Re: [Firestarter-user] Browser information
Brought to you by:
majix
From: Paul D. <pd...@ci...> - 2002-07-29 00:29:28
|
> Is there a way to make firestarter do that? I check around the GUI FS opt= ions=20 > but didn't find anything. I don't actually see this as a security risk, b= ut=20 > more of a privacy issue. Still, I was wondering if FS can filter out that= =20 > information, or if there is another program (or even a browser setup) tha= t=20 > can block such information before it is sent over on the net. Simple answer - as i'm sure many others will point out, is no - Firestarter is simply a packet firewall :) However, you *could* do neat things like packet limiting and owner redirection if the stock kernels supported those IPTables extensions, which would at least slow down people harvesting information (they'd still get it, but you could control the rate) If you want to increase your privacy online, use: * per session cookie settings (ie. cookies last until you close your last browser session) * a limit to the amount of time a keepalive packet can be open (the default kernel is 2 hours, which means any web analysis program worth large firms purchasing have got quite a while to harvest data that is 'stationary' before it expires) * a real masquerading ident daemon (preferably one with fake/numeric-UID returns -- oidentd (http://dev.ojnk.net) works quite well for that -- information harvesting sites that use ident tracking (read: ZDNet) get quite confused when they see '501' instead of som...@ip...dress.zone) * A filtering proxy -- two which i've used successfully in the past are: - Webwasher (http://www.webwasher.com): Installs as a binary only app with a webserver built in to do all the configuration, it can be chained with other proxies (like SQUID) - has an unrestricted two-user licence for *ixes and has very few optional dependancies. or - Webcleaner (http://webcleaner.sf.net): Installs as a python 2.0 script, all configuration is done through a rather difficult to compile FoX/FXPy interface (which, unless you use Mandrake, you have to compile yourself) - feature packed, fully open but does have a few issues with http keepalives, especially if you haven't tuned your kernel to "like" Python scripts. All in all, Webcleaner is my choice if you are not afraid of a little 'trial-by-torture' getting the thing to work, mainly because it's open source, extensible, quite easy to configure (once the dependancies are sorted) and quite scalable on low-end systems. Hope that helps, Paul |