Configured Dns over TLS ..... Is this good for privacy?

[DuckHook]

Can you recommend me a Youtube channel subscribing to which I will get to know the latest security news ?

I don't find Youtube useful for security learning/news. The security landscape changes too fast and developments pop in and out of existence too quickly for such a production-intensive medium. It's great for cooking/repair/do‑it‑yourself type stuff, but is poor for in‑depth analysis or proper referencing. I use RSS/Atom feeds for security news. There are tons which a simple web search can find. I subscribe to the following, but you can easily find others including local feeds that may be more relevant to you:

1. https://krebsonsecurity.com/feed/
2. https://www.privacyinternational.org/rss.xml
3. https://www.theregister.com/security/headlines.atom
4. https://nakedsecurity.sophos.com/feed/

Do note that they can be overwhelming. I used to subscribe to more, but found a daily diet of such bad news both depressing and exhausting. It's best to cut back to only a few of the most valuable. I find a good combo to be just one breaking news feed, the rest more analysis/magazine type. Your mileage will vary depending on your personality and appetite for such stuff.

[TheFu]

I have personally conducted a similar experiment in a lesser and unsystematic way. If you install NoScript on FF and turn off absolutely all scripting, the Internet essentially becomes unusable. There are no sites these days that are scriptless.

I've had a different experience. Most sites will display the data I want without any scripting enabled. For example, ubuntuforums includes googletagmanager.com, but works fine without allowing any javascript or connection from that site. In fact:

Code:

$ ping googletagmanager.com
PING googletagmanager.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.056 ms

my current system can't even resolve that name. I block many domains at the network layer, not just through DNS. The web works fine for the most part - even casual google use still works. I use a site called "xyz123". They are all about tracking and have 13 tracking includes there. All of those are prevented from running. I need to allow only the xyz123 and xyz123cdn for the site to work. Those 13 other trackers - meh. The same happens over and over and over. Allow only the parts that actually need javascript to display content you want. Not anything else.

After a few sites, you'll learn which not to allow and to ban some.
Another trick is to use the old mobile website version which didn't support javascript at all. All the content, fast. None of the extra junk.

How much tracking are we willing to have? Everyone has a different answer. But we certainly don't need to blindly allow everything. It is always a negotiation. Always.

[TheFu]

Can you recommend me a Youtube channel subscribing to which I will get to know the latest security news ?

Security stuff requires constant reading. Daily. For current things, I have some RSS feeds and I'm a member of 3 local defcon groups. They use email lists to communication and invite-only discord. I find discord to centralized, so I'm email and IRC only. They each have monthly meetings.

I use youtube for deeper security stuff, not news summaries.

Going to at least 1 security conference will open your eyes. Some of the conferences are very expensive, but some are either free or less than $50 for 3+ days. Before you go to a security conference, a few tips:

• backup any computing devices. Expect to be hacked while there and expect multiple viruses to be placed onto your system.
• Leave your smart phone at home. Bring a $10 cell phone if you must have one at all. Sometimes people will run a stingray cell simulator and test out pushing firmware updates to any devices that connect. You've been warned.
• Disable all wifi and bluetooth on any computers. Your laptop needs to be truly stand-alone. No networking at all.
• Don't leave any device unattended. Even walking 4m to buy a coffee is enough time for someone to insert a USB drive that automatically sets up a remote access back door.
• DO learn to pick locks. Lock picking is almost always part of this. Ask for help. Have fun.
• DO take part in the CTF competition. CTF - Capture the Flag. There are variations on this like KotH - King of the Hill where you hack a web server, then have to prevent other teams from kicking you out. There are practice servers/competitions setup around the world. You can also learn by running a few virtual machines in your home security lab. Probably don't want to allow those easily cracked OSes onto your normal LAN. Air-gapped. Please.

Have fun. Even if you just spend a Saturday at one of the free conferences, these are fun people. Know the rules and you'll be fine. Most of all, you'll get into the group and learn a bit. You'll never look at your computer, router, smart phone, tablet, the same again. You might not look at mass transit, street cameras, and "smart cities" the same either.

Oh ... and for privacy related topics, point your RSS reader at: http://www.pogowasright.org/?feed=rss2
DuckHook's links are good. I'd add https://www.schneier.com/feed/atom too. Bruce has an in-explainable love of squid, which gets shown off on Fridays. Current story today:

Four Microsoft Exchange Zero-Days Exploited by China
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China.

This is not the day when this news broke. Bruce usually waits until the facts are in so we don't have to follow the hype.

[linuxyogi]

@DuckHook/TheFu
I have bookmarked all the links. The first thing that I do every morning is I check my email. From now I will read all those pages too. Thanks.

[DuckHook]

I've had a different experience. Most sites will display the data I want without any scripting enabled. For example, ubuntuforums includes googletagmanager.com, but works fine without allowing any javascript or connection from that site.

Yes, you're right. I was indulging in a fair bit of exaggeration. I also routinely visit most sites with NoScript in full kill mode—especially new sites that I'm not sure about. After all, that's the whole point in using it. If a site won't load at all without scripting (there are a lot of those), then I make a determination whether it is worth the visit. More often than not, I decide it's not important enough for me to risk turning on scripting and I forego the visit.

NoScript has the additional advantage of bypassing some paywalls. Many primitive paywalls are just JS overlays. By turning off scripting, the overlay stays dormant.

Unfortunately, practically every banking site and government site I've visited in the last two years will not work without scripting. My accountant's site requires it. Webmail sites require it. Even recently retrieving a dental chart required it. It's really sad these days that web designers will code JS into the guts of their webpages when it is totally unnecessary.

…for privacy related topics, point your RSS reader at: http://www.pogowasright.org/?feed=rss2
…I'd add https://www.schneier.com/feed/atom too…

Thanks for these. I've added them to my feed.

@DuckHook/TheFu
I have bookmarked all the links. The first thing that I do every morning is I check my email. From now I will read all those pages too. Thanks.

Well, that's a lot of reading. You'll be a security guru in no time. BTW, as is clear from the foregoing, the whole security/privacy/profiling thing occupies a vast continuum with typical users on one end, guys like TheFu on the other end, and someone like me in the middle. You will have a decision to make: where do you want to fit on that continuum? In a way, it's been the whole thrust of this thread.

Good Luck!

[TheFu]

@DuckHook/TheFu
I have bookmarked all the links. The first thing that I do every morning is I check my email. From now I will read all those pages too. Thanks.

I don't read every article. By using a feed reader, I see the title and summary for each article and can decide whether it matters or not. I couldn't imagine trying to do that with a browser. Get a good RSS/Atom feed reader, so you can skim through everything fast. https://linuxrig.com/2021/02/09/why-i-still-use-rss/ Pick just a few to read and 1 to digest weekly.

If you want youtube stuff, here's a Linux Conference with years of talks by experts. https://www.youtube.com/c/southeastlinuxfest/videos
Many conferences have free videos.

Adrian is security focused. https://www.youtube.com/user/irongeek/videos and goes by IronGeek. I met him over a decade ago at a little local conference. His multi-day training on wireshark is all you need related to that subject. He isn't Linux-centric, so often he'll struggle to use Windows.

[linuxyogi]

@TheFu
Yes I too realized reading every article is not possible. I am deciding which article to read by reading the title.
I have installed akregator. I will definitely subscribe to both the Youtube channels you suggested.
Just in case if I find that the irongeek is more Windows related I will unsubscribe. After all its just a 1 click process.