Sagacious Himself — brevity in circumlocution: never blague — suffering genius

June 20, 2020

pluto.tv

Filed under: circumvention,privacy — Sagacious Himself @ 5:43 pm

DNS filter
manual

sp.pluto.tv
t.pluto.tv
k.pluto.tv

platforms other than firetv

s.pluto.tv

 

included

nqa.nice264.com
ssl.google-analytics.com
app-measurement.com
t.appsflyer.com
insight.adsrvr.org
api.segment.io

white

nopes

white for firetv

unagi-na.amazon.com

black amazon

avs-alexa-18-na.amazon.com — because when not voice searching there is still frequent traffic
api.amazonalexa.com — ibid
mas.dsk.amazon.com
*.amazon-adsystem.com
mads.amazon.com
firefox on amazontv – because apparently firefox likes to run always
firefox.settings.services.mozlla.com
*.telemetry.mozilla.org

 

For my DNS filtering needs I use NextDNS and pfBlockerNG

 

Unfortunately the nice people who maintain Tasker no longer like money all that much as they require gapps to purchase.

Zero android device I use has gapps.

 

https://subdomainfinder.c99.nl/scans/2020-06-17/pluto.tv

https://pluto.tv/live-tv/the-first

pluto.tv the first live trump 2020 06 20 rally for freedom

 

 

 

May 14, 2020

is firefox “protecting” you from enabling master password? restore expected firefox 76 master profile functionality without creepy local OS authentication

Filed under: all these,DARPA,Geeky goodness,privacy,privacy rape — Sagacious Himself @ 1:12 pm
Tags:

Do NOT use any profile of firefox without using ghack’s privacy-enabling user.js profile file. Despite mozilla org lamentations on the state of privacy while boasting their respect of your privacy it is soooper evident they don’t.

https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview

 


 

For this you’ll need to know how to use Firefox Profile Manager.  You can (and should) partition browsing better than containers with multiple profiles.  Edit your firefox link with these additional switches   (linux, windows, macos)

–no-remote -P

The first switch is a double dash. It allows multiple instances to run each with a profile.  The second switch is a BIG P. You don’t want a small p. It opens the interactive profile picker.

To open the profile directory without knowing where it is open the Firefox Help menu, Troubleshooting information, click 2nd Open Folder.  Alternately browse to about:support

Two options: clear or dirty.  It’s likely most people will want dirty.

Option 1, clean

  1. create a new profile
  2. backup your primary profile fileset: right click, create new 7z archive. Backup.
  3. launch new profile, exit
  4. delete all the new profile files
  5. downgrade to firefox v74
  6. create a copy of these 4 files:
    1. cert9.db
    2. key4.db
    3. pkcs11.txt
    4. logins.json
  7. copy them into empty new profile directory
  8. copy ghack’s user.js into profile directory
  9. launch profile
  10. enable Master password
  11. delete first copy of 4 files
  12. backup new 4 files for easier reuse new profiles
  13. upgrade firefox
  14. launch new profile
  15. import bookmarks from prior profile
  16. add back essential adblock extensions, and minimize extension bloat

Option 2, dirty

Edit your firefox link with these additional switches   (linux, windows, macos)

–no-remote -P –allow-downgrade

  1. backup your primary profile fileset: right click, and create new 7z archive
    1. store 7z file outside/above a mozilla directory
    2. backup
  2. downgrade to firefox v74
  3. launch profile
  4. enable master password, set password
  5. exit profile
  6. upgrade firefox
  7. copy ghack’s user.js into profile directory
  8. launch new profile

 

Profile manager necessity

Not for dirty option strictly.  Embrace your new power

Firefox STILL uses absolute file paths for a number of features.  Copying those files between directories (profiles) is no end of fun to correct.

older versions of firefox

for newer MacOS you want this one
for 64bit windows you want this one
for x64 linuxes self sufficiency is assumed
these are locality en-US.  Change directory yourself to suit

DoH firefox

Now configure DNS over HTTPS in firefox for poweruser adblocking, reducing page loading time, increasing prviacy.  Use both DNS filtering and browser level extension (uBlock Origin, Privacy Possum, Temporary Containers, Multi-Account Containers, Decentral Eyes)

  • Settings
  • General
  • (at bottom)
  • Network settings
  • [check] Enable DNS over HTTPs
  • [check] custom
  • paste server address
  • Compete their steps 6 & 7 on my.nextdns.io/setup

 

DoH quick configure

 

Currently the default of NextDNS is not-ablocking.  After creating your free account – which is free in the Traditional Sense of the word free – then

  • open their tab security: [check] block parked domains, [check] block newly registered
  • open their tab privacy: click add block list: choose ‘nextdns recommended’, choose ‘dbl.oisd.nl’.  If windows also choose ‘WindowsSpyBlocker’, and enable ‘Native Tracking Protection’.  If MacOS add ‘Native Tracking Protection’.
  • [check] enable disguised tracking protection.  it’s a step closer to ASN level adblocking.
  • open their settings page: [UNcheck] block page
  • [check] enable logs until you are happy with your blacklist, whitelist, and spoof rules, or if you want to keep pretty graphs

 

future of adblocking

must return to hybridized DNS, privoxy, deeper internets functions like ASN blocking.  The great firefox nightly security features need not bloat the interweb browser.  They need to live in an external proxy.  All hail privoxy.

 

 

webmail adblock

If  you are whoring your privacy for “free” webmail also install Webmail Ad Blocker (maintained by a magical thinking radical progressive with an ironic affection for being paid for his work).  It is a great mix of userscript and css.  I have not raked through its source recently so your privacy value mileage might vary.

 

remove sham extensions

If you are using Ad”block” Plus by deceitful, untrustworthy Wladimir Palant immediately uninstall that sellout’s garbage then install uBlock Origin.  Ad”Block” Plus by default enables a global whitelist to unblock ads.  This is the opposite purpose of adblocking.  His description of the functionality is deceitful.  He is untrustworthy for having it default always to ON.  He collects money from advertisers for placement on his whitelist.  That’s super scummy.

 

ram whore

I leave session manager enabled.  When firefox resource use rises to unacceptable levels I end-task, relaunch profile, and restore some/all session.  This is inane, but essential.  38% cpu and 2.4gigs ram?  No.  Force end. Relaunch. Yay.

 


DNS over HTTPS and adblocking extensions are unrelated to the crux of this article but helpful to privacy which is hand in glove with security.

 

April 26, 2013

making plus.google.com suck less for a friend

disclaimer:  I use ZERO google properties.  I don’t patronize the privacy rape as profit business model hence tolerating some ad block false positives.  Used from friends’ laptop & connection.  When I enable courtesy guest wifi it blocks google properties too.

blocking

||apis.google.com/_/apps-static/_/js/gapi/plusone/
||apis.google.com/js/plusone.js
||plusone.google.com^
||plus.google.com^

subscription blocking

||pagead2.googlesyndication.com^
disabled: @@||adwords.google.com^
@@||maps.google.com/staticmap?*=300×250

 

whitelist

@@|https://plus.google.com/_/scs/$domain=plus.google.com,~subdocument

 

 

January 1, 2013

voip sms: gouging carriers begin haemorrhaging

Anveo.com :  SMS to SIP, SIP to SMS (using SIP SIMPLE (MESSAGE)), SMS to email, sms to http [get], SMS web ui

Vitelity.com : SMS to SIP, SIP to SMS (using SIP SIMPLE (MESSAGE)), SMS to email, SMS web ui

voip.MS : SMS to email, SMS web ui

sms to xmpp, xmpp to sms — using ‘randomized’ resources

.

there are several VSPs with functional beta systems who wish to remain nameless

Himself being Sagacious

 

October 2, 2012

google now apple siri compete to create NSA wet dream live

Filed under: All Your Base,DARPA,Marxism,privacy — Sagacious Himself @ 9:23 am
Tags: , , , ,

siri or google now : “they” are using “your” phone to always listen.  The ultimate marketing pitch illuminates social indifference to privacy rape as profit.  Sheeple volunteer for voxel ovens

sure “for convenience” like google voice does — ahem as google claims it has never done despite call leg bridging

NSA deep pockets with it’s hands deep in google’s unmentionables

oh, KBG, you were born too soon

I await delightful Peoples Cube posters

all praise chairman obama or else death squad by executive order.  I will be publishing circumventing facial recognition with simple contrast elements

March 13, 2012

android xmpp GibberBot 0.8.0 now multi-account and OTR

Filed under: bookmarkified,DARPA,Geeky goodness,privacy — Sagacious Himself @ 11:46 am
Tags: , ,

hooray! Beem and GibberBot have been OTR capable for a while, Xabber has been multi-account but not OTR capable, but now GibberBot seems to be more capable than Beem and Xabber combined!

grab 0.8.0 alpha apk: https://github.com/guardianproject/Gibberbot
project site: https://guardianproject.info/apps/gibber/
tracker/apk files now at gp: https://dev.guardianproject.info/projects/gibberbot/files

.

Expect more great advances from the PRIVACY-centric Guardian Project soon!  It’s been over a year since Xabber claimed to [plan to] re-release as Open Source.  Both Beem and GibberBot are Open Source.

January 20, 2012

WOES, JOES, JOSE. ole? JWA, JWK, JWS, JWT .. JeWST [p: juiced] KAWJd [p: caged]

Filed under: bookmarkified,DARPA,privacy,security — Sagacious Himself @ 7:12 am

JOSE gets to work with many woes not far behind

http://datatracker.ietf.org/wg/jose/

OTR for now though.  On android that is a small list: Gibberbot and Beem.

[ Himself.wordpress.com ]

November 22, 2011

PDroid, adds awesome spoofing POWER to android privacy permissions management

edit 2014:  still good XPrivacy Pro [license supports crowdsourced knowledge], but also evolving quickly from the developer of PDroid 2.0 (not svyat) is DonkeyGuard (CollegeDev | github).  DO absolutely combine  AFwall+ firewall  [in whitelist mode] with LightningWall, and UnbelovedHosts, AND BootManager.  To that end do also donate to defim for the combo license: DefimDonator  [$14 is well worth it] — important: make a note of the name in which you want the license issued. LightningWall does not appear to have a whitelist mode starting from everything blocked, but can function independent of your iptables manager (AFwall+).

 

DonkeyGuard android privacy enforcement logo

(DonkeyGuard requires CydiaFramework… seems to be abandoning XposedFramework in favor, but uses both now)

DonkeyGuard defaults to ultimate privacy

DonkeyGuard has a better UI style than XPrivacy Pro

DonkeyGuard better interface design than XPrivacy sterile checkbox columns

vs XPrivacy Pro

 XPrivacy Pro app UI

XPrivacy Pro summary UI

 

edit 2013:  better is XPrivacy extension of XPosed framework for android.  zero malware market access needed; download only via XDA forums or soon *hub for free OpenSource possibly F-droid.org “You can use an XPrivacy Pro license for all the devices you personally own.”

http://forum.xda-developers.com/showthread.php?t=2320783

XPrivacy FAQ#50 also recommends Xmpp Texting [Xabber]

.

original post:

http://forum.xda-developers.com/showthread.php?t=1357056

picks up where LBE Privacy Guard leaves off… they play well together.  However PDroid claims no need of background service.. still requires root. It requires root to boot into CWM to apply the patch, but does not require root to run the management app.

.

PDroid allows blocking access for any installed application to the following data separately:

  • Device ID (IMEI/MEID/ESN)
  • Subscriber ID (IMSI)
  • SIM serial (ICCID)
  • Phone and mailbox number
  • Incoming call number
  • Outgoing call number
  • GPS location
  • Network location
  • List of accounts (including your google e-mail address)
  • Account auth tokens
  • Contacts
  • Call logs
  • Calendar
  • SMS
  • MMS
  • Browser bookmarks and history
  • System logs
  • SIM info (operator, country)
  • Network info (operator, country)

For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.

.

easy access to APKs from memorable url: http://tinyurl.com/PrivacyDroid

PDroid 2.3.4 source; patches build, frameworks and libcore

cites interesting article on blockery leakiness.

[ Himself.wordpress.com ]

November 10, 2011

yahoo privacy policy: viewing equals consent? adblocking only opt out option?

Filed under: AdNoyances,open source,privacy — Sagacious Himself @ 9:34 pm

I see… or rather opt not to see via adblocking [AdAway]

Yahoo! does not provide any personal information to the advertiser when you interact with or view a targeted ad. However, by interacting with or viewing an ad you are consenting to the possibility that the advertiser will make the assumption that you meet the targeting criteria used to display the ad.

http://info.yahoo.com/privacy/nz/yahoo/details.html

.

coming soon to a blog I own near you soon:

comparison matrix of yahoo privacy policies by int’l domain/region

.

[ Himself.wordpress.com | SagaciousHimself.stumbleupon.com ]

October 27, 2011

new English version of LBE Privacy Guard available Halloween? Renamed to LBE Security Master

Filed under: AdNoyances,android,circumvention,Justice,privacy — Sagacious Himself @ 1:49 pm
Tags: , , ,

edit 2014:  better alternatives to LBE

edit: a MUCH better, more elegant solution is the PDroid patch

http://forum.xda-developers.com/showthread.php?t=1357056

Ask your ROM builder to bake-in PDroid.  There are PDroid aditions and versions for ICS.  It will likely be ported to EVERY subsequent versison of android.  MY hardware, MY data: MY terms.

English LBE Security Master lite from LBE now available

————————————

I have been using the new LBE Security Master in Chinese.  With the exception of a few features all the functionality can be intuited based on prior app experience.

[insert: LBE PG backgrounder]

New to this version is a name change.  This better than fantastic app has been dubbed LBE Security Master.  The Guard icon is a dial whereas the Master icon is a shield.  Go figure.

While denial of permissions is an option I much prefer playing integrity challenged applications at their own game: data poisoning.

I had been working on a screen shot based tutorial but it seems that will be of little value for the Chinese-only upgrade as the English version of LBE Security Master (version 2.1.x) will be available Halloween or possibly All Souls Day.  Chinese APK.

I am hoping in addition to unique id spoofing [UDID] LBE Privacy Guard data services will also be able to spoof MAC addresses and spoof non-radio IMEI/MEID.

New must-have features include:

  • new permissions visualization,
  • bandwidth monitoring per app (a starred feature req of DroidWall)
  • battery preservation,
  • communication filtering [some twits label this sms firewall]
  • fractional functionality for non-root users

Missing is finer grained control of permissions.   Some permissions such as send SMS, receive SMS are grouped into one tickbox.  GPS location and network location are deemed one permission.   ‘Get TASKS’, a permission abused by google maps, seems to be MIA as well.

The new Chinese version of LBE Privacy Guard is fully functional under Cyanogenmod 7: good news for users of non-stable releases of CM7 who are unable to use the current English version. While garbage collection frequency has been a blight for some using cm4dx the dev cm4dx-gb has almost entirely addressed the problem; LBE Security Master can increase garbage collection frequency at user request.

Keep an eye on the LBE Security Master change log and LBE dev blog for more speculation fodder.  Though big fans of QQ they are not big on XMPP.

.

[ Himself.wordpress.com | SagaciousHimself.stumbleupon.com ]

Blog at WordPress.com.