How to mask OS and my browser on Web ?

Fulgurance · Veteran Joined: 15 Feb 2017 Posts: 1198

Hello, i have question. To enforce my confidentiality and security on Web, i search how it's possible to mask my OS and my Web Browser. Is it possible ?

And is it possible to encrypt my keyboard inputs ?

system.shock · n00b Joined: 06 Jan 2019 Posts: 35

Is changing http header user-agent and turn off all javascript not enough?

fedeliallalinea · Posted: Sun Feb 03, 2019 3:31 pm Post subject:

See here
_________________
Questions are guaranteed in life; Answers aren't.

Hu · Moderator Joined: 06 Mar 2007 Posts: 21586

You could set a firewall rule to block all outbound traffic to the http and https ports. This would prevent you from connecting to websites, which should mask your configuration quite effectively.

Could you explain why you want this? The request seems like an X-Y problem.

Fulgurance · Veteran Joined: 15 Feb 2017 Posts: 1198

It's just to learn more how to enforce security and how it's possible to do that.
How can i crypt my input ?

It's for example to escape to keystroke logging.

Fulgurance · Veteran Joined: 15 Feb 2017 Posts: 1198

Nobody?

timeBandit · Posted: Tue Feb 05, 2019 6:33 pm Post subject:

Keystroke loggers record your...wait for it...key strokes. As in, which keys you press, one by one. So how is encrypting input, after you've typed it but before it is sent to a web application, supposed to defeat something that records which keys you press? Unless you can encrypt data in your head (or on an adjacent, physically disconnected machine) and key in the resulting ciphertext, encryption in this scenario is not quite like closing the barn door after the horse escapes. It's more like waiting until the horse is outside in plain view before trying to disguise it as a panda.

Apart from that, encryption at the client is useless without a partner to decrypt it at the server. Ignoring the intractable problem of encryption-key management, the vast majority of the Internet won't be able to decrypt your input--and if it could, interested parties would simply log the decrypted result.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.

ct85711 · Veteran Joined: 27 Sep 2005 Posts: 1791

Pretty much, the main way to avoid key logging, is to use a virtual keyboard (have fun point and clicking each key). Doing a quick search, 2 possible examples would be florence, and possibly dasher (neither in the official tree), nor do I know how well they work. Either way, as others said, key loggers generally are client side or physical item (in between keyboard and system, or software logging as they come in). Physical side, you should easily be able to see and deal with. Software based, means your system is already compromised and you probably have more to worry about. Another possibility on a physical, could very be more of in a form of a camera recording what you are doing, in which case you can think of a solution on that.

Another possibility to avoid a key logger, is keeping your machine air-gapped (no outside communication, like no internet, usb, disk/cd, etc...). That option really kills the functionality of the system, to nearly being a large paper weight. (Its kinda hard to communicate any logged keys if it can't communicate anywhere.)