No. We just need to make our own devices, use bsv, and build on original philosophies by guy who made gnu. We just need better stuff. Not just a couple half used half available things like tor
I was in Amish country last month...and while watching them plow the fields with horses, I realized they'd never had to call Comcast before...and suddenly their lifestyle seems very appealing.
If you know what you're doing..... already had experience living off-road,off the grid,and already knowing how to survive..... including knowing how technology works by being a licensed HAM radio operator,then no problem. Just like Rob!
@@grayrabbit2211Pro tip: CenturyLink at 945Mbps for $75 is sooooo much faster. Plus they never try to manipulate our speeds and the router doesn't reboot randomly. We have never had to call support or unplug and rest devices...
Many coworkers are so concerned about privacy even covering with tape the built-in camera on the monitors at work but at the same time make their life, location, thoughts, etc. public for the whole world to see through FB, Instagram, tiktok, Twitter, etc 🙄 🤦♂️
For years I have told people about how violated we were where we use anything using the net. One day Iwas driving my semi as I was speaking to my step father about his up coming retirement. You see he is 6'6 and his legs have been giving him problems and so that's what particularly we were discussing. And so after the convo we hung up and it wasn't 10 min later he was calling me back asking me if I had contacted a doctor about his legs. And I said "no" I'm still driving and we just got off the phone. Then he proceeded to tell me how a doctor called him about service for his legs. I was stunned. Since then I play in settings so much I mess things up now turning everything off. I'm like the guy in comments that want to live off the grid in the woods.
Rob, you should create a solution to do browser separation without the additional pain of maintaining 4 different browsers. It could be just a front end ui that encapsulates all 4 browser application, or something similar
Rob, fellow boater here. Anyone that DOESN'T own a sailboat wouldn't recognize it, but it's cool to see you recorded this onboard!!! I spent 10 years as a liveaboard and can't wait to get back at it! Keep fighting the good fight!! Cheers
Man how the hell did you notice this wouldn't of thought of this until you mentioned it but now I think those are windows behind him also there is a very slight lateral movement in the video and then that creaking occasionally 😂 think that boat looks nicer than my house
Also, I've often wondered how "trash" and wrong passwords or pass codes are handled. Particularly, in the US where "trash" is considered "fair game", from a legal standpoint. BUT, my phone requires a pass code to get into voicemail and I don't use it very often so, when I used it the other day, I had to enter just about every 4 digit passcode I've ever used, a couple of which are still in use for other things.
Never let anyone use your account on any device. Create an account for them, even when you trust them. You can only ever trust their conscious decisions, and nobody is 100% conscious of the consequenses of their decisions.
Hey Rob, suppose I’m who you call “a normie”, been listening/watching you for several months now. learned so much from you! Thank you!!! Limited to really invest my time fully, into learning IT as well as you know it, by a ‘calling’ of my own. Namely, for example, growing my own food and all that involves. But it isn’t more important than protecting my privacy! This video is an example of why I value your content so highly! As a” Normie”, don’t always understand what you try to convey, but here I do. You offer simple/real tips that I can implement myself, & in my “normie” language, again, i truly appreciate your generosity of knowledge!!! Very soon i WILL purchase one of the de-googled phones, VPN, & email services you provide. Until then (& beyond) please don’t stop posting what you do! Your explanations & suggestions are helping me keep my data more private while allowing me to spend more of my time into perfecting my calling. youre a valuable member of society! Even though you don’t hear from many of us often or we are unable to catch you live… doesn’t mean you are not being heard, for we hear you!!! Thank you my friend! This video has been of great service towards maintaining my personal controls & privacy & really seeing what sort of thieves are in control of media. Happly Holidays! THANK YOU!!! Lupe
1. Clear/delete: cookies, and unknown browser download folder items. 2. Do not use: auto fill, password manager, browser extensions, and facebook. 3. Use browser isolation. One only for all google stuff, and one or two other for the rest.
I use a browser extension, agent... something, that allows me to change browser fingerprint to any one on a long list. I change it every time I use one of the five browsers i installed. I also use that Safin port app.
@@a.randomjack6661it would be great if there was a step by step video on this. A tutorial that goes in depth on how to set up and explaining the details of what each one does. For android devices
i have a bunch of comments here. 1- you're just sticking your finger in the dam. browsers are hundreds of thousands of lines of code that cannot really be vetted. you code. you know about combinations. you know that the code isn't really that vetted. the industry just doesn't test that well. browsers are black box, mitm, out of the gate. 2- how about pulling a stallman, and curling all the stuff you desire. advocate for less dynamic web. advocate for sites that don't serve pages that have external js links. advocate for sites that abide by a "limited complexity" ethos. 3- the consumer is redirected into better behaviour by example. this ain't by playing stick your finger in the dam ad infinitum. a rewrite/redesign is needed to clarify the boundaries.
Recently Snowden said (Bitcoin keynote), I am paraphrasing as I can't recall the exact words, " If you have to go thru a ton of circumvention and high tech magic to not be tracked, that's NOT freedom". I couldn't agree more! So the takeaway here for me is start fighting for our freedom at the state level, and pray for our country, 2 Chron 7:14
Just a fun tip. All links that are written in video descriptions and comments will have youtube/google tracking associated with the link. So always manually copy and paste links, don't just click them.
The main problem is that browsers are very complicated constantly changing bits of software and dangers especially of interactions with third parties tend to be discovered too late. This can only get worse.
The constant changing IS one of the problems with browsers. Even if most bugs have been worked out, as soon as new features are added, they can potentially introduce new bugs which can be used as back-doors by clever hackers.
@@BillAnt And... the next generation of hackers will be hyper-diligent AI, and 100 percent non-human. AI snooping will advance itself at an exponential rate, constantly improving its capabilities, as well. Humans are no more than cattle now for their masters. Their vanity and egos keep them from fully realizing the extent that they are immorally tracked, followed and manipulated. It's a divine comedy of ignorance now- until they round us all up.
3:57 The point is that the legitimate server disabling plain HTTP does *not* prevent a MitM attacker from serving a plain HTTP attack site of their own. HSTS makes it so that the browser will refuse to use a plain HTTP connection to a website, for the duration specified in the HSTS header. This prevents that kind of MitM attack against browsers that have already visited the website in the past. Also, HSTS supercookies don't work like regular cookies, you don' get to store arbitrary data and then retrieve it later at will. It just causes the browser to refuse plain HTTP for a set time. The way that it can be used to fingerprint browsers is not immediately obvious and requires clever use of a number of phony domains. Accusing the people who came up with it of "not caring about privacy at all" when it requires a sophisticated side channel attack to turn it against users is completely disingenuous.
You could enable HTTPS only on your browser, so if an MITM serves an HTTP page it simply won't work. While 95% of websites use HTTPS nowadays, there are still some out there which do not. It's a two edged sword.
I was scratching my head a bit with his explanation as well. The main problem with HSTS is that it records the sites you visit. If you delete the entries, they'll be written to the file again if you visit the site again. Maybe some sorcery with write perms in the folder that contains HSTS file would do the trick.
@@effsixteenblock50 The problem isn't that the list of visited sites is retrievable from local files. The problem is that HSTS can be abused by malicious web service operators to fingerprint browsers. HSTS tells browsers to use HTTPS and refuse plain HTTP, for a specific domain and duration of time. That causes an observable difference in behavior: whether or not the browser is willing to connect via HTTP. This gives you 1 bit of information about the browser that doesn't go away when you clear your cookies. 1 bit isn't enough to uniquely identify a browser, but that's 1 bit *per domain.* Multiply that by a large number of domains (operated by the same entity with the express purpose of fingerprinting) and you've got yourself a way to store a persistent unique ID in a browser against the user's will.
I have used browser partitioning for a long time It's super easy. An alternative is to use a virtual machine that you reset after each use. That will wholly avoid the super cookie issue, bit it' clunky and it os easy to make mistakes. If you still want to go that route here is what I did for quite a while. OS at the time was a self-compiled, hardened Gentoo. Browser partitioning for every day use. 1 browser for google (keep cookies) 1 browser for surfing (delete cookies at close) 1 browser for non-google logins (delete cookies manually) 1 VM for facebook (static disk) 1 VM for banking and shopping (static disk) 1 VM for browsing (reset disk after each use)
Yes it would be an extension but how about a browser fingerprinting "fuzzing" extension that generates false information randomly every time you go to a site, or revisit it?
You can do that but there are javascript APIs that tell the websites what's really going on. If you spoof your User-Agent string, a javascript API will basically rat on you.
Any implications for using Safari? I use it almost exclusively w/ Brave to bookmark sites. Is this a bad idea?Sorry to ask if you covered this apple issue previously. Thanks so much Rob.
I am so glad you made this video! This is a whole fuzzy grey area that I have always been suspicious of. I tried to learn some of this from a Cyber Navigator at the library, and later found out he hacked me and others... If you can do a whole video series on each of these aspects, that would be great. Am clueless. What kind of course can one take to learn more about these things? Learning to code seems like a long involved, abstract process. I am no good at math. Is it needed in order to use a Command line? Questions like - I don't use a browser, I just use a search engine. Or pay directly on the merchant website... Browsers are only needed for bookmarks or tabs... If your phone has malware, using Signal or a password manager wont help... Are there more secure keyboard apps than Gboard on Android?
@@thebrowns5337 If you access anything online, you are using a browser. That's how it works. When you use the "Google" app on your phone, for example, it uses the System WebView, a faceless browser engine that all non-browser apps use to access the Internet. (Same for TH-cam, Spotify, your bank...) And links you open use your default browser, even within the app. (I managed to have no default browser, so I have the choice every time.)
@@thebrowns5337 What do you mean by 'search motor'? A search engine (called "moteur de recherche" in French)? Unless you have the whole index stored at home (a massive data center) you need to send your query to a remote server. Using a browser.
Your easy to digest🤔info is invaluable for so many people, thank you for pressing on and your continued diligence with handling TH-cams obstacles. God Bless!!!🙃
Hack #2: You have passwords stored locally in your chrome browser, you pass your computer to your non-programmer cousin, he logs into his google account (which has "sync on"), all your passwords are copied to his account without further warning or notice. his account gets hacked by malware on a different computer, you are hacked. I saw this happening in practice several times.
Ah yes , sunds like how australian malware follows us in shops and location ,,, ,,, our government is the hack , and they encouraged australians to all manditorally go online , with 30 million IP servers overseas none actually in australia we have internet shutdowns nationwide ,sometimes twice a month, did you know the aussie internet still runs on Windoes 95 , cos our politicians thought to never vote to approve an upgrade over the past 30 years ,,.no wonder we have faulty internet well except for American Intelligence base that is always on,
Related question/problem I can't understand despite my technical background: This happens only on mobile, Android browsers no matter Googled or de-Googled. I typically use Firefox there so we can narrow issue to it. I follow same good privacy idea as you and on installation I disable any memorizing of anything (name, email, address fields, ccards,...). I also disable any "hints" for any fields such as URL, search,... However, now and then a website form will provide me with an option when I click on the field. Say I click on empty email field and below it will appear "suggestion" of the last email I typed in some other form on the browser. Need not be the email I use at that site but, suggestion appears. I have never seen this on desktop browsers and I don't understand where the info is coming from. Any ideas? (I see this as very bad as it somehow automagically bypasses my "ban" on remembering the form fields...)
Rob, could virtual machines mitigate tracking? For example, if you do a clean install of Windows 10 as a guest in Oracle's Virtual Box, take a snapshot (before any web browsing), and then do your web browsing... then... ...when you are done with your web browsing, you can restore your snapshot (takes 2 seconds). Your Windows 10 guest machine will be completely restored to prior to your web browsing session. Is there any benefit to the above? Or is it a waste of time? Your solution, to use different browsers, is intriguing. But then each of those browsers is keeping a history of your activities. And what happens if you mistakenly use the wrong browser and visit a site that you were supposed to visit with a different browser? I figure that by using a virtual machine (even more than one virtual machine), then you would be completely clearing out whatever your guest machine had stored, upon restoring your snapshot. Your thoughts?
There exist linux versions specially made to run in virtual machine with TOR as internet connection and special versions of Firefox that uses TOR for going on internet if you want high privacy...
Well shit! I HAD ad-privacy turned off in Chrome! I got a Chrome update and it was all turned back on! You might want to talk about/investigate that!!!
Great Report Rob! Everything Is On The Ball. It Seems I'm Constantly Role-Playing With These Terds Considering A "Shadow" Is Constant In The Digital World, That Don't Play In The SUN - Expect It As Is, IS! Just Wondering Rob, What Are Your Thoughts About "User-Agent Switchers", Extension for Firefox header, ie Pretending to be a different browser?
Unless you're spoofing default browser settings ( kind of like a tor browser does) user agent switchers help build a unique profile that can be tracked and used in a correlation attack. It's counterintuitive but they work against good opsec
You mentioned these hidden and secret Google and TH-cam cookies they imbed in browsers. Could you cover their removal in a video? Thanks again for all of your knowledge and help, sir!
I’d be interested to about partitioning that some browsers offer, like Firefox or Brave. How good at isolating data and threats etc are they? Love your work! Don’t stop. Ever!
@@UNcommonSenseAUS I have never used Qubes. But I am intrigued by its functionality. Are you using Qubes? Is it worth the extra effort? Does it perform well with modest hardware (say, an Intel Core i5, 16GB of RAM, and an SSD)?
That's why I hate modern browsers, especially since Firefox version >35. You no longer have any control over your data and what the browser can and is allowed to do. To this day I still don't understand why Mozilla sold itself and gave up itself. Not only to mention the "great" developers......
Thank you for the video. This is super helpful. If I accidentally logged in on Google with a browser that is meant for non-google activities, is there a way to recover my privacy other than to uninstall/reinstall?
Hello Rob thanks for all the videos you have authored I find them most informative. I know you have talked about TOR, the onion structure and the multiple nodes excreta. Not being a typical browse have you done a focus on the TOR browser. It's strengths and weaknesses a how to on configuring it from the same perspective as this video if so I want to see it. If not I want to see it
Pretty incredible channel! Please tell me with specific instructions how to pay for your product without telling everybody that wants to know that I am paying for it
Hi Rob, regarding browser compartmentalization, how is behaving different profiles on Chrome / Edge / Brave etc? One for "logged in" stuf and "clean" or "one-time" for non logged stuf?
Yes. There always be ISP. You don't use VPN, and your ISP will get your HTTP headers (that's how GFW and other website restircitons across the world generally works). You use VPN, and your ISP will only(still) konw that you connect to somewhere, and ISP of VPN will know your URL. But (if use a dedicated mixture of plain, VPS providers, offf-the-shelf VPN providers, and Tor) you can minimize the possibility of any single organization get your full tracks on Internet.
Rob forgive me if you have all ready covered, could you make a video about google incognito tracking lawsuit ? Long time fan thank you for your work !!
Ok, I normally think highly of your very critical view of a lot of privacy topics but HSTS? Yes, an outsider as well as the site itself may be able to find that you, at some point must've made a connection to a site at some point but from what I know, that's about it. As far as I am aware HSTS is more akin to a boolean flag, that forces your browser to use HTTPS instead of HTTP. What other data is stored on the client side that would make them identifiable in your opinion? If I am actually incorrect about this and you can give me some pointers, I would greatly appreciate it.
Love your videos thank you so much for the knowledge. Just a side note I feel like all of your videos for a few decibels lower in audio volume than other videos. Maybe push the volume DB's a little higher. Thank you again for your help
What do you think about Eric Prince's 'UP-phone?' Has hard-switches you used to like. Looks ridiculous next to your open-source apps and dual physical-sims though. Three times the price too.
16:03 What about using different containers in Firefox? What about using LibreWolf, also with containers? LibreWolf blocking fingerprinting by default, while Brave do not.
Not only that I use browser isolation I also use "system isolation". I access TH-cam through one of the browsers on my virtual machine while using my main system for personal activity such as shopping and stuff.
I learned heaps from this video. I never considered that javascript might capture autofill data even if i delete it out of the input box before i submit. You mention watching youtube videos in a browser, i assume because you dont want to install the app, understandable. Is this the case with all the google services you use? Maps, search, gmail, docs etc? I’m forced to use google authenticator app for 3 different sites, is there a better option than having this app installed?
Oh okay, that makes sense. Thanks. Can you use third party youtube apps on degoogled phones? Like vanced, newpipe or even the one Louis Rossmann is co-developing, Grayjay?
Shouldn't any cookies be destroyed if the browser is deleted then re-installed? If anythig persists past that point it has escaped the app layer, and is considered an attack on the device making it a virus.
I found the "DOM" acronym in the part about extensions really funny. The word, "dom," in Afrikaans means "stupid." Now, that's an appropriate acronym if there ever was one.
speaking of partitioning of browsers, i would be curious to have you do a video on Qubes OS, and how it compartmentalizes everything across different workflows
The web workers only continue running if you later went back to the same web site, not just restarting the browser (and going to some other web sites). Right? Please clarify.
Web worker doesn't stop just because you leave the website. In testing, the Google web workers stopped when I deleted cookies. But if I logged back in to Google, then the web workers will initiate again.
@@robbraxmantech I think that if a web site can leave something running after you leave the web site (close the browser tab), that would be a major issue and worth investigating. For now I think that if I close a tab with a page (I use FireFox), the cookie remains as a cookie but nothing stays running, unless I come back and open that web site again.
So if they have a super cookie already, and have been collecting data, what do you do? If you suddenly change your behavior it still has your information up to current year.
I have a OPPO phone and despite it (the app) being disabled, it keeps on nagging me to enable some kind of "payment protection", Any ideas to remove it from my system? thanks
Rob, how much would it cost to develop a new web browser platform (open source) that is secure and free from alot of the privacy concerns and keeps horrible companies such as meta and google at bay? Curious to know
Er, Web Workers do not persist when you close the tab. Service Workers do, but if i recall they only activate when visiting the domain in which they're registered. I think your information is backwards. Also, Web Workers predate Service Workers.
@@robbraxmantech It's not accurate to say one is a subset of the other either. Web Workers are merely a running thread (referred to as Isolate in V8) parented by an outer thread. In a browser, that outer thread is typically the UI thread for a page. If you terminate the outer thread (or close the page) the sub thread is immediately terminated (as would all threads be terminated in a threaded desktop application). This is different to Service Workers which are intended to "Service" multiple pages. Because they service multiple pages, the browser cannot naively terminate them when you close a tab (because another tab may be sharing that service). Service Workers are therefore executed "out of process" and linger when a tab is closed. Again, it is not accurate to say one is a subset of the other, the Page, Web Worker and Service Worker are all isolated processes, with the only distinction being that Web Workers run as in process threads, and Service Workers run out of process (and include Http intercept and Cache API) Sorry, I'm a Web Engineer with 25 years experience developing on the Web. So....yeah.
so the guy made a video based of false information and the only guy that adresses the issue gets ignored and all other comments are paranoid npcs talking about living in woods?
I have a question about autofill. What is the alternative? Is there another way for me to create tens of different passwords and remember all of them? Using a txt file doesn't feel secure no matter how you look at it.
@@Lorens4444 True. But a .txt file doesn't automate the process for you. Check out the feature set of local password safe programs. They do a lot more than just store them.
I always delete my cookies before closing the browser, the browser makes it automatically for me. And I have tracking prevention and location tracking blocked. Also my IP address always changes every day once.
Brave also spies I've been using Safin Portmaster foir a while. You'd be 🤯if you saw how many connections and where they goto if you could check themé Portmaster has a free version and is open software. Click on the active connections tab and see the lot and to where they goto. Now available for Windows, PC security channel released a video about it. Look it up. P.S. I use Brave only for youtube. I use 4 different browsers. The other ones are Firefox or forks of
I use Brave but I don’t necessarily trust it any more than any other browser because they usually fall into one of two categories. 1) They either use googles algorithm so they’re compromised. 2) At some point in the future they are sold to a front company owned by google and then harvest your data.
It's better than nothing but worse than different browsers. It prevents tracking via cookies but fingerprinting can connect the containers since you have the same browser settings, extensions, etc. on all containers.
What do you think about the --user-data-dir command line argument in Chrome? It basically lets you run multiple instances of Chrome independently, each with their own extensions/history/etc. Could that be used in lieu of having a bunch of different browsers on your system?
If you're running one session of Chrome, how is two or more sessions going to do anything for you? Just put all the "extensions" on one single version, go into settings and turn off history, etc...etc. I mean, what is the actual goal we are trying to accomplish here? Visa, Mastercard and your bank have records of all you ever buy and where you go to buy it with timestamps, unless you always use cash. And I mean always. What's the purpose?
@@SpaceCadet4Jesus This is a good point, however I think political affiliation and partitioning super cookies is detrimental for people wanting to work in cyber security or government. While it doesn't matter in regards to purchases, one big thing you could be doing is a VPS/Virtual container (Maybe even docker) specifically for running an isolated instance of a browser with a proxy or VPN specifically for political/news/social [with other usernames, etc] and do your real name stuff via normal parameters. My biggest thing is it's a little too late, I mean, if we all have a super cookie, how does suddenly changing our browser history change 10 years worth of data?
Every day the idea of building a shack in the mountains and living off the land is more and more appealing. :p
No. We just need to make our own devices, use bsv, and build on original philosophies by guy who made gnu. We just need better stuff. Not just a couple half used half available things like tor
We need to setup our own comms networks
The government has become the enemy.
I was in Amish country last month...and while watching them plow the fields with horses, I realized they'd never had to call Comcast before...and suddenly their lifestyle seems very appealing.
If you know what you're doing..... already had experience living off-road,off the grid,and already knowing how to survive..... including knowing how technology works by being a licensed HAM radio operator,then no problem.
Just like Rob!
@@grayrabbit2211Pro tip: CenturyLink at 945Mbps for $75 is sooooo much faster. Plus they never try to manipulate our speeds and the router doesn't reboot randomly. We have never had to call support or unplug and rest devices...
Many coworkers are so concerned about privacy even covering with tape the built-in camera on the monitors at work but at the same time make their life, location, thoughts, etc. public for the whole world to see through FB, Instagram, tiktok, Twitter, etc 🙄
🤦♂️
Sounds like me 😂
I know what you mean, just like a heavy person ordering two Big Mac's, large fries, chocolate sundae, and then ordering a diet coke.
Like agent smith said : ignorance is a bliss.
Ego-powered automatons.
Use masking tape or small snippets of duct tape to cover the cameras.
For years I have told people about how violated we were where we use anything using the net. One day Iwas driving my semi as I was speaking to my step father about his up coming retirement. You see he is 6'6 and his legs have been giving him problems and so that's what particularly we were discussing. And so after the convo we hung up and it wasn't 10 min later he was calling me back asking me if I had contacted a doctor about his legs. And I said "no" I'm still driving and we just got off the phone. Then he proceeded to tell me how a doctor called him about service for his legs. I was stunned. Since then I play in settings so much I mess things up now turning everything off. I'm like the guy in comments that want to live off the grid in the woods.
Rob, you should create a solution to do browser separation without the additional pain of maintaining 4 different browsers.
It could be just a front end ui that encapsulates all 4 browser application, or something similar
Rob, fellow boater here. Anyone that DOESN'T own a sailboat wouldn't recognize it, but it's cool to see you recorded this onboard!!! I spent 10 years as a liveaboard and can't wait to get back at it!
Keep fighting the good fight!! Cheers
Man how the hell did you notice this wouldn't of thought of this until you mentioned it but now I think those are windows behind him also there is a very slight lateral movement in the video and then that creaking occasionally 😂 think that boat looks nicer than my house
I lived on a sailboat for 10 years and I didn't realize until I read your comment.. His boat is too neat! haha
Also, I've often wondered how "trash" and wrong passwords or pass codes are handled. Particularly, in the US where "trash" is considered "fair game", from a legal standpoint. BUT, my phone requires a pass code to get into voicemail and I don't use it very often so, when I used it the other day, I had to enter just about every 4 digit passcode I've ever used, a couple of which are still in use for other things.
Never let anyone use your account on any device. Create an account for them, even when you trust them. You can only ever trust their conscious decisions, and nobody is 100% conscious of the consequenses of their decisions.
True that. Good advice.
I made that mistake with kids I babysit
Hey Rob, suppose I’m who you call “a normie”, been listening/watching you for several months now. learned so much from you! Thank you!!! Limited to really invest my time fully, into learning IT as well as you know it, by a ‘calling’ of my own. Namely, for example, growing my own food and all that involves. But it isn’t more important than protecting my privacy! This video is an example of why I value your content so highly! As a” Normie”, don’t always understand what you try to convey, but here I do. You offer simple/real tips that I can implement myself, & in my “normie” language, again, i truly appreciate your generosity of knowledge!!! Very soon i WILL purchase one of the de-googled phones, VPN, & email services you provide.
Until then (& beyond) please don’t stop posting what you do! Your explanations & suggestions are helping me keep my data more private while allowing me to spend more of my time into perfecting my calling. youre a valuable member of society! Even though you don’t hear from many of us often or we are unable to catch you live… doesn’t mean you are not being heard, for we hear you!!! Thank you my friend! This video has been of great service towards maintaining my personal controls & privacy & really seeing what sort of thieves are in control of media. Happly Holidays! THANK YOU!!! Lupe
Well said, agree to that!
1. Clear/delete: cookies, and unknown browser download folder items.
2. Do not use: auto fill, password manager, browser extensions, and facebook.
3. Use browser isolation. One only for all google stuff, and one or two other for the rest.
Thanks.
@@terry_willis No problem, If you’re new I’d suggest to checkout some of his other videos as well, cause this is not everything to be concerned about.
I went on step further, machine isolation. I run W11 with Edge, Chromebox with Chrome, and Linux mint with Brave, using 3 different CPU's
@@RevWillBreeze Nice, that should keep them 😵💫
@@terry_willis u SHOULD use a password manager but not the built in browser ones.. keepass is a good one, os n pretty safe n easy to use
Thank you for this video. I was curious regarding cookies, super-cookies and ever-cookies and the security risks they pose.
I wish you could do concise videos tackling each threat. I realise this is a lot of work, but it would help us on the tech fringe.
666...I bet u don't even believe in God....satan has u
The speed at which the browser fingerprinting becomes precise is alarming
I use a browser extension, agent... something, that allows me to change browser fingerprint to any one on a long list. I change it every time I use one of the five browsers i installed.
I also use that Safin port app.
@@a.randomjack6661 user agent switcher.
Useful against novice adversaries, experienced however will see through it like a fly screen...
@@a.randomjack6661it would be great if there was a step by step video on this. A tutorial that goes in depth on how to set up and explaining the details of what each one does. For android devices
i have a bunch of comments here.
1- you're just sticking your finger in the dam. browsers are hundreds of thousands of lines of code that cannot really be vetted. you code. you know about combinations. you know that the code isn't really that vetted. the industry just doesn't test that well. browsers are black box, mitm, out of the gate.
2- how about pulling a stallman, and curling all the stuff you desire. advocate for less dynamic web. advocate for sites that don't serve pages that have external js links. advocate for sites that abide by a "limited complexity" ethos.
3- the consumer is redirected into better behaviour by example. this ain't by playing stick your finger in the dam ad infinitum. a rewrite/redesign is needed to clarify the boundaries.
You sound like an employee doing damage control
Recently Snowden said (Bitcoin keynote), I am paraphrasing as I can't recall the exact words, " If you have to go thru a ton of circumvention and high tech magic to not be tracked, that's NOT freedom". I couldn't agree more! So the takeaway here for me is start fighting for our freedom at the state level, and pray for our country, 2 Chron 7:14
Just a fun tip. All links that are written in video descriptions and comments will have youtube/google tracking associated with the link. So always manually copy and paste links, don't just click them.
Delete the rfid and ref strings as well
can you post a link for more info? 😂
that's how I used to google. I never clicked on the results, I selected the url written under it and dragged it to a new tab
@@sumbodee3Use to? Why change? And could you remove those glasses so we get a good look at your identity, please?
😅
@@SpaceCadet4Jesus I stopped giving a f Ain't got nuttin to hide
The main problem is that browsers are very complicated constantly changing bits of software and dangers especially of interactions with third parties tend to be discovered too late. This can only get worse.
The constant changing IS one of the problems with browsers. Even if most bugs have been worked out, as soon as new features are added, they can potentially introduce new bugs which can be used as back-doors by clever hackers.
@@BillAnt And... the next generation of hackers will be hyper-diligent AI, and 100 percent non-human.
AI snooping will advance itself at an exponential rate, constantly improving its capabilities, as well. Humans are no more than cattle now for their masters. Their vanity and egos keep them from fully realizing the extent that they are immorally tracked, followed and manipulated.
It's a divine comedy of ignorance now- until they round us all up.
8:56 - when it comes to 2 women... I'm the man in the middle ... and I'm not ashamed to do so...
3:57 The point is that the legitimate server disabling plain HTTP does *not* prevent a MitM attacker from serving a plain HTTP attack site of their own.
HSTS makes it so that the browser will refuse to use a plain HTTP connection to a website, for the duration specified in the HSTS header. This prevents that kind of MitM attack against browsers that have already visited the website in the past.
Also, HSTS supercookies don't work like regular cookies, you don' get to store arbitrary data and then retrieve it later at will. It just causes the browser to refuse plain HTTP for a set time. The way that it can be used to fingerprint browsers is not immediately obvious and requires clever use of a number of phony domains. Accusing the people who came up with it of "not caring about privacy at all" when it requires a sophisticated side channel attack to turn it against users is completely disingenuous.
So I built this impenetrable safe. Then I used a bike lock to lock it.
agreed, I skipped to this point at first because I don't want to waste 20 minutes of my life and that point was a lot of misinformation and mongering.
You could enable HTTPS only on your browser, so if an MITM serves an HTTP page it simply won't work. While 95% of websites use HTTPS nowadays, there are still some out there which do not. It's a two edged sword.
I was scratching my head a bit with his explanation as well.
The main problem with HSTS is that it records the sites you visit. If you delete the entries, they'll be written to the file again if you visit the site again.
Maybe some sorcery with write perms in the folder that contains HSTS file would do the trick.
@@effsixteenblock50 The problem isn't that the list of visited sites is retrievable from local files. The problem is that HSTS can be abused by malicious web service operators to fingerprint browsers.
HSTS tells browsers to use HTTPS and refuse plain HTTP, for a specific domain and duration of time.
That causes an observable difference in behavior: whether or not the browser is willing to connect via HTTP.
This gives you 1 bit of information about the browser that doesn't go away when you clear your cookies.
1 bit isn't enough to uniquely identify a browser, but that's 1 bit *per domain.*
Multiply that by a large number of domains (operated by the same entity with the express purpose of fingerprinting) and you've got yourself a way to store a persistent unique ID in a browser against the user's will.
I have used browser partitioning for a long time It's super easy.
An alternative is to use a virtual machine that you reset after each use. That will wholly avoid the super cookie issue, bit it' clunky and it os easy to make mistakes.
If you still want to go that route here is what I did for quite a while. OS at the time was a self-compiled, hardened Gentoo.
Browser partitioning for every day use.
1 browser for google (keep cookies)
1 browser for surfing (delete cookies at close)
1 browser for non-google logins (delete cookies manually)
1 VM for facebook (static disk)
1 VM for banking and shopping (static disk)
1 VM for browsing (reset disk after each use)
Yes it would be an extension but how about a browser fingerprinting "fuzzing" extension that generates false information randomly every time you go to a site, or revisit it?
You can do that but there are javascript APIs that tell the websites what's really going on.
If you spoof your User-Agent string, a javascript API will basically rat on you.
Any implications for using Safari? I use it almost exclusively w/ Brave to bookmark sites. Is this a bad idea?Sorry to ask if you covered this apple issue previously. Thanks so much Rob.
There is a new vulnerability in Safari, iLeakage
Google Chrome logo is a stacked 666 no joke
Appropriate answer is don't let anyone use your PC and especially your login or create a separate guest login.
I am so glad you made this video!
This is a whole fuzzy grey area that I have always been suspicious of.
I tried to learn some of this from a Cyber Navigator at the library, and later found out he hacked me and others...
If you can do a whole video series on each of these aspects, that would be great.
Am clueless.
What kind of course can one take to learn more about these things?
Learning to code seems like a long involved, abstract process. I am no good at math.
Is it needed in order to use a Command line?
Questions like -
I don't use a browser, I just use a search engine.
Or pay directly on the merchant website...
Browsers are only needed for bookmarks or tabs...
If your phone has malware, using Signal or a password manager wont help...
Are there more secure keyboard apps than Gboard on Android?
You can't use a search engine without a browser.
@@alan4sure well of course you can
@@alan4surewhat about a search motor?
@@thebrowns5337 If you access anything online, you are using a browser. That's how it works. When you use the "Google" app on your phone, for example, it uses the System WebView, a faceless browser engine that all non-browser apps use to access the Internet. (Same for TH-cam, Spotify, your bank...) And links you open use your default browser, even within the app. (I managed to have no default browser, so I have the choice every time.)
@@thebrowns5337 What do you mean by 'search motor'? A search engine (called "moteur de recherche" in French)? Unless you have the whole index stored at home (a massive data center) you need to send your query to a remote server. Using a browser.
Thanks. Everything I listen to from you is a learning experience.
Your easy to digest🤔info is invaluable for so many people, thank you for pressing on and your continued diligence with handling TH-cams obstacles. God Bless!!!🙃
Hack #2: You have passwords stored locally in your chrome browser, you pass your computer to your non-programmer cousin, he logs into his google account (which has "sync on"), all your passwords are copied to his account without further warning or notice. his account gets hacked by malware on a different computer, you are hacked. I saw this happening in practice several times.
Ah yes , sunds like how australian malware follows us in shops and location ,,, ,,, our government is the hack , and they encouraged australians to all manditorally go online , with 30 million IP servers overseas none actually in australia we have internet shutdowns nationwide ,sometimes twice a month, did you know the aussie internet still runs on Windoes 95 , cos our politicians thought to never vote to approve an upgrade over the past 30 years ,,.no wonder we have faulty internet well except for American Intelligence base that is always on,
Was his sync ON?
Best to let him use your computer under a guest account.
Related question/problem I can't understand despite my technical background: This happens only on mobile, Android browsers no matter Googled or de-Googled. I typically use Firefox there so we can narrow issue to it. I follow same good privacy idea as you and on installation I disable any memorizing of anything (name, email, address fields, ccards,...). I also disable any "hints" for any fields such as URL, search,... However, now and then a website form will provide me with an option when I click on the field. Say I click on empty email field and below it will appear "suggestion" of the last email I typed in some other form on the browser. Need not be the email I use at that site but, suggestion appears. I have never seen this on desktop browsers and I don't understand where the info is coming from. Any ideas? (I see this as very bad as it somehow automagically bypasses my "ban" on remembering the form fields...)
It's your keyboard
Change the settings on your keyboard 👍
@@nunyabizniz1977it's your keyboard _app_
It's called auto complete, at least on Windows.
So. instead of keeping documents in the cloud, should we keep the documents only locally on one's PC and make the PC accessible remotely?
Rob, could virtual machines mitigate tracking?
For example, if you do a clean install of Windows 10 as a guest in Oracle's Virtual Box, take a snapshot (before any web browsing), and then do your web browsing... then...
...when you are done with your web browsing, you can restore your snapshot (takes 2 seconds). Your Windows 10 guest machine will be completely restored to prior to your web browsing session.
Is there any benefit to the above? Or is it a waste of time?
Your solution, to use different browsers, is intriguing. But then each of those browsers is keeping a history of your activities. And what happens if you mistakenly use the wrong browser and visit a site that you were supposed to visit with a different browser?
I figure that by using a virtual machine (even more than one virtual machine), then you would be completely clearing out whatever your guest machine had stored, upon restoring your snapshot.
Your thoughts?
I’d like to hear his thoughts on this too!
Yes VM's solve a lot of these. But browser isolation is simpler to execute. You can do either
@@robbraxmantech Is VirtualBox trustable, knowing it's from Oracle?
I like the multiple virtual machines idea.
And yes, it is a lot more work than just using separate browsers.
There exist linux versions specially made to run in virtual machine with TOR as internet connection and special versions of Firefox that uses TOR for going on internet if you want high privacy...
Well shit! I HAD ad-privacy turned off in Chrome! I got a Chrome update and it was all turned back on! You might want to talk about/investigate that!!!
Simple, easy to understand explanations. Glad I watched.
TH-cam attaks firefox and slowing down firefox is this a privacy intrusion?Because ad blockers?
Great video, well done. Subscribed.
Rob, what do you think of installing AdGuard Home on a Raspberry Pi to block ads and enhance privacy?
Thanks!
Great Report Rob! Everything Is On The Ball. It Seems I'm Constantly Role-Playing With These Terds Considering A "Shadow" Is Constant In The Digital World, That Don't Play In The SUN - Expect It As Is, IS!
Just Wondering Rob, What Are Your Thoughts About "User-Agent Switchers", Extension for Firefox header, ie Pretending to be a different browser?
Unless you're spoofing default browser settings ( kind of like a tor browser does) user agent switchers help build a unique profile that can be tracked and used in a correlation attack. It's counterintuitive but they work against good opsec
Surveillance state brought to you by private enterprise....Ironic
Thanks Rob - once again you've given us all something to think about.
What I constantly wonder about is why there aren't constant class actions against theft of bandwidth?
You mentioned these hidden and secret Google and TH-cam cookies they imbed in browsers. Could you cover their removal in a video?
Thanks again for all of your knowledge and help, sir!
No way. We don't have ALL your information yet. 😅
@@SpaceCadet4Jesus"We"
Are you a Google engineer?
thats a hackers job
Very insightful video.
My phones software update is now 1.6 Gb, how come?
I can remember the days when you could fit Windows XP on a CD ROM.
I’d be interested to about partitioning that some browsers offer, like Firefox or Brave. How good at isolating data and threats etc are they? Love your work! Don’t stop. Ever!
If that were a method I'd discuss it. I don't suggest it at all.
@@robbraxmantech thanks for replying
@@robbraxmantechwhat about Android phone?
Great content Rob! Thank you! What's your take on using LibreWolf with segmented containers? ...am I still at risk of cross-website tracking?
Containers do not protect you. Stick to browser isolation
@@UNcommonSenseAUS I have never used Qubes. But I am intrigued by its functionality.
Are you using Qubes?
Is it worth the extra effort?
Does it perform well with modest hardware (say, an Intel Core i5, 16GB of RAM, and an SSD)?
As far as I knew Supercokies were removed from Firefox few years ago. Are they still a threat?
That's why I hate modern browsers, especially since Firefox version >35.
You no longer have any control over your data and what the browser can and is allowed to do.
To this day I still don't understand why Mozilla sold itself and gave up itself. Not only to mention the "great" developers......
Thank you for the video. This is super helpful.
If I accidentally logged in on Google with a browser that is meant for non-google activities, is there a way to recover my privacy other than to uninstall/reinstall?
Clear cookies and start again
@@robbraxmantech Thank you !
thank you for sharing and explaining so clearly the various facets involved with computer privacy issues, as well as safety! Much appreciated!
I have a similar web-browsing strategy, but yours is superior. I’ll switch to it soon.
Hello Rob thanks for all the videos you have authored I find them most informative. I know you have talked about TOR, the onion structure
and the multiple nodes excreta. Not being a typical browse have you done a focus on the TOR browser. It's strengths and weaknesses
a how to on configuring it from the same perspective as this video if so I want to see it. If not I want to see it
Pretty incredible channel! Please tell me with specific instructions how to pay for your product without telling everybody that wants to know that I am paying for it
Are super cookies persistent in privacy tab, once the private tab is closed?
Should take it further and do entirely different machines on different networks
Hi Rob, regarding browser compartmentalization, how is behaving different profiles on Chrome / Edge / Brave etc? One for "logged in" stuf and "clean" or "one-time" for non logged stuf?
Don't ISP's log all URLS regardless of which Browser is used, including "In Private" browsing?
Yes. There always be ISP. You don't use VPN, and your ISP will get your HTTP headers (that's how GFW and other website restircitons across the world generally works). You use VPN, and your ISP will only(still) konw that you connect to somewhere, and ISP of VPN will know your URL. But (if use a dedicated mixture of plain, VPS providers, offf-the-shelf VPN providers, and Tor) you can minimize the possibility of any single organization get your full tracks on Internet.
Great info! I'm more privacy savvy than most but some of these were indeed new to me. Super cookies?!
Rob forgive me if you have all ready covered, could you make a video about google incognito tracking lawsuit ?
Long time fan thank you for your work !!
Ok, I normally think highly of your very critical view of a lot of privacy topics but HSTS? Yes, an outsider as well as the site itself may be able to find that you, at some point must've made a connection to a site at some point but from what I know, that's about it. As far as I am aware HSTS is more akin to a boolean flag, that forces your browser to use HTTPS instead of HTTP. What other data is stored on the client side that would make them identifiable in your opinion? If I am actually incorrect about this and you can give me some pointers, I would greatly appreciate it.
All HSTS cookies can be scanned by an outsider so that set creates a unique signature.
Why not using Firefox Containers to separate the browsing profiles?
Thanks for the information.
That autofill thing scared me. Thanks for brining it to my attention.
Love your videos thank you so much for the knowledge. Just a side note I feel like all of your videos for a few decibels lower in audio volume than other videos. Maybe push the volume DB's a little higher. Thank you again for your help
Is partitioning effective using different profiles in ffox with tweaking settings in about:config for each profile ?
i use a browser exported out of distrobox in debian, what are the implications (distrobox is running fedora)
Ironically I think we'll look back at the 2020's as the 'good old days before we were tracked up the wazoo'...
I miss the days when I could take a dump without Google knowing... This days you get in the first two minutes the chemical analysis...
Thanks 4 this info!❤❤❤
You are looking ageless, Rob! I don’t get your notifications 😮. Signed up for sailing too. You are menza aren’t you. 🎉
What do you think about Eric Prince's 'UP-phone?' Has hard-switches you used to like.
Looks ridiculous next to your open-source apps and dual physical-sims though. Three times the price too.
Wouldn't touch that with a 10 foot pole.
16:03 What about using different containers in Firefox? What about using LibreWolf, also with containers? LibreWolf blocking fingerprinting by default, while Brave do not.
very deep and informative content. appreciate your sharing.
Thank you very much, for the most important information and the best solutions you have provided us. God bless you and your business.
Not only that I use browser isolation I also use "system isolation". I access TH-cam through one of the browsers on my virtual machine while using my main system for personal activity such as shopping and stuff.
Thank you very much, very informative and helpful 😮😊
It's refreshing to get the straight stuff! Thanks for this!
I learned heaps from this video. I never considered that javascript might capture autofill data even if i delete it out of the input box before i submit.
You mention watching youtube videos in a browser, i assume because you dont want to install the app, understandable. Is this the case with all the google services you use? Maps, search, gmail, docs etc?
I’m forced to use google authenticator app for 3 different sites, is there a better option than having this app installed?
De-Googled phones cannot run Google apps. Which is critical since the spyware is tied to a Googled phone and not removable
Oh okay, that makes sense. Thanks.
Can you use third party youtube apps on degoogled phones? Like vanced, newpipe or even the one Louis Rossmann is co-developing, Grayjay?
yes works fine
Shouldn't any cookies be destroyed if the browser is deleted then re-installed? If anythig persists past that point it has escaped the app layer, and is considered an attack on the device making it a virus.
I found the "DOM" acronym in the part about extensions really funny. The word, "dom," in Afrikaans means "stupid." Now, that's an appropriate acronym if there ever was one.
Ja swaar👍
Ha! Thanks
Whoa.....this info. is golden. I'm glad I came across this channel. Great info and new sub.
speaking of partitioning of browsers, i would be curious to have you do a video on Qubes OS, and how it compartmentalizes everything across different workflows
The web workers only continue running if you later went back to the same web site, not just restarting the browser (and going to some other web sites). Right? Please clarify.
Web worker doesn't stop just because you leave the website. In testing, the Google web workers stopped when I deleted cookies. But if I logged back in to Google, then the web workers will initiate again.
@@robbraxmantech I think that if a web site can leave something running after you leave the web site (close the browser tab), that would be a major issue and worth investigating.
For now I think that if I close a tab with a page (I use FireFox), the cookie remains as a cookie but nothing stays running, unless I come back and open that web site again.
So if they have a super cookie already, and have been collecting data, what do you do? If you suddenly change your behavior it still has your information up to current year.
I have a OPPO phone and despite it (the app) being disabled, it keeps on nagging me to enable some kind of "payment protection", Any ideas to remove it from my system?
thanks
Creepy
What do you think of the TEXT OLY Lenox browser called (I think), Lynx? Is it susceptible to a problems you mentioned?
what do you think of Thorium browser ?
Thank you. What do you think of Startpage?
Rob, how much would it cost to develop a new web browser platform (open source) that is secure and free from alot of the privacy concerns and keeps horrible companies such as meta and google at bay? Curious to know
billions
Cost in time and effort would be enormous, otherwise we would see free browsers like that everywhere.
@@luimu trillions
Huawei Harmony OS is one,,thats why its baned here by our Gov. 😊 same as hapened w BB btw . Cant hack it.
@@WANDERER0070 CCP respecting privacy, really?
Is there a means to keep a browser secure if advertisers are not involved?
Er, Web Workers do not persist when you close the tab. Service Workers do, but if i recall they only activate when visiting the domain in which they're registered. I think your information is backwards. Also, Web Workers predate Service Workers.
whatever you say. Now I program web workers of which service workers is a subset and it obviously has to keep running to do things like notifications.
@@robbraxmantech It's not accurate to say one is a subset of the other either. Web Workers are merely a running thread (referred to as Isolate in V8) parented by an outer thread. In a browser, that outer thread is typically the UI thread for a page. If you terminate the outer thread (or close the page) the sub thread is immediately terminated (as would all threads be terminated in a threaded desktop application). This is different to Service Workers which are intended to "Service" multiple pages. Because they service multiple pages, the browser cannot naively terminate them when you close a tab (because another tab may be sharing that service). Service Workers are therefore executed "out of process" and linger when a tab is closed.
Again, it is not accurate to say one is a subset of the other, the Page, Web Worker and Service Worker are all isolated processes, with the only distinction being that Web Workers run as in process threads, and Service Workers run out of process (and include Http intercept and Cache API)
Sorry, I'm a Web Engineer with 25 years experience developing on the Web. So....yeah.
so the guy made a video based of false information and the only guy that adresses the issue gets ignored and all other comments are paranoid npcs talking about living in woods?
@@BinaryReader What are 'service workers'?e.g I've never seen a firefox process run after main process is closed
appreciate your work, thx rob!
Could you please make a video about protecting your home router/network? And secure your browser for online banking.
Thanks, Rob! 👍👍👍
I have a question about autofill. What is the alternative? Is there another way for me to create tens of different passwords and remember all of them? Using a txt file doesn't feel secure no matter how you look at it.
Local password program such as Keypass or similar.
@bradkaral1188 I feel that I can encrypt a txt file in order to achieve similar results. Or a master password on the autofill.
@@Lorens4444 True. But a .txt file doesn't automate the process for you. Check out the feature set of local password safe programs. They do a lot more than just store them.
I always delete my cookies before closing the browser, the browser makes it automatically for me. And I have tracking prevention and location tracking blocked. Also my IP address always changes every day once.
Waht about private mode? The cookies are deleted there, right?
What about Brave?
i will be asking the same thing
While hesitant to place trust in a single browser if I had to choose it would be Brave.
Brave also spies
I've been using Safin Portmaster foir a while. You'd be 🤯if you saw how many connections and where they goto if you could check themé
Portmaster has a free version and is open software. Click on the active connections tab and see the lot and to where they goto.
Now available for Windows, PC security channel released a video about it. Look it up.
P.S. I use Brave only for youtube. I use 4 different browsers. The other ones are Firefox or forks of
I use Brave but I don’t necessarily trust it any more than any other browser because they usually fall into one of two categories.
1) They either use googles algorithm so they’re compromised.
2) At some point in the future they are sold to a front company owned by google and then harvest your data.
Brave is own by Microsoft isn't it? If so I would never trust them
Hi Rob, is the Firefox Multi-Account Containers of any use for information isolation?
It's better than nothing but worse than different browsers. It prevents tracking via cookies but fingerprinting can connect the containers since you have the same browser settings, extensions, etc. on all containers.
exactly
What do you think about the --user-data-dir command line argument in Chrome? It basically lets you run multiple instances of Chrome independently, each with their own extensions/history/etc. Could that be used in lieu of having a bunch of different browsers on your system?
If you're running one session of Chrome, how is two or more sessions going to do anything for you? Just put all the "extensions" on one single version, go into settings and turn off history, etc...etc.
I mean, what is the actual goal we are trying to accomplish here?
Visa, Mastercard and your bank have records of all you ever buy and where you go to buy it with timestamps, unless you always use cash. And I mean always.
What's the purpose?
@@SpaceCadet4Jesus This is a good point, however I think political affiliation and partitioning super cookies is detrimental for people wanting to work in cyber security or government. While it doesn't matter in regards to purchases, one big thing you could be doing is a VPS/Virtual container (Maybe even docker) specifically for running an isolated instance of a browser with a proxy or VPN specifically for political/news/social [with other usernames, etc] and do your real name stuff via normal parameters. My biggest thing is it's a little too late, I mean, if we all have a super cookie, how does suddenly changing our browser history change 10 years worth of data?
Rob, Big Thankyou from Alaska,