TrickJarrett.com

PrivacyGuides.org

Privacy Guides is a not-for-profit, volunteer-run project that hosts online communities and publishes news and recommendations surrounding privacy and security tools, services, and knowledge.

This is a fantastic resource with lots of recommended tools and information on how they work.

My Firefox Addons & Plugins

I think it's perhaps a good time for me to share my current Firefox plugins. You don't have to use these, but I'm sharing it as a reference in case others need them. (Also, it's useful if I get a new machine and need to find my plugins quickly.)

Bitwarden - My password manager of choice. Please, use a password manager. I wrote about them in "Hacked 101," an older post about security.

Privacy

I have a set of plugins which I use to try and minimize trackers and other 3rd-party data gatherers. They can be annoying sometimes as they will sometimes interfere with page functionality, but if you regularly visit new pages and corners of the internet, this sort of privacy is excellent.

DecentralEyes - This tool is dedicated to trying to prevent tracking from sites which utilize data-gathering content delivery networks for things like Javascript, etc.

Privacy Badger - Run by the EFF, it blocks invisible trackers on pages.

uBlock Origin - Again, it blocks problematic elements on pages, as well as ads.

While not a Firefox extension, and thus not part of this post's central theme - I do utilize a PiHole for the house which also blocks ads and trackers for our entire network.

Extra Functionality

Containers - Containers is a functionaltiy offered in both Firefox and Chrome. I don't know if Edge provides it. But essentially it lets you segment your internet usage. I do the vast majority of my web usage in the primary container, but sometimes I will open a new container, or as you'll see, some sites are cordoned off.

Container Bookmarks - Allow me to set bookmarks to open in specific containers.

Facebook Container - This extension puts all of Meta's properties into their own container, greatly hampering Meta's ability to track me across the web.

Sticky Window Containers - With Containers, my primary use-case is for differentiating work and personal web browsing. This plugin opens new tabs in the same container as the first tab in the window.

TamperMonkey - Once upon a time there was a plugin called GreaseMonkey. It allowed you to write scripts which were executed on pages which matched settings. So you could automatically hide things on websites, or add additional functionality, etc. Greasemonkey is no longer maintained, but there are a number of forks, such as this one.

MarkDownload - Markdown is a text-only syntax which provides formatting of text, such as bold, etc. The back end of this blog is written in markdown, and I maintain a personal library of markdown text in an Obsidian MD vault. This plugin makes it easier for me to pull text from the web into this blog, or into Obsidian.

Reddit Enhancement Suite - Yes, I still use Reddit. Yes, I still use the old template on Reddit. RES provides a multitude of functions on Reddit which make the site usable for me. I hate the redesign and rely on RES.

Simple Translate - A quick in-browser context menu-based translation plugin.

Unpaywall - If I come across an academic paper I want to read but which is pay gated, this tool quickly checks to see if that paper is available for free elsewhere on the web.

Media

BetterTTV - A staple for many who watch Twitch. It adds functions and emoji to Twitch chat.

Return YouTube Dislikes - YouTube hides the dislikes of a video now within their API. This plugin re-adds it to the videos (when able.)

Save WebP as PNG or JPG - WebP has a lot of upside for websites, but it is not yet fully embedded and useful when downloaded on desktops. This plugin allows me to easily download a webp into a more usable format.

"Is This the End of Geofence Warrants?"

Google is changing how they track user location data. The link is a breakdown by the EFF regarding these changes. As they say it, it isn't a full victory for privacy - but it is stepping in the right direction.

Google’s announcement outlined three changes to how it will treat Location History data. First, going forward, this data will be stored, by default, on a user’s device, instead of with Google in the cloud. Second, it will be set by default to delete after three months; currently Google stores the data for at least 18 months. Finally, if users choose to back up their data to the cloud, Google will “automatically encrypt your backed-up data so no one can read it, including Google.”

[...]

However, we are not yet prepared to declare total victory. Google’s collection of users’ location data isn’t limited to just the “Location History” data searched in response to geofence warrants; Google collects additional location information as well. It remains to be seen whether law enforcement will find a way to access these other stores of location data on a mass basis in the future. Also, none of Google’s changes will prevent law enforcement from issuing targeted warrants for individual users’ location data if police have probable cause to support such a search.

Facebook rolling out end-to-end encryption on messenger chats and calls

"Federal Judge Makes History in Holding That Border Searches of Cell Phones Require a Warrant"

Infosec on Mastodon - Increasing Bitwarden PBKDF2 Iterations

One of the communities which Mastodon has opened me up to is the "infosec" community. Security professionals focused on information and digital security. In regard to the issues with LastPass recently, I have been paying close attention. And based on the following discussion, today I logged into Bitwarden and increased the PBKDF2 iterations to 600,000.

Bitwarden notes below they are making 600,000 standard, but I wanted to do proactively also because this sort of change logs you out of Bitwarden, and so I wanted to do it and log back in when I wasn't in the middle of needing to be logged in and thus having to fully jump through hoops for.

"HTTPS Is Actually Everywhere"

The EFF has provided, for years, a number of useful privacy tools. In doing my previous post about my Firefox extensions I discovered that the EFF was sunsetting one I'd been using for years called 'HTTPS Everywhere' and that's because browsers now had that functionality built in.

Glad the technology moved central and was adopted!

My Firefox Extensions

It struck me this morning that it may be useful or, perhaps interesting, to archive the Extensions I currently use in Firefox. The extensibility of browsers today is fantastic.

1. Bitwarden - Password Manager
2. Decentraleyes - Privacy tool which works by attempting to block unneccessary calls to content distribution networks.
3. Easy Screenshot - Tool to easily snag screenshots of pages. I primarily use it to snag photos of complete pages where it scrolls down and screepcaps and then stitches them together.
4. Facebook Container - Forces Facebook and Instagram pages into their own container, this blocks them from tracking you across the web.
5. Feed Preview - It returns and enhances the ability to preview RSS feeds.
6. Firefox Multi-Account Containers - I live and die by multi-containers in Firefox. The majority of it is so that I can easily differentiate Work and Personal credentials, etc. But I use it for all sorts of things.
7. Firefox Translations - Mostly so I can test and experiment with Mozilla's local translation tool, meaning it doesn't interface with Google etc. Overall it's good, but not perfect.
8. GIPHY for Firefox - Honestly, I use it largely to enable quick and easy gif access for posting on Mastodon.
9. Privacy Badger - Privacy tool from EFF. It's not as good as it used to be, but it still blocks some tracking tools.
10. Reddit Enhancement Suite - As a longtime Redditor, and I use the old layout still, it enables and enhances a bunch of functions on Reddit.
11. Return YouTube Dislike - Using the API, it allows me to see the dislikes on YouTube videos.
12. Simple Translate - Integrates with Google's Translate for easy on-the-fly translation.
13. Soundfixer - It allows me to manage volumes for individual tabs in Firefox, very useful for my laptop which has dinky speakers and I want to boost the tab's volume over 100%
14. Sticky Window Containers - Another tool for the account containers, this one has tabs in a window open in the same container as the first tab in the window. This also lets me easily do the work/home split.
15. uBlock Origin - The best ad blocker ever
16. Unpaywall - Legally find free access to academic articles.

Firefox launching on-machine translations so that you no longer have to use the cloud

It wasn't just Mozilla to be fair:

Firefox Translations was developed with The Bergamot Project Consortium, coordinated by the University of Edinburgh with partners Charles University in Prague, the University of Sheffield, University of Tartu, and Mozilla. This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 825303.

"The Quiet Invasion of 'Big Information'"

I recently removed Twitter and TikTok from my phone. Primarily because of productivity and not feeling I was getting the value I wanted from them. But also, partly, out of a concern of privacy.

I don't think removing those apps will make a substantial change in my digital footprint, and the reality is, I hardly make an effort to be anonymous online. I willingly answer questions from Google about my behaviors, both online and offline, for pennies ("When were you at Fred Meyer last?" or "Do you remember this YouTube video?")

This article, which is an excerpt from "Data Cartels" Sarah Lamdan is a grim reminder of what I largely already knew. These massive businesses which do, what to people just 30 years ago, would consider obscene observation and stalking, make huge profits because of it.

Despite being a billion-dollar data and information business—just one of RELX's brands, alone, has profit margins that rival Apple, Google, and Amazon's—RELX doesn't get the same level of public scrutiny that those other companies do.

We regularly hear, and most recently in conjunction to Musk's Twitter moves, that if you're not paying for it - you, yourself, are the product. But the truth is you are already the product. No matter what we do, where we go, we are being tracked.

My mother-in-law was frustrated about getting texts for political candidates in Washington state even though she lives in Florida. She has a very small online footprint, but I suspect it's big enough. I didn't want to make her worried, so I glided over some of the details, but I noted that I suspect her phone was registered on a tower or network here in Washington and that that was recorded and then sold to the political marketers for this campaign.

I truly think we are approaching an epoch change in regards to online privacy and data, though it will be messy and, honestly, likely Sisyphean with too much already being out there and too many freedoms already lost.

I'm adding the book to my steadily growing pile of "things I need to read eventually."

Could a nonprofit digital security organization work?

A recent discussion on HackerNews about the Bitwarden funding round included something which I found a very compelling idea and have been thinking about it for the past two days. The idea was a nonprofit that managed and provided privacy and security tools. I find this compelling because it would, ostensibly, remove the slippery capitalistic slope and hopefully ensure a service users could trust.

The closest example I know of is Mozilla, makers of the Firefox browser (my browser of choice.) And they do provide a number of tools in this realm such as password management (though, only through the Firefox browser) as well as email protection (when you don't want to give your real email, they provide a redirection) and even a VPN tool.

My first bit of criticism is that with few exceptions, these tools funnel through Firefox and are not standalone offerings. Which, in the larger scope, is a minor thing as more and more computer-based activities become online-based driven through the web browser. The biggest pain point, and the reason I don't use Firefox's built in password manager, is that I also utilize it for credentials which I need outside of the browser. So, for example, I have Bitwarden's desktop client installed on my mobile phone and laptop.

My other criticism of them (in the vein of this discussion, admittedly I do not know enough to know if this is really a problem.) Organizationally, they utilize a corporation within their nonprofit structure. There is a very good chance that there is a sound reason for this that has to do with taxes or benefits, etc. though for people like myself it seems like a way to just make more money without the restrictions of a nonprofit. A cursory Google search says the top reason is to "separate activities from the parent company," which I interpret as being: "So we can make more money."

My resistance, and the entire reason a nonprofit seems interesting, is that it removes the capitalistic incentives for the company and lets it focus on the moral incentives. The downside being the criticism which I saw in the HN conversation, this is a demotivator for employees. If they joined it as a 'startup' then they have financial motivations which likely are being rewarded by the Bitwarden VC funding round, for example.

Perhaps this entire idea is pipe dream, but I find it an enticing one. I'd love to start this sort of nonprofit and try to develop it into a sustainable for-good enterprise.

The FTC's recent lawsuit about selling geolocation data might be a sign that real digital protections are coming... maybe

Neural Voice Camouflage

A new technology, called Neural Voice Camouflage, now offers a defense. It generates custom audio noise in the background as you talk, confusing the artificial intelligence (AI) that transcribes our recorded voices.

Digital Defense Fund

We are Digital Defense Fund, and we do digital security for the abortion access movement.

We envision a future where technology and innovation support secure, autonomous reproductive decisions, free from stigma.

"Fear, Uncertainty, and Period Trackers"

I was pointed to this essay by Bruce Schneier's blog. Bruce is one of the foremost digital security experts and he was right, this is an excellent essay which basically highlights at period tracker app data is a red herring. If you are concerned about someone finding out about your pregnancy, etc., there are a myriad of ways and things to be worried about which are more important than the apps and their data. OpSec is a thing in so much of our lives, and the internet makes it very hard.

With Roe overturned, Congress must act on data privacy

It’s incumbent on lawmakers to prevent state governments from circumventing people’s Fourth Amendment rights and to protect consumers from being harassed by antiabortion activists.

Found via a tweet from Elizabeth Warren. The article is authored by the Boston Globe's Editorial Board.

My weird idea from last night: A "shadow" phone OS inside a browser window on your phone

It's an interesting idea. I have no idea how it would be useful, but it popped into my head last night.

A privacy built way of transferring files

Here's the creator's post about it on HN

How apps exploit a loophole in children's privacy

A little over the top in its visualization, but it's good for people who don't understand tech.

Mozilla releases local machine translation

This is very exciting. Up to now these sorts of things rely on the megabrain systems of Google, Microsoft and others. Centralized so every translation had to be sent to the server (unless you use their app and download the info for your phone while traveling, but even then your translations are not kept private.) This extension opens the door for some more privacy when seeking translations.

EFF Transition Memo to Incoming Biden Administration

The Electronic Frontier Foundation puts together a memo for each new President about the issues they perceive as needing to be addressed. The one for Biden is excellent and provides also a good primer for most people about digital issues to consider their stance on.

These last few months have reminded me of a short story idea I had, about a man who resisted government observation and privacy invasion by creating a dark web site dedicated to tools to resist it. From face masks, to apps, and everything in between. And that to do this, he had to continue to be observed, and live a life like someone completely unaware of these things.

Never wrote the story, maybe I'll give it another go one of these days.