Thats good to know. Thanks for sharing

Do you know if these folks actively develop it or do they just apply patches to the Firefox codebase ?

Like do they just pre configure a bunch of about config settings and the pre installed search or do they harden the binaries at compile time ?

I’ve not kept up with this but I’m curious if there is any real advantage of this over Firefox after it has been configured. If not I would stick with Firefox as it will get security updates quicker by people who know the source code intimately.

Anyway not shitting on anyone’s choices here just curious.

Both my browser and network level dns blocker blocked the test attacker site from loading but in general there are 2 approaches to this: minimize your fingerprint data points or change them to blend in with the crowd.

I think for the most part selectivly blocking js and cookies will do a lot for you. You can also block the canvas and limit fonts too. I’d also recommend a vpn as they can associate it with your ip too.

Random hackers, companies, dragnet surveillance.

The companies are probably the biggest exposure as we are forced to interact with them for utilities, flights etc . They get hacked all of the time and dont bother to secure their data.

Also as a side note I hate how lots of places just assume you want to download their shitty spyware ridden apps or hand over your phone number or an email.

They must have something to hide 🤨

Personally I would split them so they are not all in the same place. So for email use something like proton or tuta, vpn could be mullvad and a local password manager such as keepass xc synced with syncthing.

Connect it to your PC or laptop and do a netinstall. Configure SSHD and a static ip. Plugin the disk to your server and then connect via ssh to admin it.

You could also set your laptop or PC to boot from the attached disk in the bios to test the services you want to start are starting

Happy to help 😉

Syncthing can do direct sync if you give the ip address to each node and you can disable relay servers .

Probably age of empires and MCC.

You can use veracrypt on steam os to create an encrypted container and unlock it when you need it in desktop mode.

Btop and logwatch with logrotate. I use healthchecks to check if the server is unreachable and it notifies me.

Jay-z’s preferred unit of energy

My block list is very small actually due to the non standard ssh port. Everything else goes through wireguard.

If it was open to the public then yes I’d have to reconsider the ban length.

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

Hackerman

Please see my reply below with links.

Onion repositories are package repositories hosted on tor hidden services. The connection goes through six hops and is end to end encrypted. In addition to further legitimizing the tor network with normal everyday usage it has the benefit of hiding what packages have been installed on a system.

Here are some notes about them if you want to read more.

https://blog.torproject.org/debian-and-tor-services-available-onion-services/

https://www.whonix.org/wiki/Onionizing_Repositories

Well I dont trust closed source software and do what I can to avoid it when I can. At least foss can be audited. Also all the linux devices on the main network are devices I admin.

Only remote access by wireguard and ssh on non standard port with key based access.

Fail2ban bans after 1 attempt for a year. Tweaked the logs to ban on more strict patterns

Logs are encrypted and mailed off site daily

System updates over tor connecting to onion repos.

Nginx only has one exposed port 443 that is accessible by wireguard or lan. Certs are signed by letsencrypt. Paths are ip white listed to various lan or wireguard ips.

Only allow one program with sudo access requiring a password. Every other privelaged action requires switching to root user.

I dont allow devices I dont admin on the network so they go on their own subnet. This is guests phones and their windows laptops.

Linux only on the main network.

I also make sure to backup often.