Mitigating third-party tracking

SamiJankissSamiJankiss Member Posts: 15
First Anniversary 5 Likes Founder Name Dropper
✭✭✭
edited August 2019 in Devices & Security

Beyond what I think of as older traditional network security methods such as IP firewalls and LAN Access Control (e.g., FingBox), I’m studying third-party tracking and how to mitigate the loss of private data. On Mac platforms, I’ve employed an unruly clutter of tools such as Disconnect.me, Better.fyi, Safari Preference settings, etc. But none are as useful to me as Little Snitch, especially the way it brings direct GUI control right to me, allowing me to see what web traffic and browsers are leaking out from our lans. 

So, in addition to that, I’m also looking for ways to extend Little Snitch-like IP-level control to the scope of the whole LAN. Oversimplifying perhaps, Fing brings elements of Access Control, affordably. This is great, of course.

But I’d really like to see solutions for firewall filtering for the whole LAN based on IP header info. Sure, this probably means control of the router itself. But I’d like to ask the community what others have discovered.

VioletChepilRobinkltaylorkeithHronos

Comments

  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Promoting this one to see if others will share their view. 

    Community Manager at Fing

    SamiJankiss
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Anybody have some tips on this? @Lee_Bo @Pooh @kltaylor @Marc

    Community Manager at Fing

  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭

    Beyond what I think of as older traditional network security methods such as IP firewalls and LAN Access Control (e.g., FingBox), I’m studying third-party tracking and how to mitigate the loss of private data. On Mac platforms, I’ve employed an unruly clutter of tools such as Disconnect.me, Better.fyi, Safari Preference settings, etc. But none are as useful to me as Little Snitch, especially the way it brings direct GUI control right to me, allowing me to see what web traffic and browsers are leaking out from our lans. 

    So, in addition to that, I’m also looking for ways to extend Little Snitch-like IP-level control to the scope of the whole LAN. Oversimplifying perhaps, Fing brings elements of Access Control, affordably. This is great, of course.

    But I’d really like to see solutions for firewall filtering for the whole LAN based on IP header info. Sure, this probably means control of the router itself. But I’d like to ask the community what others have discovered.

    Consumer firewalls aren't as robust as dedicated firewall devices.  What you're looking for is nearly an enterprise solution for a home environment, which I commend you for.
    Using a Fingbox is a good choice to keep you informed on what IP addresses are connecting to your network, ensure too that you rename the devices to a user-friendly name for quick reference.
    A device that you can consider adding to your arsenal is Trend Micro Home Network Security firewall.  This device sits between the modem and the router, provides a great GUI interface that can keep you informed and in control on an IP level (LAN management).  This device 'should' play nice with one another, and would provide a wealth of tools for you to help manage the network.
    A few other things that you can consider adding, something that was brought to my attention here on the forums and I've instituted it on my LAN machines both at work and at home.
    DNS over HTTPS
    Mozilla Firefox has this built-in now, so you can toggle it active and ensure that it's the default browser.  An easy way to implement this even when you're not using Firefox is SimpleDNS Crypt.  It's a GUI application that can load when the machine boots, you can also configure it to load minimized and install updates silently.  This application acts as a resident proxy that re-routes traffic through https connections, basically through port 443 instead of 80 or 53.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    keithSamiJankissCiaran
  • MikeTMikeT Member Posts: 7
    First Anniversary Photogenic Name Dropper First Comment

    Hi,

    you could take a look at PfSense community edition and also Pihole:

    https://www.pfsense.org/

    https://pi-hole.net/

    These two combined should do everything you want and more...

    keithSamiJankiss
  • MarcMarc Moderator, Beta Tester Posts: 1,651
    100 Answers 1000 Comments 500 Likes 100 Awesomes
    ✭✭✭✭✭✭
    +1 on Pihole, but like anything on PI, will require a certain degree of tech knowledge to implement.
    Thats Daphnee, she's a good dog...
    kltaylor
  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    Part of the issue here is that, despite everything else, when it comes to third-party tracking there is the question of all the other ways companies are tracking you; whether it be super-cookies, biometrics or other forms of cross-referenced metadata, the digital footprint we leave is getting harder and harder to mitigate unless once constantly treats browsers like burner phones - constantly resetting the, switching browsers, etc.
    People say nothing is impossible, but I do nothing every day.
    kltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Pooh said:
    Part of the issue here is that, despite everything else, when it comes to third-party tracking there is the question of all the other ways companies are tracking you; whether it be super-cookies, biometrics or other forms of cross-referenced metadata, the digital footprint we leave is getting harder and harder to mitigate unless once constantly treats browsers like burner phones - constantly resetting the, switching browsers, etc.
    I agree with Pooh.  The world of tracking and advertising is a very real thing that's so embedded into our everyday online habits that we hardly ever think about the reprocussions when we are online.
    In Firefox there is an option that you can eliminate all cookies and online data when you close the browser, there's also a means to change who you use for your search queries.  DuckDuckGo is one of the better engines that will not, and does not support any user tracking at all, and could replace Google for those who are conscious about online tracking and eliminating your digital foot print.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    Poohkeith
  • SamiJankissSamiJankiss Member Posts: 15
    First Anniversary 5 Likes Founder Name Dropper
    ✭✭✭
    Thanks @kltaylor , @MikeT, @Pooh.
    From what I’ve read, the Trend Micro product looks encouraging. I’m somewhat concerned that it might not have the level of sophistication or fine-grained control that I need, given that it’s controlled via smart phone, but at $100, it’s a no brainer to test out.

    Additionally, it looks like it’s not actually installed between the router and the modem, given that it plugs into the hub/lan the same way the fingbox does, that is, as another ethernet device on the lan I’m trying to protect.

    I’ll get to the other excellent suggestions of PFsense and pi-hole at some point. I’m swamped at the moment but still want to remain engaged with this group.

    Poohkltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Thanks @kltaylor , @MikeT, @Pooh.
    From what I’ve read, the Trend Micro product looks encouraging. I’m somewhat concerned that it might not have the level of sophistication or fine-grained control that I need, given that it’s controlled via smart phone, but at $100, it’s a no brainer to test out.

    Additionally, it looks like it’s not actually installed between the router and the modem, given that it plugs into the hub/lan the same way the fingbox does, that is, as another ethernet device on the lan I’m trying to protect.

    I’ll get to the other excellent suggestions of PFsense and pi-hole at some point. I’m swamped at the moment but still want to remain engaged with this group.

    I looked at the installation after I wrote that the device sits between the modem and router when in-fact it connects directly to the router.  For a consumer-based device, it's a good deal!
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    keith
Sign In or Register to comment.