Open in app

Sign in

Write

Sign in

Securing your data

Supratik Chatterjee
4 min readMay 30, 2022

--

User data is siphoned off at an alarming rate by commercial for-profit websites that the average internet user visit today. Most users when signing up with a website, do not go through the EULA or T&C of the Web Application. This is hard since a person visiting a website is usually doing so for specific work.

How does one achieve a semblance of privacy as an end user?

Information Security Wordle(Purple Slog @ Flickr)

Breach Points

“If you’re not paying for something, you’re not the customer; you’re the product being sold.”

— Andrew Lewis(blue_beetle)

The average participant interacts with 6 entities while surfing the net. The entities are :

  1. Web Browsers
  2. Search Engines
  3. Internet Service Provider(ISP)
  4. Domain Name Search(DNS) Provider
  5. Certificate Authority(CA)
  6. Web Domain

Information is collected at almost all levels. However, restrictions can be applied for Web Browsers, DNS, CA and the domains.

After connecting to a Web Domain, information is tapped by :

  1. Content Delivery Networks(CDNs have the ability to monitor originating website and IP)
  2. Third Party Trackers(Service Workers, Single Sign On, CAPTCHA, and many more, help get refined data off users)

How can people defend themselves, while not having to be careful?

Restricting unsolicited data access on Browsers

Web browsers are by far the largest point of data extraction. Greedy applications such as Google Chrome, and Edge, keep running in the background to enable service workers. In the pleasant notion of providing users the ability to hyper-personalize their data, companies now attempt to categorize the users using the same system.

Firefox helps some by making it’s configurations alterable. One can do so by altering setting in the following URLs to their specific requirements.

about:config
about:debugging#/runtime/this-firefox
about:preferences#privacy
Accessing about:config in Firefox

Alter the certificates available on the browsers as well, and then use “HTTPS only” in order to prevent websites that you do not trust. This blocks off Certificate Authorities.

Accessing certificates on Firefox

Setting configurations to clear all history and cache on exit will also help to remove service workers. Using ‘Private Browsing’ will help with this by default.

Remove any and all extensions that scan tabs, window content, and accessed URLs to prevent any leaks through those as well.

With these, you now have some control over Certificate Authority, Web Domains visited, Trackers using cookies and Service Workers and data emitted by the browser itself.

The next step is to hard block domains, to be able to carelessly surf the internet.

Restricting DNS access and Whitelisting

Whitelisting is the practice of allowing only some trusted content for operating on your system as a service. To implement this, all domains need to be blocked off. This is a policy followed by Firewalls in order to protect your system from external threats as well. Doing this also reduces exposure to viruses, Trojans, and several malwares.

It can also prevent some balding issues as well…

Space Force reference(MS Windows auto updates while launching a rocket)

On Linux and Mac OS this is an easy matter to resolve, through using ‘dnsmasq’. It is incredibly simple to install and use.

# On Debian systems such as Ubuntu
sudo apt install dnsmasq# At times dnsmasq can fail, due to blocking of port 53
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo service dnsmasq start

Configurations need to be changed for ‘dnsmasq’ in order to cache records and whitelist. Whitelist associated required websites as well, so that the primary functionality is achieved. The following is a sample configuration that might be useful.

domain-needed 
bogus-priv 
cache-size=1500 
resolv-file=/etc/resolvmasq.conf 
 
# using whitelisting only 
# block all 
address=/#/127.0.0.1 
 
# google 
server=/google.com/1.1.1.1 
server=/gstatic.com/1.1.1.1 
server=/accounts.google.co.in/1.1.1.1

What the above means is that first we block all addresses by redirecting to ‘localhost’, followed by enabling DNS lookup for the rest of the domains. The DNS IP ‘1.1.1.1’ belongs to Cloudflare.

The file resolvmasq.conf contains entries for DNS servers. This can be disregarded by commenting out all entries or by using no-resolv in the configuration itself.

# nameserver 1.1.1.1 
# nameserver 1.0.0.1 
# nameserver 127.0.0.53

The DNS is usually automatically set, and frequently the DNS points to 8.8.8.8 as the root DNS server. This will allow DNS lookup if left alone.

At times the file is reconfigured by the utilities, which can be prevented by setting a file ‘immutable’ through chattr +i /etc/resolvmasq.conf.

For applying the same to Windows, there are similar utilities, such as Microsoft DNS. The process remains the same. Block all IP addresses, then either whitelist them, or add them to your hosts file manually.

Prevention is better than cure. Prevent once, enjoy for as long as you want.

Privacy
Web
How To
Browsers
DNS

--

--

Supratik Chatterjee

Written by Supratik Chatterjee

2 Followers

Software Developer, Researcher and Mentor. Aeromodelling and Robotics hobbyist.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams