From Newsgroup: alt.privacy

On Sat, 2 Aug 2025 17:58:33 -0000 (UTC), Marion wrote :

... to update the group at large, here are VPN's I'm testing.

TESTING UPDATE Building your own DIY privacy Mozilla browser

Since Mozilla browsers were problematic, I changed my plans to first create
a DIY privacy browser in the Chromium land, and THEN to move to Mozilla.

I've almost completed the initial tests of what VPN extensions worked and
which failed, along with the privacy-based extensions that worked well.

Here is the current status, but bear in mind the experimental results have
to be moved to the most un-mozilla'd of the mozilla-based web browsers.

Hence, likely the Mozilla test will be to replace Brave with MullVad, and
then to replace Ungoogled Chromium with LibreWolf (that's the plan anyway).

=== cut here for proposed chromium to mozilla test sequence ===

BUILD-YOUR-OWN DIY PRIVACY BROWSER - TESTING UPDATE

Every day I test more free, no-registration, no-ad privacy extensions.
I'm focusing mostly on Brave for now because it's easier to update than UC.

Luckily, archiving browser extensions is simple and straightforward:
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\

With Brave, you can trick tabs into loading in the foreground to speed them
up. Most users won't want this, but it's useful to know these options.
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
--disable-background-timer-throttling
--disable-backgrounding-occluded-windows
--disable-renderer-backgrounding

Here are the privacy extensions I have tested which work well together.
As reported by <brave://system> which creates this list below for you.
mnojpmjdmbbfmejpflffifhffcmidifd : Brave : version 1_0_0
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher : version 0_6_4
cafckninonjkogajnihihlnnimmkndgf : Disable HTML5 Autoplay : version 0_9_3
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin : version 1_65_0
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete : version 3_8_2
fhkphphbadjkepgfljndicmgdlndmoke : Font FP Defender : version 0_1_6
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control : version 0_3_3
hhnhplojcganfmfimkeboiipphklcbih : Location Guard V3 : version 3_0_0
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control : version 1_35
ikclbgejgcbdlhjmckecmdljlpbhmbmf : HTTPS Everywhere : version 1_0
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect : version 2_3_6
jjbikklopibeimjelkohlldbjcdnofei : StayInTab : version 1_0
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs : version 1_26_0
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes : version 3_0_0
mhjfbmdgcfjbbpaeojofohoefgiehjai : Chrome PDF Viewer : version 1
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN : version 2_6_79
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace : version 3_0_6
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker : version 0_2_2
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger : version 2025_5_30

Here is a quick summary of how these extensions impact privacy:
Brave: Built-in ad/tracker blocking, privacy-focused browser
User-Agent Switcher: Masks browser identity to reduce tracking
Disable HTML5 Autoplay: Stops media autoplay, reduces fingerprinting
uBlock Origin: Blocks ads, trackers, malicious domains
Cookie AutoDelete: Deletes cookies after tabs close
Font FP Defender: Randomizes font data to prevent fingerprinting
WebRTC Control: Prevents IP leaks via WebRTC
Location Guard: Spoofs or hides geolocation data
Referer Control: Limits referer headers to reduce tracking
HTTPS Everywhere: Forces HTTPS when available
Skip Redirect: Bypasses tracking redirects
StayInTab: Prevents tab switching, reduces behavioral tracking
ClearURLs: Removes tracking elements from URLs
Decentraleyes: Blocks CDN-based tracking with local resources
Chrome PDF Viewer: Displays PDFs without external viewers
LocalCDN: Replaces CDN resources locally
Trace: Blocks fingerprinting and tracking techniques
Canvas Blocker: Prevents canvas fingerprinting
Privacy Badger: Learns and blocks invisible trackers

These VPN extensions failed for various reasons:
hotspotshieldvpn : Removed from Chrome Web Store (2025-08-04)
itopvpn : Removed from Chrome Web Store (2022-12-09)
protonvpn : Requires registration (not privacy-friendly)
urbanvpn : Works briefly, then requires registration
hidemevpn : Flaky behavior after short use
hiddenbatvpn : Exposes your IP address (!?)
tunnelbearvpn : Requires registration
windscribevpn : Requires registration

These VPNs passed the login/ad/IP tests but failed YouTube access:
xvpn : Encrypts traffic, hides IP, may log metadata
1clickvpn : Encrypts traffic, hides IP, claims no logs
1vpn : SSL encryption, blocks WebRTC, no-logs policy
setupvpn : Encrypts traffic, collects usage info
vpnly : Swiss-based, AES-256, strict no-logs policy
securefreeedgevpn : Encrypts traffic, hides IP, no login
browsec : Encrypts traffic, hides IP, unclear logging policy

Note: Browsec was the only VPN that passed the YouTube test
in addition to the IP obfuscation & no-registration tests.

To follow in my footsteps, I'd recommend these simple steps.
1. Install privacy extensions in Brave
2. Copy unpacked folders to your software archive
3. In Ungoogled Chromium, enable "Developer mode"
4. Click "Load unpacked" to sideload each extension
5. Compare with Opera/Epic privacy browsers

Contributions welcome to refine these test findings.
Note that this needs to be repeated for Mozilla browsers.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 7 Aug 2025 11:34:57 -0700, Mike Easter wrote :

We can use our conversation here as an example of something.

It's certainly a noble endeavor, and quite apropos to this newsgroup, to
come up with a DIY to make the most private Mozilla-based web browser.

First, as a 'basis' of the non-privacy end of things; I don't use a
privacy browser at all. I also use an NSP which not only requires reg,
it also requires payment annually. OK fine.

While my WISP doesn't require payment, he knows where I live, so he knows
who I am, &, if he maintains logs, he can rat me out to any TLA who asks.

However, few of us require Osama bin Laden style anonymity, where, for the
most part, just calling in a bomb threat to Memorial Hall at Harvard using
a Mozilla-based TOR browser should be enough privacy for the bulk of us.
<https://www.nbcnews.com/technolog/failing-grade-alleged-harvard-bomb-hoaxer-needed-more-tor-cover-2D11767028>

That guy would have gotten away with it if he only hadn't used Harvard's
own Wi-Fi network (and if he didn't admit that he was the one who did it).
<https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/>

a. Eldo Kim, 20, during exam times in December 2013
b. Used Mozilla-based Tor to anonymize his internet activity
c. Sent emails via Guerrilla Mail, a disposable email service
d. Threatening that a bomb was placed in Memorial Hall
e. Just before his scheduled exam in Memorial Hall
(Which, I know well as it has to be the ugliest building on earth.)

How was he caught?
A. A TLA (i.e., the FBI) traced Tor usage on Harvard's Wi-Fi network
B. Kim's identity was linked through network logs and exam timing
C. He confessed to sending the threats (& later graduated from Harvard)

You instead are using blueworldhosting as your NSP to post here and like most other people including me, do not expose your IP to the 'world' via
the NSP nor your name and email. OK fine. We aren't that different.
Your NSP has excellent retention and no reg.

For obvious & well-known fundamental reasons, I never connect to any nntp server via my "real" IP address - nor even my "real" system clock or TZone.

If someone wants to 'uncover' your persona, they would start w/ the IP
you connect to blueworldhosting and the 'clarity' of your handwriting
which I have observed in your messages for years.

They'd have to go to the VPN admin, where I use a variety of free public no registration VPN servers around the world - but they DO know my real IP.

I don't think it would be that hard to uncover you; not that I am any
kind of fan of dox/ing, but it could be part of a conversation about
privacy that involves who is the/your adversary and who isn't.

I post where I live (Santa Cruz Mountains) all the time, and my carrier (T-Mobile) and even post my bill ($100/month for 6 devices), etc., so I
would agree that it's not hard to uncover who I am.

Once my life was threatened on Usenet by a certain "Rod Speed" in a.h.r and again (less obviously so) by "nospam" in m.p.m.i, which I reported to the
FBI, so the FBI knows who I am and how I post my articles to Usenet.

I even stumbled across abandoned guns used for a murder, unbeknownst to me,
a while ago, so I've been investigated for murder as the RP (being the RP
turns out to be interesting in and of itself in how you're implicated).

My 'philosophy' is that I don't have adversaries who need to know who I
am and so I don't have to go to any trouble for 'severe privacy'.

My adversary is Google. Microsoft. Apple. Meta. Amazon. et al.

But, I'm technically compensated by Amazon (who gives me "free stuff" to review; so Amazon has my W2 form, which has my SSN, so they got me 'good!
<https://amazon.com/vine/about>

To me, the only people who need severe privacy are criminals and those
who are actively fighting against an oppressive state actor; that is, if
you do dev a strong adversary w/ some kind of power, you have a problem.

Luckily you added "severe privacy", as if you just used the regular privacy word, that's something *EVERYONE* is entitled to. Basic privacy is a right.

Typically the people who discuss privacy in such as the privacy groups
don't actually *state* why they are so interested to go to so much
trouble and inconvenience. I do NOT believe that people do that just
for the fun or challenge of it, but I also do NOT know what other
reason/s they could possibly have besides the ones I mention here.

"Nobody needs to justify why they 'need' a right: the burden of
justification falls on the one seeking to infringe upon the right."
Edward Snowden, Reddit AMA, May 21, 2015
<https://www.mic.com/articles/119602/in-one-quote-edward-snowden-summed-up-why-our-privacy-is-worth-fighting-for>

Snowden often compares privacy to free speech. Just because you're not exercising it at the moment doesn't mean it's not essential. Anyone asking
you to justify why you want privacy has to first justify why they feel you
have no right to free speech.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 7 Aug 2025 13:09:50 -0700, Mike Easter wrote :

Completely free anonymity on the internet comes at a price to someone.

All your points are valid.

I think there are free services which are truly free, just as I received a handful of phones from T-Mobile which turned out to be (almost) free.
I had to pay the 10% California imputed sales tax on the free phone.
<https://i.postimg.cc/YC1B906F/tmopromo01.jpg> A32-5G & iPhone 12 contract
<https://i.postimg.cc/Xq5SpS4D/tmopromo02.jpg> $15/mo iPhone,$0/mo Android
<https://i.postimg.cc/nhpbcP50/tmopromo04.jpg> $100 for 6 lines + $16 fees

Speaking of paying taxes on imputed costs for free things, Amazon picked me
for Vine Gold for the reason that I own critical thought processes, but,
those free products also come at a cost since you have to pay income taxes.
<https://i.postimg.cc/k5FYJQc7/amazon-score.jpg>
<https://i.postimg.cc/3x3nL4h6/amazon-trust.jpg>
<https://i.postimg.cc/L6jnqvHj/amazon-vine-home.jpg>
<https://i.postimg.cc/sfvLPfxL/tax-implications.jpg>

My point is that we have to weigh each and every "free" item to see what
the "true" cost is of that free item - where loss of privacy is a cost.

Various providers who can 'easily' accommodate anonymity w/ their
services do so for whatever their own 'personal' reasons. Free/open
NSPs, free mail2news, a 'certain amount' of free VPN, free tor.

Well, people do "volunteer" to be VPN servers & TOR servers, although I'm
sure every TLA in the book also volunteers to be those free servers too!

Lots of free VPNs out there, for example...
Lots of free NNTP servers too.
Certainly lots of free web browsers.
And lots of free browser extensions.

Each one we'd have to look at in detail to find out the true cost to us.

There's not much (hardly any) free connectivity; there used to be a free local dialup provider but that went away, there is some free wifi and it
is possible to 'steal' some wifi.

I used NetZero until they started charging around the turn of the century. They're still in business. But the era of free unlimited ISP is over.
Still... I use Google Voice (on iOS. NEVER ON ANDROID!) for free calls.

Sidenote: Given iOS has the worst privacy of any mobile device, it's interesting that Google Voice has more privacy on iOS than on Android.

This goes to show that with privacy, we have to look at each situation.
Only after diving deeply into each situation can we assess true costs.

So, given that it is likely /easier/ to anonymize payment, it is
/perhaps/ easier to anonymize one's whole persona at a relatively low
cost, than to try to get some kind of 'perfect' free anonymity online.

I think this is a worthwhile endeavor to create a "burner persona" which
can "pay for things" on the net. The problem is how to buy with crypto?

I don't know how.
Do you?

It would be a worthwhile DIY tutorial for how to buy Mozilla extensions
using a burner persona, with burner email & burner crypto currency.

I'm not the guy to write it as I've never used crypto in my life.
I don't even know the first step.

Do you?

I'm frugal, but I'm also practical. I'm also a skeptic; watch out for
those who are providing you a free product, you may BE the product.

As I said above, the Apple religious zealots always tell me there must have been a catch with my free Android phones, and yet, I still have that phone which T-Mobile gave me for free in April of 2021 (they gave everyone in the
USA on postpaid accounts the same choice that I had for the free phone).

I paid the California sales tax on the MSRP and that was the only cost.
People can't believe it. But this only goes to show my point about free.

Every single situation where something is free is different in costs.
You have to look at each and every situation to find if there is a cost.

Anyone who makes blanket statements such as "you are the product" doesn't understand those costs, since you're the product anyway, e.g., if you don't
put "optout" (in the past) or "nomap" today on the end of your AP SSID.

Even if you broadcast your SSID, then you are the product since wardrivers don't care about your SSID having an optout parameter in the name.

Privacy is much like hygiene. It's not one thing. It's a lot of things.
Each comes with a cost. But the cost is different for each action you take.

Since people like truisms such as "you are the product", my favorite truism
is "only intelligent people have privacy", which underscores my point that every situation is different when it comes to being private on the net.

In summary, all your privacy points are valid where what would be a great outcome is if someone wrote a DIY for making a Mozilla-based web browser as private as possible (with or without registration/payment privacy issues).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 7 Aug 2025 11:12:16 -0700, Mike Easter wrote :

There are two golden rules for privacy on the net, and one is to never
register for anything (the other is never pay with a traceable method).

Anyone doing either of those forbidden actions (especially nowadays with
even throwaway emails requiring phone or a second email validation) will
never stand a snowball's chance in hell to have any privacy, even with VPN.

While I choose not to actually /do/ it, I have done some 'thought experiments' in resolving what is 'troubling' privacy above.

It's a worthwhile task to find the "most private" Mozilla-based browser,
and then, to DIY it via extensions & settings to make it "more private"
without giving away privacy in a required registration/payment process!

If anyone knows how to PAY for extensions privately, please let us know.

You need an anonymous persona. There are a number of ways to create
that; I think the most practical approach is the concept of a 'burner' phone, so solve the 'connectivity' problem along w/ the anonymous
persona problem; that is, first step.

In my tests, registration was required if you want to add to Firefox some
VPN extensions such as proton VPN, WindScribe, TunnelBear & Urban VPN.

Given you can't even use those extensions in a Mozilla-based web browser
with that registration, it's a fair topic of how to register with privacy.

If anyone knows how to PAY for extensions privately, please let us know.

The other thing you need is anonymous 'finances' in the form of a
cryptocoin which aids anonymizing. Personally I haven't dev/d a full 'background' on the coins, but I don't much like the ones which are too speculative. You can't really 'get' a true stablecoin which is also anonymizing, but you can get coins which /are/ anonymizing and much less speculative than such as bitcoin.

As noted, some Mozilla-based privacy extensions require payment, which compounds the privacy problem enormously - where perhaps this is the way.

But how many of us have actually used a crypto coin in our lives?
I haven't.

Have you?
Has anyone?

How does it work to pay for a Mozilla-based extension with cryptocoin?

Since this thread is *actually* more of a 'severe' privacy issue than it
is a 'browser' issue, except that the thread is about wanting a Ffx type browser (if possible) AND severe privacy, you HAVE TO solve the severe privacy first, and that requires an identity/persona w/ the ability to
pay for things. There is no such thing as a free ride when you impose
all of the restrictions you have decided upon.

If you want to use the better-funded extensions, which require payment, and
the more reliable extensions (which require identification), I do agree if you're going to register for and/or buy privacy extensions, then you must
first solve the registration problem and the payment problem beforehand -
both of which - I agree - are hard to solve while maintaining privacy.

The way I get around that very real registration/payment-privacy conundrum
is to never register/pay for privacy-based Mozilla browser extensions.

Luckily, I believe privacy is possible with those restrictions, and, in
fact, perhaps more possible than if we registered/paid for the extensions.

But it's contextual so we'd have to take each & every case in detail.
If anyone knows how to PAY for extensions privately, please let us know.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Marion wrote:

Mike Easter wrote :

My 'philosophy' is that I don't have adversaries who need to know who I
am and so I don't have to go to any trouble for 'severe privacy'.

My adversary is Google. Microsoft. Apple. Meta. Amazon. et al.

I don't consider those 'adversaries'. It is OK w/ me for google to do
what it wants to do w/ my persona. What little privacy I lose to MS is insignificant; none to Apple, Amazon knows who I am.

That is I don't mind any of those privacy losses. If I did, I might have
some interest in managing it, but since I don't, I don't.

To me, the only people who need severe privacy are criminals and those
who are actively fighting against an oppressive state actor; that is, if
you do dev a strong adversary w/ some kind of power, you have a problem.

Luckily you added "severe privacy", as if you just used the regular privacy word, that's something *EVERYONE* is entitled to. Basic privacy is a right.

That is the mantra of what I call 'privacy buffs'; but, like how we
'view' our politics and our religions and beliefs, saying privacy is a
right is meaningless since the 'idea' of 'privacy' is all over the map,
in terms of *degrees*. This person feels he has to do all this stuff;
this other person, may be just as aware of what privacy he has
'relinquished' and that is perfectly all right w/ him.

It is OK w/ me if someone wants to 'be' a privacy buff in this that and
the other manner; but I don't 'routinely' have any interest in that
level of privacy.

However, I AM interested (information-wise) to be /able/ to be whatever
kind of anonymous persona I wish to be; IF I wished to do so.

I used to lurk the alt.locksmithing group; not because I wanted to
actually pick locks, but because I was interested in the tech that was discussed there.

Snowden often compares privacy to free speech.

I don't 'read' Snowden; I don't concur w/ Snowden's beliefs. I am more
in favor of the surveillance 'benefits' than I am in favor of what ES did.

That does /not/ mean I don't think anyone should 'hide' from the
surveillance if that is what they want to do; but it isn't going to be
easy.

Speech isn't completely free; w/ every right comes some degree of responsibility.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

Marion wrote:

Snowden often compares privacy to free speech.

I don't 'read' Snowden; I don't concur w/ Snowden's beliefs. I am more
in favor of the surveillance 'benefits' than I am in favor of what ES did.

How 'smart' is it to listen to ES about privacy?

There he is living in .ru now, age 42, trying to make a living speaking
and a publication.

While he would rather be in the US or somewhere like Germany,

Snowden said it helped that Russia viewed him as useful publicity.

From an article interview done in .ru 6 y ago.


If you want to have some kind of activist as a hero, I recommend Aaron
Swartz instead; he was a lot smarter, but a sadder case who gave up and
died instead at 26 y/o.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

If you want to have some kind of activist as a hero, I recommend
Aaron Swartz instead; he was a lot smarter, but a sadder case who
gave up and died instead at 26 y/o.

Great '13 Rolling Stone story of AS's life & death:

The Brilliant Life and Tragic Death of Aaron Swartz

He was a child prodigy, an Internet pioneer and an activist who
refused to back down - even when the feds tried to break him

https://www.rollingstone.com/culture/culture-news/the-brilliant-life-and-tragic-death-of-aaron-swartz-177191/
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 7 Aug 2025 03:50:28 -0000 (UTC), Marion wrote:

ikclbgejgcbdlhjmckecmdljlpbhmbmf : HTTPS Everywhere : version 1_0

<https://www.eff.org/https-everywhere>

<quote>

You no longer need HTTPS Everywhere to set HTTPS by default! Major
browsers now offer native support for an HTTPS only mode.

</quote>
--
s|b
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Fri, 08 Aug 2025 15:50:01 +0200, s|b wrote :

ikclbgejgcbdlhjmckecmdljlpbhmbmf : HTTPS Everywhere : version 1_0

<https://www.eff.org/https-everywhere>

<quote>

You no longer need HTTPS Everywhere to set HTTPS by default! Major
browsers now offer native support for an HTTPS only mode.

That's a good point. I agree. We no longer need HTTPS Everywhere.
Thanks for doublechecking the list!

Digging into what the EFF says, the Electronic Frontier Foundation
(EFF), which developed the extension, officially retired it in 2022
because modern browsers now offer built-in support for HTTPS-only mode.

Now that HTTPS is nearly universal and browsers enforce it natively,
the extensionos job is largely done. All that may be left is to just
enable HTTPS-only mode in the web browser.

I'll remove it from the privacy list based on that useful information.
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager : version 0_6_4
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin : version 1_65_0
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete : version 3_8_2
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender : version 0_1_6
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control : version 0_3_3
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3) : version 3_0_0
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control : version 1_35
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect : version 2_3_6
jjbikklopibeimjelkohlldbjcdnofei : StayInTab : version 1_0
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs : version 1_26_0
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes : version 3_0_0
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN : version 2_6_79
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection : version 3_0_6
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect : version 0_2_2
omghfjlpggmjjaagoclmmobgdodcjboh : Browsec VPN - Free VPN for Chrome : version 3_92_2
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger : version 2025_5_30

Any others?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Fri, 8 Aug 2025 14:11:56 -0000 (UTC), Marion wrote:

Any others?

I already stated this in another posting: what about fingerprinting?
--
s|b
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Fri, 08 Aug 2025 16:56:49 +0200, s|b wrote :

I already stated this in another posting: what about fingerprinting?

Thanks for that suggestion, where I don't know if there's a single
well-known commonly suggested "fingerprinting prevention" extension.

These Extensions Provide Partial or Direct Fingerprinting Protection
-----------------------------------------------
User-Agent Switcher and Manager : Partial - spoofs user-agent string
uBlock Origin : Indirect - blocks tracking scripts
Font Fingerprint Defender : Direct - adds noise to font data
WebRTC Control : Direct - prevents IP leaks via WebRTC
Location Guard : Partial - spoofs geolocation
Referer Control : Partial - limits referer leakage
Canvas Blocker : Direct - alters canvas fingerprint data
Trace : Direct - protects from multiple vectors
Privacy Badger : Partial - blocks some fingerprinting

These Extensions Help with Privacy but Not Fingerprinting Directly
------------------------------------------------------------------
Cookie AutoDelete : deletes cookies only
Skip Redirect : bypasses redirect pages
StayInTab : tab management only
ClearURLs : removes URL tracking params
Decentraleyes : serves local CDN resources
LocalCDN : similar to Decentraleyes
Browsec VPN : Partial f'print'g - masks IP address

These Are Apparently The Most Effective for Fingerprinting Protection
--------------------------------------------
Canvas Blocker
Font Fingerprint Defender
Trace
WebRTC Control

Googling, I see there are two fingerprinting-specific extensions I can add
but I need to test them out before recommending them on this newsgroup.

Fingerprinting-Prevention Extensions To Be Tested ------------------------------------------------
1. All Fingerprint Defender
Protects canvas, WebGL, font, and audio fingerprinting
Adds noise to fingerprint data and refreshes it per page load
Includes whitelist support and canvas fingerprint display
Free, no registration, no ads

2. CthulhuJs (Anti-Fingerprint)
Obfuscates canvas, audio, WebGL, fonts, plugins, timezone, and more
Generates random fingerprints with tab-level isolation
Offers persistent settings and flexible switching
Free, no registration, no ads

Apparently All Fingerprint Defender is simple and effective.
Apparently CthulhuJs offers more control and advanced features.

Any others?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Fri, 08 Aug 2025 15:56:54 +0200, s|b wrote :

What about fingerprinting? Not only your browser can be unique, but also
the way you type.

<https://amiunique.org/>
(results in a server error atm)

<https://coveryourtracks.eff.org/>

You have two great ideas there, where one is another anti-fingerprinting extension while the other is how to test if fingerprints are unique.

Like you, the <https://amiunique.org/> comes up for me with an error.
The <https://coveryourtracks.eff.org/> site says the following:
Protecting you from fingerprinting?
your browser has a randomized fingerprint
Your browser fingerprint has been randomized
among the 323,619 tested in the past 45 days.
Although sophisticated adversaries may still
be able to track you to some extent, randomization
provides a very strong protection against tracking
companies trying to fingerprint your browser.

Currently, we estimate that your browser has a
fingerprint that conveys at least 17.33 bits of
identifying information.

It would be nice to compile all the test sites together so others
can benefit when they want to test their browsers for privacy holes.

=== Privacy Test Sites ===

== Header & Request Inspection ==
<https://requestbin.com/>
<https://httpbin.org/headers>
<https://http_test.php/> (custom/local test)

== Fingerprint & Tracking Tests ==
<https://amiunique.org/>
<https://coveryourtracks.eff.org/>
<https://panopticlick.eff.org/> (legacy version of Cover Your Tracks)
<https://fingerprintjs.com/demo/>
<https://webkay.robinlinus.com/>
<https://privacy.net/analyzer/>

== Browser Privacy Audits ==
<https://privacytests.org/>

== IP & DNS Leak Tests ==
<https://ipleak.net/>
<https://dnsleaktest.com/>
<https://browserleaks.com/ip>
<https://browserleaks.com/dns>

== WebRTC Leak Tests ==
<https://browserleaks.com/webrtc>
<https://www.expressvpn.com/webrtc-leak-test>

== General IP & Location Check ==
<https://whatismyipaddress.com/>
<https://iplocation.net/>
<https://ipinfo.io/>

== VPN Leak & Privacy Tests ==
<https://vpntesting.com/> (Comprehensive VPN leak tests)
<https://www.cloudwards.net/vpn-test-guide/> (DNS, IP, WebRTC leak guide)
<https://proxyar.com/vpn-ip-geolocation-tester/> (Geolocation & VPN
detection)

== Miscellaneous Privacy Tools ==
<https://whoer.net/>
<https://www.deviceinfo.me/>
<https://www.doileak.com/>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Sat, 9 Aug 2025 01:45:35 -0000 (UTC), Marion wrote:

I already stated this in another posting: what about fingerprinting?

Thanks for that suggestion, where I don't know if there's a single
well-known commonly suggested "fingerprinting prevention" extension.

What I actually meant was: aren't you making your browser more and more /unique/ by using all those add-ons? I feel like it's only going to make
your browser more and more unique and recognizable, so it would make fingerprinting easier.

I've read Brave Browser is a good browser for users concerned about fingerprinting. And IIRC Tor Browser opens in the same size windows
every time to remain 'less unique'.
--
s|b
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

s|b wrote:

Marion wrote:

I don't know if there's a single
well-known commonly suggested "fingerprinting prevention" extension.

What I actually meant was: aren't you making your browser more and more /unique/ by using all those add-ons? I feel like it's only going to make
your browser more and more unique and recognizable, so it would make fingerprinting easier.

Websites can't [directly] tell which add-ons you have installed.

IME it's almost impossible to not show a unique fingerprint ID.

I've tried making changes, such as finding the "most unique" identifiers
and getting my FF to use "less unique" alternatives, such as a popular
Chrome version user-agent, making my language preference and location
USA rather than UK


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Sat, 9 Aug 2025 11:49:31 +0100, Andy Burns wrote :

I don't know if there's a single
well-known commonly suggested "fingerprinting prevention" extension.

What I actually meant was: aren't you making your browser more and more
/unique/ by using all those add-ons? I feel like it's only going to make
your browser more and more unique and recognizable, so it would make
fingerprinting easier.

Websites can't [directly] tell which add-ons you have installed.

IME it's almost impossible to not show a unique fingerprint ID.

I've tried making changes, such as finding the "most unique" identifiers
and getting my FF to use "less unique" alternatives, such as a popular Chrome version user-agent, making my language preference and location
USA rather than UK

Ah, my mistake. Mea culpa. Duh. I missed the point completely. Sorry.

I apologize for not understanding that s|b was suggesting that these anti-privacy extensions could making us even more fingerprint unique.

It's a valid concern, especially considering the adversaries we're up
against are crafty, data-hungry giants like Google, Amazon, Apple,
Microsoft, Meta, Cloudflare, Tiktok/Bytedance, Palantir, Oracle, etc.

It's a concern if adding these 18 well-intentioned extension inadvertently
make us stand out more, much like a camouflage pattern that's too custom.
1. User-Agent Switcher and Manager : version 0_6_4
2. uBlock Origin : version 1_65_0
3. NoScript : version 13_0_8
4. Cookie AutoDelete : version 3_8_2
5. Font Fingerprint Defender : version 0_1_6
6. WebRTC Control : version 0_3_3
7. Location Guard (V3) : version 3_0_0
8. Referer Control : version 1_35
9. Skip Redirect : version 2_3_6
10. StayInTab : version 1_0
11. ClearURLs : version 1_26_0
12. Decentraleyes : version 3_0_0
13. LocalCDN : version 2_6_79
14. Trace - Online Tracking Protection : version 3_0_6
15. Canvas Blocker - Fingerprint Protect : version 0_2_2
16. Browsec VPN - Free VPN for Chrome : version 3_92_2
17. Privacy Badger : version 2025_5_30
18. CthulhuJs (Anti-Fingerprint) : version 8_0_6

We probably all agree the browser problem to overcome isn't just
fingerprinting as it's the ecosystem of surveillance capitalism that
thrives on any sliver of uniqueness, much of which starts with an account.

Remember the golden rule was never to create an account on the Internet if
you don't have to, and never pay for anything if you don't have to.

So all they have for fingerprinting is what we give them, much of which is
from the browser itself but a lot is from our computers (like time zones
and dates and IP addresses and screen sizes, etc.).

Herbert Kleebauer long ago wrote a script for me to change my time zone
every few minutes, but I noticed some of these extensions do it for me. Likewise I've removed all my special fonts (like Frutiger & RoadGeek), but again, I noticed some of these extensions do that for me also.

Similarly I've messed with my browser header, but again, some of these extensions do it for me. I always open up to delete cookies, and again,
some of these extensions delete cookies dynamically, while browsing.

That said, I think the goal should be strategic opacity. Blending in where
it matters, and standing out only when it serves a purpose (like logging
into your Google Mail using only 1 browser, used for no other purpose).

Privacy isn't just about hiding. It's about choosing when and how to be
seen. To that end, I think that's critical to use one browser per account
that you actually have to log into something. This is a golden rule also.

Part of the problem with privacy is shown with VPN where Google & Apple
hate VPN, so they force you to prove who you are when you use VPN. Hence,
you really can't have privacy extensions on a browser that logs into
anything.

This is a critical point I haven't mentioned but it needs stating:
A. The browser that logs into things, can't be a privacy browser.
B. So the privacy browser is what is used for everything else.

I'm sorry I hadn't made this distinction before, as it's just natural to me
to (a) not log into anything, but, if I must (b) use a separate browser!

Luckily, there are so many web browsers that it's easy pick one and only
one browser that is used to log into any given account you must log into.
<https://i.postimg.cc/fT2J40RD/windows-cascade-menu.jpg>

To Andy's point, I have been testing this DIY privacy-based browser only
for a week or two where previously I never used extensions (since I used
Epic as my daily driver), but I think, so far, every test shows me as
DIFFERENT (which is the point after all). No two tests show me as the same.

Hence, I'm not sure if we've achieved our goal of being DIFFERENT every
time (even if we're unique!) or not. Does it matter? I don't know.

Of course you want to look like everyone else - but that's difficult to do
as you've already noted. And Tor, while I use it when I must, is never
gonna be the general purpose browser even as it makes you look like
everyone else.

I'm not sure if this DIY build your own privacy browser project is worth it
or not, but I'm still working on it as it has only been a couple of weeks.

In summary though, I've modified the "golden rules" to the following...
a. Never create an account you don't have to
b. Never pay for anything you don't have to
c. Use only one browser only for each account you must log into
d. Use a DIFFERENT (privacy-based) browser for general browsing

This thread is about DIY building that general-purpose privacy browser.
Any other ideas?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 7 Aug 2025 15:08:50 -0700, Mike Easter wrote :

But how many of us have actually used a crypto coin in our lives?
I haven't.

Have you?

I have not.

Me neither. But there was a time when none of us used Usenet, but we
learned. And a time when none of us knew what VPN was, but we learned. And
a time when none of us knew AI but we are learning, etc.

So maybe it's time to learn how to buy one dollar's worth of crypto.
That's a future tutorial I will likely write - but that's for later.

But I have enough 'academic' interest in this privacy
business that I would consider 'devising' an anonymous persona,
including that persona having a cellphone/number/account.

I think it's a great idea, to create an anonymous persona.
a. Burner phone
b. Burner email
c. Burner crypto

Once you have the phone, the burner email becomes much simpler.
But I don't have a clue what privacy is entailed for burner crypto.
Probably a burner OS? (e.g., Tails?) (running inside a burner VM?)

That would be a great privacy tutorial for Windows/Linux/Mac users!
Tutorial for creating a burner persona on the Internet

There is also a problem about strategies to use that coin to pay for
things; not all useful providers accept the type of coin one might want;
you have to have one of /these/ kinds of coins to pay for one of /those/ kinds of coins because the provider doesn't accept one of them.

Understood. Well, actually, I don't understand crypto at all, but I can
imagine that some crypto is more fluid than others for buying stuff.

You also need that stuff "shipped" to you somehow, if it's not virtual
stuff (like apps but even then, the apps have to run in a burner OS).

So, while you are trying to puzzle out the free browser privacy
business, I'm trying to figure out paying for a connectivity provider for/with a bogus persona.

I think it's a GREAT idea to learn how to create a burner persona.
As I said, I'll look into it, but for now, I have a bunch of projects.

There would be levels of burner, from high heat to just simmering, because,
for example, a physical burner phone you throw away after use is different
than a simulated burner phone via TextNow, Hushed, or Google Voice.

Luckily, we can factory reset the burner phone, which is kind of a medium
heat versus high heat being throwing it over a bridge, and low heat being
just running nothing but TextNow on that burner phone & then factory
resetting each time it's used and then getting a new TextNow number.

There is, of course, the problem of cell tower triangulation, and paying
for the cellular service (with the crypto, of course) in this sequence.

But, 'my' topic or interest is OFF topic for this Ffx group.

I think privacy is on topic for any software that touches the Internet.
But I agree that the browser is the topic for this particular newsgroup.

For some
reason, it also seems off-topic in the privacy groups because those
people don't even like to use conventional agents to post to
conventional NSPs, so we are very far apart in our interests.

I don't really understand any newsgroup other than the operating system newsgroups I frequent, but I did add "alt.privacy" to this thread but I do
not think there is anyone there listening so it's just us Firefox guys. :)

In summary, I think it's apropos for this newsgroup to discuss a DIY
privacy browser which starts with one of the Mozilla browsers, most likely Mullvad or LibreFox just as it would be for Chromium-based browsers to
start with the likes of Brave or Ungoogled Chromium.

I'm not sure if it's worth digging into WebKit based browsers as we already know from the Tor folks that WebKit can never provide security or
anonymity, which is funny when you think of how Apple advertises it.

However, as for your rather valid privacy project, I think it's apropos for each of the three operating system newsgroups to set up Tails inside a VM.

Then, once you have Tails inside a VM, you add the privacy VPN.
Luckily that's trivial. Only then do you add this DIY privacy browser!

But first, I have to finish the privacy browser on Chromium since that
turned out to be easier (surprisingly) than it seems to be for Mozilla.

Then I'll write the tutorial for the Mozilla-based DIY privacy browser.
Later, (much later?) we'll create the burner persona you seek.

Work with me on that - but we'll have to take it over to the OS newsgroups.
From: Marion <marion@facts.com>
Newsgroups: alt.comp.os.windows-10,alt.os.linux,alt.comp.os.windows-11
Subject: Long term project: Creating a privacy-based disposable burner persona on your desktop PC
Date: Sat, 9 Aug 2025 21:35:34 -0000 (UTC)
Message-ID: <1078ev5$csp$1@nnrp.usenet.blueworldhosting.com>

Article Lookup Engine:
<https://al.howardknight.net/>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Sat, 9 Aug 2025 19:28:00 -0000 (UTC), Marion wrote :

1. User-Agent Switcher and Manager : version 0_6_4
2. uBlock Origin : version 1_65_0
3. NoScript : version 13_0_8
4. Cookie AutoDelete : version 3_8_2
5. Font Fingerprint Defender : version 0_1_6
6. WebRTC Control : version 0_3_3
7. Location Guard (V3) : version 3_0_0
8. Referer Control : version 1_35
9. Skip Redirect : version 2_3_6
10. StayInTab : version 1_0
11. ClearURLs : version 1_26_0
12. Decentraleyes : version 3_0_0
13. LocalCDN : version 2_6_79
14. Trace - Online Tracking Protection : version 3_0_6
15. Canvas Blocker - Fingerprint Protect : version 0_2_2
16. Browsec VPN - Free VPN for Chrome : version 3_92_2
17. Privacy Badger : version 2025_5_30
18. CthulhuJs (Anti-Fingerprint) : version 8_0_6

UPDATE.

It's ironic that I needed to add an "extension manager" to this list, as I test each and every extension above in detail against privacy test sites.

I tested a few free, ad free, no-registration privacy-aware extension managers, and the one I like most so far is this on Mozilla & Chromium.

Extension Manager by HongYuanCao for Mozilla-based browsers:
<https://addons.mozilla.org/en-US/firefox/addon/extensions-manager/>
Extension Manager by HongYuanCao for Chromium-based browsers:
<https://chromewebstore.google.com/detail/extension-manager/gjldcdngmdknpinoemndlidpcabkggco>

a. It's available on both Chrome & Firefox, which is rare for EMs.
b. It's ad-free, registration-free, and privacy-respecting.
c. It has batch actions, grouping, and a clean UI.
d. The developer appears to be transparent and responsive.

Meanwhile, I've been testing the VPN extensions which passed the initial
tests, where my fungible test-rating system puts them in this order:
1_browsec
2_1clickvpn
3_1vpn
4_vpnly
5_xvpn
6_securefreeedgevpn
7_setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

In summary, we're pretty close to making a DIY browser, in both
Mozilla-land and Chromium land, that is distinct from the mothership
browser in terms of inherent privacy as tested against privacy test sites.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

ap only ffx deleted

Marion wrote:

Meanwhile, I've been testing the VPN extensions which passed the initial tests, where my fungible test-rating system puts them in this order:
1_browsec
2_1clickvpn
3_1vpn
4_vpnly
5_xvpn
6_securefreeedgevpn
7_setupvpn

I've only 'looked at' one of those, browsec, to see what is the diff
between free and premium; which takes a few minutes to figure out:

free is 4 countries .nl .us .uk .sg (premium 46)
and 1 mbps vs premium 1000

What is your def of a 'fungible test-rating system'?

The other thing I 'wonder' about is, 'Who is listening at the various
free VPNs'? It seems there is some 'trust' involved in the VPN biz, and
there is no longer a 'VPN Guy' like there used to be to 'investigate' VPNs.

I don't xpost, and some groups I'm configured to 'delete'/hide xposts.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

there is no longer a 'VPN Guy' like there used to be to 'investigate' VPNs.

I was referring to what *used to be* 'thatoneprivacysite.net' which
eventually sold out.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Marion wrote:

It's ironic that I needed to add an "extension manager" to this list, as I test each and every extension above in detail against privacy test sites.

It is not my 'idea' to argue w/ you 'against' privacy, but just because privacy is a worthwhile concept does not mean that 'people' should
engage in some particular aspect of privacy *for NO purpose*.

That is, if you are going to 'junk up' your browser w/ all kinds of
extensions and *slow down* your connectivity because you think it is
/better/ to have /more/ privacy, FOR NO PURPOSE, that makes no sense.

You can't just say, the purpose is privacy, and privacy is good, so
everyone should have more privacy.

That is not correct. Any measure that you take should have a *REAL*
purpose, that benefits you, and particularly not /someone else/ instead.

Each individual must make some assessment of his own 'need' for privacy,
what is important to HIM, not some kind of notion that someone else has
'sold' to him.

I think /most/ VPN services are not needed by the people who are using
them, either free or pay, because 'everyone' is selling the idea of VPN.

I have yet to be 'convinced' that I should be using a VPN 'regularly'
for /anything/ w/ the possible exception of accessing some site that I
am blocked from because of my geolocation.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Tue, 12 Aug 2025 15:21:56 -0700, Mike Easter <MikeE@ster.invalid>
wrote:

Marion wrote:

It's ironic that I needed to add an "extension manager" to this list, as I >> test each and every extension above in detail against privacy test sites.

It is not my 'idea' to argue w/ you 'against' privacy, but just because >privacy is a worthwhile concept does not mean that 'people' should
engage in some particular aspect of privacy *for NO purpose*.

That is, if you are going to 'junk up' your browser w/ all kinds of >extensions and *slow down* your connectivity because you think it is >/better/ to have /more/ privacy, FOR NO PURPOSE, that makes no sense.

You can't just say, the purpose is privacy, and privacy is good, so
everyone should have more privacy.

That is not correct. Any measure that you take should have a *REAL*
purpose, that benefits you, and particularly not /someone else/ instead.

Each individual must make some assessment of his own 'need' for privacy, >what is important to HIM, not some kind of notion that someone else has >'sold' to him.

I think /most/ VPN services are not needed by the people who are using
them, either free or pay, because 'everyone' is selling the idea of VPN.

I have yet to be 'convinced' that I should be using a VPN 'regularly'
for /anything/ w/ the possible exception of accessing some site that I
am blocked from because of my geolocation.

Bingo! +10
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Tue, 12 Aug 2025 20:14:06 -0000 (UTC), Marion wrote:

In summary, we're pretty close to making a DIY browser, in both
Mozilla-land and Chromium land, that is distinct from the mothership
browser in terms of inherent privacy as tested against privacy test sites.

FYI <https://amiunique.org/> is up again.
--
s|b
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Wed, 13 Aug 2025 20:40:05 +0200, s|b wrote :

In summary, we're pretty close to making a DIY browser, in both
Mozilla-land and Chromium land, that is distinct from the mothership
browser in terms of inherent privacy as tested against privacy test sites.

FYI <https://amiunique.org/> is up again.

Thanks you for your persistence as that's the only way to make progress!

I've been testing the DIY privacy browser for, oh, maybe a couple weeks
now, where what I do is turn off all the extensions save for one, and then
I run it through a whole suite of privacy checks with & without extensions.

It takes a lot of time & effort so I needed a way to make it quicker,
where one way to remove & add extensions is to use the unpacked folders.

Since I'm constantly turning extensions on and off repeatedly, I needed an extension manager, of which there are many, but we want consistency with
the Chromium-based & Mozilla-based privacy browsers, so I opted for
Extension Manager by HongYuanCao for Mozilla-based browsers:
<https://addons.mozilla.org/en-US/firefox/addon/extensions-manager/>
Extension Manager by HongYuanCao for Chromium-based browsers:
<https://chromewebstore.google.com/detail/extension-manager/gjldcdngmdknpinoemndlidpcabkggco>

Other extension managers are more powerful, but being both simple and consistent between browsers is a huge value in and of itself for EMs.

Back to your point about all these privacy extensions potentially making us unique, it's OK to be unique - as long as EVERY visit is unique in itself.

Hence, we need to make multiple runs at the https://amiunique.org/ site.
Also, it appears that we may need to wipe out cookies, but luckily the
browser extensions I've added do wipe out the cookies between tabs.

This is needed because the https://amiunique.org/ site says this
just below the purple-hued "See my fingerprint" button.
"we will collect your browser fingerprint
and we will put a cookie on your browser
for a period of 4 months."

When I first pressed the "See my fingerprint" button, I was unique at
"All Time"
"Are you unique ?"
"Yes!"
"You are unique among the 4208682 fingerprints in our entire dataset."

Wiping out cookies and switching the VPN IP, doing it again, it says
"All Time"
"Are you unique ?"
"Yes!"
"You are unique among the 4208709 fingerprints in our entire dataset."

Trying it again an hour later with a different VPN, I'm again unique.
"All Time"
"Are you unique ?"
"Yes!"
"You are unique among the 4208916 fingerprints in our entire dataset."

Hmmm... Andy said he's always unique & he's not running a privacy browser.
What do you think these results are actually telling us about the browser?

Could it be it's unique more than once without changing anything but IP?
Is there a way to get a single number for entropy so I can compare them?

I think I remember https://coveryourtracks.eff.org/ used to give entropy, (e.g., at 0 bits everyone looks the same, but 20 bits is 1 in a million).

I couldn't get a single entropy number. Just an entropy for each category.
But it does say, near the top for "Protecting you from fingerprinting?"
"Your browser has a randomized fingerprint"
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Tue, 12 Aug 2025 20:13:42 -0000 (UTC), Marion wrote :

Meanwhile, I've been testing the VPN extensions which passed the initial tests, where my fungible test-rating system puts them in this order:
browsec
1clickvpn
1vpn
vpnly
xvpn
securefreeedgevpn
setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

UPDATE:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
browsec ==> the best, but it slows down drastically in a week
1clickvpn ==> seems to slow down drastically in just days
1vpn ==> seems to slow down drastically in just days
vpnly ==> seems to slow down drastically in just days
xvpn ==> seems to slow down drastically in just days
securefreeedgevpn ==> seems to slow down drastically in just days
setupvpn ==> seems to slow down drastically in just days
hoxx ==> seems to slow down drastically in just days

hotspotshieldvpn ==> fails the initial VPN extension test conditions
itopvpn ==> fails the initial VPN extension test conditions
protonvpn ==> fails the initial VPN extension test conditions
urbanvpn ==> fails the initial VPN extension test conditions
hidemevpn ==> fails the initial VPN extension test conditions
hiddenbatvpn ==> fails the initial VPN extension test conditions
tunnelbearvpn ==> fails the initial VPN extension test conditions
windscribevpnv ==> fails the initial VPN extension test conditions

Bad news. Very bad news. All the VPN extensions slow down tremendously, it seems, within a few days of using them. So I tried something else that is
free, login free and hopefully, much faster than VPN extensions are.
a. Psiphon (Socks5 proxy)
b. Freecap (Socks5 redirector)
c. Any browser (with a score of privacy extensions)

A. Psiphon is not a traditional VPN but rather a circumvention tool that
uses a mix of VPN, SSH, and HTTP proxy technologies to bypass censorship.

B. Freecap (or Proxifier) is used to route app traffic (such as that of a browser) through a SOCKS5 proxy to achieve selective traffic tunneling.

C. Any Browser + Privacy Extensions for fingerprinting and tracking
protection.

I also uninstalled NoScript as it was a royal pita to manage.
I also removed the non-privacy extension disablehtml5autoplay.

Here's what I'm currently testing (where IP obfuscation & speed are key).
Psiphon + Freecap + Any privacy browser + privacy extensions

https://psiphon.ca/
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

https://freecap.apponic.com/download/
Name: freecap_setup_eng.exe
Size: 1644848 bytes (1606 KiB)
SHA256: C3D4929AB5A5867A6BE9914FF94DEFEFED6762748EDB1E351C86EBC5A02D46EC

Here are the current set of privacy extensions (many for fingerprinting):
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control
gjldcdngmdknpinoemndlidpcabkggco : Extension Manager
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3)
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect
jjbikklopibeimjelkohlldbjcdnofei : StayInTab
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger
pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint)

And this is what I'm currently testing in the DIY browser where SPEED
(and IP obfuscation) turn out to be the hardest things to get this way.

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for your browser into the settings
3. Add your web browser into the Freecap settings
4. In Freecap, add desired command-line performance flags for the
application:
--disable-background-timer-throttling
--disable-backgrounding-occluded-windows
--disable-renderer-backgrounding

Voila!

This setup routes only selected web browser traffic via FreeCap through Psiphon, offering selective IP obfuscation & hopefully maintaining speed.

If this works, we can ditch the problematic VPN extensions, all of which
seem to either fail the initial tests or severely slow down in just days.

I just started testing it, but I post this so that others who actually
know what they're doing can add value to how they do Socks5 tunneling!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Marion wrote:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.

If all the proxies slow down after a few days, are they trying to be
caching proxies? Can they just operate as "direct" proxies without caching?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Mon, 18 Aug 2025 00:20:15 -0000 (UTC), Marion wrote :

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

I should note that you'd think we could just set the proxy inside the
browser, and, well, um, er, we can, in some browsers. Like in Firefox.

However, Brave doesn't have native proxy settings inside of it.
Neither does Ungoogled Chromium. Bummer.

For the three browsers, things have to be done different ways:
a. Firefox has its own manual proxy settings native to the browser
b. Ungoogled Chromium can use Windows command-line proxy settings
c. But Brave has to use Windows proxy settings (or FreeCap to proxify it)

Psiphon dynamically assigns proxy ports for each session, for example...
SOCKS5: 127.0.0.1:1080 (the port changes each instance)
HTTP/HTTPS: 127.0.0.1:8080 (the port changes each instance)

Once you have those ports, here's the manual Firefox setup:
Firefox:Settings > General > Network Settings > [Settings]
Configure Proxy Access to the Internet > Manual proxy configuration
SOCKS Host = 127.0.0.1
Port = 1080
(o) SOCKS v5
[x] Proxy DNS when using SOCKS v5
Note: Firefox can also make use of the FoxyProxy Extension.
Firefox handles DNS via SOCKS5 if the box is checked,
but other apps may leak DNS unless proxified.

Ungoogled Chromium can be launched directly using those proxy flags.

ungoogled-chromium --proxy-server="socks5://127.0.0.1:1080" ungoogled-chromium --proxy-server="http=127.0.0.1:8080"

Brave is easiest to set up with a proxifier such as FreeCap.
Freecap3.18:File > Settings > Default proxy > Proxy settings
Default proxy > Server = 127.0.0.1 Port: = 1080
Protocol (o) Socks v5
This sets Psiphon'[s SOCKS5 proxy for apps launched through FreeCap.

Or we can set up Windows globally to use Psiphon's SOCKS5 proxy.
But Windows 10 does not natively support SOCKS5 in its GUI proxy settings. Windows 10 only supports HTTP/HTTPS proxies directly. Aurgh.

Here's one way to set up SOCKS5 proxy globally in Windows 10.
Win+R > control
Internet Options
Click the "Connections" tab on that "Internet Properties" dialog
Click the "LAN Settings" button near the bottom of that display
This brings up the "Local Area Network (LAN) Settings" form
[x] Use a proxy server for your LAN
Click the [Advanced] button in that LAN Settings form
Uncheck [_]Use the same proxy for all protocols
Socks = 127.0.0.1 Port = 1080
[OK][OK][OK]

In summary, once you have the SOCKS5 proxy ports defined, you can set up
your web browser to use it, but each browser does it differently.

Sigh.

And if you think that's confusing, guess what else is confusing?

The Windows 10 LAN Settings method let you enter SOCKS5, but Windows
doesn't actually honor SOCKS5 in that dialog.

Windows 10 only applies HTTP/HTTPS proxies.

So while you can enter the SOCKS5 values into that Windows 10 dialog,
Windows 10 won't use the values for most apps unless those apps explicitly support SOCKS5 via system proxy (which is rare - but which is what Brave
does).

Oh, and if you think Windows 11 is "better", guess again!
You cannot select SOCKS5 in the Windows 11 built-in proxy GUI.

Even if you enter a SOCKS5 address in the Windows 11 Manual proxy setup, Windows 11 will treat it as an HTTP proxy and fail to route traffic
properly. OMG.

Did I mention everything I touch in Windows is unnecessarily complex?

Here's the summary (and yes, I'm still confused, but I think it's right).
Windows 10 GUI limitations:
You can enter SOCKS5, but Windows doesn't honor it
Only HTTP/HTTPS proxies are applied system-wide
Windows 11:
No SOCKS5 support
SOCKS5 entries are treated as HTTP proxies and fail

That's why you essentially need a proxifier, such as FreeCap is.
(Or Proxifier, WideCap, SocksEscort, ProxyCap, etc.)

So now we're back to Brave, which natively supports a system proxy, but
Windows doesn't support SOCKS5 system-wide, so Brave actually can't use
SOCKS5 unless proxified (which is where FreeCap came into play).

Sigh. Why is privacy so hard to achieve. :)

I'm just beginning to learn this stuff, so if anyone out there is familiar
with using SOCKS5 for IP-address obfuscation, please add your value.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Mon, 18 Aug 2025 07:04:02 +0100, Andy Burns wrote :

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.

If all the proxies slow down after a few days, are they trying to be
caching proxies? Can they just operate as "direct" proxies without caching?

I'm not afraid to say that I have no idea.

I note you said "if all the proxies slow down", where I think you had meant
"if all the VPN extensions slow down", so I will assume you're asking...
Q: Are the VPN extensions acting like caching proxies?
A: ?

Q: Could the VPN extensions work as direct proxies instead?
A: ?

While a caching proxy stores copies of frequently accessed web content
(like images, scripts, or pages) to serve them faster next time, they're typically HTTP proxies and not VPN/SOCKS5 proxies (as far as I'm aware).

Given these are the free VPN extensions which haven't outright failed:
Browsec, 1ClickVPN, 1VPN, VPNly, XVPN, SetupVPN, Hoxx, securefreeedgevpn
I need to test them on a clean install with speedtest.net over time.

I haven't done that (mainly 'cuz I didn't expect slowdowns to occur).
I've never used VPN extensions until early July when Epic went bust.

So maybe others who have more experience with VPN extensions can help.
I'm assuming that the VPN extension slowdowns are part of their plan.
a. They give you faster VPN tunneling at first
b. And then, when you're hooked, they slow you down
c. Unless you buy their premium tier (which they all will offer you)

But I don't really know anything about these VPN extensions.
Like how do they know I'm a repeat customer?

I guess they can key off my IP address (which is static).
Or maybe they key off a browser fingerprint perhaps?
Or maybe each VPN extension can have a unique installation ID?

Dunno.
Maybe the VPN extensions are just overloaded.

I do not know the answer as I've only used them for a few weeks.
Do others have experience with VPN extensions who can advise us?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Marion wrote:

I note you said "if all the proxies slow down", where I think you had meant "if all the VPN extensions slow down",

Well, you said you were ditching the VPN extensions, and had switched to SOCKS5, and then gave a long list of "X slows down", "Y slows down" ...

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Mon, 18 Aug 2025 18:13:06 +0100, Andy Burns wrote :

I note you said "if all the proxies slow down", where I think you had meant >> "if all the VPN extensions slow down",

Well, you said you were ditching the VPN extensions, and had switched to SOCKS5, and then gave a long list of "X slows down", "Y slows down" ...

Ah. Sorry. That's my fault. My bad. I'm confused. There's a lot of detail
when you are building your own DIY privacy browser from existing browsers.

I just ran a few more experiments with speedtest sites where I get my
Internet from miles away over the air (as you know), so I don't have the fastest of speeds (they don't bring cable or fiber to this part of town).
<https://www.speedtest.net/>
<https://speed.cloudflare.com/>
<https://testmy.net/>
<https://www.fast.com/>
<https://www.bandwidthplace.com/>
<https://www.speedcheck.org/>
<https://www.nperf.com/en/>
<https://speedsmart.net/>
<https://www.dslreports.com/speedtest>
<https://librespeed.org/>
<https://www.measurementlab.net/tests/ndt/>
<https://www.ispeedtest.io/>
etc.

After running s'more speed tests today, I think some my speed slowdowns are perhaps likely more due to one or more of my privacy extensions
irrespective of the VPN itself; but I'm not really sure why the slowdowns.

dir /b .\vpn_extension\working\.

browsec
1clickvpn
setupvpn
securefreeedgevpn
xvpn
vpnly
1vpn
hoxx


It's perhaps due to one or more of these privacy-based extensions perhaps:

dir /b .\privacy_extensions\.

fontfingerprintdefender
localcdn
privacybadger
referercontrol
skipredirect
trace
ublockorigin
useragentswitcher
webrtccontrol
canvasblocker
clearurls
cookieautodelete
decentraleyes
privacypossum
locationguard
stayintab
cthulhujs
allfingerprintdefender

It will be a while before I identify conclusively which, if any, of these privacy extensions are slowing the VPN extensions down, but they don't seem
to be slowing down the SOCKS5 tunnel via the open source Psiphon 3 tool.

But I'm still running experiments, so consider this a running log report.

At the moment, we have 3 options for a privacy browser with IP obfuscation.
1. System-wide VPN + the 18 browser-privacy extensions listed above
2. Browser VPN extensions (any of the 8 above that passed initial tests)
3. Local open-source SOCKS5 Proxy Tunnel (Psiphon + FreeCap)

All three methods worked for me, so far, for my privacy purposes.
All I need out of them is faster speed.
Don't we all. :)

Note: Part of the problem is I've never used VPN extensions in a browser
until now & I've never used SOCKS5 tunnels until now, so I'm still a noob.

But I'm always trying to be helpful and to add value, so that's why I'm reporting in reproducible detail what is working so far and what isn't.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Marion wrote:

hotspotshieldvpn ==> fails the initial VPN extension test conditions
itopvpn ==> fails the initial VPN extension test conditions
protonvpn ==> fails the initial VPN extension test conditions
urbanvpn ==> fails the initial VPN extension test conditions
hidemevpn ==> fails the initial VPN extension test conditions
hiddenbatvpn ==> fails the initial VPN extension test conditions
tunnelbearvpn ==> fails the initial VPN extension test conditions
windscribevpnv ==> fails the initial VPN extension test conditions

About this group:

- what is your definition of 'the initial VPN extension test conditions'?
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Mon, 18 Aug 2025 18:23:56 -0000 (UTC), Marion wrote :

At the moment, we have 3 options for a privacy browser with IP obfuscation.
1. System-wide VPN + the 18 browser-privacy extensions listed above
2. Browser VPN extensions (any of the 8 above that passed initial tests)
3. Local open-source SOCKS5 Proxy Tunnel (Psiphon + FreeCap)

All three methods worked for me, so far, for my privacy purposes.

UPDATE

Doubling up the protection (like adding layers to an onion)!

I was checking tracert test outputs when something strange revealed itself.
I had forgotten to turn off the randomized system-wide VPN connections.

It only then occurred to me that I could layer a system-wide VPN over the SOCKS5 proxy for apps (for an added layer of obfuscating protection).

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up Firefox for that port (or use FreeCap to proxify Firefox).

Now, when you run Mozilla-based web browsers...
1. Your ISP sees only your activity on the system-wide VPN IP address
2. Your VPN server only sees your real IP address & the Psiphon IP address
3. Psiphon only sees your VPN IP address & the ultimate web site IP address
4. The ultimate website server only sees the Psiphon IP address
5. Your web fingerprint is protected by your privacy protecting extensions

All this is done using a score of registration-free ad-free privacy tools.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Mon, 18 Aug 2025 16:43:04 -0000 (UTC), Marion wrote :

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

If it takes two button clicks, that's one too many, and if a click exposes your privacy, then we have to think about how to protect our privacy.

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

One "privacy" problem, albeit minor, with Psiphon, is that it brings
up an advertisement on your default web browser during startup.

Drat. That sucks. It's not harmful, but it exposes your privacy.
Needlessly.

So let's fix that pronto using basic Windows tricks of setting
the default web browser to a batch file that does whatever I want.

Besides, even with a random system-wide no-registration free VPN running,
it's still bad form for Psiphon to be bringing up a default browser to
an advertisement which can, for all we know, rot privacy in some way.

That browser session unilaterally launched by Psiphon isn't yet proxified.
As I said many times, privacy is like hygiene. It's a billion things.

Removing that initial privacy flaw at Psiphon startup needed to be done.

Unfortunately, the free Psiphon doesn't have switches to turn that off.

psiphon3.exe -mode=socks <== this doesn't exist... bummer

We might like to set up the Tor browser as the default because it can
open up unconnected, but it's problematic to set a Tor browser as
the default (since Tor doesn't register itself as a Windows browser).

So let's just create a dummy web browser for Psiphon to invoke.
@echo off
REM C:\path\to\dummybrowser.bat 20250819 revision 1.0
set LOGFILE=C:\path\to\dummybrowser.log
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%
start "" "C:\path\to\gvim.exe" "%LOGFILE%"
exit

Since Windows won't set the default web browser to a batch
file, let's convert that dummybrowser.bat to dummybrowser.exe
using any of a number of batch-to-executable converters.

<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases/download/3.2/Bat_To_Exe_Converter_x64.exe>
1. Open that "Bat To Exe Converter v3.2" executable.
2. Select your .bat file using the folder icon.
3. At the right, in Options, there is "Exe-Format" with these choices
32-bit | Console (Visible)
32-bit | Windows (Invisible)
64-bit | Console (Visible)
64-bit | Windows (Invisible) <== Use this to compile a batch file
as a 64-bit GUI-style exe that runs silently with no console window.
4. Click the "Convert" button to convert batch to exe.
5. Choose your output path in the "Save as" field.
(Optional) Add an icon or version info.

But you still can't select the dummy browser yet as it's not registered.
Win+I > Apps > Default apps > Web browser >
Choose default apps by file type
Choose default apps by protocol
Set defaults by app
Recommended browser settings

You first need to register your exe as a web browser in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet

To do that, right-click "merge" this registry file:

gvim C:\path\to\register_dummy_browser.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser]
@="Dummy Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities]
"ApplicationName"="Dummy Browser"
"ApplicationDescription"="A privacy-preserving dummy browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\FileAssociations]
".htm"="DummyBrowserHTML"
".html"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\URLAssociations]
"http"="DummyBrowserHTML"
"https"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
@="\"C:\\path\\to\\dummybrowser.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Dummy Browser"="Software\\Clients\\StartMenuInternet\\DummyBrowser\\Capabilities"

Now you can select the dummy browser as your default web browser.
Win+I > Apps > Default apps > Web browser > dummybrowser.exe

Voila!

Now, when you start Psiphon, it tries to launch the advertisement
using the default browser, which happens to simply log the attempt.

As always, privacy, like hygiene, is a billion things done every day.

If you have improvements to share, please let the team know so
we all benefit from every effort at improving privacy on Windows.

In summary, two improvements were made in today's progress:

1. Psiphon & FreeCap were set to a static SOCKS5 port of 1080
2. Psiphon's advertisement web browser session was annulled

Please improve if you also need privacy in web browser sessions.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

UPDATE:

Since we're layering free no-registration VPNs onto open source proxies
onto free no-registration proxifiers onto free no-registration privacy extensions, it behooves us to be able to check proxy settings dynamically.

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

Below is a script which simplifies visibility and control over what turns
out to be a devilishly fragmented system of how Windows defines proxies.
a. WinINET: Used by Internet Explorer, Chrome, and many apps;
b. WinHTTP: Used by system services and background tasks;
c. PAC/AutoDetect: Dynamic proxy configuration via commands.

Unfortunately, I've run into this proxy setup complexity due to using
A. VPN, which encrypts traffic and changes routing;
B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
C. FreeCap, which redirects app traffic through SOCKS proxies.

The proxy.bat script included below checks all three methods at once
which gives us a clear snapshot of what the Windows proxy setup is.

To that end, we add a new command to run in your Win+R taskbar Runbox:
Win+R/Runbox > proxy
Which executes this added registry "App Paths" key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
Which runs this proxy checking tool (see the tool below in its entirety):
C:\sys\bat\proxy.bat

===< cut here for proxy.bat >===
@echo off
REM proxy.bat 20250820 v1.0 iX Unified Windows check-proxy diagnostic tool
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM 20250820 rev 1.0
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\bat\proxy.bat ==> creates "Win+R > proxy" command
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
===< cut here for proxy.bat >===

As always, this is posted to help others copy & paste
(where wasbit's kind and helpful advice is appreciated)
this script as part of their addition of privacy to Windows.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Wed, 20 Aug 2025 19:14:50 -0000 (UTC), Marion wrote :

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

UPDATE

Turns out I didn't need to use FreeCap to proxify web browsers.

Mozilla-based browsers (Firefox, Thunderbird, etc.) have their own internal proxy settings and, by default, ignore the Windows proxy unless you
explicitly tell them to use it.

Unlike Mozilla-based browsers which have those proxy GUIs, Chromium-based browsers do not have built-in proxy configuration GUIs.

So I thought I needed to proxify Chromium-based web browsers with FreeCap.
But I was wrong.

Chromium-based browsers apparently directly inherit proxy settings from the operating system, including:
a. From WinINET (used by most desktop apps)
b. Or from PAC scripts and AutoDetect
c. Or from manual proxy entries like that which Psiphon3 sets.
Win+I > Settings > Network & Internet > Proxy > Manual proxy settings
[http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080]

Also Chromium-based browsers can also be proxified at the command line:

brave.exe --proxy-server="http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080"

So I don't think we need FreeCap to proxify our DIY Chromium-based privacy browsers but we can still use FreeCap to proxify the Mozilla browsers.

However, we could also configure Firefox's own proxy settings (Preferences

Network Settings) to point directly to Psiphon's SOCKS5 port, skipping

FreeCap entirely.

If we want this to persist across profiles or installs, LibreWolf even lets
us set it in a librewolf.overrides.cfg file.

The steps are identical for Psiphon's proxy ports as for Mullvad's own
proxy, so the proxy settings are built into Mullvad as much as in Firefox.

So we no longer need FreeCap for proxifying either web browser platform.

FreeCap is still useful for apps that don't have built-in proxy support,
but apparently all web browsers have it - they just do it differently.

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

Who knew? Not me. The more I try to build a DIY privacy browser, the more I learn how different the two main web browser platforms are from each other.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

UPDATE:

Aurgh. There are layers to this Windows socks5 stuff such that some apps
use one layer while other apps use a different layer. Who knew? Not me!

Everything in Windows having to do with privacy seems to have more layers.

I started checking whether non-browser apps used Windows proxy settings,
where it turns out pgms like Telegram & CoPilot are different than
browsers are (which themselves are different in how each handle proxy).

Running the previously posted "proxy.bat" showed that Psiphon modified the WinINET (user apps, browsers) proxy (127.0.0.1:17561 / socks at 127.0.0.1:1080) but not the WinHTTP (system/background services) proxy.

Sigh. Half a solution is not a full solution.
In fact, even with Psiphon, WinHTTP was was set to direct access (no
proxy).

The fix is to always copy the WinINET proxy config into WinHTTP.
Win+R > cmd {ctrl+shift+enter}

netsh winhttp import proxy source=ie

Now system services (which often ignore WinINET) will use
Psiphon's proxy as well. It also set a bypass list so that
local/private subnets avoid the proxy.

This is needed so that any Windows component that uses WinHTTP (like parts
of Copilot, Windows Update, some Microsoft Store traffic) will respect the Psiphon proxy, matching the existing Psiphon browser/app proxy settings.

To test:
a. Temporarily clear WinHTTP proxy:
C:\> netsh winhttp reset proxy

b. Run Win+R > proxy
The proxy.bat script should detect 'No WinHTTP proxy set'
and it should then import settings from WinINET automatically.
c. Set a custom WinHTTP proxy:
C:\> netsh winhttp set proxy proxy-server="http=1.2.3.4:8080"

d. Run Win+R > proxy
The proxy.bat script should detect an existing WinHTTP proxy
and therefore it should NOT overwrite it.

Below is the improved proxy.bat script to accomplish the sync above.

===< cut here for improved proxy.bat which handles more programs >===
@echo off
REM proxy.bat 20250820 v1.2
REM Use model: "Win+R > proxy" (diagnostic + proxy import if WinHTTP is
unset)
REM Unified Windows proxy diagnostic tool with WinHTTP sync safeguard
REM "Win+R > proxy /sync imports WinINET proxy directly into WinHTTP
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\batch\proxy.bat
REM That App Paths key creates the convenient "Win+R > proxy" command
REM
setlocal

:: --- Quick /sync mode ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
pause
exit /b
)

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable

nul') do set ProxyEnable=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer

nul') do set ProxyServer=%%B

if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)

REM Get current WinHTTP proxy setting
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr
/R /C:"Proxy Server(s)"') do set curWinHTTP=%%B

REM Trim leading/trailing spaces
set curWinHTTP=%curWinHTTP:~1%

if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set - importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set - leaving as is.
)

REM Show current WinHTTP proxy after check/import
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL

nul') do set PACurl=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal
pause

===< cut here for improved proxy.bat which handles more programs >===
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Regarding the main question, Firefox can be in a way, "de-Mozilla-ed" by
users. It doesn't require its source code to be changed and recompiled like Chromium.

Unlike Chromium and is forks, Firefox provi

From Newsgroup: alt.privacy

Marion wrote:

Unfortunately, I've run into this proxy setup complexity due to using
A. VPN, which encrypts traffic and changes routing;
B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
C. FreeCap, which redirects app traffic through SOCKS proxie

I don't have the same focus or interest as you, but I try to learn from exploring some of the aspects of 'where you are going'.

The subject of socks5 vs VPN is interesting. Surprisingly a service that
sells socks5 service has a pretty good discussion and seems 'balanced'
rather than biased for socks5.

Then, one can turn to various other sources to try to learn about free
socks5 vs paid socks5. Those sources seem to say that 'generally' there
is a great deal of diff.

You tend to prioritize the 'free' aspect of things, and I can
'sympathize' w/ that because I'm of a very frugal nature myself, and
even MORE importantly, the complexity of being able to pay for some
anonymous persona w/ anonymous connectivity is another level of privacy
than just seeking out those avenues which do not require any
'registration' type identity which comes along w/ non-free.

In any case, while you have your 'free' characteristic turned on high, I believe you have to balance that w/ a significant degree of skepticism.
Some people are excessively skeptical of anything free; but I don't
think excess is a good thing.

https://www.proxyrack.com/blog/socks5-vs-vpn/

Socks5 Vs. VPN - WhatrCOs the Difference?

You have to go elsewhere to find out 'what's wrong w/ free socks5'.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

You tend to prioritize the 'free' aspect of things

However, you do NOT get your connectivity free; so you are having to
trust your identity w/ your connectivity provider. Fine. You /can/
conceal your internet content from your connectivity provider.

If you are going to trust your connectivity provider w/ your identity,
why not find a privacy service that you are willing to trust? It seems
like the same thing.

Then, you are paying for your connectivity and you are paying for your
privacy and that's about all you have to pay for; and the privacy is
MUCH cheaper than your connectivity.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

If you are going to trust your connectivity provider w/ your identity,
why not find a privacy service that you are willing to trust?-a It seems like the same thing.

Some paid privacy services provide VPN, socks5, ssh, and privacy
oriented email services economically.

An example of a free and paid privacy service who provides mail and VPN,
but NOT socks5 has this to say against socks5.

https://protonvpn.com/support/socks5

Why Proton VPN does not offer a SOCKS5 proxy

... but I would consider that opinion 'biased' in that it doesn't
mention the fact that socks5 is faster for certain purposes in which
speed trumps encryption.

This time I remembered to delete Ffx.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.privacy

Mike Easter wrote:

I would consider that opinion 'biased' in that it doesn't mention the
fact that socks5 is faster for certain purposes in which speed trumps encryption.

However, depending on the VPN speed, wireguard protocol is going to be
fast, and is likely faster than free socks5 and more secure and simpler.
--
Mike Easter
--- Synchronet 3.21a-Linux NewsLink 1.2