Mitigating third-party tracking

SamiJankiss · August 2019

Beyond what I think of as older traditional network security methods such as IP firewalls and LAN Access Control (e.g., FingBox), I’m studying third-party tracking and how to mitigate the loss of private data. On Mac platforms, I’ve employed an unruly clutter of tools such as Disconnect.me, Better.fyi, Safari Preference settings, etc. But none are as useful to me as Little Snitch, especially the way it brings direct GUI control right to me, allowing me to see what web traffic and browsers are leaking out from our lans.

So, in addition to that, I’m also looking for ways to extend Little Snitch-like IP-level control to the scope of the whole LAN. Oversimplifying perhaps, Fing brings elements of Access Control, affordably. This is great, of course.

But I’d really like to see solutions for firewall filtering for the whole LAN based on IP header info. Sure, this probably means control of the router itself. But I’d like to ask the community what others have discovered.

VioletChepil · August 2019

Promoting this one to see if others will share their view.

VioletChepil · August 2019

Anybody have some tips on this? @Lee_Bo @Pooh @kltaylor @Marc

kltaylor · August 2019

SamiJankiss said:

Beyond what I think of as older traditional network security methods such as IP firewalls and LAN Access Control (e.g., FingBox), I’m studying third-party tracking and how to mitigate the loss of private data. On Mac platforms, I’ve employed an unruly clutter of tools such as Disconnect.me, Better.fyi, Safari Preference settings, etc. But none are as useful to me as Little Snitch, especially the way it brings direct GUI control right to me, allowing me to see what web traffic and browsers are leaking out from our lans.

So, in addition to that, I’m also looking for ways to extend Little Snitch-like IP-level control to the scope of the whole LAN. Oversimplifying perhaps, Fing brings elements of Access Control, affordably. This is great, of course.

But I’d really like to see solutions for firewall filtering for the whole LAN based on IP header info. Sure, this probably means control of the router itself. But I’d like to ask the community what others have discovered.

Consumer firewalls aren't as robust as dedicated firewall devices. What you're looking for is nearly an enterprise solution for a home environment, which I commend you for.

Using a Fingbox is a good choice to keep you informed on what IP addresses are connecting to your network, ensure too that you rename the devices to a user-friendly name for quick reference.

A device that you can consider adding to your arsenal is Trend Micro Home Network Security firewall. This device sits between the modem and the router, provides a great GUI interface that can keep you informed and in control on an IP level (LAN management). This device 'should' play nice with one another, and would provide a wealth of tools for you to help manage the network.

A few other things that you can consider adding, something that was brought to my attention here on the forums and I've instituted it on my LAN machines both at work and at home.

DNS over HTTPS

Mozilla Firefox has this built-in now, so you can toggle it active and ensure that it's the default browser. An easy way to implement this even when you're not using Firefox is SimpleDNS Crypt. It's a GUI application that can load when the machine boots, you can also configure it to load minimized and install updates silently. This application acts as a resident proxy that re-routes traffic through https connections, basically through port 443 instead of 80 or 53.

MikeT · August 2019

https://community.fing.com/discussion/300/mitigating-third-party-tracking

Hi,

you could take a look at PfSense community edition and also Pihole:

https://www.pfsense.org/

https://pi-hole.net/

These two combined should do everything you want and more...

Marc · August 2019

+1 on Pihole, but like anything on PI, will require a certain degree of tech knowledge to implement.

Pooh · August 2019

Part of the issue here is that, despite everything else, when it comes to third-party tracking there is the question of all the other ways companies are tracking you; whether it be super-cookies, biometrics or other forms of cross-referenced metadata, the digital footprint we leave is getting harder and harder to mitigate unless once constantly treats browsers like burner phones - constantly resetting the, switching browsers, etc.

kltaylor · August 2019

Pooh said:

Part of the issue here is that, despite everything else, when it comes to third-party tracking there is the question of all the other ways companies are tracking you; whether it be super-cookies, biometrics or other forms of cross-referenced metadata, the digital footprint we leave is getting harder and harder to mitigate unless once constantly treats browsers like burner phones - constantly resetting the, switching browsers, etc.

I agree with Pooh. The world of tracking and advertising is a very real thing that's so embedded into our everyday online habits that we hardly ever think about the reprocussions when we are online.

In Firefox there is an option that you can eliminate all cookies and online data when you close the browser, there's also a means to change who you use for your search queries. DuckDuckGo is one of the better engines that will not, and does not support any user tracking at all, and could replace Google for those who are conscious about online tracking and eliminating your digital foot print.

SamiJankiss · August 2019

Thanks @kltaylor , @MikeT, @Pooh.
From what I’ve read, the Trend Micro product looks encouraging. I’m somewhat concerned that it might not have the level of sophistication or fine-grained control that I need, given that it’s controlled via smart phone, but at $100, it’s a no brainer to test out.

Additionally, it looks like it’s not actually installed between the router and the modem, given that it plugs into the hub/lan the same way the fingbox does, that is, as another ethernet device on the lan I’m trying to protect.

I’ll get to the other excellent suggestions of PFsense and pi-hole at some point. I’m swamped at the moment but still want to remain engaged with this group.

kltaylor · August 2019

SamiJankiss said:

Thanks @kltaylor , @MikeT, @Pooh.
From what I’ve read, the Trend Micro product looks encouraging. I’m somewhat concerned that it might not have the level of sophistication or fine-grained control that I need, given that it’s controlled via smart phone, but at $100, it’s a no brainer to test out.
Additionally, it looks like it’s not actually installed between the router and the modem, given that it plugs into the hub/lan the same way the fingbox does, that is, as another ethernet device on the lan I’m trying to protect.
I’ll get to the other excellent suggestions of PFsense and pi-hole at some point. I’m swamped at the moment but still want to remain engaged with this group.

I looked at the installation after I wrote that the device sits between the modem and router when in-fact it connects directly to the router. For a consumer-based device, it's a good deal!

Mitigating third-party tracking

Comments