[GUIDE] How to be safe on the internet! VPNs & Extensions

AgainThere
by AgainThere · 10 posts
2 years ago in White Hat Activities
Posted 2 years ago · Author
VPN

VPNs (Virtual private networks) are a fantastic way of staying somehow anonymous on the internet, unless you are doing some bad stuff, which you shouldn't btw, then you will most likely get caught anyway. They are especially great when you are on a public wifi connection.
They are also a great way to bypass certain country based restrictions like on Netflix etc.
And remember, you are not invincible just because you use a VPN.

The three most common VPNs are the following:

ExpressVPN
Mullvad VPN
PIA (Private Internet Access)
NordVPN

Extensions

There are a TON of extensions out there, some are better than others and in this section I will go through the ones that I feel the most comfortable using and why.

UBlock - One of most known adblockers out there, it's great for what it does. There is also a bit of customization that you can do within the extension settings, like custom filterlists, custom list of trusted websites etc.

Malwarebytes Browser Guard - Protects against malware, scams, pups and can block ads and has a really simple ui. You can also enable/disable any of the options available in the extension. It may sometimes want you to upgrade to a paid plan but that's just what companies do, ain't it? It's a great extension and I'd say that malwarebytes is one of the few companies I actually trust a bit.

Lastpass & Nordpass - Simply put, they store your password in a secure place so that you'll never forget your passwords again. I do want to note that both of those companies has had a security breach in the past but I to this stay still use them. If you are afraid to use them then write your passwords down and save them on an encrypted drive.

FastForward - Probably my favorite extension on this list! It bypasses shorturls, bypasses links that makes you wait 5-60 seconds, bypasses links that make you do a certain action, like subscribing to a youtube channel etc and best of all, it helps prevent your ip getting logged on certain sites and it's open source!
Posted 2 years ago
Claiming using a VPN makes you anonymous on the internet is a dangerous broad statement to make and factually false. If you log into a website with your personal information, it doesn't matter what IP you're assigned.



This notion that VPNs keep you anonymous and safe is a narrative pushed by these companies to make money off people who don't know any better. Do you really think they advertise so heavily because they care about your privacy? No, they want your money and your data. Most VPNs log what you do with them and send/sell that information to government entities and advertising agencies.

A VPN is mostly useful for bypassing region locks or avoiding complaints from your ISP when using public bittorent trackers.

If you truly want to stay anonymous on the internet, you have to educate yourself on how the internet, computers and modern tech works. Websites these days track way more than your IP address. In fact, your IP is one of the things they care the least about. They build profiles on you by gathering as much data as they can about you. This includes things such as:

Hardware
  • What gpu you're using
  • What cpu you're using
  • How much ram you have
  • connected peripherals (mice, keyboard, sound devices, usb drives, etc)

Software
  • Operating system name
  • Operating system version
  • Operating system account information
  • Your installed fonts
  • Installed software
  • Log files
  • Your mac address
  • Web Browser name
  • Web Browser version
  • Web Browser plugins
  • System Timezone

Online activity
  • Web Browser Cookies
  • What websites you visit
  • Any information you fill out on your profile (username, address, pictures, phone numbers, country)
  • Your friends profile information
  • Bookmarks
  • How long you visit a website for
  • Your mouse cursor activity (where it goes, how long it stays hovered over elements, etc)
  • The names and ids of networks your connect to

The above is not an exhaustive list but I hope it starts to give you an idea of the kind of information that almost all websites/companies these days use to build a profile on you. In case anyone is wondering, yes this includes IMVU. Also, this doesn't even begin to cover things such as phones and other smart devices with cameras. Those things also record audio/video and GPS data.

Hopefully you can start to understand why claiming a VPN makes you anonymous is dangerous. It's pretty much impossible to stay 100% anonymous on the internet these days but there are things you can do to make it more difficult for entities to build a profile on you. I highly recommend doing your own research but here's a few tips:

  1. Use an adblocker.
    An adblocker not only makes pages load faster and make content easier to digest, but it can also protect you from scam popups and ads with malicious payloads. I personally recommend UBlock Origin for Firefox and UBlock Origin for Chrome
  2. Use a script blocker.
    A script blocker prevents javascript from running. A lot of tracking systems are powered by javascript these days. However, a script blocker can also protect you from malicious scripts such crypto miners that eat up your system resources in the background or malware.

    The downside is a script blocker requires effort and knowledge to use properly since it blocks all scripts, so lots of websites will appear broken or stop working altogether. You have to know which scripts to allow and which ones to block.

    I personally recommend NoScript for Firefox and NoScript for Chrome
  3. Clear your browser cookies often.
  4. Use different registration information for every website/service (email, password, username, etc)
    One of the easiest ways to be tracked online is to sign up to multiple websites/services with the same username and email. Especially popular ones like social media.
  5. Don't fill out personal information


Now obviously this makes using the internet harder and inconvenient so it's up to find the right balance of privacy and usability.


AgainThere wrote:
UBlock - One of most known adblockers out there, it's great for what it does. There is also a bit of customization that you can do within the extension settings, like custom filterlists, custom list of trusted websites etc.

I highly recommend avoiding UBlock. UBlock started accepting bribes by companies to let ads through years ago. I recommend UBlock Origin instead, It's a fork of UBlock and does not allow companies to pay to have ads let through.
Posted 2 years ago
I was a complete idiot and thought VPN only changes your physical location. Data was not impressed haha.


@DataMine
teach me your ways. :pinkheart:
Posted 2 years ago
Yea, like people think the way they get banned by imvu is with their IP address. Which is usually untrue. The company they use, bans your device.
Posted 1 year ago
@DataMine

DataMine wrote:
Use a script blocker.
A script blocker prevents javascript from running. The downside is a script blocker requires effort and knowledge to use properly since it blocks all scripts, so lots of websites will appear broken or stop working altogether. You have to know which scripts to allow and which ones to block.I personally recommend NoScript for Firefox and NoScript for Chrome


which scripts should we block and allow for imvu? the normal settings doesnt let the site even load and im confused on if the checked boxes mean its allowin' it or blockin' it
noscriptsettings.png

Posted 1 year ago
@Caleidanna


I consider NoScript overly aggressive, unfortunately for this type of plugin, as opposed to what you can do with adblockers, there aren't predefined blacklists or whitelists (at least not to my knowledge) that you can use, so manually setting up the various rules (for each individual website) can be annoying.

In addition to NoScript, another good plugin might be Privacy Badger. As far as I know it is more focused on blocking scripts and tracker elements rather than any component "outside" the html code (as NoScript does). Obviously it will be impossible to display anything on modern websites if elements such as css, fonts, objects, webgl, (media) and so on are systematically blocked.
Privacy Badger should at least selectively block only certain elements that are deemed necessary to block and should have a minimum of self-learning
Posted 1 year ago
Can you ever really be "safe" on the internet? I feel like its a unicorn situation.
Posted 1 year ago
@NEKALION

Depends what you mean by safe. If safe to you means not getting viruses/malware, then yes, you absolutely can. I haven't gotten infected by anything in a decade. If by safe you mean privacy wise, yes to an extent.


@Amarok78

NoScript is a tool for advanced users and is for much more than blocking ads. It is supposed to be aggressive. Malicious actors can do a lot with Javascript these days. Of course if you're someone who only visits sites like social media or news, you probably don't need it (unless you care about privacy). But as someone who visits a lot of unknown sites on a daily basis and cares about my privacy, NoScript is a must to protect myself from malicious and/or tracking scripts.


@Caleidanna

The S with the cross over it means the domain is blocked. Clicking this will block the domain and everything on it. This is the default setting and will cause a site to break if they rely heavily on scripts.

The S with the clock on it means the domain is temporarily allowed. Clicking this will temporarily allow the domain to run everything.

The S with nothing over it means the domain is allowed. Clicking this will permanently allow the domain to run everything. Only use this option for sites you trust, like ours.

The S with the tools over it means custom settings. Clicking this allows you to allow some things but not others. For example, you could allow iframes but not scripts.

These are the settings I use for IMVU's website:
2023-01-16_124104.png


Basically, I allow IMVU.com and pinimg.com and block everything else.


Btw, in case you're confused on what domains are, in simple terms they are the human readable website name. The reason you see many domains when you go to IMVU.com (or pretty much any other website) is because IMVU.com is using content from other websites. These could be scripts, images, audio or any other content. In general, whenever a website makes requests to another website, it will show up in NoScript. This is very handy for quickly identifying malicious actors and someone what tech the site is built with.

For example, IMVU lets you log in with FaceBook and has FaceBook sharing features, so it uses scripts from FaceBooks server to power these features. So FaceBook.com shows up in the domain list letting you know IMVU is using content from Facebook.

If you click the custom settings option for FaceBook, you can see exactly what IMVU is using highlighted in red:
2023-01-16_125059.png

Make sure to disable FaceBook again after you're done looking.
Posted 1 year ago

@DataMine
DataMine wrote:

The S with the tools over it means custom settings. Clicking this allows you to allow some things but not others. For example, you could allow iframes but not scripts.


do you use custom settings for imvu? im not too sure on what to allow and not allow or if everythin' from imvu can be trusted
noscriptsettings.png

this is the default look for custom
Posted 1 year ago
@Caleidanna


No, I have IMVU white-listed. Their site becomes unusable if you block anything and while it does have the blucava tracking, there isn't really anyway that I know to only block it without also blocking the scripts that power the basic functionality of the site.

Wonder if Ublock Origin could help with this, might be something I'll look into.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT