan]

Posted by Hamish (here)
Hello,

I use DuckDuckGO App Tracking blocker on my phone and by just using Spotify we have:
Google making 30 attempts for various information such as charging status, GPS, Network type, Boot Times, Device Name, email address, Gender, Last name etc etc
Branch Metrics 1471 attempts to collect information such as above
ComScore with 30 attempts to collect similar information.

Most mainstream websites has various advertisers data on it and amount of information it wants is off the charts

Dude, that is astonishing information you just shared, revealing a level of naivity in myself!
I knew data collection was rampant but that is beyond even what I had realised.

I never use a smartphone other than for work, (work-related app and google maps), and I never liked them precisely because I couldn't see how I had any control over what was going on.
At least with a PC, despite Microsoft's best attempts, I still had an element of control.

What do they do with all that information? Well they would claim it was simply for directing appropriate advertisements. Hah!

Basically they think we (people) are sheep who can be led to whatever pasture they want us to graze from, Edward Bernays has a lot to answer for-

(BREAKING NEWS: Exterme Sadness reports that we may actually be sheep but have not yet realised it.)

-as does the concept of Capitalism, if it were not for the desire of profit how different might this world be.

[Szymon]

As a Systems Engineer, I concur with everything. There are ways to get around the system. For some good tips check out Edward Snowden.

If you want an added anonymity when using the internet. You can try this.

Use the Tor network browser. Your connection will go through a few other ip addresses.

https://www.torproject.org/download/tor/



You can check this using some online "What is my IP address" service and it will confirm that you are using another IP other than yourself.

You then connect to a free remote computer using Ubuntu or another Linux flavour. So this is like a RDP (remote desktop protocol). Below is a free service. I don't know why they do it, but looks free and it works.

https://www.onworks.net/os-distribut...ine-version-20

So now you have accessed a remote computer, here you have two options. Either you can use the browser of this temporary remote computer that provides you with full access with SSH terminal. This free computer IP address is coming from somewhere in Germany, or you can then load up another TOR browser through this Ubuntu Linux computer and use that to surf the internet.

So in the end, your internet connection will go through 7 IP addresses before reaching its destination.

The connection will be a bit slow because of all those relays, but good luck to the person trying to backtrack the connection to its source.

I hope this makes sense.

Cheers,
Szymon

[Hamish]

Hello,

We are the product and the more they know about who we are and what we view, is gold for them to sell our Digital ID onto other companies.

I don't believe there is any way to stop this 100% unless removing all electronic devices from your life.

Even with that, others devices are acting like scanners, CCTV etc, so to avoid them, we would have to go off grid.

Not conviced these days, there is any place left on Earth that is off grid.

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

EDIT:
I recommend these Youtube channels that covers everything from setting up personal firewalls, to using Linux and or customizing windows.

https://www.youtube.com/@davidbombal
https://www.youtube.com/@NetworkChuck/
https://www.youtube.com/@ChrisTitusTech/
https://www.youtube.com/@TroubleChute/

P.S To clairfy, not affiliated with anyone of the above.

[Szymon]

Posted by Hamish (here)
Hello,

We are the product and the more they know about who we are and what we view, is gold for them to sell our Digital ID onto other companies.

I don't believe there is any way to stop this 100% unless removing all electronic devices from your life.

Even with that, others devices are acting like scanners, CCTV etc, so to avoid them, we would have to go off grid.

Not conviced these days, there is any place left on Earth that is off grid.

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

I 100% agree.

As soon as you enter your credentials to any system in the world the systems web server will log that into file. Then however the system is programmed it will record that into its database. So yes, everything is traceable.

Only for browsing, hacking systems and deploying scripts.

The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

[Kuperkai]

Posted by Hamish (here)
Hello,

In regards to Tor, Tor acts like a VPN, it will mask your connection.

However, if using Tor and accessing your personal accounts, be it on Avalon, Facebook, Amazon, and logging in, these sites will know, HEY Hamish just logged in and is connecting with an IP in Atlantis. Or typically, the site might block you from logging in as data does not match previous log in locations. Hey, Hamish logs in normally from Mars but now connecting from Venus, best to block that connection and ask they verify who they are via email etc.

Same applies, if using Tor and creating a first account on a site, using Tor becomes useless if giving your real name, address, location, email etc.

So if using VPN/Tor would recommend you just use it for browsing.

@Hamish- please correct me if I am wrong. The VPN hides your original IP address from the world and prevents your ISP from snooping on your traffic. However, a government agency (3LA) can request the logs of a VPN provider (and thereby unmask you), if they claim "suspicious activity". Running Tor on top of a VPN, makes the VPN provider's logs useless, since your exit node is elsewhere. Now, if you are doing research on "verboten" topics, Tor over a VPN would be great for browsing and accessing totally anonymous web services.

However, I've read that some of the Tor exit nodes have been compromised, meaning 3LA could unmask your IP address. If you were using Tor over a VPN and the exit node was comprised, then a 3LA would first get your VPN provided IP address, and then they would request the VPN provider's logs, unmasking you.

So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?

[Kuperkai]

[QUOTE=Szymon;1555346]

Posted by Hamish (here)
The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

@Szymon, @Bill Ryan-
In Project Camelot interview with Arthur Neumann (aka Henry Deacon) linked here, Henry says the following:

OK. This may interest you if you have a physics background. You know what signal non-locality is, right? When two particles in different parts of the universe can apparently communicate with each other simultaneously, no matter what the distance. Communications devices have been made for communicating across vast distances and also locally using a methodology that‟s impossible to eavesdrop on, because there's nothing traveling between the two devices that can be intercepted. It‟s impossible to crack or codebreak or eavesdrop because no signal travels anywhere, so there‟s no signal to be intercepted or decoded. It just doesn‟t work like that.
The beauty of it is that the devices are actually so simple to build. You can create two chaotic circuits, on a couple of small breadboards using cheap components which anyone can buy, and they communicate with each other in this way. You can build these if you know how.

In the May 2007 update he elaborated:

Chaotic resonating circuits
Henry elaborated on the chaotic resonating circuits he mentioned in our first interview. He confirmed that they were relatively cheap and easy to make, and that the information, in segmented pieces, had been fairly widely available in a certain academic community in the 1970s. He had retained no records of the circuit diagrams, but intriguingly he said he was 80% confident that he would be able to locate them if he spent time searching public domain records in a particular university library. We know the location but for understandable reasons are not revealing it at this time.

And then there is this recent article from ZeroHedge:
Amazon Partners With De Beers To Grow Fake Diamonds For Quantum Computing- April 6, 2023 | ZeroHedge

First, understand that "Fake" diamonds are as the commenter <Barnyard animal on the tax farm> described, “synthetic diamonds, grown to a perfection the natural diamonds can not match.” Quoting from the ZeroHedge article:

Element Six will work with Amazon Web Services' Center for Quantum Networking to develop next-generation data transmitting technology over long distances.

The transmission of data in quantum networking will be on the subatomic level and goes beyond today's fiber-optic network. The lab-grown diamonds will be integrated into network components that allow data to travel longer distances without degradation.

"We want to make these networks [quantum networks] for AWS, said Antia Lamas-Linares, who heads the Center for Quantum Networking. She believes the technology could be in use in a matter of years rather than decade

Okay, this sounds like they are growing diamonds in a specific geometry to inject data into the "quantum field" (aka instantaneous communication over very large distances). If you have examined Marcel Vogel's work on crystals, you know that his crystals enabled communication with the quantum field or consciousness field. Ask yourself, how do the pilots on UFOs communicate? Are they using Hertzian electromagnetic waves to send signals? No way. ETs use "sub-space" communications which allow instantaneous communications at long distances, just as described in every Sci-Fi TV show since the 1970s.

Hey Bill, is it time to reveal the library where Henry Deacon said we could find information on "chaotic resonating circuits"?

[RatRodRob...RRR]

Posted by thepainterdoug (here)
Ewan/ thanks . this is one of those posts that I understand little to nothing about . And that kinda worries me .

.
Ha i was lost at "You are probably familiar with the name cloudflare"......... i have no clue what this involves........it makes my head go .........................RRR

[Szymon]

[QUOTE=Kuperkai;1555511]

Posted by Szymon (here)

Posted by Hamish (here)
The only way out of the technology is probably international waters and the use of HF radio communications for voice and digital modes.

Alternatively, is to use the darknet, which it can still be tracked, but it's harder.

@Szymon, @Bill Ryan-
In Project Camelot interview with Arthur Neumann (aka Henry Deacon) linked here, Henry says the following:

OK. This may interest you if you have a physics background. You know what signal non-locality is, right? When two particles in different parts of the universe can apparently communicate with each other simultaneously, no matter what the distance. Communications devices have been made for communicating across vast distances and also locally using a methodology that‟s impossible to eavesdrop on, because there's nothing traveling between the two devices that can be intercepted. It‟s impossible to crack or codebreak or eavesdrop because no signal travels anywhere, so there‟s no signal to be intercepted or decoded. It just doesn‟t work like that.
The beauty of it is that the devices are actually so simple to build. You can create two chaotic circuits, on a couple of small breadboards using cheap components which anyone can buy, and they communicate with each other in this way. You can build these if you know how.

In the May 2007 update he elaborated:

Chaotic resonating circuits
Henry elaborated on the chaotic resonating circuits he mentioned in our first interview. He confirmed that they were relatively cheap and easy to make, and that the information, in segmented pieces, had been fairly widely available in a certain academic community in the 1970s. He had retained no records of the circuit diagrams, but intriguingly he said he was 80% confident that he would be able to locate them if he spent time searching public domain records in a particular university library. We know the location but for understandable reasons are not revealing it at this time.

And then there is this recent article from ZeroHedge:
Amazon Partners With De Beers To Grow Fake Diamonds For Quantum Computing- April 6, 2023 | ZeroHedge

First, understand that "Fake" diamonds are as the commenter <Barnyard animal on the tax farm> described, “synthetic diamonds, grown to a perfection the natural diamonds can not match.” Quoting from the ZeroHedge article:

Element Six will work with Amazon Web Services' Center for Quantum Networking to develop next-generation data transmitting technology over long distances.

The transmission of data in quantum networking will be on the subatomic level and goes beyond today's fiber-optic network. The lab-grown diamonds will be integrated into network components that allow data to travel longer distances without degradation.

"We want to make these networks [quantum networks] for AWS, said Antia Lamas-Linares, who heads the Center for Quantum Networking. She believes the technology could be in use in a matter of years rather than decade

Okay, this sounds like they are growing diamonds in a specific geometry to inject data into the "quantum field" (aka instantaneous communication over very large distances). If you have examined Marcel Vogel's work on crystals, you know that his crystals enabled communication with the quantum field or consciousness field. Ask yourself, how do the pilots on UFOs communicate? Are they using Hertzian electromagnetic waves to send signals? No way. ETs use "sub-space" communications which allow instantaneous communications at long distances, just as described in every Sci-Fi TV show since the 1970s.

Hey Bill, is it time to reveal the library where Henry Deacon said we could find information on "chaotic resonating circuits"?

Thanks, Kuperkai well said.

I watched Marcel Vogel's videos, a very interesting guy. He studied the Billy Meier crystals too.

Regarding the chaotic resonating circuits did he provide a circuit diagram or a schematic (block diagram)?

Cheers,
Szymon

[Hamish]

@Hamish- please correct me if I am wrong. The VPN hides your original IP address from the world and prevents your ISP from snooping on your traffic. However, a government agency (3LA) can request the logs of a VPN provider (and thereby unmask you), if they claim "suspicious activity". Running Tor on top of a VPN, makes the VPN provider's logs useless, since your exit node is elsewhere. Now, if you are doing research on "verboten" topics, Tor over a VPN would be great for browsing and accessing totally anonymous web services.

However, I've read that some of the Tor exit nodes have been compromised, meaning 3LA could unmask your IP address. If you were using Tor over a VPN and the exit node was comprised, then a 3LA would first get your VPN provided IP address, and then they would request the VPN provider's logs, unmasking you.

So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?

Hello,

There is various scenarios when it comes to VPN/Tor.

If you use a VPN, you need to be satisfied about their log retention, and if they say they don't log, well you will have to trust them.

If then using the VPN for standard browsing, i.e visiting websites in which you are not logged into i.e. Avalon, Facebook, etc and not using the VPN for nefarious reasons, you should be fine.

If logging in Facebook with the VPN. May has well give up as Facebook will note that your original log in or account when created was from Holland but now showing as UK. They might also block your account until your verify who you are.

Tor is a VPN with the only difference is that is can acccess Onions websites i.e DarkWeb. If Tor is not configured with a bridge, your ISP can see your using Tor but not the websites (I think) unless exit nodes are compromised.

The main issue some forgot, is browising the web with Tor/VPN might hide your IP but if Tor/Your Browser is not configured, then downloading files, or acccessing sites that might have injected javascripts etc, could unmask your IP. Noscript is one everyone should have at least on their browser.

You also need to be aware, that the operating system you using needs to be set up also. If the OS system is compromised, using a VPN or Tor wont help.

[palehorse]

Thanks Ewan for this thread.

It is important to bring this subject up, Cloudflare is root evil, it is definitely a front company, unfortunately most people in the tech field can't think for themselves anymore, but I don't think this scenario is going to change anytime soon, it is just getting worse and worse, because since I first met Cloudflare and it was just a small company and I see where it is right now.. wow!!!
Google captcha is another unnecessary evil that comes to mind.

how to script things to use Tor (for those who likes hand on sort of things).

http://mf34jlghauz5pxjcmdymdqbe5pva4...with_love.html


Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup, let's say a laptop. I forgot the name of those ones (If someone knows please pinch in).. DELL was building these hardware for the public, but they dropped the production line and now it is only for private contracts only, these machines does not use Intel or AMD.

Posted by Kuperkai (here)
..
So, the status of the Tor exit node is key to anonymity. As far as I know, no one has solved the problem of compromised exit nodes. Anyone know otherwise?

Hi Kuperkai

It is possible to install your own exit node in case you don't trust the public ones you are using, you can also use *proxychain but you gonna need a few vps in order to make that works (in both cases you need a vps), best way is to have full control of all servers you are connecting to. period.

I am quoting the following sentence:

"The Tor anonymity network allows clients to build anonymous connections by
establishing nested, encrypted tunnels through circuits of three relays, chosen
at random from a list of several thousand volunteer-operated hosts around the
world. The entry relay knows the client and a middle relay; the middle relay
knows an entry and an exit relay, and the exit relay knows the destination(s)
visited through the circuit, but can only associate them with the middle relay.
However, it is generally accepted that if an adversary controls both the entry
and exit relays, then a timing attack that correlates the traffic on each end will
allow this adversary to link clients with their destinations."

In other words, became a relay and join the Tor project. I myself don't trust every relay node out there either, I used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k). Get a cheap vps that allows Tor relay (be sure they allow it in their policies, otherwise they can just shut it down without warning), and preferable pay it with Monero or hire someone to pay for you (a proxy person lol).

Here is how to setup your own exit node
http://xmrhfasfg5suueegrnc4gsgyi2tyc...ay/setup/exit/

Once it is up and running, you can watch traffic on that relay and you can connect through it as well. Get a vps for that, never mix personal traffic with Tor relays.

* you can find `proxychain` with security oriented linux like parrot os, whonix, openbsd, kali and a few others, also distros like Arch and Debian has it available in repositories, but it does not come installed by default.

it basically will do it:

your_pc <-> proxy 1 <-> proxy 2 <-> proxy 3 <-> proxy 4 <-> proxy N... <-> target

More proxies connected in chain, slower it gets. Also many programs won't hid your ip if you don't manually "proxify" them, which require sometimes scripts or at least modifying the program configurations, also some programs has no proxy option available, had that in mind, the connection will go through your ISP IP address in that case..

[Hamish]

Hello,

I try and not comment on technology mentioned about people like Henry Deacon. I focus on consumer technology as that is what is available to most.

I do believe however, there is Technology which is available, used by companies/military and such which is beyond my understanding, and which likley can view your private life, with you using any technology yourself.

I work for a Major company, and they have put all their eggs in a basket, they used to have their own servers and technology, but for costs reasons, they have moved all to Microsoft / Amazon.

Company website is Sharepoint.
Company VPN is Cisco.
Company communication is Microsoft version of Twitter called Yammer.
Secondary communications is via Teams and storing files on Teams.
Company moving away from Shared Network drives, all wanting files on OneDrive or Teams.

Have seen during lockdown MS having issues and then employees not being able to work.

Then we see most companies are using Amason AWS services and servers and as mentioned on this thread, Cloudflare.

Seems to be a common trend with companies. In effort to maximum costs.

Scary to think, one misconfiguaration and or hostile act, can likley take all systems down in a beat.

[Kuperkai]

Posted by Szymon (here)
Thanks, Kuperkai well said.

I watched Marcel Vogel's videos, a very interesting guy. He studied the Billy Meier crystals too.

Regarding the chaotic resonating circuits did he provide a circuit diagram or a schematic (block diagram)?

Cheers,

@Szymo- nope, no circuit diagrams. He just commented simple components on couple small breadboards.

As an aside, Otis T. Carr's OTC-1 had a large crystal in the center of the craft and supposedly jumped to a destination using conscious thought. In the link I posted to Henry Deacon's interviews [in the May 2007 Update), he described two types of exotic propulsion systems. One creates a gravity well in front of the craft (this is part of the dynamics of the Fluxliner described by Mark McCandlish) and

Other technologies require pilot(s) who interface consciously with the craft, as was reported by Col. Philip Corso in his book The Day After Roswell. Remotely similar to system control in the Montauk Projects...

If the OTC-1 actually worked as Ralph Ring described (I am not completely convinced of that), I'm guessing that the crystal allows the pilot to access to the conscious field/dimension and when the pilot focuses on the target destination the crafts entire "vibratory bubble" moves to the destination in an instant. Wild stuff.

@Ewon- my apologies for posting off-thread. The Cloudflare issue is very problematic for those of us in the freedom community. Figuring out how to get around them will be necessary for us.

[Kuperkai]

@palehorse

used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k)

Wow, for everyday Joes that's a lot of bandwidth- $$$$.

Get a cheap vps that allows Tor relay

By vps, do you mean setting up a hosted server (virtually) that allow Tor relays and then setting up an exit node on this server?

never mix personal traffic with Tor relays

I'm assuming that is because this connects your data to the Tor relay, thereby defeating any anonymity?

Now, with proxychain you need several vps, each to host a separate proxy server, right? All paid with an anonymous Monero account...

Privacy is not cheap, nor straightforward, eh?

If you use a good VPN (no logs) then Browser fingerprinting seems to be main issue. I found this page from the RestorePrivacy.com on Browser fingerprinting, any thoughts?
Browser Fingerprinting Protection: How to Stay Private

Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup

In terms of compromised hardware, I believe you are referencing Intel's "Intel ME" firmware (and AMD's equivalent) which creates a CPU within a CPU that has full disk and network access as well as remote management, even when the computer is off. I recently came across a site advertising the ability to disable "Intel ME".
Introducing the ‘Intel ME disabling’ feature by NovaCustom

Apparently, NovaCustom created an open source firmware, called "coreboot" that disables "Intel ME" using the HAP disabling method described in the above link. "Coreboot" is apparently a part of the Dasharo ecosystem for distributing open source firmware. More on Dasharo here.

NovaCustom (EU company) is selling a "coreboot" firmware, 14 inch laptop for just under $1k US. Link here. 3mdeb is the creator of the Dasharo firmware ecosystem and they are selling Qubes OS Certified computers that support Dasharo open firmware. Link here. Have you looked at these systems, and do you have any thoughts on the HAP disabling method?

To eliminate any possibility of 3LA backdoors, how about running Linux on a Raspberry Pi? Disable the wireless antenna and go hardwired only. Tunnel through a good VPN service and use either Tor or a Browser like Libre Wolf with a bunch of add-ons to block fingerprinting? Thoughts, suggestions?

[Szymon]

If I wanted to browse the internet securely and anonymously I would probably use one of these Linux-based OS.

https://www.qubes-os.org/

https://tails.boum.org/

There would be other stuff incorporated, it all depends what you are trying to achieve.

[palehorse]

Posted by Kuperkai (here)
@palehorse

used to have a relay years ago, I played a lot in their network and never had any problem, I am a bit paranoid with these things. But don't do it at home, your router will blow up, as fast exit relays (>=100 Mbit/s) usually have to handle a lot more concurrent connections (>100k)

Wow, for everyday Joes that's a lot of bandwidth- $$$$.


you can't have a fast exit relay at home, unless you got a lot of bandwidth to spare, you also need a dedicated ipv4 at least, good if have ipv6 as well. A fast VPS (at least 2 cores, 1.5gb ram, and 300mb disk) is the best way to go without breaking the bank, so to speak, of course bandwidth policy can be defined with the exit relay.

Get a cheap vps that allows Tor relay

By vps, do you mean setting up a hosted server (virtually) that allow Tor relays and then setting up an exit node on this server?


Exactly.

never mix personal traffic with Tor relays

I'm assuming that is because this connects your data to the Tor relay, thereby defeating any anonymity?


I meant, if you got a super fast speed at home and decide to setup a tor relay with in the same network you use to your personal life, that fixed IP will be used for the relay as well for whatever you are doing beside the relay. Tor exit nodes IP get blacklisted pretty often, it is easy to check if an IP is an exit node, and many companies in the mainstream block them all by default in their networks, there is also Tor bridge popping up all the time, which make it a bit harder for these companies to keep up blocking all access coming from Tor network. If someone using your Tor relay decide to screw up with something online, it will get back to you, the owner of that relay.


Now, with proxychain you need several vps, each to host a separate proxy server, right? All paid with an anonymous Monero account...

Privacy is not cheap, nor straightforward, eh?


It depends on each one strategy, a cheap VPS cost around 5 bucks, I used a company in east EU that charged me 3 bucks per server with root access and I could upload my own image, big deal but they are not online anymore, but the good thing there is many others out there, I have a list if anyone need, I would not mind in sharing it. With $30 /mo you can have a pretty decent setup, an average VPN will charge around $15 /mo.


If you use a good VPN (no logs) then Browser fingerprinting seems to be main issue. I found this page from the RestorePrivacy.com on Browser fingerprinting, any thoughts?
Browser Fingerprinting Protection: How to Stay Private


The problem with VPN (no logs), it is based on a promise and nothing else. They would not risk going out of business to protect the user anonymity for $15 would they?

I did tests with different browsers and they all leaked fingerprints, the only one that passed was the Tor browser but you have to configure it with security level as "Safest", it will block most of the canvas API which, draws graphics via JS and HTML5 canvas image data and use it to tracking because it is rendered differently on each browser/OS and it creates a digital fingerprint of the user. Tor browser default installation allows to all users look exactly the same.

Here you have more information about almost everything that is involved on fingerprinting users.
https://support.mozilla.org/en-US/kb...fingerprinting

However, the Canvas Permission Prompt is not the only thing that Fingerprinting Protection is doing. Fingerprinting Detection changes how you are detected online:

Your timezone is reported to be UTC
Not all fonts installed on your computer are available to webpages
The browser window prefers to be set to a specific size
Your browser reports a specific, common version number and operating system
Your keyboard layout and language is disguised
Your webcam and microphone capabilities are disguised
The Media Statistics Web API reports misleading information
Any Site-Specific Zoom settings are not applied
The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled

This is not an exhaustive list - other features may be altered or disabled.


Another browser that full respect user privacy is GNU IceCat.

Both Tor browser and GNU IceCat does not work properly for the mainstream modern web of today. I think it is important to say that.

Another very important fact that everybody seems to avoid even looking at it, the whole thing is compromised at a hardware level (Intel and AMD), get an open hardware if you can, but as far as I know only mil personal (high rank) got those ones, my best guess it cost around $25K for a very minimal setup

In terms of compromised hardware, I believe you are referencing Intel's "Intel ME" firmware (and AMD's equivalent) which creates a CPU within a CPU that has full disk and network access as well as remote management, even when the computer is off. I recently came across a site advertising the ability to disable "Intel ME".
Introducing the ‘Intel ME disabling’ feature by NovaCustom


I meant hardware that does not make use of Intel and AMD chipset.

Here is a list of open hardware
https://en.wikipedia.org/wiki/List_o...ource_hardware

My apologies about the mistake above, I meant to get a full hardware for that price tag, a hardware completely built from scratch using open hardware, open source software (GNU), it won't work with windows or mac. I know people in US building their own router and devices using these open hardware, there is a small niche business out there and it is growing by the day

The IME issue can be mitigated but Intel firmware is proprietary and closed source, the ME issue is only 1 of the issues that is public now, there is many concernment about it.
I once went through this process to flash the bios and disable it with my thinkpad T400 (you need a device called programmer), which was a huge pain in the ass and in the end I gave up, because I was probably going to brick the laptop.. However I have another thinkpad X230 that someone removed it for me, the whole process involves soldering and physical removal of tiny parts in the motherboard, which is not really my thing, I just understand the basics of it and to avoid bricking the laptop I handled to someone who did a great service for me.. it is just a mitigation though.


Apparently, NovaCustom created an open source firmware, called "coreboot" that disables "Intel ME" using the HAP disabling method described in the above link. "Coreboot" is apparently a part of the Dasharo ecosystem for distributing open source firmware. More on Dasharo here.


Thanks for the link, I didn't know about Dasharo


NovaCustom (EU company) is selling a "coreboot" firmware, 14 inch laptop for just under $1k US. Link here. 3mdeb is the creator of the Dasharo firmware ecosystem and they are selling Qubes OS Certified computers that support Dasharo open firmware. Link here. Have you looked at these systems, and do you have any thoughts on the HAP disabling method?


Once again thanks for the links, I didn't know them.
As far as I know the bit HAP must be disabled directly in the flash descriptor, but as you mentioned about the links above, Dasharo seem to had done that job already and added the option directly in the BIOS (Intel Managment Engine Options) where anyone can disable the bit HAP manually.

More here
https://docs.dasharo.com/dasharo-men...-configuration



To eliminate any possibility of 3LA backdoors, how about running Linux on a Raspberry Pi? Disable the wireless antenna and go hardwired only. Tunnel through a good VPN service and use either Tor or a Browser like Libre Wolf with a bunch of add-ons to block fingerprinting? Thoughts, suggestions?


as far as I know not all components of Rasp is free/open. But it probably would work well, I never used it for anything, I can't comment on that.

About the fingerprinting my take is to use open source software not proprietary as much as possible, if you can't block the canvas API then the add-ons won't prevent fingerprinting, unless you get some add-on that promises that, but would have to test and verify if it really block the damn thing, so far as I said only Tor browser and GNU IceCat passed the test to me.

I answered in blue color.