#tor

yazumo@despora.de

Freie Suchmaschiene / SearX / Nachtrag


Nachtrag zum Nachtrag vom 26.05.2022 ... zu SearX 🤦 🤷

Dies geht ausschließlich an Linux NutzerInnen. Windows wird nicht unterstüzt, bzw. ich weiß nicht ob das im Linux Sub System von Windows läuft.

Wie das so ist, ist mensch an einem Thema erst mal dran, lässt es einen auch nicht mehr los.
Bei dem ganzen Suchen, Lesen und Installieren, bin ich bei Nerdmind auf eine schöne Blog-Serie zum Thema SearX gestoßen.
Darin wird die Installation, das einrichten als Dienst, die Konfiguration & Verwendung von Apache oder nginx als Reverse-Proxy und das Umleiten der Suchanfragen über Tor erklärt.

!!! Jetzt nicht von Fachbegriffen abschrecken lassen !!!

Die einzelnen Schritte sind mit Copy & Paste einfach abzuarbeiten.
Wer mehr interesse hat, kann aus den Artikeln entnehmen was noch zu Lesen wäre. 🤓

Viel Spaß beim aufsetzten!


#searx #suchmaschiene #uwsgi #apache #nginx #tor #installation #install #linux #debian #bullseye #nerdmind #it #diy

57b731e9@nerdpol.ch

Serious security vulnerability in Tails 5.0

Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information.

The problem is that Tails 5.0 uses version 11.0.11 of the Tor Browser. This is based on a version of Firefox that contains vulnerabilities in its JavaScript interpreter. The current version of the Tor Browser is 11.0.13, and this new version is not vulnerable to the attacks that work against version 11.0.11 and earlier. If you use the Tor Browser with other OSes (not Tails), you should check to see that you have the newest version.

If you keep JavaScript disabled this vulnerability does not affect you. The Tor Browser makes it very easy to disable JavaScript. This problem will also not affect you if you don't enter any sensitive information into web sites.

If you start Tails today, Tails itself will warn you about this. Oddly the Tails home page has no such warning.

Here is the page about the vulnerability. https://tails.boum.org/security/prototype_pollution/

Here is the Tails home page. https://tails.boum.org/

The recommendation from Tails is that you don't use the Tor Browser in Tails until the next version of Tails is released. This should be version 5.1 and it should be released on 31 May 2022.

#tails #tor #tor-browser #vulnerability #bug #security #privacy #surveillance #firefox #mozilla

anonymiss@despora.de

Becoming #Anonymous: The Complete #Guide To Maximum #Security #Online

Attention! Highest danger level! The following link leads you directly to the #YouTube data mafia. It is strongly recommended to use this link only with appropriate security protection: https://www.youtube.com/watch?v=4Z7H5tXqMGo

Alternative: https://yewtu.be/watch?v=4Z7H5tXqMGo

Choose another instance: https://redirect.invidious.io/watch?v=4Z7H5tXqMGo

#password #web #internet #www #isp #privacy #surveillance #browser #tracking #messenger #tor #fdroid

utzer@social.yl.ms

Und nochmal ne Frage für #Tor, wir brauchen einen neutralen Vereinssitz, gibt es hier jemanden der für sehr kleines Geld nen Büro anbieten kann? Oder auch ein Anwalt oder so der bereits ähnliches macht?

utzer@social.yl.ms

Mag jemand uns paar Höheneinheiten in einem Rechenzentrum mit Strom und 500 MBit/s (oder mehr) sponsorn?

Wir suchen Bandbreite für #Tor Bridge, Relay oder Exit.

Spendenquittung möglich, Gemeinnützigkeit vorhanden.

utzer@social.yl.ms

Ich muss mich mal mit #Ansible beschäftigen, mag mir jemand helfen, ich habe eine paar #Tor Server (relays, bridges, exits) die jeweils eine bestimmte Konfig haben, jetzt will ich einfach skalieren und die Zahl der Server vermehren, aber das will ich nicht händisch machen.

anonymiss@despora.de

If you want to use a secure #browser but have no idea at all, which one do you use?

I don't mean the following text in a negative way, because you can't expect every Internet user to have studied #computer #science beforehand in order to be able to evaluate the security of #software correctly. Safety, like truth, is in the eye of the beholder. Some people think it's great to get targeted #ads and just don't want to be trojanized when paying for online shopping. A #whistleblower, on the other hand, would prefer not to leave any usable traces on the #Internet at all.

How can you decide now, even without studying, whether one browser is more secure than another?

Some time ago I recommended #Librewolf ( https://librewolf.net ) as a browser and immediately got disagreement in the comments: https://despora.de/posts/ddc445606a79013af2e2543d7eeced27

Here is the article out of the comments that now really clearly states that Librewolf is not a secure browser: https://www.unixsheikh.com/articles/choose-your-browser-carefully.html#librewolf <- I think the whole article is bad unprofessional propaganda :(

Every software contains more or less serious security vulnerabilities in certain versions. Without an indication of which version was tested and whether these vulnerabilities were closed in the next version, the accusation is worthless. Every browser makes contact with numerous IP addresses, which is the whole point of its existence. Without knowing what is behind these IP addresses and whether they offer useful services, a beginner cannot evaluate whether they are dangerous. An example: The browser checks every web page for viruses at #Google. This increases the #security for the surfer to get Trojans or worse, but Google also gets the entire browsing #history and can evaluate it. You have to classify the whole thing and also say why you rate things as bad or good.

So instead of Librewolf, #GNU #IceCat is recommended there, among other browsers. Is this a good advice?

I don't think so, since IceCat itself always adds important security #updates very late due to an complex build process ( https://www.mail-archive.com/bug-gnuzilla@gnu.org/msg03934.html ).

So let's use the #TOR browser, which is always up to date and is even recommended by #Snowden.

You can do that and I have also recommended the TOR browser in certain situations. But if you have no idea for which specific problem the TOR browser was developed in the first place and you can't understand the term #darknet, you might end up with more problems than you gain in security. But if you know that TOR stands for the #onion router and that the onion is just a metaphor for a routing protocol, then you surely know how to set up a secure exit node and how to minimize dangers.

If you question everything, you never come to a conclusion?

As I said, safety is in the eye of the beholder but there are some guidelines that are universally valid when evaluating. The browser should be made of free open source #software ( #FLOSS ), even if this alone is not a security feature. Free software just means that anyone can search the source code for security holes and backdoors, and that independent trusted vendors can compile the browser for me. However, in order to maintain this safety gain, this work must be done. Since it is time-consuming and usually poorly remunerated, this unfortunately happens far too rarely.

That is why automated tests are used. These are better than nothing, but only find known security problems. An automated test cannot find a backdoor injected by a secret service. The results of such automated tests can be found here: https://privacytests.org/private.html

Looking at the security of the TOR browser in the test result, one might conclude that it is better to use another more secure browser on the darknet. This is dangerous because one security feature on the darknet is that everyone has the same browser fingerprint, and if you don't use the TOR browser you are easier to track because of a different fingerprint.

Long speech short sense. I trust you and take the Librewolf.

On #Windows, Librewolf is a poor choice because it has no automatic #update process. Let's face it, beginners tend to forget to keep their software up to date. On Windows, it's better to use the original #Firefox, which updates itself automatically.

Firefox or Librewolf can be further improved in terms of security with add-ons.

One thing in mind is that every add-on slows down the browser and increases the probability of catching additional security vulnerabilities. Software is always complex and more software increases complexity and decreases security.

If you have no idea, please use only verified add-ons. Fortunately, this is very easy with Firefox, because you only have to check for this sign:

recommended add-on
https://support.mozilla.org/en-US/kb/add-on-badges#w_recommended-extensions

I have gathered here some add-ons that are verified and increase your security. Please install them only if you know exactly what these add-ons do and if you need them.

https://addons.mozilla.org/en-US/firefox/collections/17383777/Privacy-4-U/?page=1&collection_sort=-popularity

#knowledge #privacy #surveillance #tracking #news #Recommendation