MX Linux Forum

Hello MX'ers

The following link mentioned DNS resolvers for secure cafe wifi browsing.
viewtopic.php?p=759522#p759522

Any thoughts on the privacy of Startpage's Anonymous View?
https://www.startpage.com/en/anonymous-view/
This link contains more informative links.

A redditer suggested opening this link https://browserleaks.com/ip in startpage, but opening in Anonymous View.
Many reddit comments contradicted each other.

Cheers!

My understanding of startpage "Anonymous View" is that it is pretty good, however really it just strips away all the user data except for browser and OS. ( this can already be accomplished via your web browser.)

And, by using a good DNS (in https mode) , you circumvent most of the entire 'DNS leak' issue as well.


Now, having said that
- startpage DOES collect some data of its own. (check out their privacy policy.)
- they are in a nine eyes country, so there is that.
- startpage makes money through advertising... so ?

I use duckduckgo, though I haven't gone deeper than reading their statements and comparing comments and articles, so I can't truely vouch for it being better than startpage.

MXRobo wrote: Wed Jan 03, 2024 1:24 pm ...Any thoughts on the privacy of Startpage's Anonymous View?
https://www.startpage.com/en/anonymous-view/

Didn't see it mentioned there but Startpage actually uses Google's search engine:

https://www.howtogeek.com/718781/want-g ... startpage/

It all depends on your "threat model".
but if all you want is browsing safe from anyone at the cafe, then
1. Enable DNS over HTTPS aka DoH (protec DNS requests).
2. Any proxy or VPN is better than webpage ones like startpage's.

If you want to be safe from cafe and the endpoints you're visiting, then the rabbit hole goes pretty deep.
Start here:
github.com/abrahamjuliot/creepjs
coveryourtracks.eff.org
browserleaks.com is good too
Javascript fingerprinting is probably the most invasive tracking on the server side (vs network/cafe side)
and a very important one is MAC randomization

thats all if you want to customize your system or learn
if you want to easily just blend in and be private and anonymous, you need a Live OS

Hello all, thanks for the replys.

If you shrink the view on this website: https://searchengine.party/ you can easily see that generally the ones closer to the top have more green.
But I'd think that some columns are not as important, or not even a concern in particular situations.
For example, Onion Service, IPv6, Adult Filtering, or the Proxy Service, I don't really understand Post Request Support.
New - SearX queries are submitted via HTTP POST, to prevent keywords appearing in the linked sites' server logs.

Not sure who the source is - https://gitlab.com/nitrohorse or SearXNG https://github.com/searxng/searxng

And I've been meaning to thank you @FinalFox420 for some time for the LibRedirect extension.
I've been using it since shortly after you mentioned it – love it. I may try to work the https://farside.link/ into it also. I assume that you saw the other extension for that – redirector. And thanks for the links.

=========================================
The first link that I provided also has "GET URLS" on the right side of the page for adding directly into your browser settings for search engine shortcuts like d = https://duckduckgo.com/?q=%s
https://thenewleafjournal.com/adding-cu ... k-machine/
Obviously, slightly different method for Chromium and Firefox based browsers.
===================================================================

Back to Startpage's Anonymous View, I don't really use Cafe wifis, but I was specifically interested in the "Anonymous View' and the links within my original link:
https://support.startpage.com/hc/en-us/ ... View-work-
https://support.startpage.com/hc/en-us/ ... al-details
https://support.startpage.com/hc/en-us/ ... ymous-View
keywords: proxy, user agent, javascript, vpn, fingerprinting.

Re: the chart, "Disabled JS Support" I think Startpage may be able to disable when using Anonymous View.
Startpage and MetaGer appear to be the only search engines that provide a proxy service.

Here's a biased "comparison" of Startpage and DDG, and this is probably an equivocation fallacy, but they all have cons. https://reddit.invak.id/r/privacy/comme ... ?context=3
https://www.computing.co.uk/feature/308 ... nes-review
(pg. 2) was not pleased with Startpage's investment by System1.
Here's an update: https://www.computing.co.uk/news/401733 ... investment


I'm slowly gravitating to more privacy, security, and anonymity but most of this is new to me, particularly the DNS, proxy, and anything to do with wifi, routers, proxy, etc.

Currently, I use the Brave Browser set fairly securely, and I use Privacy Badger, Ublock-Origin in medium or hard-modes depending on the browser, sometimes Chromium, and I realize that some of these can conflict with each other. I recently installed Mullvad Browser, and I'll probably use Mullvad, Librewolf, maybe arkenfox, and fallback to Brave.

I use, or will VERY soon start to use, Startpage, DDG, a few of the SearXNG instances as some have TOR capabilities and , maybe Brave, MetaGer the [Searx (e foundation) https://spot.ecloud.global/ which is murena, good free privacy email with IIRC, no phone or email require to sign-up], and others, Qwant, Swisscows, etc.

I still need to look into DNS, the links form this link: viewtopic.php?p=740084#p740084
[CharlesV link included] which seemed like opening a can of worms. https://www.grc.com/dns/dns.htm

Thanks all for replying – any thoughts on the Anonymous View specifically, and the proxy and/or keywords I mentioned.

MXRobo wrote: Sat Jan 06, 2024 1:20 pm Back to Startpage's Anonymous View, I don't really use Cafe wifis, but I was specifically interested in the "Anonymous View' and

Re: the chart, "Disabled JS Support" I think Startpage may be able to disable when using Anonymous View.

Startpage and MetaGer appear to be the only search engines that provide a proxy service.

Here's a biased "comparison" of Startpage and DDG, and this is probably an equivocation fallacy, but they all have cons.

I use, or will VERY soon start to use, Startpage, DDG, a few of the SearXNG instances as some have TOR capabilities and

I get the impression from this that Startpage is the be-all and end-all of online security, which simply isn't true. It may be a fine search engine and it may take user privacy very seriously, but I would encourage you to look at the bigger picture of what, exactly, you're trying to secure.

There's online security, as in "no one can steal my credit card info when I buy something from eBay", there's privacy, as in "no one knows I'm shopping for fuzzy handcuffs on eBay", and then there's anonymity, as in "eBay doesn't knw who is buying fuzzy handcuffs on their website and can't give any personally-identifiable information about the transaction to the police".

As FinalFox420 mentioned, it all comes down to your threat model. Do you have a vested interest in protecting yourself online because you are at risk for persecution or punishment by a state entity? Or do you just want to not have your ISP snooping on your shopping habits? Both of these are valid concerns, and you should tailor your efforts accordingly.

This means understanding, and understanding well, that all Internet traffic deals with endpoints: your computer asks a server somewhere a question, and that server sends a response. Everyone who handles that packet can see their part of the transaction and can inspect the packet's "to" and "from" addresses, as well as its full contents. So if you want to browse securely at a coffee shop, you will want to be able to decide if using the default in-house DNS resolvers they provide is a good idea. Even if you're searching on the best search engine there is, your DNS queries will give away exactly which websites you're trying to find, even if the data between your machine and the destination is encrypted.

This is a very complicated topic, and I'm sorry to say that just using Startpage or DuckDuckGo isn't an easy fix.

I think FinalFox420 's first line in his post pretty much says it all. And really the question is what are you trying to achieve?

If your goal is to shutdown ads, thats pretty much a couple of different steps.
If your wanting to hide from your isp thats slightly different model.
If your wanting to protect yourself from cafe wifi, another set of steps.
If your goal is to be completely hidden from everyone and everything... then you have a bunch of work ahead of you and continued work - and imo ... not going to ever REALLY happen.

I'll be, and was, the first to admit that I do NOT know this stuff, and I don't know how you got the impression that I believe that Startpage is "the be-all and end-all of online security" as that is why I created the topic; although I did include some links in defense of Startpage, but I hope that others would realize that defensive links do not exclude, or are not mutually exclusive of anything against a product either.

But seriously, thank you very much for the reply and info.
As I stated, I don't have a solid grasp of "all of this", i.e. privacy, security, and anonymity (and more) , but I generally know the difference, hence listing them individually, and my current threat model is not that of attempting to elude ending up in fuzzy or any other handcuffs, so currently I'm more concerned with privacy and security – maybe some overlap - but yea need to be conceptualized separately.

================================================================================================================================================
I did however, post because I was wondering if perhaps Startpage's Anonymous View could do what, or something similar to what you @DukeComposed posted in my original link regarding the DNS because of reading this:

How Anonymous View protects your connections

The Startpage proxy protects users who connect over untrusted internet connections, like public Wi-Fi in coffee shops and airports. It also protects against DNS attacks, like DNS hijacking, because communications are encrypted and sent over a secure HTTPS channel. All non-HTTPS connections are blocked.
quote

[and also seeing the Proxy Service in Startpage and MetaGer in the chart – again, I don't really understand this either.]

I think you will believe me when I state that I don't intuitively – or maybe otherwise - understand DNS resolvers yet, but thank you for the entire paragraph that contained this:

your DNS queries will give away exactly which websites you're trying to find, even if the data between your machine and the destination is encrypted.

as it clarified a lot because I was seeking thoughts regarding Startpage's Anonymous View claims, and while they may be accurate, and although in hindsight rather obvious, I simply did not know the what to look for to find the weaknesses.
========================================================

Good news, recently, I also added/been using more private email aliases than the aliases that I had before, virtual CC's, and firejail. The last step may be DNS resolvers at the router level, perhaps VPN at the router level too.

@CharlesV, I am willing to put in some work to obtain these goals, albeit slowly, and yes hiding in a cave might be one solution – that and a license-plate cover flap.

Yes, it's complicated and thanks for the replies.

So... no startpage anonymous view does NOT filter out DNS. (in fact, there is NO mention of DNS on the startpage anonymous view page at all! NOR is is a VPN...

What many people dont realize is that there are three pieces here that all come into play:
A) search
B) DNS call
C) URL call/connection

A VPN typically, but not always, interjects its own DNS, so IT sees / knows where you go, but then it has sole discretion on what it does with that knowledge!

VPN's hide from your ISP the URL call / connection and in most cases the DNS call, but not the actual search. (where you went to search yes. But the search itself is all search engine based - so that se knows what you searched for - and in many cases knows who you are too - vpn or not!)

Additionally, startpage talks about 'their https' connection ( no big deal since pretty much everyone is!) , and it says something key "acts like a vpn" ... but IS NOT a vpn. I can packet snoop ALL startpage hits (not what I search for, but that I *am* going there.)

And in my opinion - this is WORSE than many since it leaves a very false sense of security ! Really, only your search is supposed to be private. Nothing else.

CharlesV wrote: Sat Jan 06, 2024 3:05 pm So... no startpage anonymous view does NOT filter out DNS. (in fact, there is NO mention of DNS on the startpage anonymous view page at all! NOR is is a VPN...

What many people dont realize is that there are three pieces here that all come into play:
A) search
B) DNS call
C) URL call/connection

A VPN typically, but not always, interjects its own DNS, so IT sees / knows where you go, but then it has sole discretion on what it does with that knowledge!

There's more do it than that. If you visit a website, there are all manner of surveillance utilities that can follow you around during your browsing session and record your activities in order to learn your behaviors, customize your advertising demographic information, and so on. So beyond the matter of making sure that your connection is secure and that you aren't leaking DNS queries, you now also need to be aware that your actual browsing habits may be monitored as you navigate around various websites. Even your choice of browser and browsing habits can be fingerprinted and used to de-anonymize you by someone with enough data, resources, and time.

You can get very paranoid about this sort of thing very quickly. So again I suggest that the real question to be answered here is "What is your threat model?" If you use something like a VPN and tunnel all of your traffic through a different endpoint, you're pretty much safe from coffee shop snooping, but someone, somewhere, is still going to know what sites you're visiting purely because you're visiting them.

Once, many years ago at my local coffee shop, I walked in and ordered a coffee. I usually took a few minutes to chat with the staff and we were all friendly with each other. Suddenly, a guy sitting near the register interrupted us. "Hey, who's DukeComposed?" he asked.

He was sitting alone with his laptop. He'd set his network card to promiscuous mode and was just sniffing all the local wifi traffic. By simply being in the area, my phone had authenticated with the local access point and, as iPhones do, had negotiated its presence online as "DukeComposed's iPhone". We chatted for a few minutes and he blabbered quite a bit about how he believed all information should be free. I smiled and asked if that extended to his credit card information.

He stammered on a little bit about yeah, no, not really all information should be free... and when my coffee was ready I removed myself to sit in a different part of the coffee shop. I summarily changed the name of my iPhone to something like "localhost" and went on with my life.

Some random guy in a coffee shop learning my name might seem like an egregious violation of privacy but it was easily information that the staff all knew and they would call me by name, out loud, all the time. I wasn't a journalist researching a controversial topic that could land me in jail. I was just someone with an iPhone in its default config, but it was still surprising. If he hadn't cringefully said something about it, I would never have known.

Figure out your threat model. And then adapt to it accordingly.

Exactly! I was trying to stay out of the weeds with how far this can be taken, but you have done a great job of describing it!

And an interesting story. Over the years, I have managed many hotels (still manage 9 ) and I cannot tell you how bad the wifi on them has been. Several when I took them over had no isolation and several managers really didnt want big upgrades and security, and just watching how their traffic was... was seriously alarming.

There is no end to how companies and people can spy on you, and working out the solution to keep as much privacy in place as possible is no simple thing and required layers and understanding to make it all happen.

CharlesV wrote: Sat Jan 06, 2024 4:51 pm Exactly! I was trying to stay out of the weeds with how far this can be taken, but you have done a great job of describing it!

And an interesting story. Over the years, I have managed many hotels (still manage 9 ) and I cannot tell you how bad the wifi on them has been. Several when I took them over had no isolation and several managers really didnt want big upgrades and security, and just watching how their traffic was... was seriously alarming.

There is no end to how companies and people can spy on you, and working out the solution to keep as much privacy in place as possible is no simple thing and required layers and understanding to make it all happen.

Hotels, of many different price ranges, all universally have pretty poor wireless access. One of the best things you can do for your own peace of mind when travelling is to just set up a remote system somewhere else and tunnel to that for all your Internet usage.

The biggest takeaway here is to start thinking about your online security in layers. This goes along with "compartmentation", the idea that everything you do is siloed into isolated, unconnected sandboxes and by combining multiple different security mechanisms, no one compromised component gives away the whole store.

Precisely! a *real VPN* has been my solution for traveling - tunnel back to my systems and through my router :-)