Code Injection is inherently malicious. You can file a consumer complaint here. Comcast then has 30 days to respond to your complaint, where they will tell you that code injection is not illegal. Source: I did it to century link, had a gentleman who identified himself as a layer for century link personally deliver me the response.
You can then contact your congressmen asking for them to consider making a bill that defines "hacks" such as code injection illegal, and see what they say. But that is as far as your rights as a citizen extend.
In the meantime you can install https everywhere, and protect yourself from code injection of any sort on any website that supports the https protocol.
There's a lot of quitter talk in this thread thus far.
Instead of crying like adolescents, how can we help?
Hint: ACLU support
Hint2: WikiMedia support
Also, there's a great browser extension made by the EFF to secure your browsing. Not only does it protect against criminals, it over-burdens the NSA with non-criminal encrypted traffic.
Install HTTPS Everywhere.
Options -> "Block all unencrypted traffic"
Realize that tons of great websites will never use TLS
Disable "Block all unencrypted traffic"
You also have to consider that the push to ensure all web traffic is encrypted comes from many places, like the Electronic Frontier Foundation (HTTPS Everywhere) and the greater web community. It's not passed down from on high by Google. There are lots of people who have been clamoring for this, demanding big sites like Facebook etc all switch to 100% HTTPS, and so forth. The issue of whether to bake encryption into HTTP2 was also hotly contested
If you use HTTPS Everywhere, you don't need to use the encrypted subdomain.
Edit: Seriously? It's a plugin for FF + Chrome that forces HTTPS connections for sites that support it, making your internet experience a bit safer. That's the last time I try to help someone out in a default subreddit.
Https Everywhere is made by the EFF foundation not Mozilla, but It is most stable in Firefox.
Edit: added links. Edit2:fixed formating
hopefully you know about things like https everywhere?
https://www.eff.org/HTTPS-EVERYWHERE
It only works if the website you are trying to reach is configured to handle https, but most major online websites are.
Correct. As you know, Incognito simply stops Google from saving any info. However, I should have also mentioned that I use "HTTPS Everywhere" (Browser Extension) to prevent my ISP from knowing WHAT I was doing at said site.
HTTPS allows ISP's to know where you went, IE: The domain and site, but prevents them from peering into the exact content you view and thus stops them from sending you targeted ads from things you searched for at a site. The best they can do is assume at that point.
Regardless, the only real way to prevent them (ISP's) from knowing what you are doing is with a VPN.
There is also "https everywhere" available for firefox and chrome
https://www.eff.org/https-everywhere
Why bother? Well, reddit defaults to https okay, so inside reddit you can't be snooped, but links given in reddit are not always https even when the site is happy to serve https. So if you click on something, you don't know if the exact url and content can be snooped or not.
https everywhere will upgrade your links to try https first, even if the original link was to http.
No.
However, net neutrality prevents your ISP from disabling encryption on you, so it in a way does prevent 3rd party intrusions if you are using https everywhere like you should be.
We should all use end to end encryption whenever possible. This is a much better form of security through obscurity than just making their list longer. Lets make it impossible for them, or anyone else to make those lists.
Yup. This is exactly how hacking works. They just show up and magically reproduce what's on someone else's screen on theirs. Mmm hmm. No using Wireshark to sniff the traffic and sorting it all out later. Nope. At Defcon it's basically everyone staring at the same screen at the same time. Yup.
Truthfully, though, that ad is a perfect example of why you should always be using HTTPS. So many websites stupidly transmit things like user names and passwords in the clear. Here's a tool that can help.
HTTPS everywhere is something everyone should have, it makes everything you do on the internet https. better safe than sorry and its as simple as instal it once and forget about it
Alternatively (to HSTS) everyone should be using EFF's HTTPS Everywhere extension to force HTTPS. In the latest version you can even block all plain-text HTTP connections by checking a button.
It's important to note that TOR is specifically designed to circumvent censorship, if people are blocked from accessing VPNs/proxies they can still reliably connect to the TOR-network through unpublished bridges * and more bridges.
Also, make sure to use secure connections: HTTPS everywhere!
Saya cek website-nya ga ada yang aneh2 tuh. Pastebin javascript-nya
Oh wait ... http://www.jcodelivery.com . Berarti malware-nya lokal / di-hijack ISP.
Edit: buat yg ga ngerti, HTTP itu berarti koneksi-nya tidak ter-enkripsi. Telkom suka bajak yang begituan. Kalau HTTPS berarti koneksi dari browser ke jcodelivery.com aman. Install HTTPS Everywhere buat amannya.
Install https everywhere (you should have done this a long time ago already anyway!)
Go to your broswer's profile directory (you'll have to figure this one out yourself), open the folder HTTPSEverywhereUserRules
, and create a new file named bitcoinmarkets_sort.xml
Copy paste this text into the xml file and save it. (Replace the sort=new
part with sort=best
if you're one of these guys.)
Restart your browser and STFU!
Psst...
kröh, kröh
E: <tässä oli joku tosi huono metafora>. Pitää huolta et kommunikaatio kulkee salattuna silloin kun mahdollista.
One thing worth noting: all three sites (and most other trackers these days) use HTTPS. The most a third party intercepting your traffic can see is the domain name (leaked via DNS requests and SNI) and amount of data transferred. Full page URLs and the contents of those pages aren't visible.
Edit: If you aren't already using it, you should probably install the HTTPS Everywhere browser extension.
And HTTPS prevents your ISP from knowing which part of the website you visited. For example, if you use HTTPS to access reddit.com/r/technology or reddit.com/r/gonewild, your ISP will only see you accessing reddit.com.
I highly recommend using HTTPS Everywhere. It is completely non-intrusive, and hasn't broken any sites for me. It forces HTTPS wherever possible, and hence makes your browsing more secure. It's one of the easiest things to do to help secure yourself online.
Not this exactly, but pretty close: Firesheep.
WiFi Sniffing for Facebook accounts. This is why you should use the HTTPS Everywhere add-on.
I recommend you to use HTTPS everywhere when you care about eavesdroppers (hardly stops the NSA though) https://www.eff.org/https-everywhere
And TOR when you care about not being traced on the web https://www.torproject.org
Connect to reddit via https ( https://www.reddit.com/r/fatpeoplehate/ ). If it doesn't work, they probably would need to block all SSL traffic to reddit (and probably to places like Facebook too) which is very insecure. People could steal your login if you visit via wifi.
I connect via SSL to most big sites automatically, using the HTTPS Everywhere extension.
TIL the Electronic Frontier Foundation offers access to their site via an encrypted SSL connection.
Side note for Firefox users: Check out the EFF's HTTPS-Everywhere add-on for default SSL connections to many popular sites.
The "s" in HTTPS stands for "secure". It's basically just an encrypted connection between your computer and whatever site you're connecting to. If you use a standard HTTP connection instead then anyone can intercept and read whatever you send to the site. If it's HTTPS it can still be intercepted but it would be encrypted so that it couldn't be read.
If you want to make sure you're using HTTPS (which everyone should, just as a general rule) then you'll either have to manually type in "https://" for each site you visit or you can get the HTTPS Everywhere plugin from the Electronic Frontier Foundation. The plugin forces your browser to use an HTTPS connection whenever one is available at the site you're connecting to. Not all sites allow an HTTPS connection though. If that's the case you'll just connect over a normal HTTP connection instead. Otherwise you'll always get a secure HTTPS connection.
For anyone who is not already using https everywhere, go check it out. This is just one more reason to be encrypting as much of your web traffic as possible.
I believe there's a Chrome equivalent, but I don't remember the name, so comment karma to the first one to post it. ;)
Please don't use livememe. Their https is broken and their pages fail to load for anyone using the EFF's HTTPS Everywhere browser extension -- and everyone should be using that extension!
I'll make a quick plug here for HTTPS Everywhere, an add-on to your web browser that redirects you from the insecure to the secure versions of thousands of websites.
If you want to browse Reddit encrypted, head to https://pay.reddit.com (though this is not officially supported).
This is already possible, via the excellent https-everywhere extension. Also works on reddit, google (a bit annoying since https://encrypted.google.com does not have a direct link to image search results), wikipedia, and others.
https everywhere is more tweakable and has better individual site support (see link)
For example deviantart has a fucked up HTTPS implementation in its site but https everywhere is able to fix it by manual fine tuning. Smart HTTPS always falls back to HTTP and won't load that site in HTTPS even if I force it to.
HTTPS Everywhere - encrypts your communications with many major websites, making your browsing more secure. Released by the EFF.
Facebook Blocker - gets rid of the annoying sign-in with facebook on websites as well as the facebook comments thing.
x2 on ABP, a no ad internet is a better interent by far.
I have been able to reproduce both the crash, and that switching to HTTPS prevents the crash.
Click Preferences in the top right, then click Security. Enter your password to switch to HTTPS on Reddit.
Alternatively, install HTTPS Everywhere.
( You should be using HTTPS all the time anyway )
You have nothing to worry about from the CIA. They are not tasked with domestic surveillance. It's the FBI (a little) and NSA (a lot) who would be more concerning.
But let me set your mind at ease. There are many people for whom your accidental search would be anything but, and those people have search histories that are very different from your own. (Rarely does one who actually likes that sort of thing only view it once, for instance.)
There are far too many people who input searches like your own (either accidentally or out of morbid curiosity) once or twice for the TLAs (Three Letter Agencies) to take notice. It's patterns of behaviour that will cause them to sit up and take notice - and they're very good at spotting those patterns.
You should be using HTTPS (encrypted web) in your browser at every opportunity, however. An excellent browser add-on to help with this is HTTPS Everywhere. This will ensure that only the most determined of government or private entities will be able to view your searches.
I would also recommend using DuckDuckGo.com rather than Google for searching the web. Google tracks and analyses everything you do online, which in some ways is far scarier than what the government might see.
Be careful online - even to the point of being paranoid. There are people watching you every time you go online. Most of it is relatively harmless, but doing little things to protect yourself does help.
Don't worry. We're not coming for you.
Unless you start building bombs. Don't do that.
Well, the user agent isn't passed in the clear for HTTPS traffic, so you could just install HTTPS Everywhere on the tethered computer to be safe. Or tunnel all traffic through an SSH proxy somewhere.
https://www.eff.org/https-everywhere
Encrypts every page by default, removing the possibility of injection attacks like a man in the middle modifying a website between the webserver (let's say Google) and your browser.
Everybody should install this plugin as a matter of routine security.
And install privacy badger (from the same foundation) as a matter of course as well. This makes it much harder for websites (like Google, Amazon and Facebook) to track you accross the web.
Try this to see how secure your browser is right now:
It's normal to fail the fingerprinting part. The red X next to the Does your browser unblock 3rd parties that promise to honor Do Not Track? is a good result. Any website can promise to honour "do not track" requests and then track you anyway.
If you want to hide your DNSactivity from your ISP, running DNSCrypt is a good start. You can run the client on one machine and set it to be the DNS servers for your whole home network.
DNSCrypt is HTTPS for your DNS packets. So instead of your ISP being able your DNS provider and being able to know that you're asking what the IP address is for www.reallyembarassingsite.com now all they see is an encrypted TLS packet.
This isn't a complete solution like a VPN or Tor, but it's a good 1st step (along with plugins like HTTPS Everywhere) to greatly enhance your privacy.
Everyone replying to you seems to be missing the point, the government rarely wants to decrypt your non-volatile storage as it's insanely hard to do (You have to actually have the encrypted data, which nine times out of ten means physically having the HDD/SSD in question), what the government wishes to decrypt is web traffic, that includes stuff like:-
Etc... I highly doubt the government gives two shits about your encrypted disk as to decrypt it they'd need the actual content of the drive, so, unless they've already raided your house and stolen your computers, they couldn't care less, but, if you want to encrypt your drives, I wholeheartedly recommend dmcrypt. I personally use it on all my drives (except my laptop's, because my laptop's CPU doesn't support AES acceleration) just for the pure fact that if a drive does die on me, I can RMA it without worrying about what data may be leaked to the manufacturer.
Truecrypt is a nice open-source program for full disk encryption. Make sure you read the FAQ's/watch YouTube videos on how to set it up properly.
You can use a VPN to encrypt your browsing from your ISP, but it wouldn't be that difficult for them to subpoena your VPN company. Most claim to not keep logs, but ask Topiary how that worked out (although the one he used didn't claim that). For me it's not to cover up criminality, but rather just basic privacy. I don't like the idea of every stupid thing I've looked at or done online to be stored with my ISP. I'd rather it just be a string of random 2048-bit encrypted characters that make no sense :-p. You'll want to go with a paid VPN, most have free options but bandwidth is capped.
I'd also suggest downloading the addon HTTPS Everywhere if there is a secure connection option for a website you're visiting it will redirect you there. This means encrypting as much as possible of your traffic.
Disk encryption and traffic encryption should be a decent level of privacy.
From their own site, quote: Sadly, many sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis.
The effort to convert all http sites to https is still not fully secure. FF https-only mode simply will not allow an http site to load without your manual approval, from a warning page that precedes it.
Try to use encrypted (HTTPS) servers whenever possible. This might help: https://www.eff.org/Https-everywhere (Firefox for Android supports plugins.)
Reddit supports encryption now, but I don't know if your Android client supports it.
It wouldn't hurt to take a close look at the apps on your phone, too. Maybe he installed something secretly, allowing key logging or screen sharing.
So there are a few things you should do:
What is your day-to-day technological set-up like? What operating system (+distribution) do you use, on what hardware, what extra measures do you take that the "general population" wouldn't (routing traffic through Tor, using RequestPolicy, HTTPS Everywhere, avoiding trackers, etc.)?
And perhaps equally as important: What prompts you to do you do the above? What elements or principles guides you in making those choices?
Just a quick FYI for users of HTTPS Everywhere.
I wanted to come up with a custom ruleset for HTTPS Everywhere for use with delicious.com, which annoyingly only used https for login. After reading up on HTTPS Everywhere Rulesets I made a basic one of my own.
Later I discovered that if you download/clone the HTTPS Everywhere git repository (dev notes here), there are a whole bunch of rulesets that are still in testing and not in the official release. This included a much-improved ruleset for Delicious which I now use.
It's worth checking out to see what other rulesets are available for use (but not yet in official release).
As an aside, the "Not Secure" label just means that the site doesn't use the https encryption protocol, and has nothing to do with the presence of malware, etc. As long as you're not exchanging any data with the site, and you don't care if your ISP knows that you visited this specific u.arizona.edu page, there's nothing to worry about. That said, using https is best practice, and you can force some http sites to use https with the browser extension HTTPS Everywhere.
Tähän varmaan sopii https everywhere, joka on selainliitännäinen joka vaihtaa salattuun yhteyteen aina kun se on tarjolla.
https://www.eff.org/https-everywhere
Ja heille jotka ylläpitävät kotisivua, saavat ilmaisen sertifikaatin https-liikennöintiä varten Let's Encrypt:iltä.
Ideally it should be, but encrypted connections cost more resources which is something a charitable foundation doesn't always have.
The EFF HTTPS Everywhere extension will do exactly this: https://www.eff.org/https-everywhere
The Electronics Frontier Foundation offers a few browser plugins that help out as well. They're called Https Everywhere and Privacy Badger. Together they help keep your traffic encrypted and block a lot of web trackers.
Tons of sites support HTTPS but don't force it. (HTTPS stops eavesdroppers like anyone on your local wireless network, the guy that runs the shady wifi that you just connected to, and the NSA from listening to your connection and seeing what you're browsing, uploading, or typing in including passwords.) EFF's HTTPS Everywhere extension has a list of many common sites like that and forces your browser to only use HTTPS on them.
Disk encryption is another easy thing to set up and use. This makes it so if you lose your computer, then no one can read the files on it if they don't know your password. OS X lets you encrypt pre-existing filesystems extremely painlessly. Many Linux distros offer the option during the install process. (With Ubuntu, on the page where you're asked for your username and password to use, there's a very simple checkbox "Encrypt my home folder".)
will something like HTTPS Everywhere block AT&T from being able to intercept content? Or just the information submitted to websites, like searches and usernames?
Yeah, I use HTTPS Everywhere which alters reddit's URLs so that the traffic between me and reddit servers is encrypted. It just so happens that only pay.reddit.com works correctly over https. (e.g. https://www.reddit.com/ will complain loudly).
End-to-end-encryption requires the server to support TLS. This can not be forced by Tor or the exit node.
HTTPS Everywhere tries to use TLS whereever possible.
I use HTTPS Everywhere, NoScript, run all my traffic through a VPN, and just when you think I'm truly invisible - BAM! - I make my username greg_bartell just to screw with you.
Anonymity has its place on the internet, but if I'm calling out things at my own school I'm going to put my own name on it.
No, it is still disabled by default for everyone, but if you're logged in you can enable forced https in your account settings found here. Many sites like Facebook or Gmail have similar options and it's a good idea to take advantage of them.
If you use Chrome, Firefox, or Opera you can also get a browser extension called HTTPS Everywhere which is maintained by the Electronic Frontier Foundation. There is also a version for IE made by a different entity. These extensions check for a secure version of all of the websites you visit and direct you there if it exists.
How about not running open wifi access points? Or how about not using open wifi access points?
Seriously, free, open wifi is a fucking minefield. Sure, you might walk through it ok, but you also might get blown to pieces. Or in this case, have your identity stolen or your personal info made public.
DO NOT USE OPEN WIFI ACCESS POINTS
If you are on AT&T, they now allow tethering to your smartphone as part of your plan. It's no longer a separate charge. If you don't want to do that, set up an VPN. For $5/month, you can get a virtual private server at Digital Ocean. Or you can set it up at your own home. You just need either a static IP address, or some other sort of dynamic DNS service. So if you must use open wifi, you only do so if you can connect to your VPN.
If you have access to a Linux/Unix box you can ssh to (like a Digital Ocean VPS, or a Linux box at your home), you can setup an ssh SOCKS proxy. Grab a proxy addon for your browser, like Foxy Proxy to use your new ssh proxy. The command is
ssh -D 12345 myuser@remote_ssh_server
Then just configure your machine to use localhost, port number 12345 (you can substitue any port between 1024 and 35535) for this. You can do this either just for your browser, or for your entire OS. If you can do the latter, I'd recommend it. That way, ALL traffic, not just web browsing traffic, will go through the proxy.
Also, use the HTTPS Everywhere browser extension. This will make sure every site you go to will be HTTPS if it's available.
And if you are running a wifi access point, do not use anything less than WPA2 with AES encryption, and a strong password. WPA was deprecated a decade ago, and WEP can be cracked with almost no effort.
Edit: goofed up a link
I already do. Here's how.
Government monitors be damned, anyone who uses wifi hotspots or 3G should be using something similar purely to stop people stealing site credentials & session IDs.
I wouldn't consider Stratiform essential, at most useful, as it only serves to make interface tweaks. It's the equivalent of installing a new theme from a set of 5 or so themes, with many customization options.
To the essential list, I'd add (especially if you're on a public wi-fi connection) HTTPS Everywhere, to make sure that your private data isn't stolen in unsecure connections.
From what you say you use Ghostery for, I think it can be replaced by replacing the Adblock ad lists with Fanboy's Adblock lists, including the Tracking and Annoyances lists.
Firebug is incredibly useful, but only if you have some understanding of HTML.
> Why not just bookmark the HTTPS url instead?
> Guess I don't really see the use of this add-on.
The addon has 22k rulesets, would you just prefer to duplicate the effort and hunt for https version of websites? Also you won't get ssl stripping protection that way. Also you won't be able to manually set securecookie with that method.
Also you can just read on why the addon is necessary: https://www.eff.org/https-everywhere and https://www.eff.org/https-everywhere/faq
No, not all sites support it. I suggest installing the HTTPS Everywhere addon, it'll make you use https on sites that support it.
https://www.eff.org/https-everywhere
FWIW I suggest disabling the reddit rule in that add-on, manually changing your reddit URL to have https at the start, then going into your reddit account settings and enabling HSTS, this will force your browser to always use https when accessing reddit.
I'm not sure you understand encryption, it is pretty easy a a consumer to make it prohibitively expensive for someone to break all your communications. If everyone encrypted they would have to change their surveillance model and actually do what they are supposed to be doing. Targeted surveillance.
That is actually incorrect. The pay.reddit is a hack used by HTTPS Everwhere to make reddit serve up HTTPS links to reddit. This is a fully functional link that also is secure.
See the stable branch section for the code. I hear reddit is working to implement a full and intended HTTPS version of reddit, but until then this is the default way.
The reason pay.reddit works is because it is the link your browser would be directed to if you were purchasing gold (if I recall correctly).
I suggest using SSL whenever possible, there are browser plugins available to make it easier (e.g. HTTPS Everywhere). It makes it much more difficult for them to MITM your connection. They basically have to be a trusted CA and you don't validate certificate signatures.
It isnt a silver bullet, but software you run does matter, for instance, https-everywhere can increase the number of (at least hopefully)secure connections. Ghostery can prevent scripts from calling back. Having your own software and hardware under control would also prevent the example with the spying laptop cameras, hearing aids, cars.
Also, although you can configure closed software, you cannot as easily verify that it is doing what it tells you it is doing.
Of course neither Stallman nor the EFF only promoted libre software, they also tried to affect laws, awareness and such.
> she has the ability to see everything he browses without touching his computer
This is mostly false now, fortunately, depending on what you mean by "everything."
She would be able to tell most domains he accesses, but not more (i.e. not about specific). So she'd be able to tell he was going to pornhub or whatever, but not what subreddits he goes to, what images are being loaded on imgur, etc.
This is, of course, thanks to https and the push to use it everywhere. If you get the HTTPS Everywhere, that'll reduce even further the chance for a mistake.
https://www.eff.org/https-everywhere
If you enter http://www.amazon.com, for example, it will instead send you to https://www.amazon.com instead, which means you'll using the SSL encryption by default whenever possible. It will also do so for embeded objects on sites.
I just installed https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/. Tells you when a certificate changes (And what to). By default it checks the certificate itself, but can be changed to just check the CA (So a let's encrypt -> bluecoat cert would be detected and warned about, but just key rotation won't, because some websites do offer different certs seemingly randomly).
https://www.eff.org/https-everywhere is another thing that you should ALWAYS install. There's basically no harm in doing it, it doesn't take up any time. It just redirects unencrypted traffic to the equivalent encrypted page (Obviously, the website has to have encryption in the first place, but this enforces it).
As for password managers, I don't really trust pass
. Out of the box, it doesn't protect your passwords if someone has write access to them. I use KeePassX2, it's in the repos. It doesn't come with a way to sync them across computers, though, I use owncloud for that.
HTTPS Everywhere causes it to show that I've probably been to none of the sites. RequestPolicy prevents loading any of the content that it needs to load in order to carry out the attack, assuming that you haven't globally allowed requests to any of the domains in question. Blocking everything with RequestPolicy makes it assume that you've been to every site.
It's github page explains how it works and you can immediately see why both of those add-ons break it in different ways.
That happens when YouTube links are opened from Google search or other sites. Add https to the URL or install HTTPS Everywhere addon/extension to get it done automatically.
AdblockPlus for adblocking
Disconnect for socialblocking/donottrack
HTTPSEverywhere for security & convenience
Web Of Trust for website reputation & malware prevention
Lazarus Form Recovery (with password & encryption) because I tend to lose walls of text when posting on forums.
That's my default package for a comfortable web experience :D
Correct.
> From FAQ
>Why use a whitelist of sites that support HTTPS? Why can't you try to use HTTPS for every last site, and only fall back to HTTP if it isn't available?
>There are several problems with the idea of trying to automatically detect HTTPS on every site. There is no guarantee that sites are going to give the same response via HTTPS that they give via HTTP. Also, it's not possible to test for HTTPS in real time without introducing security vulnerabilities (What should the extension do if the HTTPS connection attempt fails? Falling back to insecure HTTP isn't safe). And in some cases, HTTPS Everywhere has to perform quite complicated transformations on URIs for example until recently the Wikipedia rule had to turn an address like http://en.wikipedia.org/wiki/World_Wide_Web into one like https://secure.wikimedia.org/wikipedia/en/wiki/World_Wide_Web because HTTPS was not available on Wikipedia's usual domains.
Yet another reason for HTTPS Everywhere:
https://www.eff.org/https-everywhere
We've found several of these type of injections from cable companies to public WiFi that inject code that broke our web site. We finally gave-up trying to rename HTML IDs and JavaScript variables to workaround the problems companies like Comcast decided to create and just started using HTTPS.
I can't say much on the PF side, but on the computer side:
If you're old enough, get a bank account where you're the only user and transfer your money there.
>Surely these are just straight-up scams?
Almost certainly. At the very best they're just shady companies selling shoddy products for a quick buck and not outright scams.
>How is this sort of advertising legal?
They don't promise anything specific. At least that's my guess as to how they get away with it. You'll notice that they all appear to be simply offering information. They don't promise that you can do it as well, or that if you take this pill or that pill or whatever that you'll get the same effects. Basically they carefully present it so that it either appears as gossip (Controversial Pill Celebs Use to Build Muscle Fast; You Won't Believe How This Single Mum Makes £7,650 a Month) or they present it as an informative article (6 Facts They Didn't Tell You About Life Insurance; Diet Pill Breakthrough Leaves Doctors Speechless).
>The worst part is that they are hosted on the main websites domain so adblock can't block them.
If you're running Firefox, install NoScript and uBlock Origin. Between those two you shouldn't see 99% of ads on any site. I have both running and saw no ads at all on explosm.net.
Also, while not ad related, install HTTPS Everywhere from the Electronic Frontier Foundation. It will force a secure encrypted connection with every site you connect to, assuming that the site supports https connections. It's great for general security.
>Can someone with a virtual machine try it? I'm curious to see what happens.
You're most likely just redirected through an affiliate link to some sort of landing page that has a long-form sales letter on it with some sort of Call to Action at the bottom (i.e., a free/discount offer of some sort). Anyone with common sense wouldn't fall for it. Then again, the people these sorts of ads appeal to don't generally have a lot of common sense which is why the ads work and how such companies stay in business.
Nice, it almost seems like https everywhere functionality is getting built into browsers.
I'd like to see links between the two projects and all browser support.
> Does Reclassifying as Title II give the government free reign over our personal internet traffic?
No. Neither does it take it away. In other words, the US government is performing unconstitutional spying on all of its citizens currently and Title II doesn't stop this or make it worse. It simply won't be affected.
Title II, to my understanding, affects how internet providers have to treat the flow of information, not with the costs of providing that information or the privacy of the information.
If you're worried about internet privacy in today's world, please make sure to use tools specifically geared towards it, such as Tor and/or HTTPS everywhere.
If you just want the government to stop spying on you, call your representatives and tell them this!
However, Title II and government surveillance are completely unrelated.
Это протокол зашифрованного соединения. Т.е. содержимое страниц, которые ты просматриваешь, и даже их адреса (после доменного имени), а также передаваемые тобой данные зашифрованы, так что при перехвате трафика их нельзя просто прочесть (как это было бы в случае с простым http).
Подробнее можно прочесть у Яндекса или в вики (посуше).
К слову, рекомендую HTTPS Everywhere.
First Thing: I live in Europe. Why did I learn about this just now?
Second Thing: Political Pressure is an important thing. Thanks for pushing! But since that's a slow process, I think you should also raise awareness for tools to defend your privacy here and now like
and many others. What else do you recommend?
Does the phone connect through the WiFi to get online? If yes, the point where the data gets sniffed might bei either the router or even someone at the ISP.
I'd also enforce end-to-end encryption just to check if he's still getting messages in that case (HTTPS Everywhere). If he's still getting them with HTTPS enabled, the PC is most likely infected.
HSTS is a little bit different from "pinning" (the mechanism that gave away Diginotar). Though in the IETF TLS (or websec?) working group HSTS pinning was proposed, but AFAIK has not reached RFC stage yet.
HSTS currently only states that "if you connect to site X.Y.com, for the next N days always connect via HTTPS instead of plain HTTP on any port". NoScript and HTTPS Everywhere for Firefox implement that.
What Chrome uses is "certificate pinning", or more precisely "public key pinning" (nitpick-precisely: SubjectPublicKeyInfo pinning). That means that for a small list of predefined sites (google services, torproject.org, etc.) Chrome won't allow connection if the public key doesn't match the built-in hash (the "pin").
Have a look at DANE protocol which recently passed IETF. It's certificate and public key pinning protocol, independent of browser or specific TLS client.
N.B.: Certificate Patrol for Firefox can be rather easily extended to implement certificate/public key pinning (been on my TODO list for a long time, but I won't get to it anytime soon; if anyone is interested, I can explain what needs to be done).
I thought they have automated interfaces to get the data they want without you knowing (in some cases). Thank you for suggestion, I use HTTPS Everywhere.
From what I see, HTTPS-Everywhere rulesets just list which sites have https so they can redirect you correctly. If there is no https version of the website, you obviously won't be able to access the website securely, but most widely used version have HTTPS enabled, or already redirect their normal website to HTTPS.
As far as I know HTTPS Everywhere has absolutely nothing to do with encryption and everything to do with redirecting to more secure versions of websites.
Yep! This is the equivalent of opening your USPS mail, inserting ads, and closing it back up!
Super immoral, totally wrong.
(Said in the tone of a game show host):
Fuuuuuuuuuuuuuuuuuuuuuuuuuuuck Comcast!
What you can do is:
Exits could try to give you HTTP when you asked for HTTPS. The HTTPS Everywhere extension that comes with Tor Browser prevents this from happening on <u>tons</u> of websites. So you don't need to worry about this.
Exits could create their own certificate for a website and give it to you. But if your browser doesn't trust it (for example: it isn't signed by a certificate authority) there will be a huge scary warning that you can't miss. So you don't need to worry about this.
Exits could work with certificate authorities to create certificates that your browser will accept. These CAs would be misbehaving and risking having all of the certificates they have ever issued being distrusted by browsers if they were caught. It is also possible the person running the exits has compromised a CA and thus the CA doesn't even know it is issuing malicious certs. This doesn't happen very often. It is a very big deal when it does happen. It affects more than just the perceived security of using Tor. You shouldn't worry about this.
Also, the Tor Project regularly scans for misbehaving relays and removes them from the network. This type of stuff is some of what they are looking for.
Interestingly: while there is little bit of reason to worry about this on regular websites, there is basically zero worry of this type of stuff happening when you visit onion services. Encourage your favorite websites to operate onion services! :)
You use it every day. About 50% of all Internet traffic is encrypted. Your phone talks with the towers over a (badly) encrypted connection. EMV equipped credit cards uses encryption technology. And lots, LOTS more
Use encrypted connections to websites when possible. "https everywhere" is a good tool. It forces your browser to use encrypted connections whenever possible. https://www.eff.org/https-everywhere EFF has a good guide in what they call surveillance self defense. It is quite good, without being to technical. https://ssd.eff.org/
Get encrypted phone apps. Signal is the gold standard, but whatsApp has it deployed by default for all of their users. If you are really worried, consider changing your email to something secure. Protonmail offers user friendly encrypted email.
If you want to, there is SO much you can do, but it is hard, and not always a good experience for a large host of reasons. The EFF guide goes a long way, without sacrificing any noticeable usability, and probably takes you 10 minutes to do after you have read it
La versione ELI25
edit: Privacy Badger tenta di bloccare i tracker / ad traccianti (come il like di facebook) -> https://www.eff.org/it/privacybadger
HTTPS Everywhere, dalla loro definizione "The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. " https://www.eff.org/https-everywhere
Pi-Hole è un ad blocker per il raspberry Pi. Lo si usa come un server DNS.
You basically can't know if VPNs log. Audits are fine, but companies can just volkswagen their way out of it.
And even more difficult to check are the logs a hoster and their ISP keep. This is how some VPN users have already been uncovered (for serious crimes though, not torrenting). Generally, if you want to be more secure from this possibility, use Tor (doesn't work with torrents though).
Also it's good to take security measures (with and without VPN): - Don't send (personal) data over a http connection. - use HTTPS Everywhere: https://www.eff.org/https-everywhere - disable third party cookies - use something like Privacy Badger or Disconnect (or the native Firefox tracking blocker) to keep tracking companies out
I'm not a computer guy, but I recommend and use:
Ghostery: Ghostery protects you from more trackers than any other company.
https everywhere: HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
DuckDuckGo: Smarter search without the tracking.
>Lawful access includes police asking telecommunications companies to install wiretaps, give access to emails or texts, and hand over identifiers like the name or address of a customer.
The key here is that they're asking telcos for this information because they're not allowed to demand it without a warrant. The police aren't allowed to open your physical mail or tap your phone themselves without a warrant; it shouldn't be any different for their electronic / VoIP equivalents. Additionally they shouldn't be able to skirt that requirement by asking someone else to do it, and the supreme court seems to agree.
On a side note, you should never rely on the idea that "no one is looking" to maintain the privacy of information.
https eliminates the snooping. I also run a private VPN here as well.
All providers do it, including your cell phone provider. AT&T is at least admitting to it. Don't get me wrong I don't like it either but you have two easy options to get around it.
Please actually do type the protocol when you type your URLs, especially if it's https. Your browser will default back to http and even if the site is https only (Like PayPal, where it'd normally issue a redirect) an attacker can still leverage the small amount of time it's not authenticated to basically leave that window open for good (and then steal all your data). I'd also recommend this, but it's no replacement for actually specifying the protocol.
be careful with tor. it was invented by the us navy and exit nodes can read all unencrypted data passing through. while onion routing has its uses using tor to log into google and facebook is not going to help.
the only way to secure way to send a dick pic is hand delivering a polariod.
the privacy rabbit hole is a deep one. think about what browser you are using, consider using https everywhere and disconnect for day-to-day browsing and duckduckgo for search. also /r/privacy might come in handy.
Https eveywhere is also a great extension.Supported by the Electronic Frontier Foundation wich also accepts bitcoin donations.
Oh, it allows you to use https on reddit (I.E. encrypted data), HTTPs everywhere does it for me (it's a experimental rule, it does come at one significant drawback that I see, you can't login while it's active):-
https://i.imgur.com/1vyfJM6.png
I warn you though, if you do choose to install it (I highly recommend!) Imgur is kinda sorta having an issue with https right now where all their javascript loads over http and means you get no javascript, started happening a few hours ago, they'll probably fix it within the coming hours, but, for now, it breaks imgur.
You can also click on the HTTPS Everywhere icon and turn off the rule that is causing breakage. This works in mobile too.
As always, bug reports are welcome! https://www.eff.org/https-everywhere/development
If you're leery about it: https://www.eff.org/https-everywhere/development
It's developed by the EFF and TOR. I don't think anyone would respect your privacy more. It accesses your data on sites and tabs/history to determine if a site is https or not. lol
I noticed because I have the HTTPS Everywhere firefox plugin. I'm not sure why it's using the pay. domain. Maybe they plan on making it a premium feature later.
Not that we need HTTPS to browse reddit securely at work, amirite? /tunnel
Go to http://www.google.com/ncr (which prevents any redirecting) and set the language to English. The only thing that's still Dutch are the special logos, but since I use HTTPS Everywhere I never get those anyway.
(Yes, I really hate my own language when I'm using a computer.)
Actually it's sort of by default. I use Firefox with the EFF HTTPS-everywhere extension and the Force TLS extension. I'm in the UK, and there is a fair bit of controversy regarding monitoring of internet connections.
At the moment, the government have abandoned plans to record every web-site visit and email sent, but I do feel that, sometimes, a degree of paranoia is warranted. It's not that I am trying to hide anything—as far as I am aware, I have nothing to hide—but I feel that (for instance) what I look up on Wikipedia is my business.
Generally, if a website offers a secure connection, I will use it as a matter of course. I sometimes worry that this might be using more resources on the webserver, but as I understand it that isn't a major problem now.
However, when I post a link to Reddit, I'll normally obtain the standard web address and use that in my post comments / submissions. I know that TLS/SSL connections can be slower, and I don't want to inconvenience anyone. This time I was lazy, and posted the https:// version of the address.
Basically I believe that “if you have nothing to hide, you have nothing to fear” is a very hollow sentiment. The UK has a surprising amount of what one might call “passive” surveillance; that worries me, and has made me a fairly active proponent of civil liberties and protection from routine state monitoring of the population. That, in turn, tends to make me use what could be seen as more “secure” options, though I am well aware that if the authorities really want to monitor someone, it's easy enough for them to do so.
Perhaps it's fitting that the original submission is an image of apparently unbreakable cryptography :-)
That explanation was a lot longer than I meant it to be!
That's what https is for... also https://www.eff.org/https-everywhere(except that might fuck up the login portal... so you have to temp disable it or use private mode to log in)
You're totally safe as long as the url bar says "http*S*" and has a little lock on it. (the "s" means secure, and you're end-to-end encrypted from your device to the server)
HTTPS will block any snooping like that, so just install HTTPSEverywhere and make sure the sites you use support HTTPS. They can see the domain you connect to, but not any files you stream/download/whatever.
A VPN will also work, but it will look weird to suddenly have no web traffic anymore.
>HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. Information about how to access the project's Git repository and get involved in development is here.
It's not foolproof and it can be annoying when it blocks you from some websites, but if you use it while making important transactions on your computer it can give you some safety.
HTTPS Everywhere there's a WE version on their website (scroll down to the "Developers" note)
Greasemonkey there's Tampermonkey or ViolentMonkey