Some Advice

[CriticalRabbit 6]

Hi,

 

I’ve been using AirVPN for nearly a year now and I’m very happy with it; in fact, I’m going to get a year subscription when my three-month renewal is up. I use it on my Windows machine, even when online gaming, and with my Debian machine. I also use it on my IPad. However, I also decided to try a second VPN just for on my IPad because the application came with a web ad anti-tracker.

 

So here are my questions:

 

Does anyone know of a good IPad application for blocking ad tracking, or even a good browser for that? I’d been using AirVPN with Safari in private mode and I’d prefer to keep using AirVPN on my IPad.

Secondly, actually how reliable is IPSec SHA1 HMAC? (this is the standard for my second IPad VPN that I’d been trying). Thirdly, does anyone know how to counter browser fingerprinting on iPad?

 

Cheers,

Rabbit

[InactiveUser 188]

1. Adblocking:

An elegant solution would be to use a DNS server that blacklists ad/tracking networks. Maybe worth asking staff how they feel about providing an alternative configuration option.

 

2. IPsec:

As you mentioned the hash function, I assume you mean how reliable the cryptography/implementation of IPsec is?

The current consensus seems to be:
- IPsec itself is (probably) not broken yet
- NSA and friends attack it by:
    - stealing the keys off compromised servers / endpoints
    - breaking/brute-forcing weak key exchanges

Mitigations:
- PFS/Perfect Forward Secrecy (ask your provider)
- don't authenticate with Pre-Shared-Keys (passwords)
- if you have to use a PSK, at least choose one that's harder to brute-force

Detailed information on this topic:
https://nohats.ca/wordpress/blog/2014/12/29/dont-stop-using-ipsec-just-yet/

 

3. Fingerprinting on iOS:

Actually, fingerprinting on iOS should be a lesser issue when compared with desktop fingerprinting. iOS users using the default browser should all look alike, shouldn't they?
Same OS, architecture, browser, version, fonts, ..
Unless Apple grants access to unique device identifiers - which I believe they only do for apps, not websites.

 

4. Using Tor on iOS:

You didn't ask about it, but I'll share my thoughts anway.

Don't rely on any iOS app for strong privacy/anonymity. Fighting for freedom on a locked-down platform is a lost cause.
I'd still suggest taking a look at "Onion Browser" which utilizes Tor, but keep in mind that it's not endorsed by or in any way related to the official Tor Project.

Here's the developer's website: https://mike.tig.as/onionbrowser/
The last time I used it (years ago), it felt limited, but usable. The developer seems quite humble about what the browser can and cannot do, which is a good sign. They've also had a code audit last year.

There's another Tor-powered browser called "Red Onion" that I don't know anything about. However, I do know that the same developer also sells an app called "Fart Call" - ouch. 

[CriticalRabbit 6]

Hi,

 

Thanks for your detailed response. I will check with the provider.

 

Regarding tor and such, I’ve made the compromise of using a closed OS for convenience (and somewhat necessity) for gaming and work purposes. However, I try to compartmentalise much of my other online behaviour by using Debian, either in a VM or on a separate machine, with AirVPN. I am also considering using tor over Air but I’m still on the fence. I doubt I’d use tor without the use of a VPN first, given that I do not trust my ISP for not logging tor use. And for that reason, I would not use a tor app on my IPad without being able to use a VPN first.