• CoolYori [she/her]
    ·
    edit-2
    7 months ago

    I'm also using NoScript/uMatrix with strong rules and always selectively allow only the bare minimum scripts needed to load any given webpage.

    Modern web browsers are not like ones back in the day that had things like ActiveX that hooked into the operating system and could be an entry point. Really if you look at threat actors that want to get at your data they cant attack you like that. So using something like NoScript or uMatrix does not solve the issue with say browser fingerprinting. It being the main choice for browser based attacks these days. It might actually exacerbate your issues by making you look like a person wearing a yellow jacket in a crowd instead of like a gray one with everyone else. In fact the guy that makes uMatrix says you really should be using uBlock origin instead because like the threat profile that is involved with matrix blocking really is not a thing. What you really want to do is make yourself look as inconspicuous as possible.


    Ask yourself a few opsec questions such as:

    • What is my threat profile?
    • Am I trying to prevent a known threat actor or is it more general than that?
    • What is my attack surface?
    • Is there a way to minimize that attack surface?

    Please also consider a few things that protect you. For example most residential ISPs do not give your computer an internet address. You usually get your address from your router. Your router is really on the internet and will not let things talk to your computer because it does not know how to get it to your computer versus other things on your network. That is unless you manually forward the ports for this, and that is what I mean by attack surface. If you have a device that lets you on the internet then its your border and often they are locked down due to years of customer complaints of hacking. Its why most gateways that come with internet for people have a randomized set of passwords on em.

    Take some time to look at your situation from the perspective of a threat actor and you start to see your security posture. Also consider that fortune 500 companies pay millions for cybersecurity and it takes only one dedicated threat actor to compromise them. You will not stop someone from coming at you directly. You can only really stop automated attacks from the internet and only then by keeping up to date on news.