apparmor.d VS kloak

If anyone want to look further into sandboxing applications on Linux, you can also look at AppArmor and the sandboxing features built into systemd.

I love this repository for bases for AppArmor profiles[1], really good work. Never found a repository as good for systemd, but there are a few around.

[1] https://github.com/roddhjav/apparmor.d

Then, categorize all your script zoo: maybe some script group want to only read the data, while some need to write, maybe one group needs to use certain set of binaries, and other group - others.

You could utilize some profiles from apparmor.d repo, but you should be slightly aware how it works (disclaimer: I'm the contributor).

Regardless, I wrote an AppArmor profile so it couldn't happen again.

Maintainer's response.

There is a project in early development: apparmor.d. Adopting some or all profiles will do the job. To use it smoothly, basic AppArmor knowledge is required. (I'm the contributor)

Dependent on the OS and Firefox distribution. I can advertise profile that I co-maintain. It uses non-standard tunables, which will require some README reading to get them into the system.

Red Hat based distros come preconfigured with a lot of SELinux policies. With AppArmor, you get basically nothing. There is a project I also contribute to from time to time, that gives you a lot more policies, but this is entirely out-of-tree (https://github.com/roddhjav/apparmor.d).

Utilize kloak

privacy.resistFingerprinting, kloak

Kloak is the answer my friend. It kinda looks like your computer is lagging, but its very well made.

For anyone wondering there are mechanisms for weakening this, e.g. https://github.com/vmonaco/kloak. I believe Whonix includes this by default.

Other than that for getting best privacy i recommend using any browser with kloak running in the background, it takes a second to compile with no dependency needed, and confuses fingerprinting scripts on websites.

If you have javascript enabled in the browser, websites can identify you relatively uniquely based on your behavior. The most common is probably keyboard finger stroke behavior. But users can defeat this by using Kloak (source code is here), which adds a random lag after each keystroke.

Any distro you like+Tor browser+Kloak

Is it possible to download some software or extension to prevent deanonymization by checking typing speed? I know there's some extensions that may help, but most of these actually modify the DOM + Event prototype in JavaScript, so it heavily modifies your fingerprint. There is Kloak (github.com/vmonaco/kloak), which actually works on the application level, so there is no JavaScript fingerprint. However, these kinds of applications require root access (via sudo), so it compromises Tails' built-in security by forcing the root password to be active.