mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.

Administered by:

Server stats:

1
active users

#torbrowser

0 posts0 participants0 posts today

🚨 Tor Browser opsec discovery: The security level slider cannot be relied upon without a full browser restart: privacyguides.org/articles/202

If you frequently switch between security levels in Tor Browser (or Mullvad Browser!), make sure you are fully restarting the browser every time, otherwise you could still unexpectedly have dangerous JS features enabled!

This requirement is not publicly documented anywhere. Hopefully @torproject will add a prompt to restart after modifying this setting in a future Tor Browser release.

www.privacyguides.org · A Flaw With the Security Level Slider in Tor Browser
More from Jonah Aragon
Replied in thread

@gael @rafa_font @murena @e_mydata
Oh dear.

We just had a squiz at @protonmail's blog, over Tor of course, to see if he had posted it there.

protonmailrmez3lotccipshtkleeg

Alas even ProtonMail's Tor onion site contains Cloud(G)lare trackers, in the form of images. As one scrolls down the page, #TorBrowser, with ***the highest safety settings***, fetches images from 'res.cloudinary.com' — another cloud(G)lare controlled entity.

Yikes.

Not a good look for a #privacy-espousing entity, right?

What is a good site, with a short URL where a layperson can go from no understanding of #Google's nasty #WebIntegrity proposal to full or functional understanding of how it threatens the #openWeb and which suggests Firefox-based browsers but **not** Firefox, eg. #Librewolf, IceCat, #TorBrowser, Pale Moon etc?

We will boost good responses, but not CloudFlare, Amazon or other #CAGEMAFIA websites.

This is a legit challenge.

Replied in thread

@fribbledom
UBlock is okay, but even better is #TorBrowser.

Just teach people to reduce trashy browser usage and use the Tor #Privacy Browser. If a site doesn't work in Tor it is trashy and not worth their time (incl. #banking sites).

Call or visit a branch and contact to your local Parliament Member if your bank doesn't fix it (while switching #banks).

We should not need to install a #proprietaryBrowser or give a bank our physical #location to do banking.

Continued thread

Brand *NEW* tutorial: 😀

Start to finish (with many screenshots!)
:tor: 🔐 :tor:
How to install #privacy-redirect browser extension in Tor Browser AND then make it the most #anonymous setup possible:

How? continuously changing randomized Hidden Service ONLY front ends, for every automated redirect.

We install the working lists of onions I created.

I included many screenshots. Appreciate any shares. :)

#Anonymity #Privacy #TorBrowser #Tutorial #HiddenService #OSINT

buymeacoffee.com/politictech/t

Buy Me a CoffeeTor Browser + 'privacy-redirect' Customized - Most Private — (RTP) Privacy Tech TipsOne benefit of finally installing (a more standard) Linux to my hard drive is a much less restrictive environment (as much as I love it, tak...

If you know my article about the SI-Onion-Service which basically allows to visit all my HTTP-based services via tor, you might wonder how to verify that it actually works, as it's a transparent connection upgrade?

I asked myself today as well and it turned out to become an interesting article.

shivering-isles.com/til/2020/0

shivering-isles.comFirefox: Check alt-svc usageToday I learned how to verify if Firefox, or in my case the Tor Browser, is using an advised alt-svc properly. The alt-svc-HTTP-header is used to provide an “alternative service”-address and to transparently upgrade connections to use those. In order to do that you open the about:networking#logging1 page in Firefox and click on “Start logging” before you open the page for the first time. Then search for AltSvcTransaction2 in order to see if Firefox detected the alt-svc-Header properly and for ROUTE-via entries where Firefox actually uses the “alternative service” to connect your page. Additionally, if you are too late and already opened the page, you can still check for AltSvcCache entries, which should provide you with insight about whether or not an alt-svc connection already exists and is used. Note the #logging at the end, if you open about:networking without it, switch to the logging tab. ↩ You can also check for AltSvcMapping which should provide you with the same information ↩