Miscellaneous nov.2

[TraderStf]

Hi DrDuh,

Up to you to evaluate and see what to do with these sites, remarks, questions or explanations collected from....., some are above my ItQ 👀

Sorry for my usual mess.

Thank you,

---

• Perhaps add for some chapters, also how to uninstall software (e.g. dnsmasq, dnscrypt...)
• OS X VPN settings - Option tab ~"send all trafic on the VPN" what's not going on the VPN if this option is disabled?
• OS X Network - Proxy ~"ignore proxy for hosts and domains"? I think this "*.local, 169.254/16" is by "default". What to do?
• OS X Firewall - Advanced tab: set a small delay and require pw.
• OS X - Users & Groups - ~Open/launch ! You can remove an application that launch at startup, even without unlocking the dialog (orange locker bottom left)!! Is it possible to avoid that stupid possibility... Already report that several times to Apple years ago...
• Should we disable IP6, as it seems that in some cases using both IP4 and IP6, this might leaks information?

---

https://letsencrypt.org https://github.com/okTurtles/dnschain

http://thehackernews.com/2015/10/nsa-crack-encryption.html

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html

---

FOR FASTER VPN

• router with UPnP ON (security risk, probably not needed if NAT maps automatically FOR BETTER PRIVACY
• random port and NAT auto-open/map
• block bad/dangerous/snooping peers
• add a proxy
• use non-proprietary DNS servers

---

VPN for privacy... but VPN are always starting after other programs which might already have accessed internet...

---

Paranoia Who is behind these testing websites. Nice places to collect data, browser fingerprints... especially when you are testing your 'uncompleted/unsafe' configuration.

whoer, browserleaks, ipleak and similar, why so many 'secret/domain-by-proxy...' whois?

---

We use Google Public DNS server, which we consider unproblematic. It is not only the biggest public server with over 130 billion requests per day and works fast, but also does not store personally identifiable information nor IP-addresses permanently and all temporary logs are deleted after 48 hours at the latest. (from a VPN provider... don't remember)

Though Google DNS Resolvers are censuring several kinds of sites and are among companies providing data to bigbro...

---

2FA Don't forget to have a 'backup', e.g. like printed code for Google Authenticator, in case your phone is down.

[TraderStf]

https://www.verisignlabs.com/orscan/ Are Open Resolvers bad? Generally, yes.

[TraderStf]

Concerning VPN and IP4-IP6 leakage. http://blog.cyberghostvpn.com/dns-ipv6-leak-cyberghost-not-affected/

[TraderStf]

Beginner’s Guide to Open Source Intrusion Detection Tools https://www.alienvault.com/resource-center/white-papers/beginners-guide-to-open-source-intrusion-detection-tools

[drduh]

Thanks for the usual tips and guides. I will add these in over time as incremental changes, as I work through more thoroughly reading and reviewing them.

Re: ignoring proxy settings for localhost, the default seems reasonable.

Re: disabling IPv6, I am not an expert in the matter, so I would rather trust the defaults.