Before I start, I won't respond to the usual suspects here. I'm hoping
for a reasonably sensible discussion (we can always live in hope!). This
is intended to be just that too, a discussion, not an argument, just
mulling over my thoughts, and interested in what others are doing more recently.
So... It looks like as our future becomes the present, it certainly
seems there are more vulnerabilities around, an *all* devices,
regardless of OS. Most are not the traditional viruses of course, but
there are many ways the perps can find to hack into our lives. Perhaps
we do need to think about protecting ourselves from our own stupidity (especially as we get older ;-)).
First, on the Mac, I've been using most of the tools from Objective-See. Particularly Block-Block and LuLu, and have installed RansomWhere too.
These seem like no-brainers to me. They work quietly in the background,
don't seem intrusive, nor hog any system resources. From what I can see
about Patrick, he's up there amongst the most respected with regard to
the matter.
On top of that, I just keep a copy of Bitdefender installed, the fee one
off the App Store. I run it occasionally. It's never found anything,
ever (yet!).
That's pretty much it for the MacBook.
On my iDevices, I generally haven't bothered much. Other than trying a
few of the Ad-blockers. I stick with Wipr as a default
My home router is set to use Cloudflare DNS, so the rest of the network
gets some protection from that - i use the 1.1.1.3 server. If I need
less cover, I can manually use a different address on a device.
That's been it up to now, and is usually all I have installed.
However, I also try out alternatives, and thought I'd just add those
too, as a matter of discussion.
My ISP (PlusNet) offer free security software. Currently it's a modified Norton 360 account. I don't normally bother at all with any of the 'AV' solutions, but as it's free, and has some elements that appear useful, I
gave it a go (more than once).
But yeah, it's awful. It's intrusive, a resource hog, and stops many
things, and sites, from working properly. It's Ok for some things, but
the cons outweigh the pros for me. I am a bit puzzled by the number of
No.1s it gets in reviews (of course it could still be the best there is
if the others are even worse).
Wanting to enhance my privacy, I also tried AdGuard and 1Blocker (I did
buy the 'premium' upgrades when they were on sale). However, they're OK,
but also too intrusive, and resource hungry, and break a lot of sites
being a bit zealous in their effectiveness.
A couple of weeks ago, I decided to have a go with NextDNS. It looks to
me like it falls between something like CloudFlare, and the on-device blockers. It offers a DNS level of filtering, but with a really in-depth level of customisation. I'm actually quite impressed so far. It does
work alongside Private Relay too (which most of the others don't).
It's also much easier on the iDevices, and the biggest change I've
noticed is how much less battery usage I'm seeing now.
Looking at the logs is quite an eye-opener too. The number of Whats-App events it's filtering is astonishing - by far the largest number of
entries from any app or service.
Anyway, that's it for now, all the best.
On 04.06.2024 18:55, Andy H wrote:
Before I start, I won't respond to the usual suspects here. I'm hoping
for a reasonably sensible discussion (we can always live in hope!). This
is intended to be just that too, a discussion, not an argument, just
mulling over my thoughts, and interested in what others are doing more
recently.
So... It looks like as our future becomes the present, it certainly
seems there are more vulnerabilities around, an *all* devices,
regardless of OS. Most are not the traditional viruses of course, but
there are many ways the perps can find to hack into our lives. Perhaps
we do need to think about protecting ourselves from our own stupidity
(especially as we get older ;-)).
First, on the Mac, I've been using most of the tools from Objective-See.
Particularly Block-Block and LuLu, and have installed RansomWhere too.
These seem like no-brainers to me. They work quietly in the background,
don't seem intrusive, nor hog any system resources. From what I can see
about Patrick, he's up there amongst the most respected with regard to
the matter.
On top of that, I just keep a copy of Bitdefender installed, the fee one
off the App Store. I run it occasionally. It's never found anything,
ever (yet!).
That's pretty much it for the MacBook.
I do not use any of these snake oil apps. As Linux- and Mac-user I do
not work as Admin/Root. For my everyday-use I have a separate account.
This is the most important single factor to harden your system. What you certainly do not need is Bitdefender.
Activate the "Mac-onboard-firewall".
On my iDevices, I generally haven't bothered much. Other than trying a
few of the Ad-blockers. I stick with Wipr as a default
Again a secure configuration of the OS and the installed software is
key. Third party software increases the area of attack and cannot be recommended.
My home router is set to use Cloudflare DNS, so the rest of the network
gets some protection from that - i use the 1.1.1.3 server. If I need
less cover, I can manually use a different address on a device.
That's been it up to now, and is usually all I have installed.
However, I also try out alternatives, and thought I'd just add those
too, as a matter of discussion.
My ISP (PlusNet) offer free security software. Currently it's a modified
Norton 360 account. I don't normally bother at all with any of the 'AV'
solutions, but as it's free, and has some elements that appear useful, I
gave it a go (more than once).
Snake Oil. It destabilises your Mac. Usually nonsense Windows-users
like. Norton is btw the worst of all these providers.
But yeah, it's awful. It's intrusive, a resource hog, and stops many
things, and sites, from working properly. It's Ok for some things, but
the cons outweigh the pros for me. I am a bit puzzled by the number of
No.1s it gets in reviews (of course it could still be the best there is
if the others are even worse).
Wanting to enhance my privacy, I also tried AdGuard and 1Blocker (I did
buy the 'premium' upgrades when they were on sale). However, they're OK,
but also too intrusive, and resource hungry, and break a lot of sites
being a bit zealous in their effectiveness.
A couple of weeks ago, I decided to have a go with NextDNS. It looks to
me like it falls between something like CloudFlare, and the on-device
blockers. It offers a DNS level of filtering, but with a really in-depth
level of customisation. I'm actually quite impressed so far. It does
work alongside Private Relay too (which most of the others don't).
Now they can track you perfectly. I do not trust American DNS-providers.
Even not the big ones in Europe.
Use Firefox and implement DNS over HTTPS. https://unicast.uncensoreddns.org/dns-query
A small Danish private provider.
It's also much easier on the iDevices, and the biggest change I've
noticed is how much less battery usage I'm seeing now.
Looking at the logs is quite an eye-opener too. The number of Whats-App
events it's filtering is astonishing - by far the largest number of
entries from any app or service.
Anyway, that's it for now, all the best.
That is much much more than enough!
OK, so I probably didn't really make it clear of my thoughts here. That
was kind of exactly the response I was expecting.
I'm not really that concerned about direct attacks on the MacOS/iOS
systems. I know that AV software is pretty much a waste of space on
those systems. I keep my devices up to date, and try to be aware of
anything that doesn't seem right.
It's more about preventing me accidentally missing something daft, and
being taken to a malicious place. I don't expect it would happen, but
it's possible. For many of those, it doesn't matter what OS you're
using. But, it's mostly necessary to install the crap you don't need to
get any kind of protection against such threats.
For many of those, it doesn't matter what OS you're
using. But, it's mostly necessary to install the crap you don't need to
get any kind of protection against such threats.
We have to trust somebody, or nobody, and turn off the Internet!
Use Firefox and implement DNS over HTTPS.
https://unicast.uncensoreddns.org/dns-query
A small Danish private provider.
And they can be trusted more because...?
I tried the link, but Safari can't open it. Looks like it's got blocked!
On 4 Jun 2024 at 22:29:43 BST, "Andy H" <thewildrover@icloud.com> wrote:
We have to trust somebody, or nobody, and turn off the Internet!
Use Firefox and implement DNS over HTTPS.
https://unicast.uncensoreddns.org/dns-query
A small Danish private provider.
And they can be trusted more because...?
I tried the link, but Safari can't open it. Looks like it's got blocked!
It won't open in Arc. I get "DoH non-compliant query".
Again a secure configuration of the OS and the installed software is
key. Third party software increases the area of attack and cannot be
recommended.
That's a bold statement. That's assuming the developer is untrustworthy,
or incompetent.
On 4 Jun 2024 at 22:29:43 BST, "Andy H" <thewildrover@icloud.com> wrote:
We have to trust somebody, or nobody, and turn off the Internet!
Use Firefox and implement DNS over HTTPS.
https://unicast.uncensoreddns.org/dns-query
A small Danish private provider.
And they can be trusted more because...?
I tried the link, but Safari can't open it. Looks like it's got blocked!
It won't open in Arc. I get "DoH non-compliant query".
Do you only install apps, for a Mac, from the App Store then?
I think you can assume:
1. MacOS / iOS of itself is secure, to the best of Apple's ability. You need to install updates in a timely fashion, but no third party tool is going
to improve on Apple's security
2. The software you run may be insecure, and may have privacy issues. These can be mitigated by:
a) Treating software installation as a serious business. The less you install the less risk you are exposed to
b) Getting the software from a trustworthy source (eg the Mac App Store, a well known developer, etc). Go direct to the developer, don't download from third party download sites.
c) Pay attention to warnings like Gatekeeper / notarisation / etc
d) Being careful which permissions you grant to the software (don't let them have Contacts or Photos if they don't need them)
3. Tools that claim to improve your security are a double-edged sword.
Often they require a lot of privileged access to do their job, and so installing them can increase not reduce your attack surface (now you have to trust both Apple and the AV vendor not to have vulnerabilities). See also point 2.
4. Tools to improve your privacy are potentially less invasive. For example, encrypting files so that a malicious app that tries to access them only sees ciphertext. Others are more invasive but some of these tools are handy in terms of disrupting privacy-invasive behaviour - eg Little Snitch messes with your network connectivity in order to can block apps phoning home. Similarly adblockers can prevent websites tracking you.
From your response it seems like you are installing a lot of software to address perceived threats (this sounds a bit similar to Mr B of this
parish). I would step back and work out what your threats actually are, and look for the minimal setup that will do the job. The fewer tools you have the less exposed you are to problems with the tools.
I understand the worry about failing to bolt a door you didn't know you had, but perhaps a way to think about it is that Apple does a pretty good job of bolting doors in the default configuration, so really it's only likely to be a door you yourself opened.
Another way to do it is to separate the place with your private data and the place you're running some of your security tools. eg if you want to block ads using DNS, do that on your router or via something like a Pihole. That way the only thing the Pihole can do is mess with your network, it can't steal your contacts because they're on a completely different machine.
Theo
On 05.06.2024 08:56, Bernd Froehlich wrote:
On 4. Jun 2024 at 23:29:43 CEST, "Andy H" <thewildrover@icloud.com> wrote: >>
Again a secure configuration of the OS and the installed software is
key. Third party software increases the area of attack and cannot be
recommended.
Yup. Good advice.
That's a bold statement. That's assuming the developer is untrustworthy, >>> or incompetent.
Incompetent definitely describes Norton.
There was a time when it actually bricked the OS.
I would not let it near my hardware.
SIC and +1
On 4. Jun 2024 at 23:29:43 CEST, "Andy H" <thewildrover@icloud.com> wrote:
Again a secure configuration of the OS and the installed software is
key. Third party software increases the area of attack and cannot be
recommended.
Yup. Good advice.
That's a bold statement. That's assuming the developer is untrustworthy,
or incompetent.
Incompetent definitely describes Norton.
There was a time when it actually bricked the OS.
I would not let it near my hardware.
On 2024-06-05, Jörg Lorenz <hugybear@gmx.net> wrote:
On 05.06.2024 08:56, Bernd Froehlich wrote:
On 4. Jun 2024 at 23:29:43 CEST, "Andy H" <thewildrover@icloud.com> wrote: >>>
Again a secure configuration of the OS and the installed software is >>>>> key. Third party software increases the area of attack and cannot be >>>>> recommended.
Yup. Good advice.
That's a bold statement. That's assuming the developer is untrustworthy, >>>> or incompetent.
Incompetent definitely describes Norton.
There was a time when it actually bricked the OS.
I would not let it near my hardware.
SIC and +1
The only Norton product I might buy is this:
<https://shop.nortonmotorcycles.com/products/norton-v4sv>
But my wife says (quite rightly), don't be silly especially at your age ;)
On 4 Jun 2024 at 22:29:43 BST, "Andy H" <thewildrover@icloud.com> wrote:
We have to trust somebody, or nobody, and turn off the Internet!
Use Firefox and implement DNS over HTTPS.
https://unicast.uncensoreddns.org/dns-query
A small Danish private provider.
And they can be trusted more because...?
I tried the link, but Safari can't open it. Looks like it's got blocked!
It won't open in Arc. I get "DoH non-compliant query".
On 2024-06-05, Jörg Lorenz <hugybear@gmx.net> wrote:
On 05.06.2024 08:56, Bernd Froehlich wrote:
On 4. Jun 2024 at 23:29:43 CEST, "Andy H" <thewildrover@icloud.com> wrote: >>>
Again a secure configuration of the OS and the installed software is >>>>> key. Third party software increases the area of attack and cannot be >>>>> recommended.
Yup. Good advice.
That's a bold statement. That's assuming the developer is untrustworthy, >>>> or incompetent.
Incompetent definitely describes Norton.
There was a time when it actually bricked the OS.
I would not let it near my hardware.
SIC and +1
The only Norton product I might buy is this:
<https://shop.nortonmotorcycles.com/products/norton-v4sv>
But my wife says (quite rightly), don't be silly especially at your age ;)
On 04.06.2024 23:29, Andy H wrote:
For many of those, it doesn't matter what OS you're
using. But, it's mostly necessary to install the crap you don't need to
get any kind of protection against such threats.
That kind of software produces an *illusion of security*. They can
simply not deliver what you expect and what they claim. That is what Windows-users learn the hard way every day.
There are no virus-threats out there in the wild for your Mac. And
everything can be *much better* handled with the onboard features.
Why don't you trust Apple and your own capabilities?
On 2024-06-05, Jörg Lorenz <hugybear@gmx.net> wrote:
On 05.06.2024 08:56, Bernd Froehlich wrote:
On 4. Jun 2024 at 23:29:43 CEST, "Andy H" <thewildrover@icloud.com> wrote: >>>
Again a secure configuration of the OS and the installed software is >>>>> key. Third party software increases the area of attack and cannot be >>>>> recommended.
Yup. Good advice.
That's a bold statement. That's assuming the developer is untrustworthy, >>>> or incompetent.
Incompetent definitely describes Norton.
There was a time when it actually bricked the OS.
I would not let it near my hardware.
SIC and +1
The only Norton product I might buy is this:
<https://shop.nortonmotorcycles.com/products/norton-v4sv>
But my wife says (quite rightly), don't be silly especially at your age ;)
On 05/06/2024 10:58, Jaimie Vandenbergh wrote:
Long ago I ran Little Snitch for a few years, and never got a surprise
just a lot of boring to process false positives so I stopped. Apparently
my security practices are Good Enough.
Cheers - Jaimie
I get the occasional notification from Little Snitch that there has been
an attempt to access the network but other than that it just sits in the background.
On 05/06/2024 11:04, David Kennedy wrote:
On 05/06/2024 10:58, Jaimie Vandenbergh wrote:
Long ago I ran Little Snitch for a few years, and never got a surprise
just a lot of boring to process false positives so I stopped. Apparently >>> my security practices are Good Enough.
Cheers - Jaimie
I get the occasional notification from Little Snitch that there has
been an attempt to access the network but other than that it just sits
in the background.
Ok, so this has gone the way I suspect it would. Should have known
better really!
I wasn't really interested in the device security side as much, I
thought I'd tried to make that clear. I'm happy with all that, and with
what the Apple OSs do to protect their own systems.
I was more interested in the stuff that can be an issue externally. More about the reason why it could be a good idea to use some of the
solutions available.
For one, I want to minimise annoying ads, whether their malicious or
not. I'm actually happy to pay not to see them to be fair, but find them especially irritating when I am already spending money with a business,
and they still bombard me with them.
There's also the possibility of hidden scams, phishing, and other kinds
of privacy and data violations that have nothing to do with the platform being used.
I want my personal data to be concealed, for no other reason than I'm
that kind of person, I don't really want the whole world knowing my life.
Of course I have needs with the Internet, but it shouldn't be at the
expense of my private information if I don't want it to be.
So, I try out a few of these ad blockers, and such like, just so I can
feel like I have some kind of hold on my own information.
I don't even particularly want to do anything dodgy either (I don't even
have a dodgy FireStick, I have tried them, but found them, but I
actually prefer to pay for a reliable and high quality streaming
service). I had thought about using a commercial VPN service (such as
NordVPN perhaps), but that's probably
I certainly don't need, or want, any AV software, but there seems to be
a very murky divide between all these kind of things that are available.
It's not my devices I want to secure, its me and my personal information
that I want to secure!
Of course there are built in features, but they only seem to work if you stick with Apple software. So you have to look at other solutions if you
use other software.
FWIW, I gave up on Little Snitch many years ago, as it just kept causing kernel panics at the time.
It's more about preventing me accidentally missing something daft, and
being taken to a malicious place.
My home router is set to use Cloudflare DNS, so the rest of the network
gets some protection from that - i use the 1.1.1.3 server. If I need
less cover, I can manually use a different address on a device.
On 04/06/2024 22:29, Andy H wrote:
It's more about preventing me accidentally missing something daft, and
being taken to a malicious place.
You don't need any additional software to that which already comes with
a Mac to get 99% protection against this. You'd have to ignore warnings and/or be very unlucky.
The two things you do need to do are:
1) Turn on Safari -> Settings -> Security -> Security -> Warn when
visiting a fraudulent website
(And use Safari for browsing of course.)
Andy H <thewildrover@icloud.com> wrote:
OK, so I probably didn't really make it clear of my thoughts here. That
was kind of exactly the response I was expecting.
I'm not really that concerned about direct attacks on the MacOS/iOS
systems. I know that AV software is pretty much a waste of space on
those systems. I keep my devices up to date, and try to be aware of
anything that doesn't seem right.
It's more about preventing me accidentally missing something daft, and
being taken to a malicious place. I don't expect it would happen, but
it's possible. For many of those, it doesn't matter what OS you're
using. But, it's mostly necessary to install the crap you don't need to
get any kind of protection against such threats.
I think you can assume:
1. MacOS / iOS of itself is secure, to the best of Apple's ability. You need to install updates in a timely fashion, but no third party tool is going
to improve on Apple's security
2. The software you run may be insecure, and may have privacy issues. These can be mitigated by:
a) Treating software installation as a serious business. The less you install the less risk you are exposed to
b) Getting the software from a trustworthy source (eg the Mac App Store, a well known developer, etc). Go direct to the developer, don't download from third party download sites.
c) Pay attention to warnings like Gatekeeper / notarisation / etc
d) Being careful which permissions you grant to the software (don't let them have Contacts or Photos if they don't need them)
3. Tools that claim to improve your security are a double-edged sword.
Often they require a lot of privileged access to do their job, and so installing them can increase not reduce your attack surface (now you have to trust both Apple and the AV vendor not to have vulnerabilities). See also point 2.
4. Tools to improve your privacy are potentially less invasive. For example, encrypting files so that a malicious app that tries to access them only sees ciphertext. Others are more invasive but some of these tools are handy in terms of disrupting privacy-invasive behaviour - eg Little Snitch messes with your network connectivity in order to can block apps phoning home. Similarly adblockers can prevent websites tracking you.
From your response it seems like you are installing a lot of software to address perceived threats (this sounds a bit similar to Mr B of this
parish). I would step back and work out what your threats actually are, and look for the minimal setup that will do the job. The fewer tools you have the less exposed you are to problems with the tools.
I understand the worry about failing to bolt a door you didn't know you had, but perhaps a way to think about it is that Apple does a pretty good job of bolting doors in the default configuration, so really it's only likely to be a door you yourself opened.
Another way to do it is to separate the place with your private data and the place you're running some of your security tools. eg if you want to block ads using DNS, do that on your router or via something like a Pihole. That way the only thing the Pihole can do is mess with your network, it can't steal your contacts because they're on a completely different machine.
Theo
On 05/06/2024 05:26, Jörg Lorenz wrote:
On 04.06.2024 23:29, Andy H wrote:
For many of those, it doesn't matter what OS you're
using. But, it's mostly necessary to install the crap you don't need to
get any kind of protection against such threats.
That kind of software produces an *illusion of security*. They can
simply not deliver what you expect and what they claim. That is what
Windows-users learn the hard way every day.
There are no virus-threats out there in the wild for your Mac. And
everything can be *much better* handled with the onboard features.
Why don't you trust Apple and your own capabilities?
Because, as usual, everyone has read 'virus' into the phrase 'security
and privacy', and assumed I mean virus threats. I don't, and never did,
I KNOW there aren't any.
It's just not what I was talking about.
I knew it was a risk trying to discuss this sensibly, but the group
seems to only understand 'antivirus' when it comes to talking about
security and privacy.
I wasn't really interested in the device security side as much, I
thought I'd tried to make that clear. I'm happy with all that, and with
what the Apple OSs do to protect their own systems.
I was more interested in the stuff that can be an issue externally. More about the reason why it could be a good idea to use some of the
solutions available.
For one, I want to minimise annoying ads, whether their malicious or
not. I'm actually happy to pay not to see them to be fair, but find them especially irritating when I am already spending money with a business,
and they still bombard me with them.
There's also the possibility of hidden scams, phishing, and other kinds
of privacy and data violations that have nothing to do with the platform being used.
I want my personal data to be concealed, for no other reason than I'm
that kind of person, I don't really want the whole world knowing my life.
I don't even particularly want to do anything dodgy either (I don't even
have a dodgy FireStick, I have tried them, but found them, but I
actually prefer to pay for a reliable and high quality streaming
service). I had thought about using a commercial VPN service (such as
NordVPN perhaps), but that's probably
I wasn't really interested in the device security side as much, I
thought I'd tried to make that clear. I'm happy with all that, and with
what the Apple OSs do to protect their own systems.
I was more interested in the stuff that can be an issue externally. More about the reason why it could be a good idea to use some of the
solutions available.
For one, I want to minimise annoying ads, whether their malicious or
not. I'm actually happy to pay not to see them to be fair, but find them especially irritating when I am already spending money with a business,
and they still bombard me with them.
Andy H <thewildrover@icloud.com> wrote:
I want my personal data to be concealed, for no other reason than I'm
that kind of person, I don't really want the whole world knowing my life.
Firstly, there's no "knowing about your life". Your data is simply one set
of patterns amongst billions that are collected by hundreds of orgs online. It someone is genuinely interested in online stalking you specifically
that's very different.
Secondly, the only real way to not have that data collected is to not be online. Unfortunately.
Having said that, there are relatively easy things to do to reduce "personalisation" of your online experience. Always deny all cookies -
there are plugins, set up a pi-hole to remove ads, never stay logged into sites google/linkedin/facebook/etc. - use a private session when you do use them - turn off all personalisation capabilities on any device or account (particularly google) - ignore the warnings of reduced experience and
delete browser caches regularly.
You can use a VPN or a privacy preserving DNS or go as far as joining Tor.
How religiously you follow all that is up to you.
On 5 Jun 2024 at 18:10:33 BST, "Andy H" <thewildrover@icloud.com> wrote:
I wasn't really interested in the device security side as much, I
thought I'd tried to make that clear. I'm happy with all that, and with
what the Apple OSs do to protect their own systems.
Yep.
I was more interested in the stuff that can be an issue externally. More
about the reason why it could be a good idea to use some of the
solutions available.
For one, I want to minimise annoying ads, whether their malicious or
not. I'm actually happy to pay not to see them to be fair, but find them
especially irritating when I am already spending money with a business,
and they still bombard me with them.
For this I use 1blocker on Safari, uBlock Origin on Firefox (my primary browser), Ghostery, and AdGuard's DNS.
On 05/06/2024 18:10, Andy H wrote:
For one, I want to minimise annoying ads, whether their malicious or
not. I'm actually happy to pay not to see them to be fair, but find
them especially irritating when I am already spending money with a
business, and they still bombard me with them.
Set up a pi-hole. If you have a home network then a pi-hole is great. If
you just have the Mac then you can run it in the background on the Mac.
<https://pi-hole.net>
There's also the possibility of hidden scams, phishing, and other
kinds of privacy and data violations that have nothing to do with the
platform being used.
Pi-hole again, but also see my other response.
I want my personal data to be concealed, for no other reason than I'm
that kind of person, I don't really want the whole world knowing my life.
I have an AppleScript script that erases all Safari cookies and cached
data except those sites you whitelist. Not sure it adds a great deal
these days but it deters the basic tracking attempts by websites.
Can post it if you want to try?
Of course I have needs with the Internet, but it shouldn't be at the
expense of my private information if I don't want it to be.
"needs" oo-err missus!
Theo <theom+news@chiark.greenend.org.uk> wrote:
1. A good adblocker. The ones that run in-browser are more powerful than
DNS-based ones like Pi-hole, although the latter can apply to a whole
network. I'd recommend U-block Origin for a browser adblocker on MacOS, and >> on iOS (where you can't run browser addons) the Brave browser has a built in >> adblocker.
The additional benefit of Brave is that it also suppresses ads on YouTube (desktop or mobile).
2. A password manager has some degree of anti-phishing protection, because >> it can see the site you're logging into. It can tell you're logging into
globalbank.phishingsite.com not globalbank.com and won't present
globalbank.com's login credentials. The Apple built-in one is fine if you >> only use Apple stuff, otherwise there are other options. I'd tend to avoid >> anything that stores your credentials in the cloud, as that can be hacked
(hello LastPass)
3. Turn off 'load remote content' in emails, so you're not phoning home to >> spammers that you read their emails. Avoid clicking on links in emails as >> they often have tracking attached (eg if an online store has an offer, find >> the offer through a web search or their front page instead of clicking the >> link).
I don't even particularly want to do anything dodgy either (I don't even >>> have a dodgy FireStick, I have tried them, but found them, but I
actually prefer to pay for a reliable and high quality streaming
service). I had thought about using a commercial VPN service (such as
NordVPN perhaps), but that's probably
VPNs are largely useless unless you want to watch TV from another country. >> They are mostly marketing about a threat that isn't relevant for perhaps 90% >> of their users. They have their uses when used to solve particular privacy >> problems but most people aren't using them that way.
If you various Internet-connected widgets like FireSticks around the home, >> consider putting them on a separate wifi network that's firewalled away from >> your important stuff. Then any dodginess in the widgets doesn't mean the
machines with important data on are exposed.
For one, since I've started trying NextDNS, is how much battery the
on-device apps were eating. It's quite significant and noticeable,
especially when opening a device after a sleep period. 1Blocker and
Adguard were similar, Wipr doesn't seem to have much impact though.
The additional benefit of Brave is that it also suppresses ads on YouTube (desktop or mobile).
On 07/06/2024 16:11, Mark wrote:
Theo <theom+news@chiark.greenend.org.uk> wrote:
1. A good adblocker. The ones that run in-browser are more powerful than >>> DNS-based ones like Pi-hole, although the latter can apply to a whole
network. I'd recommend U-block Origin for a browser adblocker on MacOS, and
on iOS (where you can't run browser addons) the Brave browser has a built in
adblocker.
Hmm, interesting. I have tried most of the browsers, but always keep
going back to Safari.
I use the DNS based ad, tracker and malware blocking service from
my VPN service, Private Internet Access. Apart from that I rely on
Safari's built in blocker -- I run no extensions at all in Safari.
I see practically -NO- ads at all.
I lose very little website functionality; what little is lost is easily regained by temporarily defeating the VPN's blocker. The exceptions
are login pages for e.g.: the NHS; the Times newspaper; banking; etc.
or location-sensitive sites like BBC iPlayer that won't function with
VPNs at all.
On 07.06.2024 23:45, Andy H wrote:
On 07/06/2024 16:11, Mark wrote:
Theo <theom+news@chiark.greenend.org.uk> wrote:
1. A good adblocker. The ones that run in-browser are more powerful than >>>> DNS-based ones like Pi-hole, although the latter can apply to a whole
network. I'd recommend U-block Origin for a browser adblocker on MacOS, and
on iOS (where you can't run browser addons) the Brave browser has a built in
adblocker.
Hmm, interesting. I have tried most of the browsers, but always keep
going back to Safari.
Add DuckDuckGo Privacy Dashboard and DuckDuckGo Privacy Protection as extensions to Safari and you will have a safe and adfree experience.
Cheers, Jörg
P.S.: I also recommend the extension Hush. Block annoying cookie and
tracking consent notices while keeping your privacy.
Mark <captain.black@gmail.com> wrote:
The additional benefit of Brave is that it also suppresses ads on YouTube
(desktop or mobile).
The DDG browser has its own YT player which also suppresses ads.
<https://duckduckgo.com/duckduckgo-help-pages/duck-player/>
Jörg Lorenz <hugybear@gmx.net> wrote:
On 07.06.2024 18:25, Sn!pe wrote:
I use the DNS based ad, tracker and malware blocking service from
my VPN service, Private Internet Access. Apart from that I rely on
Safari's built in blocker -- I run no extensions at all in Safari.
I see practically -NO- ads at all.
I lose very little website functionality; what little is lost is easily
regained by temporarily defeating the VPN's blocker. The exceptions
are login pages for e.g.: the NHS; the Times newspaper; banking; etc.
or location-sensitive sites like BBC iPlayer that won't function with
VPNs at all.
Total contradiction! The most important and most used things do not work
but "you lose very little website functionality"?
What I'm saying is that without the need for browser extensions, using
only macOS native Safari and retaining all the macOS integration that
that browser provides -> I don't see ads. <-
I aver that for those very few location-sensitive websites that demand a naked connection, the protection that the VPN provides is easily and conveniently temporarily defeated for the purpose of passing those
sites' gatekeepers.
Also, I believe that the PIA VPN defeats most trackers and malware sites
but I can't provide concrete evidence of that.
Is that plain enough for you, Jörg? I'm sorry if you didn't understand
my previous statement; I'll try to be clearer next time.
Andy H <thewildrover@icloud.com> wrote:
On 08/06/2024 16:36, Jörg Lorenz wrote:
P.S.: I also recommend the extension Hush. Block annoying cookie and
tracking consent notices while keeping your privacy.
Again, Wipr has sorted that too. Although I have used Hush, and yes, it
does work quite well.
I have hush and honestly I still get loads of pop-ups, cookies and the
rest. What is it supposed to do?
Jörg Lorenz <hugybear@gmx.net> wrote:
On 09.06.2024 07:15, Chris wrote:
Andy H <thewildrover@icloud.com> wrote:
On 08/06/2024 16:36, Jörg Lorenz wrote:
P.S.: I also recommend the extension Hush. Block annoying cookie and >>>>> tracking consent notices while keeping your privacy.
Again, Wipr has sorted that too. Although I have used Hush, and yes, it >>>> does work quite well.
I have hush and honestly I still get loads of pop-ups, cookies and the
rest. What is it supposed to do?
Suppress consent notices. Clearly stated at the top under P.S.
And yet it doesn't.
Jörg Lorenz <hugybear@gmx.net> wrote:
Am 11.06.24 um 00:17 schrieb Chris:
Jörg Lorenz <hugybear@gmx.net> wrote:
On 09.06.2024 07:15, Chris wrote:
Andy H <thewildrover@icloud.com> wrote:
On 08/06/2024 16:36, Jörg Lorenz wrote:
P.S.: I also recommend the extension Hush. Block annoying cookie and >>>>>>> tracking consent notices while keeping your privacy.
Again, Wipr has sorted that too. Although I have used Hush, and yes, it >>>>>> does work quite well.
I have hush and honestly I still get loads of pop-ups, cookies and the >>>>> rest. What is it supposed to do?
Suppress consent notices. Clearly stated at the top under P.S.
And yet it doesn't.
Certainly it does.
Not here.
Chris <ithinkiam@gmail.com> wrote:
Jörg Lorenz <hugybear@gmx.net> wrote:
Am 11.06.24 um 00:17 schrieb Chris:
Jörg Lorenz <hugybear@gmx.net> wrote:
On 09.06.2024 07:15, Chris wrote:
Andy H <thewildrover@icloud.com> wrote:
On 08/06/2024 16:36, Jörg Lorenz wrote:
P.S.: I also recommend the extension Hush. Block annoying cookie and >>>>>>>> tracking consent notices while keeping your privacy.
Again, Wipr has sorted that too. Although I have used Hush, and yes, it >>>>>>> does work quite well.
I have hush and honestly I still get loads of pop-ups, cookies and the >>>>>> rest. What is it supposed to do?
Suppress consent notices. Clearly stated at the top under P.S.
And yet it doesn't.
Certainly it does.
Not here.
Enter a pantomime horse, stage left ;-)
Alan B <alanrichardbarker@gmail.com.invalid> wrote:
Chris <ithinkiam@gmail.com> wrote:
Jörg Lorenz <hugybear@gmx.net> wrote:
Am 11.06.24 um 00:17 schrieb Chris:
Jörg Lorenz <hugybear@gmx.net> wrote:
On 09.06.2024 07:15, Chris wrote:
Andy H <thewildrover@icloud.com> wrote:
On 08/06/2024 16:36, Jörg Lorenz wrote:
P.S.: I also recommend the extension Hush. Block annoying cookie and >>>>>>>>> tracking consent notices while keeping your privacy.
Again, Wipr has sorted that too. Although I have used Hush, and yes, it
does work quite well.
I have hush and honestly I still get loads of pop-ups, cookies and the >>>>>>> rest. What is it supposed to do?
Suppress consent notices. Clearly stated at the top under P.S.
And yet it doesn't.
Certainly it does.
Not here.
Enter a pantomime horse, stage left ;-)
Oh no it doesn't! :)
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (0 / 16) |
| Uptime: | 162:00:22 |
| Calls: | 10,385 |
| Calls today: | 2 |
| Files: | 14,057 |
| Messages: | 6,416,500 |