Many coworkers are so concerned about privacy even covering with tape the built-in camera on the monitors at work but at the same time make their life, location, thoughts, etc. public for the whole world to see through FB, Instagram, tiktok, Twitter, etc 🙄 🤦♂️
For years I have told people about how violated we were where we use anything using the net. One day Iwas driving my semi as I was speaking to my step father about his up coming retirement. You see he is 6'6 and his legs have been giving him problems and so that's what particularly we were discussing. And so after the convo we hung up and it wasn't 10 min later he was calling me back asking me if I had contacted a doctor about his legs. And I said "no" I'm still driving and we just got off the phone. Then he proceeded to tell me how a doctor called him about service for his legs. I was stunned. Since then I play in settings so much I mess things up now turning everything off. I'm like the guy in comments that want to live off the grid in the woods.
No. We just need to make our own devices, use bsv, and build on original philosophies by guy who made gnu. We just need better stuff. Not just a couple half used half available things like tor
I was in Amish country last month...and while watching them plow the fields with horses, I realized they'd never had to call Comcast before...and suddenly their lifestyle seems very appealing.
If you know what you're doing..... already had experience living off-road,off the grid,and already knowing how to survive..... including knowing how technology works by being a licensed HAM radio operator,then no problem. Just like Rob!
@@grayrabbit2211Pro tip: CenturyLink at 945Mbps for $75 is sooooo much faster. Plus they never try to manipulate our speeds and the router doesn't reboot randomly. We have never had to call support or unplug and rest devices...
Rob, you should create a solution to do browser separation without the additional pain of maintaining 4 different browsers. It could be just a front end ui that encapsulates all 4 browser application, or something similar
Rob, fellow boater here. Anyone that DOESN'T own a sailboat wouldn't recognize it, but it's cool to see you recorded this onboard!!! I spent 10 years as a liveaboard and can't wait to get back at it! Keep fighting the good fight!! Cheers
Man how the hell did you notice this wouldn't of thought of this until you mentioned it but now I think those are windows behind him also there is a very slight lateral movement in the video and then that creaking occasionally 😂 think that boat looks nicer than my house
Also, I've often wondered how "trash" and wrong passwords or pass codes are handled. Particularly, in the US where "trash" is considered "fair game", from a legal standpoint. BUT, my phone requires a pass code to get into voicemail and I don't use it very often so, when I used it the other day, I had to enter just about every 4 digit passcode I've ever used, a couple of which are still in use for other things.
Never let anyone use your account on any device. Create an account for them, even when you trust them. You can only ever trust their conscious decisions, and nobody is 100% conscious of the consequenses of their decisions.
Hey Rob, suppose I’m who you call “a normie”, been listening/watching you for several months now. learned so much from you! Thank you!!! Limited to really invest my time fully, into learning IT as well as you know it, by a ‘calling’ of my own. Namely, for example, growing my own food and all that involves. But it isn’t more important than protecting my privacy! This video is an example of why I value your content so highly! As a” Normie”, don’t always understand what you try to convey, but here I do. You offer simple/real tips that I can implement myself, & in my “normie” language, again, i truly appreciate your generosity of knowledge!!! Very soon i WILL purchase one of the de-googled phones, VPN, & email services you provide. Until then (& beyond) please don’t stop posting what you do! Your explanations & suggestions are helping me keep my data more private while allowing me to spend more of my time into perfecting my calling. youre a valuable member of society! Even though you don’t hear from many of us often or we are unable to catch you live… doesn’t mean you are not being heard, for we hear you!!! Thank you my friend! This video has been of great service towards maintaining my personal controls & privacy & really seeing what sort of thieves are in control of media. Happly Holidays! THANK YOU!!! Lupe
1. Clear/delete: cookies, and unknown browser download folder items. 2. Do not use: auto fill, password manager, browser extensions, and facebook. 3. Use browser isolation. One only for all google stuff, and one or two other for the rest.
Just a fun tip. All links that are written in video descriptions and comments will have youtube/google tracking associated with the link. So always manually copy and paste links, don't just click them.
i have a bunch of comments here. 1- you're just sticking your finger in the dam. browsers are hundreds of thousands of lines of code that cannot really be vetted. you code. you know about combinations. you know that the code isn't really that vetted. the industry just doesn't test that well. browsers are black box, mitm, out of the gate. 2- how about pulling a stallman, and curling all the stuff you desire. advocate for less dynamic web. advocate for sites that don't serve pages that have external js links. advocate for sites that abide by a "limited complexity" ethos. 3- the consumer is redirected into better behaviour by example. this ain't by playing stick your finger in the dam ad infinitum. a rewrite/redesign is needed to clarify the boundaries.
The main problem is that browsers are very complicated constantly changing bits of software and dangers especially of interactions with third parties tend to be discovered too late. This can only get worse.
The constant changing IS one of the problems with browsers. Even if most bugs have been worked out, as soon as new features are added, they can potentially introduce new bugs which can be used as back-doors by clever hackers.
@@BillAnt And... the next generation of hackers will be hyper-diligent AI, and 100 percent non-human. AI snooping will advance itself at an exponential rate, constantly improving its capabilities, as well. Humans are no more than cattle now for their masters. Their vanity and egos keep them from fully realizing the extent that they are immorally tracked, followed and manipulated. It's a divine comedy of ignorance now- until they round us all up.
I have used browser partitioning for a long time It's super easy. An alternative is to use a virtual machine that you reset after each use. That will wholly avoid the super cookie issue, bit it' clunky and it os easy to make mistakes. If you still want to go that route here is what I did for quite a while. OS at the time was a self-compiled, hardened Gentoo. Browser partitioning for every day use. 1 browser for google (keep cookies) 1 browser for surfing (delete cookies at close) 1 browser for non-google logins (delete cookies manually) 1 VM for facebook (static disk) 1 VM for banking and shopping (static disk) 1 VM for browsing (reset disk after each use)
I use a browser extension, agent... something, that allows me to change browser fingerprint to any one on a long list. I change it every time I use one of the five browsers i installed. I also use that Safin port app.
@@a.randomjack6661it would be great if there was a step by step video on this. A tutorial that goes in depth on how to set up and explaining the details of what each one does. For android devices
3:57 The point is that the legitimate server disabling plain HTTP does *not* prevent a MitM attacker from serving a plain HTTP attack site of their own. HSTS makes it so that the browser will refuse to use a plain HTTP connection to a website, for the duration specified in the HSTS header. This prevents that kind of MitM attack against browsers that have already visited the website in the past. Also, HSTS supercookies don't work like regular cookies, you don' get to store arbitrary data and then retrieve it later at will. It just causes the browser to refuse plain HTTP for a set time. The way that it can be used to fingerprint browsers is not immediately obvious and requires clever use of a number of phony domains. Accusing the people who came up with it of "not caring about privacy at all" when it requires a sophisticated side channel attack to turn it against users is completely disingenuous.
You could enable HTTPS only on your browser, so if an MITM serves an HTTP page it simply won't work. While 95% of websites use HTTPS nowadays, there are still some out there which do not. It's a two edged sword.
I was scratching my head a bit with his explanation as well. The main problem with HSTS is that it records the sites you visit. If you delete the entries, they'll be written to the file again if you visit the site again. Maybe some sorcery with write perms in the folder that contains HSTS file would do the trick.
@@effsixteenblock50 The problem isn't that the list of visited sites is retrievable from local files. The problem is that HSTS can be abused by malicious web service operators to fingerprint browsers. HSTS tells browsers to use HTTPS and refuse plain HTTP, for a specific domain and duration of time. That causes an observable difference in behavior: whether or not the browser is willing to connect via HTTP. This gives you 1 bit of information about the browser that doesn't go away when you clear your cookies. 1 bit isn't enough to uniquely identify a browser, but that's 1 bit *per domain.* Multiply that by a large number of domains (operated by the same entity with the express purpose of fingerprinting) and you've got yourself a way to store a persistent unique ID in a browser against the user's will.
I am so glad you made this video! This is a whole fuzzy grey area that I have always been suspicious of. I tried to learn some of this from a Cyber Navigator at the library, and later found out he hacked me and others... If you can do a whole video series on each of these aspects, that would be great. Am clueless. What kind of course can one take to learn more about these things? Learning to code seems like a long involved, abstract process. I am no good at math. Is it needed in order to use a Command line? Questions like - I don't use a browser, I just use a search engine. Or pay directly on the merchant website... Browsers are only needed for bookmarks or tabs... If your phone has malware, using Signal or a password manager wont help... Are there more secure keyboard apps than Gboard on Android?
@@thebrowns5337 If you access anything online, you are using a browser. That's how it works. When you use the "Google" app on your phone, for example, it uses the System WebView, a faceless browser engine that all non-browser apps use to access the Internet. (Same for RUclips, Spotify, your bank...) And links you open use your default browser, even within the app. (I managed to have no default browser, so I have the choice every time.)
@@thebrowns5337 What do you mean by 'search motor'? A search engine (called "moteur de recherche" in French)? Unless you have the whole index stored at home (a massive data center) you need to send your query to a remote server. Using a browser.
Hack #2: You have passwords stored locally in your chrome browser, you pass your computer to your non-programmer cousin, he logs into his google account (which has "sync on"), all your passwords are copied to his account without further warning or notice. his account gets hacked by malware on a different computer, you are hacked. I saw this happening in practice several times.
Ah yes , sunds like how australian malware follows us in shops and location ,,, ,,, our government is the hack , and they encouraged australians to all manditorally go online , with 30 million IP servers overseas none actually in australia we have internet shutdowns nationwide ,sometimes twice a month, did you know the aussie internet still runs on Windoes 95 , cos our politicians thought to never vote to approve an upgrade over the past 30 years ,,.no wonder we have faulty internet well except for American Intelligence base that is always on,
Your easy to digest🤔info is invaluable for so many people, thank you for pressing on and your continued diligence with handling RUclipss obstacles. God Bless!!!🙃
Well shit! I HAD ad-privacy turned off in Chrome! I got a Chrome update and it was all turned back on! You might want to talk about/investigate that!!!
You mentioned these hidden and secret Google and RUclips cookies they imbed in browsers. Could you cover their removal in a video? Thanks again for all of your knowledge and help, sir!
Recently Snowden said (Bitcoin keynote), I am paraphrasing as I can't recall the exact words, " If you have to go thru a ton of circumvention and high tech magic to not be tracked, that's NOT freedom". I couldn't agree more! So the takeaway here for me is start fighting for our freedom at the state level, and pray for our country, 2 Chron 7:14
That's why I hate modern browsers, especially since Firefox version >35. You no longer have any control over your data and what the browser can and is allowed to do. To this day I still don't understand why Mozilla sold itself and gave up itself. Not only to mention the "great" developers......
Not only that I use browser isolation I also use "system isolation". I access RUclips through one of the browsers on my virtual machine while using my main system for personal activity such as shopping and stuff.
I’d be interested to about partitioning that some browsers offer, like Firefox or Brave. How good at isolating data and threats etc are they? Love your work! Don’t stop. Ever!
Yes it would be an extension but how about a browser fingerprinting "fuzzing" extension that generates false information randomly every time you go to a site, or revisit it?
You can do that but there are javascript APIs that tell the websites what's really going on. If you spoof your User-Agent string, a javascript API will basically rat on you.
I found the "DOM" acronym in the part about extensions really funny. The word, "dom," in Afrikaans means "stupid." Now, that's an appropriate acronym if there ever was one.
Pretty incredible channel! Please tell me with specific instructions how to pay for your product without telling everybody that wants to know that I am paying for it
Any implications for using Safari? I use it almost exclusively w/ Brave to bookmark sites. Is this a bad idea?Sorry to ask if you covered this apple issue previously. Thanks so much Rob.
Hello Rob thanks for all the videos you have authored I find them most informative. I know you have talked about TOR, the onion structure and the multiple nodes excreta. Not being a typical browse have you done a focus on the TOR browser. It's strengths and weaknesses a how to on configuring it from the same perspective as this video if so I want to see it. If not I want to see it
Great Report Rob! Everything Is On The Ball. It Seems I'm Constantly Role-Playing With These Terds Considering A "Shadow" Is Constant In The Digital World, That Don't Play In The SUN - Expect It As Is, IS! Just Wondering Rob, What Are Your Thoughts About "User-Agent Switchers", Extension for Firefox header, ie Pretending to be a different browser?
Unless you're spoofing default browser settings ( kind of like a tor browser does) user agent switchers help build a unique profile that can be tracked and used in a correlation attack. It's counterintuitive but they work against good opsec
@@UNcommonSenseAUS I have never used Qubes. But I am intrigued by its functionality. Are you using Qubes? Is it worth the extra effort? Does it perform well with modest hardware (say, an Intel Core i5, 16GB of RAM, and an SSD)?
Just a note, moving around on other browsers (FF, chrome, whatever), using the same IP.. doesn't mean much to people who are dedicated to scraping data. Especially when requests are within the same time frame or depending on the logs, months apart. Using a VPN could circumvent that.. since the scraped data would all be lumped over "everyone" using that IP making the data an irrelevant mess. Using a different IP per sectioned off browser, like using your phone's data and PC on home wifi.. can segregate it like you propose. Up until you merge the phone on wifi or pc tethered to cell data. You're probably reaching paranoid levels at this point though. ;)
Rob, could virtual machines mitigate tracking? For example, if you do a clean install of Windows 10 as a guest in Oracle's Virtual Box, take a snapshot (before any web browsing), and then do your web browsing... then... ...when you are done with your web browsing, you can restore your snapshot (takes 2 seconds). Your Windows 10 guest machine will be completely restored to prior to your web browsing session. Is there any benefit to the above? Or is it a waste of time? Your solution, to use different browsers, is intriguing. But then each of those browsers is keeping a history of your activities. And what happens if you mistakenly use the wrong browser and visit a site that you were supposed to visit with a different browser? I figure that by using a virtual machine (even more than one virtual machine), then you would be completely clearing out whatever your guest machine had stored, upon restoring your snapshot. Your thoughts?
There exist linux versions specially made to run in virtual machine with TOR as internet connection and special versions of Firefox that uses TOR for going on internet if you want high privacy...
Thansk for all you are doing to help us normies understand and improve on tech stuff relating to privacy/security. (as i see it, the more private you are, the more secure your data, etc is). its sort of sad that even if i got rid of all tech or kept my stuff off the internet, my personal info/data could and would still get online. tracking would be not near the same degree, but there are so many places (government, business, schools, place you work) that would collect a bunch of info on you and would use their computers and internet and have all that stuff accesible.
Love your videos thank you so much for the knowledge. Just a side note I feel like all of your videos for a few decibels lower in audio volume than other videos. Maybe push the volume DB's a little higher. Thank you again for your help
Rob forgive me if you have all ready covered, could you make a video about google incognito tracking lawsuit ? Long time fan thank you for your work !!
Related question/problem I can't understand despite my technical background: This happens only on mobile, Android browsers no matter Googled or de-Googled. I typically use Firefox there so we can narrow issue to it. I follow same good privacy idea as you and on installation I disable any memorizing of anything (name, email, address fields, ccards,...). I also disable any "hints" for any fields such as URL, search,... However, now and then a website form will provide me with an option when I click on the field. Say I click on empty email field and below it will appear "suggestion" of the last email I typed in some other form on the browser. Need not be the email I use at that site but, suggestion appears. I have never seen this on desktop browsers and I don't understand where the info is coming from. Any ideas? (I see this as very bad as it somehow automagically bypasses my "ban" on remembering the form fields...)
Thank you for the video. This is super helpful. If I accidentally logged in on Google with a browser that is meant for non-google activities, is there a way to recover my privacy other than to uninstall/reinstall?
Browsers are such beats I think it's literally impossible to stop fingerprinting. Seriously. You can do fingerprint even through basic features like css.
Well, that explains how Humble Bundle so so often has book bundles about the stuff I was looking into to the past week. I'm sure it's not tailored exclusively to me personally, but if they can see the interests of their visitors, it's pretty easy to then offer anything related to that topic the next week.
Er, Web Workers do not persist when you close the tab. Service Workers do, but if i recall they only activate when visiting the domain in which they're registered. I think your information is backwards. Also, Web Workers predate Service Workers.
@@robbraxmantech It's not accurate to say one is a subset of the other either. Web Workers are merely a running thread (referred to as Isolate in V8) parented by an outer thread. In a browser, that outer thread is typically the UI thread for a page. If you terminate the outer thread (or close the page) the sub thread is immediately terminated (as would all threads be terminated in a threaded desktop application). This is different to Service Workers which are intended to "Service" multiple pages. Because they service multiple pages, the browser cannot naively terminate them when you close a tab (because another tab may be sharing that service). Service Workers are therefore executed "out of process" and linger when a tab is closed. Again, it is not accurate to say one is a subset of the other, the Page, Web Worker and Service Worker are all isolated processes, with the only distinction being that Web Workers run as in process threads, and Service Workers run out of process (and include Http intercept and Cache API) Sorry, I'm a Web Engineer with 25 years experience developing on the Web. So....yeah.
so the guy made a video based of false information and the only guy that adresses the issue gets ignored and all other comments are paranoid npcs talking about living in woods?
A big shortcoming in all Windows OSs is the inability to make a shortcut to a website and to associate it with a particular browser. While I have 14 Windows computers, I choose to use Windows 7 the most, so that I can run some ancient software. I use Edge and Firefox, but the version of Edge that works on W7 is too old to handle some websites, so those I view with Firefox. I wish I could have desktop shortcuts that launched the correct browser instead of the default browser. This would also divide the personal information, as you suggest, among various browser, without my having to maintain and remember various sets of bookmarks/favorites.
I too have long lamented the fact that Windows did not allow for a quick, easy & intuitive method for saving URLs with a browser preference. Knowing MS, even if they did provide this; as soon as we all discovered & became dependent on it, they'd break it or decontent in a future update. There are a couple of workarounds I've discovered. First is a method that will take a tiny bit of work up front for each shortcut, but will work as if MS had provided this feature all along. Simply create shortcuts to the desired browser, followed by a space and append the intended URL. Can name & iconize the shortcut as you wish. Should be able to quickly search up how to make a shortcut open with a specific browser. The second method is my favorite as it functions as a container of sorts instead of scattering shortcuts all over the place. That, and because most of the time when I have a preference other than my default browser, I'm also expecting to login to that site. Some (perhaps all) password managers will allow you to specify the program/browser that you wish to use when you launch an entry from your list. With command line switches, either method should allow you to optionally pop a new browser instance instead of a new tab in an already open browser, open in a private session/window etc.
@@laboulesdebleu8335 Thanks for the helpful suggestion (number one of your two), which I will be using for all my bookmarks which need my non-default browser. I don't like a cluttered desktop so my style is to create folders of shortcuts, like "GRAPHICS", "UTILITIES", "PRINT" (this would include InDesign, Acrobat, Wordpad, Notepad, Word, etc.), so I'll just have a folder, "FIREFOX BOOKMARKS". Since the contents of a folder are in text format and alphabetized, it will be like using any bookmark system. Wish I had posed this question years ago. . . .
speaking of partitioning of browsers, i would be curious to have you do a video on Qubes OS, and how it compartmentalizes everything across different workflows
Ok, I normally think highly of your very critical view of a lot of privacy topics but HSTS? Yes, an outsider as well as the site itself may be able to find that you, at some point must've made a connection to a site at some point but from what I know, that's about it. As far as I am aware HSTS is more akin to a boolean flag, that forces your browser to use HTTPS instead of HTTP. What other data is stored on the client side that would make them identifiable in your opinion? If I am actually incorrect about this and you can give me some pointers, I would greatly appreciate it.
What do you think about Eric Prince's 'UP-phone?' Has hard-switches you used to like. Looks ridiculous next to your open-source apps and dual physical-sims though. Three times the price too.
I learned heaps from this video. I never considered that javascript might capture autofill data even if i delete it out of the input box before i submit. You mention watching youtube videos in a browser, i assume because you dont want to install the app, understandable. Is this the case with all the google services you use? Maps, search, gmail, docs etc? I’m forced to use google authenticator app for 3 different sites, is there a better option than having this app installed?
Oh okay, that makes sense. Thanks. Can you use third party youtube apps on degoogled phones? Like vanced, newpipe or even the one Louis Rossmann is co-developing, Grayjay?
Hi Rob, regarding browser compartmentalization, how is behaving different profiles on Chrome / Edge / Brave etc? One for "logged in" stuf and "clean" or "one-time" for non logged stuf?
Privacy is a thing of the past .. Ai , Social media & Facial recognition , When they all connect its all over .. You cant beat the dod system. The Only way to beat it is not using it
So if they have a super cookie already, and have been collecting data, what do you do? If you suddenly change your behavior it still has your information up to current year.
Yes. There always be ISP. You don't use VPN, and your ISP will get your HTTP headers (that's how GFW and other website restircitons across the world generally works). You use VPN, and your ISP will only(still) konw that you connect to somewhere, and ISP of VPN will know your URL. But (if use a dedicated mixture of plain, VPS providers, offf-the-shelf VPN providers, and Tor) you can minimize the possibility of any single organization get your full tracks on Internet.
![BRASIL vs. URUGUAY [1-1] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 12](http://i.ytimg.com/vi/-hWBAuxF1eY/mqdefault.jpg)
Many coworkers are so concerned about privacy even covering with tape the built-in camera on the monitors at work but at the same time make their life, location, thoughts, etc. public for the whole world to see through FB, Instagram, tiktok, Twitter, etc 🙄
🤦♂️
Sounds like me 😂
I know what you mean, just like a heavy person ordering two Big Mac's, large fries, chocolate sundae, and then ordering a diet coke.
Like agent smith said : ignorance is a bliss.
Ego-powered automatons.
Use masking tape or small snippets of duct tape to cover the cameras.
For years I have told people about how violated we were where we use anything using the net. One day Iwas driving my semi as I was speaking to my step father about his up coming retirement. You see he is 6'6 and his legs have been giving him problems and so that's what particularly we were discussing. And so after the convo we hung up and it wasn't 10 min later he was calling me back asking me if I had contacted a doctor about his legs. And I said "no" I'm still driving and we just got off the phone. Then he proceeded to tell me how a doctor called him about service for his legs. I was stunned. Since then I play in settings so much I mess things up now turning everything off. I'm like the guy in comments that want to live off the grid in the woods.
Every day the idea of building a shack in the mountains and living off the land is more and more appealing. :p
No. We just need to make our own devices, use bsv, and build on original philosophies by guy who made gnu. We just need better stuff. Not just a couple half used half available things like tor
We need to setup our own comms networks
The government has become the enemy.
I was in Amish country last month...and while watching them plow the fields with horses, I realized they'd never had to call Comcast before...and suddenly their lifestyle seems very appealing.
If you know what you're doing..... already had experience living off-road,off the grid,and already knowing how to survive..... including knowing how technology works by being a licensed HAM radio operator,then no problem.
Just like Rob!
@@grayrabbit2211Pro tip: CenturyLink at 945Mbps for $75 is sooooo much faster. Plus they never try to manipulate our speeds and the router doesn't reboot randomly. We have never had to call support or unplug and rest devices...
Rob, you should create a solution to do browser separation without the additional pain of maintaining 4 different browsers.
It could be just a front end ui that encapsulates all 4 browser application, or something similar
Rob, fellow boater here. Anyone that DOESN'T own a sailboat wouldn't recognize it, but it's cool to see you recorded this onboard!!! I spent 10 years as a liveaboard and can't wait to get back at it!
Keep fighting the good fight!! Cheers
Man how the hell did you notice this wouldn't of thought of this until you mentioned it but now I think those are windows behind him also there is a very slight lateral movement in the video and then that creaking occasionally 😂 think that boat looks nicer than my house
I lived on a sailboat for 10 years and I didn't realize until I read your comment.. His boat is too neat! haha
Also, I've often wondered how "trash" and wrong passwords or pass codes are handled. Particularly, in the US where "trash" is considered "fair game", from a legal standpoint. BUT, my phone requires a pass code to get into voicemail and I don't use it very often so, when I used it the other day, I had to enter just about every 4 digit passcode I've ever used, a couple of which are still in use for other things.
Never let anyone use your account on any device. Create an account for them, even when you trust them. You can only ever trust their conscious decisions, and nobody is 100% conscious of the consequenses of their decisions.
True that. Good advice.
I made that mistake with kids I babysit
Hey Rob, suppose I’m who you call “a normie”, been listening/watching you for several months now. learned so much from you! Thank you!!! Limited to really invest my time fully, into learning IT as well as you know it, by a ‘calling’ of my own. Namely, for example, growing my own food and all that involves. But it isn’t more important than protecting my privacy! This video is an example of why I value your content so highly! As a” Normie”, don’t always understand what you try to convey, but here I do. You offer simple/real tips that I can implement myself, & in my “normie” language, again, i truly appreciate your generosity of knowledge!!! Very soon i WILL purchase one of the de-googled phones, VPN, & email services you provide.
Until then (& beyond) please don’t stop posting what you do! Your explanations & suggestions are helping me keep my data more private while allowing me to spend more of my time into perfecting my calling. youre a valuable member of society! Even though you don’t hear from many of us often or we are unable to catch you live… doesn’t mean you are not being heard, for we hear you!!! Thank you my friend! This video has been of great service towards maintaining my personal controls & privacy & really seeing what sort of thieves are in control of media. Happly Holidays! THANK YOU!!! Lupe
Well said, agree to that!
I wish you could do concise videos tackling each threat. I realise this is a lot of work, but it would help us on the tech fringe.
666...I bet u don't even believe in God....satan has u
1. Clear/delete: cookies, and unknown browser download folder items.
2. Do not use: auto fill, password manager, browser extensions, and facebook.
3. Use browser isolation. One only for all google stuff, and one or two other for the rest.
Thanks.
@@terry_willis No problem, If you’re new I’d suggest to checkout some of his other videos as well, cause this is not everything to be concerned about.
I went on step further, machine isolation. I run W11 with Edge, Chromebox with Chrome, and Linux mint with Brave, using 3 different CPU's
@@RevWillBreeze Nice, that should keep them 😵💫
@@terry_willis u SHOULD use a password manager but not the built in browser ones.. keepass is a good one, os n pretty safe n easy to use
Just a fun tip. All links that are written in video descriptions and comments will have youtube/google tracking associated with the link. So always manually copy and paste links, don't just click them.
Delete the rfid and ref strings as well
can you post a link for more info? 😂
that's how I used to google. I never clicked on the results, I selected the url written under it and dragged it to a new tab
@@sumbodee3Use to? Why change? And could you remove those glasses so we get a good look at your identity, please?
😅
@@SpaceCadet4Jesus I stopped giving a f Ain't got nuttin to hide
Thank you for this video. I was curious regarding cookies, super-cookies and ever-cookies and the security risks they pose.
i have a bunch of comments here.
1- you're just sticking your finger in the dam. browsers are hundreds of thousands of lines of code that cannot really be vetted. you code. you know about combinations. you know that the code isn't really that vetted. the industry just doesn't test that well. browsers are black box, mitm, out of the gate.
2- how about pulling a stallman, and curling all the stuff you desire. advocate for less dynamic web. advocate for sites that don't serve pages that have external js links. advocate for sites that abide by a "limited complexity" ethos.
3- the consumer is redirected into better behaviour by example. this ain't by playing stick your finger in the dam ad infinitum. a rewrite/redesign is needed to clarify the boundaries.
You sound like an employee doing damage control
The main problem is that browsers are very complicated constantly changing bits of software and dangers especially of interactions with third parties tend to be discovered too late. This can only get worse.
The constant changing IS one of the problems with browsers. Even if most bugs have been worked out, as soon as new features are added, they can potentially introduce new bugs which can be used as back-doors by clever hackers.
@@BillAnt And... the next generation of hackers will be hyper-diligent AI, and 100 percent non-human.
AI snooping will advance itself at an exponential rate, constantly improving its capabilities, as well. Humans are no more than cattle now for their masters. Their vanity and egos keep them from fully realizing the extent that they are immorally tracked, followed and manipulated.
It's a divine comedy of ignorance now- until they round us all up.
I have used browser partitioning for a long time It's super easy.
An alternative is to use a virtual machine that you reset after each use. That will wholly avoid the super cookie issue, bit it' clunky and it os easy to make mistakes.
If you still want to go that route here is what I did for quite a while. OS at the time was a self-compiled, hardened Gentoo.
Browser partitioning for every day use.
1 browser for google (keep cookies)
1 browser for surfing (delete cookies at close)
1 browser for non-google logins (delete cookies manually)
1 VM for facebook (static disk)
1 VM for banking and shopping (static disk)
1 VM for browsing (reset disk after each use)
The speed at which the browser fingerprinting becomes precise is alarming
I use a browser extension, agent... something, that allows me to change browser fingerprint to any one on a long list. I change it every time I use one of the five browsers i installed.
I also use that Safin port app.
@@a.randomjack6661 user agent switcher.
Useful against novice adversaries, experienced however will see through it like a fly screen...
@@a.randomjack6661it would be great if there was a step by step video on this. A tutorial that goes in depth on how to set up and explaining the details of what each one does. For android devices
3:57 The point is that the legitimate server disabling plain HTTP does *not* prevent a MitM attacker from serving a plain HTTP attack site of their own.
HSTS makes it so that the browser will refuse to use a plain HTTP connection to a website, for the duration specified in the HSTS header. This prevents that kind of MitM attack against browsers that have already visited the website in the past.
Also, HSTS supercookies don't work like regular cookies, you don' get to store arbitrary data and then retrieve it later at will. It just causes the browser to refuse plain HTTP for a set time. The way that it can be used to fingerprint browsers is not immediately obvious and requires clever use of a number of phony domains. Accusing the people who came up with it of "not caring about privacy at all" when it requires a sophisticated side channel attack to turn it against users is completely disingenuous.
So I built this impenetrable safe. Then I used a bike lock to lock it.
agreed, I skipped to this point at first because I don't want to waste 20 minutes of my life and that point was a lot of misinformation and mongering.
You could enable HTTPS only on your browser, so if an MITM serves an HTTP page it simply won't work. While 95% of websites use HTTPS nowadays, there are still some out there which do not. It's a two edged sword.
I was scratching my head a bit with his explanation as well.
The main problem with HSTS is that it records the sites you visit. If you delete the entries, they'll be written to the file again if you visit the site again.
Maybe some sorcery with write perms in the folder that contains HSTS file would do the trick.
@@effsixteenblock50 The problem isn't that the list of visited sites is retrievable from local files. The problem is that HSTS can be abused by malicious web service operators to fingerprint browsers.
HSTS tells browsers to use HTTPS and refuse plain HTTP, for a specific domain and duration of time.
That causes an observable difference in behavior: whether or not the browser is willing to connect via HTTP.
This gives you 1 bit of information about the browser that doesn't go away when you clear your cookies.
1 bit isn't enough to uniquely identify a browser, but that's 1 bit *per domain.*
Multiply that by a large number of domains (operated by the same entity with the express purpose of fingerprinting) and you've got yourself a way to store a persistent unique ID in a browser against the user's will.
Appropriate answer is don't let anyone use your PC and especially your login or create a separate guest login.
I am so glad you made this video!
This is a whole fuzzy grey area that I have always been suspicious of.
I tried to learn some of this from a Cyber Navigator at the library, and later found out he hacked me and others...
If you can do a whole video series on each of these aspects, that would be great.
Am clueless.
What kind of course can one take to learn more about these things?
Learning to code seems like a long involved, abstract process. I am no good at math.
Is it needed in order to use a Command line?
Questions like -
I don't use a browser, I just use a search engine.
Or pay directly on the merchant website...
Browsers are only needed for bookmarks or tabs...
If your phone has malware, using Signal or a password manager wont help...
Are there more secure keyboard apps than Gboard on Android?
You can't use a search engine without a browser.
@@alan4sure well of course you can
@@alan4surewhat about a search motor?
@@thebrowns5337 If you access anything online, you are using a browser. That's how it works. When you use the "Google" app on your phone, for example, it uses the System WebView, a faceless browser engine that all non-browser apps use to access the Internet. (Same for RUclips, Spotify, your bank...) And links you open use your default browser, even within the app. (I managed to have no default browser, so I have the choice every time.)
@@thebrowns5337 What do you mean by 'search motor'? A search engine (called "moteur de recherche" in French)? Unless you have the whole index stored at home (a massive data center) you need to send your query to a remote server. Using a browser.
Hack #2: You have passwords stored locally in your chrome browser, you pass your computer to your non-programmer cousin, he logs into his google account (which has "sync on"), all your passwords are copied to his account without further warning or notice. his account gets hacked by malware on a different computer, you are hacked. I saw this happening in practice several times.
Ah yes , sunds like how australian malware follows us in shops and location ,,, ,,, our government is the hack , and they encouraged australians to all manditorally go online , with 30 million IP servers overseas none actually in australia we have internet shutdowns nationwide ,sometimes twice a month, did you know the aussie internet still runs on Windoes 95 , cos our politicians thought to never vote to approve an upgrade over the past 30 years ,,.no wonder we have faulty internet well except for American Intelligence base that is always on,
Was his sync ON?
Best to let him use your computer under a guest account.
Your easy to digest🤔info is invaluable for so many people, thank you for pressing on and your continued diligence with handling RUclipss obstacles. God Bless!!!🙃
Surveillance state brought to you by private enterprise....Ironic
Google Chrome logo is a stacked 666 no joke
Well shit! I HAD ad-privacy turned off in Chrome! I got a Chrome update and it was all turned back on! You might want to talk about/investigate that!!!
Thanks. Everything I listen to from you is a learning experience.
You mentioned these hidden and secret Google and RUclips cookies they imbed in browsers. Could you cover their removal in a video?
Thanks again for all of your knowledge and help, sir!
No way. We don't have ALL your information yet. 😅
@@SpaceCadet4Jesus"We"
Are you a Google engineer?
thats a hackers job
Recently Snowden said (Bitcoin keynote), I am paraphrasing as I can't recall the exact words, " If you have to go thru a ton of circumvention and high tech magic to not be tracked, that's NOT freedom". I couldn't agree more! So the takeaway here for me is start fighting for our freedom at the state level, and pray for our country, 2 Chron 7:14
That's why I hate modern browsers, especially since Firefox version >35.
You no longer have any control over your data and what the browser can and is allowed to do.
To this day I still don't understand why Mozilla sold itself and gave up itself. Not only to mention the "great" developers......
I have a similar web-browsing strategy, but yours is superior. I’ll switch to it soon.
What I constantly wonder about is why there aren't constant class actions against theft of bandwidth?
Ironically I think we'll look back at the 2020's as the 'good old days before we were tracked up the wazoo'...
Not only that I use browser isolation I also use "system isolation". I access RUclips through one of the browsers on my virtual machine while using my main system for personal activity such as shopping and stuff.
I’d be interested to about partitioning that some browsers offer, like Firefox or Brave. How good at isolating data and threats etc are they? Love your work! Don’t stop. Ever!
If that were a method I'd discuss it. I don't suggest it at all.
@@robbraxmantech thanks for replying
@@robbraxmantechwhat about Android phone?
Thanks Rob - once again you've given us all something to think about.
Great info! I'm more privacy savvy than most but some of these were indeed new to me. Super cookies?!
Yes it would be an extension but how about a browser fingerprinting "fuzzing" extension that generates false information randomly every time you go to a site, or revisit it?
You can do that but there are javascript APIs that tell the websites what's really going on.
If you spoof your User-Agent string, a javascript API will basically rat on you.
thank you for sharing and explaining so clearly the various facets involved with computer privacy issues, as well as safety! Much appreciated!
That autofill thing scared me. Thanks for brining it to my attention.
I found the "DOM" acronym in the part about extensions really funny. The word, "dom," in Afrikaans means "stupid." Now, that's an appropriate acronym if there ever was one.
Ja swaar👍
Ha! Thanks
I miss the days when I could take a dump without Google knowing... This days you get in the first two minutes the chemical analysis...
Pretty incredible channel! Please tell me with specific instructions how to pay for your product without telling everybody that wants to know that I am paying for it
Simple, easy to understand explanations. Glad I watched.
You are looking ageless, Rob! I don’t get your notifications 😮. Signed up for sailing too. You are menza aren’t you. 🎉
Any implications for using Safari? I use it almost exclusively w/ Brave to bookmark sites. Is this a bad idea?Sorry to ask if you covered this apple issue previously. Thanks so much Rob.
There is a new vulnerability in Safari, iLeakage
Hello Rob thanks for all the videos you have authored I find them most informative. I know you have talked about TOR, the onion structure
and the multiple nodes excreta. Not being a typical browse have you done a focus on the TOR browser. It's strengths and weaknesses
a how to on configuring it from the same perspective as this video if so I want to see it. If not I want to see it
Great video, well done. Subscribed.
Great Report Rob! Everything Is On The Ball. It Seems I'm Constantly Role-Playing With These Terds Considering A "Shadow" Is Constant In The Digital World, That Don't Play In The SUN - Expect It As Is, IS!
Just Wondering Rob, What Are Your Thoughts About "User-Agent Switchers", Extension for Firefox header, ie Pretending to be a different browser?
Unless you're spoofing default browser settings ( kind of like a tor browser does) user agent switchers help build a unique profile that can be tracked and used in a correlation attack. It's counterintuitive but they work against good opsec
Very insightful video.
Great content Rob! Thank you! What's your take on using LibreWolf with segmented containers? ...am I still at risk of cross-website tracking?
Containers do not protect you. Stick to browser isolation
@@UNcommonSenseAUS I have never used Qubes. But I am intrigued by its functionality.
Are you using Qubes?
Is it worth the extra effort?
Does it perform well with modest hardware (say, an Intel Core i5, 16GB of RAM, and an SSD)?
There's no way any protection can do but to completely cut out online presents
It's refreshing to get the straight stuff! Thanks for this!
Thank you very much, for the most important information and the best solutions you have provided us. God bless you and your business.
Just a note, moving around on other browsers (FF, chrome, whatever), using the same IP.. doesn't mean much to people who are dedicated to scraping data. Especially when requests are within the same time frame or depending on the logs, months apart. Using a VPN could circumvent that.. since the scraped data would all be lumped over "everyone" using that IP making the data an irrelevant mess.
Using a different IP per sectioned off browser, like using your phone's data and PC on home wifi.. can segregate it like you propose. Up until you merge the phone on wifi or pc tethered to cell data. You're probably reaching paranoid levels at this point though. ;)
ok, but who are those 'people dedicated to scraping data'? Please, I wanna know who these bad men are. Do the smoke cigars?
Rob, could virtual machines mitigate tracking?
For example, if you do a clean install of Windows 10 as a guest in Oracle's Virtual Box, take a snapshot (before any web browsing), and then do your web browsing... then...
...when you are done with your web browsing, you can restore your snapshot (takes 2 seconds). Your Windows 10 guest machine will be completely restored to prior to your web browsing session.
Is there any benefit to the above? Or is it a waste of time?
Your solution, to use different browsers, is intriguing. But then each of those browsers is keeping a history of your activities. And what happens if you mistakenly use the wrong browser and visit a site that you were supposed to visit with a different browser?
I figure that by using a virtual machine (even more than one virtual machine), then you would be completely clearing out whatever your guest machine had stored, upon restoring your snapshot.
Your thoughts?
I’d like to hear his thoughts on this too!
Yes VM's solve a lot of these. But browser isolation is simpler to execute. You can do either
@@robbraxmantech Is VirtualBox trustable, knowing it's from Oracle?
I like the multiple virtual machines idea.
And yes, it is a lot more work than just using separate browsers.
There exist linux versions specially made to run in virtual machine with TOR as internet connection and special versions of Firefox that uses TOR for going on internet if you want high privacy...
8:56 - when it comes to 2 women... I'm the man in the middle ... and I'm not ashamed to do so...
As far as I knew Supercokies were removed from Firefox few years ago. Are they still a threat?
RUclips attaks firefox and slowing down firefox is this a privacy intrusion?Because ad blockers?
I was hacked and it came from Google. Had to change accounts at my Bank, Cell Carrier, so on and so forth. It was a pain in the butt.
Thanks! No I will do all the changes now!
Thansk for all you are doing to help us normies understand and improve on tech stuff relating to privacy/security. (as i see it, the more private you are, the more secure your data, etc is).
its sort of sad that even if i got rid of all tech or kept my stuff off the internet, my personal info/data could and would still get online. tracking would be not near the same degree, but there are so many places (government, business, schools, place you work) that would collect a bunch of info on you and would use their computers and internet and have all that stuff accesible.
My phones software update is now 1.6 Gb, how come?
I can remember the days when you could fit Windows XP on a CD ROM.
Thanks for the information.
Love your videos thank you so much for the knowledge. Just a side note I feel like all of your videos for a few decibels lower in audio volume than other videos. Maybe push the volume DB's a little higher. Thank you again for your help
Rob forgive me if you have all ready covered, could you make a video about google incognito tracking lawsuit ?
Long time fan thank you for your work !!
So. instead of keeping documents in the cloud, should we keep the documents only locally on one's PC and make the PC accessible remotely?
Related question/problem I can't understand despite my technical background: This happens only on mobile, Android browsers no matter Googled or de-Googled. I typically use Firefox there so we can narrow issue to it. I follow same good privacy idea as you and on installation I disable any memorizing of anything (name, email, address fields, ccards,...). I also disable any "hints" for any fields such as URL, search,... However, now and then a website form will provide me with an option when I click on the field. Say I click on empty email field and below it will appear "suggestion" of the last email I typed in some other form on the browser. Need not be the email I use at that site but, suggestion appears. I have never seen this on desktop browsers and I don't understand where the info is coming from. Any ideas? (I see this as very bad as it somehow automagically bypasses my "ban" on remembering the form fields...)
It's your keyboard
Change the settings on your keyboard 👍
@@nunyabizniz3075it's your keyboard _app_
It's called auto complete, at least on Windows.
Thank you for the video. This is super helpful.
If I accidentally logged in on Google with a browser that is meant for non-google activities, is there a way to recover my privacy other than to uninstall/reinstall?
Clear cookies and start again
@@robbraxmantech Thank you !
Browsers are such beats I think it's literally impossible to stop fingerprinting. Seriously. You can do fingerprint even through basic features like css.
Good explanation, I would buy a phone if I ever used one.
Rob, what do you think of installing AdGuard Home on a Raspberry Pi to block ads and enhance privacy?
very deep and informative content. appreciate your sharing.
Whoa.....this info. is golden. I'm glad I came across this channel. Great info and new sub.
Well, that explains how Humble Bundle so so often has book bundles about the stuff I was looking into to the past week. I'm sure it's not tailored exclusively to me personally, but if they can see the interests of their visitors, it's pretty easy to then offer anything related to that topic the next week.
Er, Web Workers do not persist when you close the tab. Service Workers do, but if i recall they only activate when visiting the domain in which they're registered. I think your information is backwards. Also, Web Workers predate Service Workers.
whatever you say. Now I program web workers of which service workers is a subset and it obviously has to keep running to do things like notifications.
@@robbraxmantech It's not accurate to say one is a subset of the other either. Web Workers are merely a running thread (referred to as Isolate in V8) parented by an outer thread. In a browser, that outer thread is typically the UI thread for a page. If you terminate the outer thread (or close the page) the sub thread is immediately terminated (as would all threads be terminated in a threaded desktop application). This is different to Service Workers which are intended to "Service" multiple pages. Because they service multiple pages, the browser cannot naively terminate them when you close a tab (because another tab may be sharing that service). Service Workers are therefore executed "out of process" and linger when a tab is closed.
Again, it is not accurate to say one is a subset of the other, the Page, Web Worker and Service Worker are all isolated processes, with the only distinction being that Web Workers run as in process threads, and Service Workers run out of process (and include Http intercept and Cache API)
Sorry, I'm a Web Engineer with 25 years experience developing on the Web. So....yeah.
so the guy made a video based of false information and the only guy that adresses the issue gets ignored and all other comments are paranoid npcs talking about living in woods?
@@BinaryReader What are 'service workers'?e.g I've never seen a firefox process run after main process is closed
A big shortcoming in all Windows OSs is the inability to make a shortcut to a website and to associate it with a particular browser. While I have 14 Windows computers, I choose to use Windows 7 the most, so that I can run some ancient software. I use Edge and Firefox, but the version of Edge that works on W7 is too old to handle some websites, so those I view with Firefox. I wish I could have desktop shortcuts that launched the correct browser instead of the default browser. This would also divide the personal information, as you suggest, among various browser, without my having to maintain and remember various sets of bookmarks/favorites.
I too have long lamented the fact that Windows did not allow for a quick, easy & intuitive method for saving URLs with a browser preference. Knowing MS, even if they did provide this; as soon as we all discovered & became dependent on it, they'd break it or decontent in a future update. There are a couple of workarounds I've discovered. First is a method that will take a tiny bit of work up front for each shortcut, but will work as if MS had provided this feature all along. Simply create shortcuts to the desired browser, followed by a space and append the intended URL. Can name & iconize the shortcut as you wish. Should be able to quickly search up how to make a shortcut open with a specific browser.
The second method is my favorite as it functions as a container of sorts instead of scattering shortcuts all over the place. That, and because most of the time when I have a preference other than my default browser, I'm also expecting to login to that site. Some (perhaps all) password managers will allow you to specify the program/browser that you wish to use when you launch an entry from your list. With command line switches, either method should allow you to optionally pop a new browser instance instead of a new tab in an already open browser, open in a private session/window etc.
You can get around that by creating a shortcut to the browser of choice, but append the desired URL as an argument within the shortcut.
@@laboulesdebleu8335 Thanks for the helpful suggestion (number one of your two), which I will be using for all my bookmarks which need my non-default browser. I don't like a cluttered desktop so my style is to create folders of shortcuts, like "GRAPHICS", "UTILITIES", "PRINT" (this would include InDesign, Acrobat, Wordpad, Notepad, Word, etc.), so I'll just have a folder, "FIREFOX BOOKMARKS". Since the contents of a folder are in text format and alphabetized, it will be like using any bookmark system. Wish I had posed this question years ago. . . .
@@marusholilacyeah, you went years in the dark. 😢
That can be done. Search online
Fun fact: when you say "like button" in the video, the button below the video player is highlighted.
Thank you very much, very informative and helpful 😮😊
Rob, Big Thankyou from Alaska,
speaking of partitioning of browsers, i would be curious to have you do a video on Qubes OS, and how it compartmentalizes everything across different workflows
Ok, I normally think highly of your very critical view of a lot of privacy topics but HSTS? Yes, an outsider as well as the site itself may be able to find that you, at some point must've made a connection to a site at some point but from what I know, that's about it. As far as I am aware HSTS is more akin to a boolean flag, that forces your browser to use HTTPS instead of HTTP. What other data is stored on the client side that would make them identifiable in your opinion? If I am actually incorrect about this and you can give me some pointers, I would greatly appreciate it.
All HSTS cookies can be scanned by an outsider so that set creates a unique signature.
Hi Rob.
Thank you so much for what you do.
Teaching us to be aware, and how to protect.
We appreciate you!
Should take it further and do entirely different machines on different networks
Are super cookies persistent in privacy tab, once the private tab is closed?
Thanks 4 this info!❤❤❤
finally someone calling out hsts bullshtit false security
What do you think about Eric Prince's 'UP-phone?' Has hard-switches you used to like.
Looks ridiculous next to your open-source apps and dual physical-sims though. Three times the price too.
Wouldn't touch that with a 10 foot pole.
I learned heaps from this video. I never considered that javascript might capture autofill data even if i delete it out of the input box before i submit.
You mention watching youtube videos in a browser, i assume because you dont want to install the app, understandable. Is this the case with all the google services you use? Maps, search, gmail, docs etc?
I’m forced to use google authenticator app for 3 different sites, is there a better option than having this app installed?
De-Googled phones cannot run Google apps. Which is critical since the spyware is tied to a Googled phone and not removable
Oh okay, that makes sense. Thanks.
Can you use third party youtube apps on degoogled phones? Like vanced, newpipe or even the one Louis Rossmann is co-developing, Grayjay?
yes works fine
Hi Rob, regarding browser compartmentalization, how is behaving different profiles on Chrome / Edge / Brave etc? One for "logged in" stuf and "clean" or "one-time" for non logged stuf?
appreciate your work, thx rob!
What do you think of the TEXT OLY Lenox browser called (I think), Lynx? Is it susceptible to a problems you mentioned?
Why not using Firefox Containers to separate the browsing profiles?
Could you please make a video about protecting your home router/network? And secure your browser for online banking.
The tips ypu gave here will not be useful in 2024 but is thr best way for starters. Subbed.
Another useful content. Many thanks!
I learn so much from you. Thank you.
Thanks, Rob! 👍👍👍
Windows 10 spies on user and makes screenshot at every mouse click. That is written in the license agreement.
Privacy is a thing of the past .. Ai , Social media & Facial recognition , When they all connect its all over .. You cant beat the dod system. The Only way to beat it is not using it
As always, you are our best protector❤🙏
So if they have a super cookie already, and have been collecting data, what do you do? If you suddenly change your behavior it still has your information up to current year.
Don't ISP's log all URLS regardless of which Browser is used, including "In Private" browsing?
Yes. There always be ISP. You don't use VPN, and your ISP will get your HTTP headers (that's how GFW and other website restircitons across the world generally works). You use VPN, and your ISP will only(still) konw that you connect to somewhere, and ISP of VPN will know your URL. But (if use a dedicated mixture of plain, VPS providers, offf-the-shelf VPN providers, and Tor) you can minimize the possibility of any single organization get your full tracks on Internet.