How do I block trackers?? DNS Block sucks. Rethink same.

gk7ncklxlts99w1

KCne That post seems to be under the common illusion that security needs to be perfect in order for it to work at all. That because new threats emerge, there is no reason to block them at all. But it goes further to say that you should not rely on enumeration, which I think is equivalent to the strawman argument against obfuscation that people rely on security through obfuscation (which I don't think is what people do, nor do I think it would even be possible). Badness enumeration, like obfuscation, like antivirus software, like anything else in security, serves as an additional layer of security on top of existing security protocols and practices. Alone it achieves nothing.

These are the kinds of people who are responsible for a lot of the FUD (fear, uncertainty, doubt) around privacy, proliferating ideas like "privacy is dead" that hinges on the false premise that because there are so many ways to track you, that there is no point trying to stop it. They're full of biases and logical errors. And like this article, FUD normally comes from the very sources of information that attempt to disabuse others of FUD. It's convincing FUD because they happen to be technically proficient, reminding me of madaidans insecurities and flatkill dot org. But it is largely sensationalist.

Skibidikatt

gk7ncklxlts99w1 so i should allow myself to be tracked? Like id like not to get google ads popups in websites please

KCne

gk7ncklxlts99w1 which I think is equivalent to the strawman argument against obfuscation that people rely on security through obfuscation (which I don't think is what people do, nor do I think it would even be possible)

OP is attempting to rely on badness enumeration to block trackers. Badness enumeration may not be the only step people take to try to project against tracking, but it can be a distraction and even a hindrance for that goal.

gk7ncklxlts99w1 These are the kinds of people who are responsible for a lot of the FUD (fear, uncertainty, doubt) around privacy, proliferating ideas like "privacy is dead" that hinges on the false premise that because there are so many ways to track you, that there is no point trying to stop it.

The badness enumeration article never said that there’s no point stopping website tracking, just that anti-fingerprinting is a more comprehensive and effective method for the problems that content blocking tries to solve. Vanadium plans to follow this train of thought.

As for the FUD and sensationalist part, I understand how some of these articles can come across as alarmist to you. However, they were ultimately made with the same goals that we share: to further privacy and security. They were written intended to soberly acknowledge risk so that it could be mitigated, and projects like secureblue and GrapheneOS have benefited from research from articles like these to make mitigations.

Skibidikatt

gk7ncklxlts99w1 it sometines blocks MY DNS ITSEF IT GIES CRAZY

Skibidikatt

GrouchyGrape block sub domains

GrouchyGrape

Skibidikatt doesn't work and you're missing the point. This isn't going to work. Did you know that many connections don't even rely on DNS resolution? How do you plan on blocking that?

I understand why you want you do what you're doing, but I'm telling you, it's going to be fruitless. DNS control is a useful general content filter, but not much beyond that.

Skibidikatt

gk7ncklxlts99w1 i put not agressive lists at all but it finds everything wierd blocks grapheneos connections itself "server didnt respond" when i click on the connection. Lemme pull up a pic so yall understand

neotux

Just configure Rethink a little bit at a time. If you go all in and use a lot of blocklists all at once then don't be surprised that things get blocked and you wouldn't know what blocked what to revert.

Reset the app and take it from there.

https://docs.rethinkdns.com

Skibidikatt

neotux i did then it started blocking my dns but ill try again

Skibidikatt

neotux i did then it started blocking my dns but ill try again

gk7ncklxlts99w1

KCne

OP is attempting to rely on badness enumeration to block trackers. Badness enumeration may not be the only step people take to try to project against tracking, but it can be a distraction and even a hindrance for that goal.

Because OP hasn't really articulated their goals properly, I don't exactly know what they're trying to achieve, so I can't really help them. Regarding the article though, I'm sure they have good intentions, but I do believe they've fallen into a trap that is all too easy to fall into. You take the existence of an exception to a rule to attempt to prove why the rule is wrong. It's the hasty generalisation fallacy.

Throughout the article it argues why various technologies that we have are faulty because they can be bypassed. I've talked about this fallacy at length on this and other privacy forums. A fence that can be "trivially" climbed over with a ladder is not a faulty fence. A window that can be broken is not a faulty window. A public toilet door, with the shitty locks that they have, are not inherently faulty just because it would be trivial to bypass them. Blinds are not pointless just because you happen to leave them open all day.

Nothing has perfect privacy or perfect security, and despite what the referenced article "The Six Dumbest Ideas in Computer Security" says, security engineers are not aiming for perfection, those that do will inevitably create insecure systems. The ability to adapt is a far more realistic, humble, and achievable goal. This applies to privacy just as much as it does to security.

The part that I am not a fan of, is how it will mislead people into thinking that they should not be using these tools (privacy extensions, DNS filters, anti virus, VPN, etc). Therein lies the FUD. It doesn't matter how "soberly" or rationally it is able to articulate why these tools have vulnerabilities if people come away thinking they don't do anything for them, when that is absolutely untrue.

The only part I agreed with was about isolation / compartmentalisation, which is something Android and QubesOS provides and I wholeheartedly agree with. The proper philosophy is to assume it's malicious. The part about Default Permit is odd, pretty much every firewall these days uses default deny, maybe default permit was more popular 20 years ago? I don't know.

mmobder

GrouchyGrape . Did you know that many connections don't even rely on DNS resolution? How do you plan on blocking that?

Just in case, rethinkdns allows you to make a small step and block "bypass DNS" attempts.

Skibidikatt

GrouchyGrape kk but i dont want no ads on websites

mmobder

gk7ncklxlts99w1 it will mislead people into thinking that they should not be using these tools (privacy extensions, DNS filters, anti virus, VPN, etc).

Those articles help to set a proper view angle on the problem, so an !adult/mature person will not take any of tools for a golden bullet, be it tor, dns blocklist or anything.
And thus helps to achieve the most of what's possible while juggling between usability (good luck with all those captchas while using orbot/tor, or lack of support for gvmt/fin apps) and privacy/security.
One of examples is that it's better to access some service using secure/privacy browser where possible instead of an app.

GrouchyGrape

gk7ncklxlts99w1 various technologies that we have are faulty because they can be bypassed

No, they are bypassed. The analogies you gave are perfect (fence, window, door, etc). The issue that this article is pointing out is that people will put up fences, windows, etc and somehow think that they are suddenly secure/private. No, you aren't. You're still completely relying on social rules that say "don't climb people's fences and don't break people's windows".

As someone who blue teams threat actors on the daily, I can personally attest to the validity of the article. Badness enumeration does not work, fundamentally.

Now, to your point, does that mean we just abandon all hope, tear down all our fences, open all our doors, set Google as our DNS resolver and give up? Of course not. But people need to understand the real limitations so they can invest their time and energy on more effective means of dealing with threat models.

Skibidikatt

gk7ncklxlts99w1

https://imgur.com/a/Xo6cpLB
This is what i mean. Rethink suxs and dns sucks. Im trying to block ads and trackers so no adpopups no googlefirebaselogging. Im not trying ti be anonymous in trying to do better

gk7ncklxlts99w1

GrouchyGrape

The issue that this article is pointing out is that people will put up fences, windows, etc and somehow think that they are suddenly secure/private

I think that's a false assumption. It reminds me of the pushback against VPNs. A particularly bad example of this was David Bombal's "Are VPNs even safe now? Hacker Explains", guest with Occupy The Web. A very trite strawman against VPNs and the people "dumb enough" to use them. Plenty of trite platitudes like "if you don't pay, you're the product" (which is old news and its more accurate to say nowadays that even if you pay, you are still the product) and "VPNs don't make you secure". The guy makes all kinds of assumptions about what people use VPNs for. I don't have such a dim view of people, and the people who know what they are used for are using them appropriately.

I really don't believe people are relying on DNS filters entirely, and the kind of people who prefer to use the term "badness enumeration" are also the kind of people who should know better than to do so. DNS filters normally come bundled with a firewall alongside other tools, and this is part of the broader philosophy of defense in depth.

If you're being attacked by someone with a gun, and all you have around you is a knife, you are better off than someone who doesn't have a knife. The tools you have might not be as good as they could be, but they're the best we've got, as regular consumers. If you're intelligent enough to identify the problems with these tools, then please put your mind to creating better tools that do work.

Skibidikatt

GrouchyGrape like hiding at home with a ak47 and defending your physical privacy. First digital then irl

Novalissoide

I found RethinkDNS a bit fuzzy and hard to navigate, but the recent update:
Version v0.5.5u, which I got from their Github releases really improved. I got tears in my eyes realising that RethinkDNS no longer spams itself by listing every uninstalled software in the main logs, 🤸‍♀️🧘👨‍❤️‍👨

Skibidikatt

gk7ncklxlts99w1 How do you got so good grammar ????

KCne

gk7ncklxlts99w1 If you're intelligent enough to identify the problems with these tools, then please put your mind to creating better tools that do work.

Madaidan did some meaningful work with Whonix, increasing security for anti-fingerprinting measures and hardening Linux. @akc3n is part of PrivSec and does meaningful work for GrapheneOS.

gk7ncklxlts99w1 It reminds me of the pushback against VPNs

People are working on solutions that try to solve the trust problems of VPNs, like with Nym and Obscura

Skibidikatt

Im not a legal adult btw (i don't hide this)