Choose style:

Author Topic: ScriptSafe instead of Canvas Defender?  (Read 5940 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
ScriptSafe instead of Canvas Defender?
« on: February 11, 2017, 11:09:42 pm »
Chromium is a speed demon, in its own right, but a combo of Ghostery, ublock Origin, Disconnect, and Canvas Defender throws gas on the fire, so to speak.  If one decides to try this, I should warn that there ARE some built-in conflicts amongst them.  A lot of nags can be alleviated by NOT blocking (disabling) 'Advertising' and 'Site Analytics' in Ghostery, since a lot of these extensions are doing the same thing, but ... none of them, by themselves, will work independently as well as this combo.  Soooo, I put up with the occasional warning from Chromium.

Hi VinDSL,

Have you ever looked at ScriptSafe as a replacement for Canvas Defender?  I enable ScriptSafe in General Settings, and then disable everything else on that page  Then I go to Fingerprint Protection and enable everything except Reduce Keyboard Fingerprinting.  Concerning the options, I've chosen to stay with Canvas Defender's idea of a random readout for canvas fingerprint protection.

I've tested it this setup with Panopticlick several times.  I got to say ScriptSafe's canvas fingerprint protection works like a charm.  And, what's best, you don't have that pesky advertisement popping up when booting up Chromium all of the time.  ;) 

VinDSL, have you ever looked at open source ScriptSafe for canvas fingerprint protection?  If so, I wonder what you think about it.  My current setup is to use EFF's Privacy Badger along with HTTPS Everywhere* and SafeScript.  I'm currently going with Privacy Badger because it supports companies that honor a user's Do Not Track request.

Thank you,

perknh

* I'm wondering if HTTPS Everywhere is becoming unnecessary with the Chromium-based browsers.  It seems Chromium is placing a lot of focus on making our connections safe all along our browsing path. Anyway, I'm still using it, and it's been updated too recently.  So I guess there's still a need for it.  :-\

P.S.

What I don't know is how this setup affects speed.  Your configuation sounds fast.  I don't know if the way I'm using these plugins is helping, or hurting me, regarding speed.  In my non-scientific tests, counting internally, it seems that Chrome beta is a much faster than our Chromium browser at the moment.  However, Chrome beta is running Version 57.0.2987.37 right now, whereas my Chromium browser is still at Version 55.0.2883.87.

P.P.S.

I just installed uBlock Origin.  Lots of people in this forum seem to be using it.  Using it along with Privacy Badger, the Panopticlick test seems to go even fast for me now. :)
« Last Edit: February 12, 2017, 09:03:28 am by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #1 on: February 12, 2017, 11:18:31 am »
@perknh

I've never tried ScriptSafe, but I've read about it.  My impressions was, it's a Noscript substitute for Chrome(ium) users.

Put another way, some Firefox users sorely miss Noscript when they use Chrome(ium), and ScriptSafe fills the bill.

I'm as paranoid as the next person.  It's at matter of survival in my real-life occupation, and it carriers over into my personal life, for better or worse.  That said, I generally don't block scripts.  Matter of fact, I write/run my own Greasemonkey scripts in Fx to make up for its many failings and shortcomings.  But, I digress ...

If you want to look at it from a speed vs security perspective, yes, that's the biggest reason I don't block scripts.  They get in my way, and inevitably piss me off to the point of removing them, because I waste a lot of re-enabling the blocked scripts so I can get some work done.

I dunno.  In a lot of ways, script blockers are too much of a good thing.  There's no doubt they work, but they throw the good scripts out with the bad, you know ?  It's the old 'baby and the bathwater' thing ...

The compromise fallback for me (currently) is a combination of Ghostery, uBlock Origin, and Canvas Defender.  I've removed Disconnect because there was too much duplication taking place between it and Ghostery/uBlock.

Canvas Defender is low-maintenance and takes care of itself.  I'll occasionally give it a poke on suspicious sites, but that's it. 

Ghostery and uBlock Origin are the gorillas in the room, and take over the majority of my security.  They smash everything in the face, and accordingly require a lot of tweaking on sites that I frequent a lot.  On most sites, I let the apes have their way with 'em.

As an aside, I make a lot of online purchases on a variety of sites.  It's not necessarily because I'm miserly and slothful.  Many of the things I buy online aren't available locally at any location, at any price.  At trusted online retailers, I generally lower all my shields temporarily, do my thing, clear all data in the cache, and  close/reopen the browser.  That way, all the cookies and so forth are wiped clean, and my 'fingerprint' changes before continuing the journey into hostile territory.

Anyway, security is a moving target, and that's where I am, at the moment ...  ;)
« Last Edit: February 12, 2017, 11:23:58 am by VinDSL, Reason: Addendum »

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #2 on: February 12, 2017, 12:56:25 pm »
Hi VinDSL,

Yeah I could never work with ScriptSafe if had to block script with it.  I've tried it before and my computer moved like mud.  I've totally removed its script blocking protection.  Right now I am enjoying using ScriptSafe for its fingerprint disguising protection.  What I said above is probably misleading is you haven't had a chance to look at ScriptSafe yet.  You have to enable ScriptSafe to use it, but then you can turn whatever you want on or off.  I uncheck the default boxes for script protection immediately.  But, after that's out of the way, I configure ScriptSafe's for its fingerprint protection options.  IMHO, its the best fingerprint disguising protection I've ever seen.  If you want random hashes, boy does this thing produce!  ;)   

Ghostery is a kick*** extension --very, very powerful.  I'm not using it right now because I'm using Privacy Badger, but I have supplemented Privacy Badger with uBlock Origin.  You, GNULINUX, and just about everybody here in Peppermint, uses this extension, so it seems.  I understand why.  It's very impressive, and it even seems to have helped me speed up my computer.

VinDSL, if you have the desire, and you ever find some spare time, do take a peek at SafeScript for its fingerprint disguising protection.  (Uncheck those boxes for protection against script.)  Give Panopticlick a couple of runs, and check out how it changes your canvas fingerprint.  I love to hear what you think about it after you give it a look-see.  I think you'll be impressed. :)

Thank you, VinDSL.

perknh
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #3 on: February 12, 2017, 03:06:40 pm »
If you have the desire, and you ever find some spare time, do take a peek at SafeScript for its fingerprint disguising protection.

Sure, I'll install it now.   ;)

I'm not hooked exclusively on Canvas Defender, and variety is the spice, et cetera.

Here goes ...

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #4 on: February 12, 2017, 03:59:06 pm »
I hope you enjoy it, VinDSL, or at least find it interesting.  I'd sure enjoy hearing your opinion concerning the extension.  In my case I've unchecked everything everywhere in Settings except for in the Behavior category,  There I only unchecked the Show Rating Button box.  I don't think I'm going to need that.  As for the fingerprinting page, perhaps you'll share with me what you think is most helpful to do.  The only thing I'm trying to do with this extension is create a faux fingerprint hash --except, of course, if you end up thinking that I should be using this extension for more than that.

Thank you, VinDSL.

perknh
« Last Edit: February 12, 2017, 04:05:48 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25270
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: ScriptSafe instead of Canvas Defender?
« Reply #5 on: February 12, 2017, 04:45:00 pm »
I'm 100% anonymous online .. I use the "Instant Disguise" addon whenever at my PC:-
Sorry, couldn't help myself :))
« Last Edit: February 12, 2017, 04:49:05 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #6 on: February 12, 2017, 06:19:20 pm »
Yeah, one of those should come with every computer that's running Windows.  I like it! ;D

But, seriously, I think both our countries have a HUGE problem regarding privacy.  You've got the Snooper's Charter, and VinDSL and I have just about everything running against us.  Our privacy is pretty much shot too, and, because of this, we have to play with silly extensions such as these.  Thank goodness we have the EFF.  People like Cindy Cohn at the EFF are fighting like mad to protect our rights to privacy and freedom of expression without a dragnet approach to surveillance.   Many here are beginning to recognize that dragnet surveillance stifles freedom of thought and expression.  It's pretty creepy over here on this side of the big pond right now.  I can't imagine that our friends in the UK are faring much better themselves regarding these issues either.  :(

Perhaps our world may look like this one day.  There are so many possibilities.  Could this be one of them --The Circle?


« Last Edit: February 16, 2017, 12:02:36 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #7 on: February 13, 2017, 06:12:49 am »
3:55 AM here.  Been running ScriptSafe for about 12 hours, give or take.  Don't have time to be exact.   ;D

I need to get off this thing, and go mobile, but I felt compelled to comment before jumping in the shower ...

SS is a nasty little sucker !  And, I mean that in a good way. 

I figured there shouldn't be any problem blocking 'iframes'.  In the old days, that's where haxors hid vulns, and most websites have quit using them, but ...

I just navigated to LinkedIn, to do a little maintenance, and the headers were invisible.  I thought, "WTF ?"  Then, it dawned on me ... SS !

Sure enough, those bonehead MS devs on LI are using 'iframes' on their new UI.  Wonder what they're hiding in there (I'll investigate later) ?!?! LoL !

Anyway, first impression is: This Ghostery, uBlock Origin, ScriptSafe combo is twice as brutal as before !

Thx for teasing me into installing it, perknh.  It's a keeper !!!   8)

Gotta run.  BBL

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #8 on: March 03, 2017, 09:37:46 am »
Anyway, first impression is: This Ghostery, uBlock Origin, ScriptSafe combo is twice as brutal as before !

Hello VinDSL,

I found a substitute for HTTPS Everywhere that I'm experimenting with right now.  It's called KB SSL Enforcer.  Some sites are very slow coming around to HTTPS as their default protocol, and I was wondering if there might be something even better than HTTPS Everywhere.  HTTPS Everywhere is thought of by many to be a memory hog.  I found the KB SSL extension over at Chrome's web store.

Right now I'm running Privacy Badger, uBlock Origin, SafeScript (for canvas fingerprinting protection only), KB SSL Enforcer, and LastPass.  I you had to toss one of these out, which would you choose?  Would it be Privacy Badger?  Or would keep them all up and running. (Privacy Badger rewards those sites that honor our Do Not Track requests, so it's really a political extension trying to nudge sites into compliance.)  I have to say, however, in my case everything seems to be running pretty well right now --knock on wood!  ;)

I wish Epic browser supported Linux, but it doesn't, so I use Chromium 90% of the time, and Chrome beta and Firefox the other 10%.  I took your warning seriously some time back and ditched Iridium browser.  I wonder if you still think Iridium could be a security concern because it stays behind Chromium by a couple of versions.

perknh
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #9 on: March 03, 2017, 10:56:40 am »
I'll make it quick.  Gotta lock horns with the lawyers again in 2 hours, and need to stay on task ... 

I'll try 'KB SSL Enforcer'.  Never have been entirely satisfied with 'HTTPS Everywhere'.  Matter of fact, I only use it on a 'nannyware' infested kiosk machine at work.  A combination of 'HTTPS Everywhere' and dancing on the F5 key confuses the 'nannyware' and allows you to breakout of jailed environments.  Old haxor trick, but I digress ...   8)

Eeny, meeny, miny, moe ... I'd probably dump LastPass, but I maintain my own personal password keeper, on my production site.   Long story.  Won't do you any good unless you own a web site, blah, blah, blah.

Nothing has changed on the browser front, for me.  Chromium 99% of the time.  Only thing I use Firefox for is the 'DownThemAll!' add-on.  If DTA was available on Chromium, I'd purge Firefox from all my machines.  Just a waste of space IMO.  No offense intended.

Gotta run.  BBL

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #10 on: March 03, 2017, 03:29:45 pm »
I'll make it quick.  Gotta lock horns with the lawyers again in 2 hours, and need to stay on task ...
Eeny, meeny, miny, moe ... I'd probably dump LastPass, but I maintain my own personal password keeper, on my production site.   Long story.  Won't do you any good unless you own a web site, blah, blah, blah.

You're right.  LastPass is, at least in theory, my weakest link in that lineup of extensions.  My problem is that I haven't found a password manager that can compete with LastPass, on Chrome and Chromium, from the world of open source.  I started with LastPass because, at the time, it was the only password manager I knew of that would work with Chrome OS.  Then, I got used to it.  From what I've heard online, the team at LastPass are good stewards of their project.  Knowing this offers me some consolation, but I'd still prefer using an open source password manager if I could find one that would work as well, and as easily, as LastPass.  The darn thing functions nearly flawlessly.

Nothing has changed on the browser front, for me.  Chromium 99% of the time.  Only thing I use Firefox for is the 'DownThemAll!' add-on.  If DTA was available on Chromium, I'd purge Firefox from all my machines.  Just a waste of space IMO.  No offense intended.

Yeah, Chromium's my default browser.  When I need video to work, I go to Chrome-beta.  As for Firefox, it's my key for getting Chrome --after a verified installation.  After a clean install, I know Google's default search box in Firefox will give a clean copy of Chrome without me having to chase it down on the web.  Unless I'm experimenting, or needing a link from a trusted user in this forum, or occasionally desperate for a needed program of some sort, I rarely download from the wild. 
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #11 on: March 04, 2017, 02:00:03 am »
You're right.  LastPass is, at least in theory, my weakest link in that lineup of extensions.

Might want to check this:  https://goo.gl/yKHqiH    ;)

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #12 on: March 04, 2017, 06:43:55 am »
You're right.  LastPass is, at least in theory, my weakest link in that lineup of extensions.

Might want to check this:  https://goo.gl/yKHqiH    ;)

Hello, VinDSL,

Yes, I saw that.  This means I will now need to change my master password again.  Thank you. ;)

Open YOLO is supposed to be in development now, but I don't know when it's going to support Linux.  Clipperz is probably the closest open source alternative to LastPass I've seen thus far.  I like its privacy policy.   

I'm looking for four things -- open source, Linux support, Chrome OS support, and ease of use.  With the exception of not being open source, LastPass ticks off three of the above boxes.  I only wish it were open source:  not being so is its one and only character flaw.

Clearly I need to do more homework on the subject of open source password managers.  My homework begins here.

perknh

[EDIT]

I wrote LastPass this early this afternoon.  It includes my usual typo of omitting a word.

Quote
The password movement seems to be pointing in the direction of open source. I was notified by two unacquainted people recently of these password manager concerns --and one article was strictly about LastPass. (Sorry, I tossed that one.) Now I don't know if I need to change my master password or not, but l'll probably do so to keep on the safe side of things.

Yeah, I think LastPass not becoming open source will prove over time to be the weakest chink in its armor --especially with Open YOLO coming down the pike. Heaven forbid after Google gets the password manager game!!!

Here's one the links that was given to me:

https://thehackernews.com/2017/02/password-manager-apps.html

Thank you,

****

PS

Here's a little something about Open YOLO too. If I were LastPass, I'd want to nip these fellows in the bud.

https://blog.dashlane.com/dashlane-google-open-source-api/
« Last Edit: March 04, 2017, 01:19:31 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5170
  • Karma: 939
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: ScriptSafe instead of Canvas Defender?
« Reply #13 on: March 04, 2017, 01:57:44 pm »
I'm looking for four things -- open source, Linux support, Chrome OS support, and ease of use.  With the exception of not being open source, LastPass ticks off three of the above boxes.  I only wish it were open source:  not being so is its one and only character flaw.

Clearly I need to do more homework on the subject of open source password managers.  My homework begins here.

Or here (oldy but goody) ...   https://goo.gl/O4SGuc

Swati Khandelwal wrote this article, last July.  I know Swati (and trust her opinion) from LI.  Plus, she's one of the few ppl I follow on Twitter.

Armed with the most recent info on password manager vulns, you might be able to extrapolate a suitable alternative from this list.   

Everything she writes is golden !  ;)

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3814
  • Karma: 299
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: ScriptSafe instead of Canvas Defender?
« Reply #14 on: March 04, 2017, 03:21:24 pm »
Yeah, that's an even better place to start.  Thanks, VinDSL.  :)
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum