What are you attempting to achieve by opening this list of urls?

Making sure that my DNS isn’t leaking any info it shouldn’t. Checking to see if all my obfuscation techniques are still protecting.

What is the difference between running this script and setting this list as either a bookmark, or the homepage in your browser?

Nothing. More convenient for me to have a script. As far as start pages, all I want there is a blank page.

What does your network have to do with the reachability of these sites?

Nothing. These are sites used to check for various things as stated earlier, like dns leak checks, etc.

If you’re managing the privacy of your own network, why are you not monitoring those services?

They are heavily monitored.

The usual. Might be a few I’ve missed:

• Homarr
• Code-server
• Netdata
• Searxng
• Change-detection
• Readeck
• Checkcle
• Duckdns
• Obsidian
• Dozzle
• Loki-promtail-1
• Loki-loki-1
• Root-influxdb2-1
• Cadvisor-redis
• Dbeaver
• Pairdrop
• Speedtest-tracker
• Btop-plus-plus
• Portainer
• Grocy
• Loki-grafana-1
• Cup
• Web-check
• Omni-tools
• Cadvisor-prometheus
• Watchtower-fork
• Barcode-buddy
• Ittools
• Nessus
• Dockerbot
• Fusion
• Bytestash
• Uptime-kuma
• Karakeep-web
• Karakeep-chrome
• Karakeep-meili
• Cadvisor
• Gitlab
• RocketChat
• Anonaddy
• Etherpad
• Archivebox
• FreshRSS
• FileStash
• piHole
• LAMP Stack
• UnRaid
• Proxmox

Are you employing these lists on your phone or a PC, or other device? There can be a performance cost associated with large IP blocklists. On most modern PC, the cost is usually minimal. On my dedicated firewall, just the DNSBL_Firebog_Malicious list clocks in at 1,004,966 entries, and I have most of Firebog’s IP Blocklists, which are usually large, in addition to many others, because in my mind, you cannot block enough.

I cannot speak inteligently enough as to doing so on a mobile device. Additionally, YT is in a state of chaotic flux implimenting all manner of weirdness to make you have to hear their unskippible ads and slop all over the screen just to watch 30 seconds of a tutorial and find out it’s not what you were looking for. So, that might be some of it too.

Selfhosted Gitea ?

No worries mate. What do you host?

There’s also AdNauseam, which works towards the same goal by randomly clicking ads in the background.)

Funny thing that I found out is that you actually have to have advertisements allowed on your network for it to work. LOL

They could also arrest you just because you have higher than normal randomized traffic and activity that you can’t or won’t answer for.

I hear what you’re saying, and I’m not going to call it paranoia, however, that isn’t in my threat model. Entities that can come into your home, arrest you, and ship you off to Guantanamo for buying a parachute and a drain kit for the sink are not in my scope. Frankly speaking, that is probably not in 90% of most people’s threat model, who care about privacy, anonymity, and security. Those entities don’t even need to fabricate an excuse like a couch full of coke, to give you that full Guantanamo experience.

To tell the truth, I probably couldn’t account for 75%+ of the websites I’ve visited just today. When I get to researching something, it’s usually pages and pages, from many, many different sites. Highlight, search, read, nothing here, go back, highlight, search, bingo! Now for more in depth reading. Highlight, search…ad nauseam. This process happens very quickly. I don’t watch TV at all, and I don’t read fiction. 99.99% of what I do read tho, comes off the internet. So, they’d have to sift through a bunch of data.

Even if you didn’t do these things but was instead random generated traffic, it would generate unnecessary attention.

I’m quite certain that all of my privacy, anonymity, security, and obfuscation efforts has put me on someone’s list, but again, that’s not in my threat model. I’m not hiding from the government. I send them tax forms every year. I vote prolifically in both local and nationwide elections. I pay property taxes, etc. They know who, and where, when it comes to finding me. If I were a person of interest, they’d come visit. Now, I’m certainly not going to overshare with them in the least either. Hell, I’m not hiding from anyone. I’m just preventing unauthorized access. That is what keys and locks do.

Rock on bro!

It’s nice to know about, but imho, that’s fairly high level paronia for the average citizen.

Reminds me of this picture.

authorities questioning a dude for wearing the same innocuous shirt?

Why wouldn’t they tho? Both persons had the same shirt on. That seems like a no brainer to me. Maybe I’m missing something. It’s one of the reasons when I go out in public, I do not wear clothing that are emblazoned with logos, graphics, words, etc. For one, it doesn’t do anything for me to wear logos, graphics, words. To me, it’s akin to having a political yard sign or bumper sticker. What do you gain from it? What’s it do for you? Some guy wearing a t-shirt with a cannabis leaf across the front, again why?, and it’s an easy identifier and puts another tick mark for complimentary evidence.

I’m actually not in favour of obfuscation methods

I’m a big fan of it all.

The last stats I remember reading cited some 1.5 million home networks are compromised on a daily basis. Some people, such as myself, run more complex services on their local servers that are perhaps tied into remotes such as VPS. You’ll see a lot of selfhosters with rather elaborate firewall defenses set up. I self host a lot of services I use that the ‘normal family home’ would outsource to public entities. I have a rack in the closet and several VPS, so I need something more than just Windows Firewall, or similar, that I can dial in to my unique environment.

Also, because I can.

• Suricata: Open source IDS/IPS
• PfBlockerNG: Used to block ads, malicious content, and manage access based on IP geolocation and domain names. It provides features like DNS-based blocking

Some of the features of both overlap which might not be a bad thing.

I think I have the same protectli as you and it is awesome

Yes it is. It was a little more than I wanted to spend, and I’m sure I could have gone with a cheaper configuration, but I figured I’d get something with a little ass to it as to not create a bottleneck right at the firewall.

I host lots of services and get bombarded by scrapers, scanners, and skids both at home and on my VPSs. Touch my 22/tcp anywhere and you get banned instantly everywhere.

I too host most of the services I use on a couple of VPS I run. It has always amazed me as to the thickness of the bot layer on the internet. Clearnet experiences something like 2+ zetabytes per 24 hours. Around 50% of that is bot traffic, and they are very sophisticated bots as well. Open port 22 and here they come by the thousands like a feeding frenzy. I went as far as blocking everything with hosts.allow (do first) & hosts.deny (do last). I’ve set f2b on aggressive mode with only one shot. LOL UFW rocks in the background along with Crowdsec. I probably go overboard with security. LOL

I have found that a lot of VPN kill switches interfere with other security measures. For instance, I use tailscale on my VPS. I also run a local VPN. If I have the kill switch on the local VPN engaged, it interferes with tailscale and I cannot ssh in to my VPS. So, a not so elegant solution for me is to disengage the local VPN’s kill switch for that session, and then re-enable it after I am finished administering my VPS. After which I will do a DNS leak check to make sure everything is as it was. Takes a couple of quick steps, but it seems to work.

Yeah, but you got charts n’ graphs and a big writeup. Nice job.

Used to do the same thing with an old PC. Hell, at one time I was running one off a laptop with USB to RJ45 adapters for the WAN/LAN ports.

I’ve always wondered about OpenWRT. In my uneducated thinking, running an access point/wifi, firewall, router, etc, all in the same package would create a bottleneck right at the point you wouldn’t want it. What has been your experience?

Do you run unbound on pFsense?

the majority of the world population does not even care about this matter, and they might even see it as a normality, the people might even know that they are being watched/listened to/surveilled, and they don’t do anything to prevent it neither individually or collectively.

I think that there is a disconnect in people’s minds between their daily lives and their digital lives. When I talk to people about privacy, security, and anonymity, I try to make as many references to their daily lives as I can. A person that tells me ‘I have nothing to hide’, I will ask 'Do you have a keychain? Locks on your front and back door to your domicile? Window blinds and curtains? Maybe surveillance cams, or an alarm system. The answers to these questions are almost always ‘yes’. So then I will point out that yes, they do enjoy, even demand, privacy in their daily lives, so your digital life should be no different. What would happen if the law having jurisdiction in your locale passed a law that stated it was now illegal to have window blinds or curtains on your windows because they can’t see what you’re doing, and therefore you may be doing something nefarious? I find that making comparison to what they do in their daily lives to what we expect in our digital lives, ties it together for a lot of those I talk to. The line between our daily lives and our digital lives in the timeline we find ourselves in, no longer exists.

I also think the is a matter of time and complexity. Computers and networking are fucking complex. I admit openly, I do not know all their is to know about the topic and learn new things almost daily. Imagine what the average Joe Schmoe user feels when confronted by complex topics like networking? Additionally, we are busy in today’s world. It’s not a Beaver Cleaver kind of world anymore where things happen in slo mo, in some sleepy little corner of Mayberry. Usually both parents work, come home exhausted, spend a little time with the kids, and collapse in bed, only to do it all over again the next day. On the weekends, time is spent with family, and catching up on household chores. Then collapse in bed on Sunday evening, only to do it all over again and again. They don’t have the time nor volition to read a Unix manual.

So, all these things, and more, create the perfect environment for governments having jurisdiction, to take advantage of people who do not know any better. In our circles, they are called ‘normies’ with a certain level of condescension. They are the unenlightened sheep following those they think have their best interest at heart. Perhaps we should come down from our enlightened pedestals, and be the passionate educators of the unwashed, unenlightened, normies.

Sitting in my bunker

Hid behind my wall…

In perfect isolation here behind my wall

Waiting for the worms to come

No ad filtering or anything as it interferes with others in the house

Ahhh the WAF (Wife Aceptance Factor). I made a seperate Vlan for my lady friend so when she comes over to visit, I don’t have to reinvent the wheel for her. She can have all the ads and slop she can stomach, just keep it on your seperate branch and we’ll both be happy.