An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 4 of 4 < 1 2 3 4
Topic Options
#44122 - 03/25/17 01:33 PM Re: Private window does not hide identity? [Re: joemikeb]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Some Interesting Sidelights to this discussion
  • As of yesterday 3/24/2017 I am unable to reach the TOR Project website other than through the TOR network. The error message I get is "unable to establish a secure connection" but it appears OpenDNS may be blocking access because the TOR project offers hidden routing that could be used for illicit purposes??? There is no problem reaching the site using TOR and the Onion Routing network.
  • On the TOR project site, I found an experimental pre to early alpha sandboxed version of the TOR browser. Since all iOS apps and any MacOS app distributed via the App Store must be sandboxed this is a prerequisite for an iOS version of the TOR browser. As there is already a version of Firefox for iOS and there are other browsers using the Onion Routing network for iOS it is apparently the digital signature hiding that is the sticking point at this juncture. (If I am housebound much longer, I may get bored enough to dig into the source code and see if I can figure out what is going on, but I will have to get really bored to do that.)
This thread has finally pushed me over the edge, and after years of indecision, I finally decided to turn on FileVault last night just before I went to bed. (NOTE: I cloned the system to an external drive so if anything goes wrong I can always get back to go.) There have been a few learnings with this as well...
  • I don't know about earlier versions of FileVault but in MacOS 10.12.4 beta 8 or 9 (I have lost count) you can Encrypt either the user folder or the entire drive. I elected the entire drive. The first step after turning on FileVault in system Preferences > Security & Privacy is rebooting…
  • It makes sense when you think about it but when you turn FileVault on Automatic logon is deactivated — permanently
  • I have not rebooted a second time but apparently bluetooth does not turn on until after the password is entered. Fortunately the Magic Keyboard and Magic Keypad can be connected via a lightning cable as well as wirelessly or I would not have been able to enter the password. (Memo to self: keep a couple of lightning cables handy.)
  • The system can be used as soon as it reboots, but encrypting the drive can take some time. Mine has been "encrypting" for 18 hours and the progress bar says there are some 15 hours left to go — oops, now it says 5 hours. Patience is a virtue I am told but I have never been convinced of that and at my age it is unlikely I ever will be.
  • Even with the encryption running in the background I have not encountered any noticeable reduction in system performance. cool
_________________________
joemikeb • moderator

Top
#44123 - 03/25/17 01:56 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, I just use the Tor browser, so don't understand why one would go to the Tor website.

I did find a Tor browser in app store called Red browser, but just "nearly unique" fingerprint, I think... Remember to let this thread know when you fine the real deal!

I've never used File Vault, What are the needs why one would bother? Joe Kissel has an entire PDF book on it...

Top
#44124 - 03/25/17 02:21 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
I've never used File Vault, What are the needs why one would bother? Joe Kissel has an entire PDF book on it...

Given laptop's propensity for growing legs FileVault is IMHO essential to protecting your identity and data from "the bad guys'". For all computers that connect to the internet it is an additional layer of data protectionism from exploits.
_________________________
joemikeb • moderator

Top
#44131 - 03/27/17 08:21 AM Re: Private window does not hide identity? [Re: joemikeb]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I ran across the article I referenced in this thread this morning. I originally was thinking about protecting my internet browsing from apparently well meaning but perhaps overly intrusive marketers. Now I am beginning to be even more concerned about protecting myself from an over-zealous security apparatus that would consider any effort to protect one's privacy as suspect behavior.
_________________________
joemikeb • moderator

Top
#44137 - 03/27/17 11:18 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, we'll I'm still using my normal Firefox and Apple Mail at home for normal things and yes, the NSA and FBI etc can see it all if they want. But Tor for me is cool for occasional paranoid browsing once in a blue moon.

But if I used TOR 100% of the time... would I have no traces? But then you would not have the luxury of using bookmarks ever, or ever see a history to click back to?

And Apple Mail, Tor/ File Vault helps with that? I guess File Vault if you use it 100% of time, and log out, means those guys could never get into see anything... without your premiison, unless they were waterboarding you!

Top
#44143 - 03/27/17 05:23 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
And Apple Mail, Tor/ File Vault helps with that? I guess File Vault if you use it 100% of time, and log out, means those guys could never get into see anything... without your premiison, unless they were waterboarding you!

Given that FileVaulting or Un-FileVaulting a drive can take anywhere from 24 to 36 hours most people will pretty much use it 100% of the time. However, in spite of how long it took to encrypt my drive, I have not seen any noticeable slowdown in normal use. Other than not being able to use automatic logon the user experience is changed.
_________________________
joemikeb • moderator

Top
#44144 - 03/27/17 05:28 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, never used File Vault, so this is the first time for you going full time with it? And it was introduced 5-6 years ago?

Do you have to password into the computer each and every time? Was are the trade offs? How do you like it?

Top
#44153 - 03/28/17 08:11 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
FileVault has evolved since it was first introduced. Originally it only encrypted the user's home folder and while that it still an option, today the entire drive, apps and all are encrypted. Because of other settings involving automatic password entry, I have long had to enter a password after a give period of sleep. The only difference now is having to enter the password after rebooting. No big deal.

Given FileVault is essentially invisible and does not have a noticeable side effect on performance, and provides substantial additional security, I have to say I like it. My question now would be, "Why not turn on FileVault?"
_________________________
joemikeb • moderator

Top
#44158 - 03/28/17 10:40 AM Re: Private window does not hide identity? [Re: joemikeb]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: joemikeb
Given FileVault is essentially invisible and does not have a noticeable side effect on performance, and provides substantial additional security, I have to say I like it. My question now would be, "Why not turn on FileVault?"

Anything that makes your data more difficult to access makes it much more difficult to fix if it becomes damaged.

I've spent hours on comparably trivial problems. Imagine a two-drive software raid STRIPE where the partition table is too damaged to mount the drive. Normally software like DiskWarrior wouldn't mind that, but in this case it can't touch it until the raid is attached, which can't happen if the partition table is bad. (not mounted... simply attached) So catch-22. DW can't fix the partition until it's attached, and it can't attach until it's fixed.

Now spend 18 hours UNstriping two 1tb drives to one 2tb drive. (would you believe I did it in BASH?) Then run dw and get a full repair and hundreds of gigs of data recovered in the next 5 minutes.

Now try that stunt wth file vault. I have. NOT fun. And far from reliable processes, it's different every time and requires a lot of time and trial-and-error. (and it took about a week for him to upload that 250gb block dump from down under, fortunately the repaired one was compressible... down to 72gb)
_________________________
I work for the Department of Redundancy Department

Top
#44162 - 03/28/17 12:01 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
"Why not turn on FileVault?"
Joe that question is for me and others?

I have never thought of using File Vault, but may have to think about it now! But I do leave my two computers on all day long...the 27" imac and the macbook air in the other room, synced to icloud...

Virtual, so I assume you do not use File Vault?

Top
#44163 - 03/28/17 12:32 PM Re: Private window does not hide identity? [Re: joemikeb]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I've done armchair infosec and malware research for years and never felt the need to encrypt my drives, even when I was specifically being targeted by a prolific malware gang.

Trump's administration changed that. I now encrypt my drives.

Virtual1 is correct; doing this makes drive repair harder. This problem is alleviated by a reliable and robust backup scheme. With 2TB USB hard drives hovering around the $40 mark and Apple having what is hands down the best automated backup software in the industry built into mac OS, there is no reason not to have good backups (and plenty of reason to do so).

I have three external backup drives. One is a 2TB clone, created with Carbon Copy Cloner and updated weekly. The other two are 3.5 TB Time Machine backups I rotate.

In addition, I have two servers (one in Portland and one in Canada) that run remote backup software and automatically mirror my laptop every night, but that's overkill; I only do that because my entire livelihood is on my laptop and I happened to have two old (Core 2 Duo) computers I wasn't using.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#44166 - 03/28/17 03:13 PM Re: Private window does not hide identity? [Re: Virtual1]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: Virtual1
Imagine a two-drive software raid STRIPE where the partition table is too damaged to mount the drive. Normally software like DiskWarrior wouldn't mind that, but in this case it can't touch it until the raid is attached, which can't happen if the partition table is bad. (not mounted... simply attached) So catch-22. DW can't fix the partition until it's attached, and it can't attach until it's fixed.

That's why I went the extra mile and run a RAID 5 array. Yes it can get trashed, but it is more likely one of the drives will fail. Put a new drive in the cartridge, plug it into the array and it is automatically rebuilt.
_________________________
joemikeb • moderator

Top
#44208 - 03/31/17 09:37 AM Re: Private window does not hide identity? [Re: kevs]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: kevs
Virtual, so I assume you do not use File Vault?

I do not. The only encrypted data I have is passwords and some server logs. I'm not doing anything to warrant much effort spent on me.
_________________________
I work for the Department of Redundancy Department

Top
#44247 - 04/04/17 05:11 AM Re: Private window does not hide identity? [Re: tacit]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I just came across a product called Whonix that looks appealing if you are looking for the ultimate in
identity hiding. according to their web site…
Originally Posted By: Whonix.org
Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed, pre-configured applications are ready for use, and installing additional applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.
However after looking at the Warning and Do Not pages I decided I do not need that much confidentiality or perhaps a better way of looking at it would be, I am not that risk averse.

Originally Posted By: Virtual1
I do not. The only encrypted data I have is passwords and some server logs. I'm not doing anything to warrant much effort spent on me.
I used to feel the same way, but having dodged a few fraud bullets (a $10,000 first class airline ticket from Dubai to Berlin purchased on my credit card for one) and as the internet has become a more and more hostile environment like tacit, I feel the need for a more secure internet environment.
_________________________
joemikeb • moderator

Top
#44249 - 04/04/17 07:06 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, new OS! I'm staying with Apple.

Yesterday, I tried to make a new Google account with Tor and was unable to. They kept saying the phone number was not formatted correctly even though it was.

At the top it say "be sure to turn your Java script on". So I think it was the java being off that screwed up the phone number field?

But, of course, if you turn java off, your unique identity, (which I don't even know how to do with Tor), fingerprint etc is compromised, so it's back to the library!

Any idea on that? would be nice to do Gmail at home for occasional with Tor, but I don't think it's possible.

Google also has a forced phone verification now which they did not have before....

Top
#44254 - 04/04/17 10:40 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Be sure you do not confuse Java and JavaScript. Java is a standalone application and applet environment from Oracle. JavaScript is built into the browser engine and relatively unique to each browser which makes the browser an identifiable element of the digital signature. The only similarities between the two are the first four letters of the name (J A V A) and a passing resemblance in grammar and syntax.

Unfortunately JavaScript is essential to the operation of many web sites. Likely Google is using JavaScript to capture, verify, and format the phone number, a relatively common practice.

As for GMail, I send and receive GMail almost every day ands seldom, if ever, log onto Google. Apple Mail and several other MacOS and iOS clients handle GMail flawlessly.

As for two-step authentication many, including Apple, are offering it as a strong security measure. The Electronic Frontiers Foundation (EFF) and TOR and most security experts strongly recommend it. It is a trade off between security and privacy. For me there is no single answer, rather a case by case choice.
_________________________
joemikeb • moderator

Top
#44257 - 04/04/17 12:12 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, by doing a G mail account in Apple Mail, would that identify you somehow to Google?

There is no way now to open a Google account without the phone verification correct?

Top
#44258 - 04/04/17 01:53 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
Thanks Joe, by doing a G mail account in Apple Mail, would that identify you somehow to Google?

Well it would most certainly identify your userid and password. How else could you access your GMail account?

Remember this when dealing with Google, they are a very wealthy company that provides valuable services to users by selling the data they collect to marketers and by selling priority placement of search results to those same marketers. Google's bread and butter is knowledge of who you are, where you are, and where you are browsing. It is not unreasonable for them to consider your desire to hide that information from them when you use their search engine as theft of services. (Who knows they might even get that to stand up in court the way things are going today.)

Originally Posted By: kevs
There is no way now to open a Google account without the phone verification correct?

You would have to ask Google about that. My Google account is over 15 years old and that was not a requirement when it was created.
_________________________
joemikeb • moderator

Top
#44260 - 04/04/17 05:10 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
You know Joe, I did have 3-4 browsers I downloaded, to use for projects, non Tor, that achieved at least, "nearly unique" not unique fingerprint.

Opera is one, and I just checked it and it sucked in bookmarks from chrome or safari, setting were more relaxed in preferences and I cannot get it back to a nearly unique.

It likes browsers just want to be identified and populated with stuff.

Top
#44262 - 04/04/17 05:53 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
The more stuff you add, the more opportunities for identifying characteristics to creep in.
_________________________
joemikeb • moderator

Top
#44263 - 04/04/17 07:45 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Yes of course Joe, the point I was making is I did not add this stuff. Don't know how it got there...

Top
#44269 - 04/05/17 01:40 PM Re: Private window does not hide identity? [Re: kevs]
kevs Offline


Registered: 12/07/09
Today, someone in tech biz told me about Epic browser which claim to fame is it's always in private mode, but out of the box it had a unique finger print, not as good as other is that respect go figure.

Top
#44274 - 04/07/17 07:40 AM Re: Private window does not hide identity? [Re: kevs]
kevs Offline


Registered: 12/07/09
Baffled on this Epic browser. It's claim to fame it is always in private mode. Yes it cannot achieve "nearly" unique fingerprint with Panopticlick, as Opera or Vivaldi can... Puzzling. Curious on tha.

Top
#44276 - 04/07/17 08:50 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Various PC oriented "magazine" reviews give Epic high ratings, but privacy and security oriented reviewers, not so much. You might take a look at this review, this thread, and this blog.
_________________________
joemikeb • moderator

Top
#44277 - 04/07/17 09:42 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, for my project, I want to have a small stable of browser, not Tor, normal ones that can achieve at least a "nearly unique" in Panopticlick. That the best rating I have discovered outside of Tor.

I can't do it with FF or Safari, as those have all my bookmarks on them probably.

I did with Opera and Vivaldi, as those are clean, no bookmarks.

Sometimes even Chrome I get a nearly unique with bookmarks.

Epic, surprisingly, just gets the bad "unique fingerprint", even though brand new, clean, no bookmarks, any idea on that?

And other non Tor browers too add to my stable?

Top
Page 4 of 4 < 1 2 3 4

Moderator:  alternaut, dianne, MacManiac